Deploy: Solana validator or RPC on StackPath

4 min readMar 29, 2022

StackPath is one of the several infrastructure companies part of the Solana server program. This post will specifically document the deployment of a node on SP//. The author is a StackPath employee.

Here is StackPath on the public Solana Server Program page!

Pre-requisite Documentation:

After signing up for the Solana Server Program and choosing StackPath you will receive a “Server Program User Guide” via email. Reading the guide is crucial. Don’t worry, it’s concise. So, please RTFM! I won’t share it here because it’s subject to update, so please check your email for the document! If you can’t find the PDF, hit up SolanaSupport@StackPath.com.

The following is to illustrate some of the more important steps.

SP// has a nice article about generating SSH keys for VMs.

The most important thing to note here is to open up port 22 for SSH. Otherwise the node will be unreachable! You can open up ports after setup as well.

Regarding Anycast: this will improve performance for the end user. Any request will be routed to the geographically closest PoP, and then ride StackPath’s private network to the physical location of the node. If you don’t enable Anycast, it will still work, but the request will be routed over the public internet.

I chose the name mia01 to indicate that this is my first instance in Miami.

The correct spec for Solana is SV-1. SP-1 is another compute product!
Only create workloads in PoPs confirmed by Solana and do not create more instances than confirmed by Solana.
Also, please make sure to note the mount path. These nodes come with just 25 gb of root disk storage, and the larger logical storage area is on a separate mount path.

Hit “Create Workload”, and go for a walk.

The fun part!

Deployment times vary on a few factor, but can range from very quick to slow. If it hasn’t deployed in 20 minutes there is an issue, and you should contact support.

Console pro-tips:

run htopto see processes (linux task manager)
run less +F /home/ubuntu/solana-validator.log to stream logs to console (useful for seeing status of your validator)

Once you’ve install the Solana CLI, you’re ready to fire up your Solana node.

IMPORTANT. Running solana-validator has three StackPath specific steps.

1. Setting the Ledger Location

If you don’t use this mount path, the ledger will try to install on the 25gb boot partition and you’ll run out of space.

The ledger data must go in the larger logical area on the system! Remember when you created a mount path?

Use your mount path for the ledger and the logs with the flags — ledger /var/lib/data --log /var/lib/data/solana-validator.log!

2. Giving Permissions

If you don’t give permissions to access the mount path, you’ll get the following error.

ESC[0m obtained shred-version 8573 from 34.83.231.102:8001
Unable to access account path: “/var/lib/data/accounts”, err: Os { code: 13, kind: PermissionDenied, message: “Permission denied” }

Run the following ubuntu@hello-medium-mia01-mia-0:/$ sudo chmod -R u+rwx /var/lib/data and you will now be able to run solana-validator without error.

3. Opening Ports

If you don’t set the correct network policies, you will get the following error in the log.

[0m Received no response at tcp/8000, check your port configuration: timed out waiting on receive operation

You can set a range of ports to open if you aren’t sure which you’ll settle on.

Open up ports 8000–1000 for inbound and outbound TCP/UDP.

Run

If everything works, after you run solana-validator you should see network traffic in the SP// portal, Solana processes in the console, and the ledger download in the logs.

Part two of this series is available: https://jshelbyj.medium.com/deploy-stackpaths-web-application-firewall-to-protect-your-solana-rpc-e56b8852e4ab

It covers using StackPath WAF to protect your RPC from DDoS as well as how to rate limit bots based on IP address.