Our objective is to configure an architecture which uses sentry nodes as public facing communicators with peer nodes. Our validator node only communicates with our own sentry nodes on the private channel without gossip. The diagram below depicts a layer of sentry nodes to relay messages to the validator node on AWS.
https://forum.cosmos.network/t/sentry-node-architecture-overview/454
For the purpose of this tutorial we’ll only setup one sentry node to safeguard the validator.
Prerequisite
Install two full nodes, one full node as sentry and one full node as a private validator.
Full node installation guide: Seinami - Full Node + Validator
Parameters
pex: boolean. This turns the peer exchange reactor on or off for a node. When pex=false, only the persistent_peers list is available for connection.seed_mode: boolean. The main function of the seed_mode is to provide more node addresses to the network. It will record all the node addresses that have been connected to it, and as long as you connect to it, it will tell you all the node information it records. This way you can connect to a node quickly. The seed node will disconnect from you immediately after giving you all the node information, so it is not recommended that the validator node enable the seed mode.persistent_peers: a comma separated list of nodeID@ip:port values that define a list of peers that are expected to be online at all times. This is necessary at first startup because by setting pex=false the node will not be able to join the network.unconditional_peer_ids: comma separated list of nodeID's. These nodes will be connected to no matter the limits of inbound and outbound peers. This is useful for when sentry nodes have full address books.private_peer_ids: comma separated list of nodeID's. These nodes will not be gossiped to the network. This is an important field as you do not want your validator IP gossiped to the network.addr_book_strict: boolean. By default nodes with a routable address will be considered for connection. If this setting is turned off (false), non-routable IP addresses, like addresses in a private network can be added to the address book.double_sign_check_height: int64 height. How many blocks to look back to check existence of the node's consensus votes before joining consensus When non-zero, the node will panic upon restart if the same consensus key was used to sign {double_sign_check_height} last blocks. So, validators should stop the state machine, wait for some blocks, and then restart the state machine to avoid panic.