doc: how to run the guardian node behind a NAT
Shoutout to @0xshipthecode and the RockawayX Infra team for helping test and develop the patch for this in #3786.
This commit is contained in:
parent
c1a87b92f8
commit
62a82b86ae
|
@ -157,7 +157,8 @@ We strongly recommend a separate user and systemd services for the Wormhole serv
|
||||||
See the separate [wormhole-networks](https://github.com/wormhole-foundation/wormhole-networks) repository for examples
|
See the separate [wormhole-networks](https://github.com/wormhole-foundation/wormhole-networks) repository for examples
|
||||||
on how to set up the guardiand unit for a specific network.
|
on how to set up the guardiand unit for a specific network.
|
||||||
|
|
||||||
You need to open port 8999/udp in your firewall for the P2P network. Nothing else has to be exposed externally.
|
You need to open port 8999/udp in your firewall for the P2P network and 8996/udp for
|
||||||
|
[cross chain queries](../whitepapers/0013_ccq.md). Nothing else has to be exposed externally.
|
||||||
|
|
||||||
journalctl can show guardiand's colored output using the `-a` flag for binary output, i.e.: `journalctl -a -f -u guardiand`.
|
journalctl can show guardiand's colored output using the `-a` flag for binary output, i.e.: `journalctl -a -f -u guardiand`.
|
||||||
|
|
||||||
|
@ -169,6 +170,10 @@ Refer to [devnet/](../devnet) for example k8s deployments as a starting point fo
|
||||||
have to build your own containers. Unless you already run Kubernetes in production, we strongly recommend a traditional
|
have to build your own containers. Unless you already run Kubernetes in production, we strongly recommend a traditional
|
||||||
deployment on a dedicated instance - it's easier to understand and troubleshoot.
|
deployment on a dedicated instance - it's easier to understand and troubleshoot.
|
||||||
|
|
||||||
|
When running in kubernetes, or behind any kind of NAT, pass `--gossipAdvertiseAddress=external.ip.address` to the
|
||||||
|
guardiand node process to ensure the external address is advertized in p2p. If this is not done, reobservation
|
||||||
|
requests and [ccq](https://wormhole.com/queries) will not function as intended.
|
||||||
|
|
||||||
### Monitoring
|
### Monitoring
|
||||||
|
|
||||||
Wormhole exposes a status server for readiness and metrics. By default, it listens on port 6060 on localhost.
|
Wormhole exposes a status server for readiness and metrics. By default, it listens on port 6060 on localhost.
|
||||||
|
|
Loading…
Reference in New Issue