Overview

This guide gives much of the inside info and technical nitty-gritty that you will need to make a respectable attempt at being a witness for Steem.

Within the witness node config.ini file

• Comment or delete all of the miners.
• Comment or delete the mining-threads setting.
• Have one witness (your witness, of course).
• Assign the signing key for the witness to the private-key setting.

The signing key is the private key for the signing public key that is reported for the get_witness command. Example:

get_witness mywitness

An example of select parts of the witness node config.ini file is:

# name of witness controlled by this node (e.g. initwitness)
witness = "mywitness"

# name of miner and its private key (e.g. ["account","WIF PRIVATE KEY"] )
# miner = COMMENTED OUT

# Number of threads to use for proof of work mining
# mining-threads = COMMENTED OUT

# WIF PRIVATE KEY to be used by one or more witnesses or miners
private-key = 5PRIVATESIGNINGKEY

Notice that there are no quotes around the private key.

For the witness server in general

• Close all incoming ports except SSH (port 22) and only open SSH for the IPs you know you'll use to control the witness server.
• Be extra sure your blockchain is functioning by starting with the --replay-blockchain flag.
• Redirect your stderr (and stdout) on start-up so your witness doesn't go down when you disconnect from SSH. See the example start command below for how this is done.

It is best to close ports using your hosting provider's firewall. Otherwise you should configure iptables or similar.

The start command for the witness node should look like this:

./steemd --replay-blockchain --rpc-endpoint 2>debug.log 1>>info.log &

Replay will take a while and is optional. Do it upon first start if, for example, you sync using a copy of a witness directory from elsewhere. If you need to boot in a hurry, say if your primary witness node goes down, leave out --replay-blockchain.

Set up a separate seed node

The seed node is a completely different server from your witness node. It is a requirement for those who want to credibly offer themselves as witnesses.

If the seed node is going to be on a dynamic IP address, use a dynamic DNS service like ZoneEdit, and register a domain name to point at it.

• Open port 2001 in your firewall. You can actually use any port, but 2001 is a de facto standard established by Dan Larimer. Unless you have a fairly good reason to use another port, just use 2001.
• With port 2001 open in your firewall, start the seed node with the flag --p2p-endpoint=0.0.0.0:2001.
• Ensure your seednode daemon stays live like you did with the witness node by redirecting output. See the start command above.
• Check your seed node connectivity with the shell command telnet SEED_IP 2001 from a second computer. A successful connection will spit out a line starting with "Trying SEED_IP...", then "Connected to ..." then "Escape character ..." and then some garbage. After a few seconds it will disconnect automatically due to a non-response time out.

Advertising your intent to be a witness

• Put up a post at steemit's "witness-category" explaining your credentials as a witness operator and how perfectly awesome your hosting service is for your witness node. Provide the IP address (if static) or domain mame for your seed node. Also provide the port (e.g. 2001). Do not provide the IP address or domain name of your witness node. This latter information should be kept secret, for security.
• Cross-post your witness post to the Steem thread at bitcointalk
• Let everyone at the Steem Slack know your intentions, especially in the "#witness" channel.
• Be helpful to the community as much as possible. Try not to use profanity. Genuinely enjoy the outdoors, children, and small animals. Respect your elders. Be attentive to your civic duties. Go to bed early. Get up early. Drink plenty of water. Lay off the carbs and avoid trans fats. Exercise.

Testing your witness node

You can test your witness node during the mining period (which may be over by the time you see this).

In addition to a witness server and a seed node, you need a mining machine.

Testing your witness node is for experts only. However, if you lack the confidence in your expertise to try this, then you may want to reconsider being a witness.

First WHATEVER YOU DO, DO NOT ADD YOUR WITNESS TO THE MINER!!!

Yeah, that's shouting and potentially obnoxious, but it's for your own good. If a witness tries to mint blocks on two different machines, it runs the risk of being caught for producing double work on a block, which will be interpreted as a malicious attempt to fork the chain. When this happens, the witness will likely be reported by an observer, and the totality of the witness's VESTS will be transferred to the reporter. The witness will cease to be a witness and it will be a dark day for the witness's owner.

You have been warned.

With this setup, when your miner broadcasts PoW, your witness will enter the queue. When it gets into the top 21 of the queue, it will begin to mint blocks as a witness, which your witness node should handle. It may miss some blocks depending on the competition at the top of the queue. However, if it hits its fair share, then the witness node is operating correctly.

Following are example relevant sections of configuration files for the miner and witness nodes.

Miner Node

# config.ini for miner machine
witness = "otherminer"

miner = ["mywitness", "5MYWITNESSOWNERKEY"]
miner = ["otherminer", "5OTHERMINEROWNERKEY"]
...

Notice how the witness setting for "mywitness" is missing. That's real important!

Witness Node

# config.ini for witness machine
witness = "mywitness"

# 5MYWITNESSSIGNINGKEY does not necessarily need to be 5MYWITNESSOWNERKEY
private-key = 5MYWITNESSSIGNINGKEY

# miners = DON'T PUT ANY MINERS IN

# mining-threads = COMMENT THIS OUT