Appendix: Ports, addresses, validators, and archivists

This page aims to provide more context with regard to the ports and which of them should be made available publicly.
There are four ports that an Aleph Node uses:
  • an RPC port for calling remote procedures (by default this port is set to 9933)
  • a WebSocket port for communication with the node (e.g. by using a wallet, the default is 9944)
  • a P2P port for inter-node communication (by default: 30333)
  • a validator port for communication between validators (by default: 30343)
All of these ports can be configured in the env/validator and env/archivist files and are named RPC_PORT, WS_PORT, PORT and VALIDATOR_PORT respectively.
As validators and archivists have different responsibilities, their networking configuration must differ slightly:
  • a validator needs to be fully accessible from the host that’s running it in order to execute a full range of RPC calls necessary for becoming a validator, but inaccessible from the outside world to prevent tampering. As such, the RPC and WebSocket ports cannot be exposed outside of localhost. If you are using our script, the default is to run in precisely this configuration. Note that the P2P port and the validator port still need to be accessible, more on which in later sections.
  • an archivist is required to respond to calls from outside and all those ports should be exposed to the outside world.

Exposing a port

Regardless of whether you are an archivist or a validator, you still need to expose the P2P port in order for the node to be discovered by its peers and the protocol to function correctly. There are several ways of doing that and if you have a public, static IP (we'll call it PSIP) you should be all set (this includes the case of running within a cloud provider like AWS, where getting an IP like that is a matter of a few clicks).
However, if you’re on a private network, are behind a NAT or don't have a PSIP for other reasons, you will still need to somehow expose your port. We recommend contacting your internet service provider and obtaining a PSIP for a reliable setup.
If you have a public but dynamic IP, you can configure Dynamic DNS and use the domain name instead of an IP in the configuration. Note that this assumes that your IP address changes but not too often (DNS information needs time to propagate).
If you have a private IP and are unable to obtain a PSIP for some reason, you can look into reverse proxy solutions, however this is not the recommended option.