Node setup
Run a PraxisNet API node locally using the provided container build.
Docker compose
This repository includes a containerized API node build for operational deployment.
docker compose -f docker-compose.praxisnet.yml up --buildIndependent node operators (invited peer)
PraxisNet peering is currently allowlisted: operators don’t auto-discover or auto-join. To participate as a peer, your node must be explicitly listed in another node’s PRAXISNET_PEERS, and your firewall must allow inbound P2P from those peers.
P2P settings
Expose TCP 9000 for P2P and keep HTTP 8000 private unless you intentionally publish an API.
# P2P bind
PRAXISNET_P2P_HOST=0.0.0.0
PRAXISNET_P2P_PORT=9000
# Comma-separated host:port peers (invited)
PRAXISNET_PEERS=<MAIN_PUBLIC_IP>:9000,<OTHER_PEER_IP>:9000Authority registry
If the chain includes mint transactions, peers must have a matching public-key registry at /data/praxisnet/authority_registry.json (mounted volume). This is public data (public keys + roles) but it must match the network’s mint authority set.
Upgrades
Node software does not self-update. Operators upgrade by pulling a new image/tag and restarting. Keep protocol changes backward-compatible during rollout.
Upgrade SOP (minimal)
- Operator pulls the new image (or you provide a pinned digest) and restarts the container.
- Operator verifies
/chain/v1/statusmatches the network tip (height + tip_hash). - Operator confirms
peersis non-zero (or expected) and stays stable for 1–2 heartbeat windows.
Image pinning (recommended)
Avoid mutable tags like :latest. Prefer immutable tags, and for higher assurance, pin by digest.
# Good: immutable tag
image: us-east1-docker.pkg.dev/<PROJECT>/<REPO>/praxisnet-api:20260222-220854
# Best: digest pin (immutable)
image: us-east1-docker.pkg.dev/<PROJECT>/<REPO>/praxisnet-api@sha256:<DIGEST>Anti-abuse posture (current)
Current posture is designed for early operator networks and invited peers. It is not a complete “open internet” edge posture by default.
- Write endpoints can be API-key gated (
PRAXISNET_REQUIRE_API_KEY+PRAXISNET_API_KEY(S)). - P2P is intended to be allowlisted (only known peer IPs on TCP 9000).
- A basic API-level request limiter is available (best-effort) for burst control.
Recommended edge setup (minimal)
If you expose HTTP publicly, treat the VM as private infrastructure behind an edge. Keep the public surface area small.
- Public: only 443 (TLS) through an edge (Cloud Armor / Cloudflare / Front Door).
- P2P (9000): only from known peer IPs (no wildcard ingress).
- SSH: only from your operator IP (or disable and use IAP / SSM-style access).
- Rate limits + request size limits at the edge; block unexpected paths where possible.
Write API security
Transaction submission can be gated behind API keys. Operators should keep write keys private and expose only what they intend to support.
# Require X-API-Key for write endpoints
PRAXISNET_REQUIRE_API_KEY=1
# Single key or comma-separated keys
PRAXISNET_API_KEY=<key>
# PRAXISNET_API_KEYS=key1,key2Health check
curl -s http://127.0.0.1:8000/healthStatus
curl -s http://127.0.0.1:8000/chain/v1/statusNode Operator Agreement (short form)
This is a short-form operator understanding intended for early, invited peer networks. It is not legal advice.
- You operate infrastructure independently and at your own expense (compute, bandwidth, storage, security, and compliance).
- Operating a node does not grant equity, ownership, employment, agency, partnership status, or any right to represent Alpha Pi Omega Corp.
- There is no guarantee of fees, rewards, uptime, inclusion as a peer, or any expectation of profit.
- Network parameters may change, including peering allowlists, software requirements, registry requirements, rate limits, and fees (including minimum per-transaction fees).
- If any fees or reimbursements are offered, they are discretionary, may be modified or ended at any time, and are for service usage—not investment returns.