+ Located in /opt/veriscope/
+ Service user will be forge
1) Refresh dependencies
2) Install/update nethermind
3) Set up new postgres user
4) Obtain/renew SSL certificate
5) Install/update NGINX
6) Install/update node.js web service
7) Install/update PHP web service
8) Update static node list for nethermind
9) Create admin user
10) Regenerate webhook secret
11) Regenerate oauth secret (passport)
12) Regenerate encrypt secret (EloquentEncryption)
13) Install Redis server
14) Install Passport Client Environment Variables
15) Install Horizon
16) Install Address Proofs
i) Install Everything
p) show daemon status
w) restart all services
Choose what to do:
Stop ta-node-1 service
sudo systemctl stop ta-node-1
Restart ta-node-1 service
sudo systemctl restart ta-node-1
You can either step through each step — see note below — or choose
Install Everything) and run steps 9 & 16 once that has completed.
For step 16 (
Updates all packages on the operating system, and installs software dependencies for all subsequent components - examples include libsnappy for Nethermind, PHP and node.js for web services, and npm and composer for managing web service dependencies.
This step also installs unconfigured PostgreSQL and Nginx servers and two cron jobs for housekeeping: automatic clock synchronication with internet time servers, and purging old logs.
Nethermind is the Etherum implementation used on Shyft. This is installed to
/opt/nm/ with its config file in
/opt/nm/config.cfg, and the chain state in
This step will create a random account — i.e. your trust anchor account — and provide its public/private key pair. These must be kept someplace safe for permanent systems.
If you intend to use an RPC connection instead of synchronizing the blockchain locally, terminate Nethermind and change the HTTP and WS params in the .env of
veriscope_ta_node/.env to the provided rpc domain.
#RPC Replace HTTP and WS below with the following
Terminate nethermind and restart the ta-node-1 service as follows:
sudo systemctl stop nethermind
sudo systemctl restart ta-node-1
The trust anchor web service relies on PostgreSQL to store attestations. This will create a new Postgres user, displaying its password and storing it where the web services can find it. It will also create a database called
trustanchor. The database schema will be created when the PHP webservice is installed.
This obtains a SSL certificate from Let’s Encrypt for the domain name that you configured in
/opt/veriscope/.env, and deploys it in a place where nginx can find it.
This creates a config file for the web services in
/etc/nginx/sites-enabled/ta-dashboard.conf, enables nginx to start
on boot, and starts nginx.
The deployed configuration is set to serve the web services over port 443, by reverse-proxying connections to backend node.js and PHP servers.
The node webservice is several components - operating in systemd units called
ta-node-2. This step installed
node.js dependencies into
/opt/veriscope/node_modules, then installs activates and starts the systemd units.
|This step copies over the correct ABIs depending on the chain target and places them here:
The PHP webservice is several components - operating in systemd units called
ta. These carry out respectively, scheduled cron-type jobs, a websocket server, and web server. This step installs installs some PHP dependencies via composer, builds the schema and seed data in the Postgres Database, then installs, enables and starts those systemd units.
Nethermind relies upon a list of static nodes to find servers to exchange blockchain information with. The nethermind config sets this to be in
/opt/nm/static-nodes.json. Each machine is identified by an enode url, formatted like
The Nethermind setup step obtains your server’s enode, and adds it to the 'contact' field used in the ethstats service at fedstats.veriscope.network. This command replaces your enode list with one obtained from the ethstats server, then restarts Nethermind to use it.
|This is optional and only recommended when synchronizing the blockchain with your nethermind relay node.
The Web Application requires an admin user to manage the Trust Anchor account. Use this option to create an account so you can sign into the application.
The Web Application receives data from the node scripts over a webhook url. This url is secured using a shared key. This step creates or refreshes the share key in each .env file.
The Web API is authenticated using Laravel Password (OAuth2). This step generates or regenerates the oauth public/private keys stored in veriscope_ta_dashboard/storage/. Further reading can be found on the Laravel website laravel.com/docs/8.x/passport/[here.
The Web Application generates a number of Crypto Wallet Accounts as well as TrustAnchor Users. Private keys are stored in the DB encrypted. This step generates or regenerates the encryption keys stored in veriscope_ta_dashboard/storage/app/. Futher reading can be found here: github.com/RichardStyles/EloquentEncryption[github.com/RichardStyles/EloquentEncryption.
The NodeJs Application manages posting of Attestations and Pending Transactions via a queuing framework. Information on the framework can be found here: The fastest, most reliable, Redis-based queue for Node[The fastest, most reliable, Redis-based queue for Node..
Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message.
To read more on the motivation for queuing attestations, see Veriscope Queuing System.
Passport OAuth Client variables are required set in the environment file in order to generate API token in the backoffice. Using this command you can set the variables in the environment file automatically, i.e. "php artisan passportenv:link".
Install Laravel Horizon which provides a beautiful dashboard and code-driven configuration for your Laravel powered Redis queues. Horizon allows you to easily monitor key metrics of your queue system such as job throughput, runtime, and job failures.