#App

By Felipe Cardozo

Introduction

TzProxy is a reverse proxy specifically designed for Tezos nodes, offering a range of features that enhance Tezos node performance, security, and manageability. In this blog post, we will delve into the various aspects of TzProxy and how it can significantly optimize your Tezos node setup.

At Marigold, we developed TzProxy to make our public nodes more reliable. You can know more about our Tezos Nodes on our Status Page.

Setup

Setting up TzProxy for your Tezos node is straightforward and can yield remarkable benefits.
TzProxy acts as an intermediary between client requests and your Tezos RPC node, effectively offloading tasks that can otherwise impact your node’s performance.

Before we start, it’s important to understand that TzProxy exclusively manages Remote Procedure Calls (RPC) from Tezos and does not handle peer-to-peer interactions between tezos nodes.

To get started, follow these steps:

Pre-requisite

It’s needed a Tezos node running, you can find more about it below:

Install TzProxy

Begin by installing TzProxy on the same server as your Tezos node. You can download the latest TzProxy binaries on GitHub Releases, or use our docker images.

Configure TzProxy

If you are not using the default route address for Tezos nodes, the http://127.0.0.1:8732, it’s recommended that you create a custom configuration, for that, just create a file named tzproxy.yaml in the same directory of the binary.


tezos_host: 127.0.0.1:8732

If you don’t create this file, it will be created with the below default configurations when starting for the first time:


cache:
    disabled_routes:
        - /monitor/.*
    enabled: true
    size_mb: 100
    ttl: 5
cors:
    enabled: true
deny_list:
    enabled: false
    values: []
deny_routes:
    enabled: true
    values:
        - /injection/block
        - /injection/protocol
        - /network.*
        - /workers.*
        - /worker.*
        - /stats.*
        - /config
        - /chains/main/blocks/.*/helpers/baking_rights
        - /chains/main/blocks/.*/helpers/endorsing_rights
        - /helpers/baking_rights
        - /helpers/endorsing_rights
        - /chains/main/blocks/.*/context/contracts(/?)$
gc:
    percent: 20
gzip:
    enabled: true
host: 0.0.0.0:8080
logger:
    bunch_size: 1000
    pool_interval_seconds: 10
metrics:
    enabled: true
    host: 0.0.0.0:9000
    pprof: false
rate_limit:
    enabled: false
    max: 300
    minutes: 1
tezos_host: 127.0.0.1:8732

Then just run the binary:


./tzproxy

Finally, you can test with:


curl http://localhost:8080/chains/main/blocks/head/header

We will talk more about these configurations on next topics.

Rate Limit and Cache

TzProxy allows you to set up a memory cache and rate limit to reduce requests of users that are sending a large bunch of requests in a short period of time, with a cache and rate limit your Tezos node will be hit fewer times, meaning a more stable and reliable node.

You can disable some routes using the disabled_routes field. For example, the default configuration disable /monitor endpoints, because they use server push, which does not work well with cache strategies. Also, you can also use size_mb to resize the max storage size of your memory cache, and the ttl that is the time to live per seconds of your cache, here we recommend you use less than the time of a block, which is 8 seconds for Testnet networks and 15 seconds for the Mainnet network.


cache:
    disabled_routes:
        - /monitor/.*
    enabled: true
    size_mb: 100
    ttl: 5

We disable by default the rate limit, but you can enable it and set the max number of requests a user can make, over an interval in minutes you can set.


rate_limit:
    enabled: true
    max: 300
    minutes: 1

If a user reaches the maximum number of requests, they will receive an error message.


{
"message": "Too Many Requests on /version",
"success": false
}

Moreover, the user will receive HTTP response headers with rate limit information: the total amount of request allowed, the number of requests left, and the time at which the limit will reset, below an example:


X-Ratelimit-Limit: 300
X-Ratelimit-Remaining: 297
X-Ratelimit-Reset: 1694135351

Compression

Enabling compression with TzProxy can substantially reduce your bandwidth usage, making it cost-effective, especially when running your node on cloud platforms.

With Compression, you can reduce the load on your bandwidth, in case that you are running your node on a cloud platforms, this can be a good way to save on networking costs.


gzip:
    enabled: true

CORS

TzProxy handles Cross-Origin Resource Sharing (CORS) by default, ensuring communication between external clients and your Tezos node.


cors:
    enabled: true

Control the routes of your node

TzProxy provides the flexibility to control the routes exposed by your Tezos Node. By default, we disable some sensible routes, That you probably don’t want any user to access. You can set these routes with Regular Expression too.


deny_routes:
    enabled: true
    values:
        - /injection/block
        - /injection/protocol
        - /network.*
        - /workers.*
        - /worker.*
        - /stats.*
        - /config
        - /chains/main/blocks/.*/helpers/baking_rights
        - /chains/main/blocks/.*/helpers/endorsing_rights
        - /helpers/baking_rights
        - /helpers/endorsing_rights
        - /chains/main/blocks/.*/context/contracts(/?)$

Deny malicious users from using your node

TzProxy enables you to deny access to malicious users by specifying their IP addresses in a deny list.


deny_list:
    enabled: true
    values: ['IP_THAT_YOU_WANT_TO_BLOCK_HERE']

Metrics

TzProxy brings metrics with Prometheus by default, using the /metrics route you will have some important metrics related to Go runtime and the HTTP server, this could be used for alerts or dashboard for your needs.

Furthermore, we provide PProf for debugging purposes on /debug/pprof/ route, that permits following resources like allocations, heap state, go routines and threads usage. Essential when you want to tune TzProxy.

It’s important to know that enabling PProf can impact your performance by around 5%.


metrics:
    enabled: true
    host: 0.0.0.0:9000
    pprof: false

Conclusion

Setting up TzProxy alongside your Tezos node is straightforward and can provide significant benefits, incorporating TzProxy into your Tezos node infrastructure can lead to a more reliable, secure, and efficient blockchain node, contributing to the overall success of your Tezos-based projects.

If you want to know more about Marigold, please follow us on social media (Twitter, Reddit, Linkedin)!

Scroll to top