SOST runs on dedicated VPS infrastructure with hardened security, nginx reverse proxy, systemd services, and automated SSL. Every component is self-hosted and independently verifiable.
| Domain | Purpose | Status |
|---|---|---|
| sostcore.com | Informational website — protocol documentation, whitepaper, getting started guides | Live (SSL) |
| explorer.sostcore.com | Block explorer — real-time chain data, reserve tracker, difficulty dashboard | Live (SSL) |
| seed.sostcore.com | P2P bootstrap seed node — port 19333. Not a website; TCP-only for node discovery | Live (P2P) |
| wallet.sostcore.com | Web wallet — client-side key generation, send/receive, TOTP 2FA. Keys never leave device | Now Live (SSL) |
--connect <host:port>.
SOST runs on dedicated infrastructure with hardened Linux, automated SSL via Let's Encrypt, and defense-in-depth security. The node process is managed by systemd with automatic restarts, and RPC is bound to localhost only, proxied through nginx for public read-only access.
| Component | Details |
|---|---|
| Ports open | 22 (SSH), 80 (HTTP), 443 (HTTPS), 19333 (P2P) |
| Process manager | systemd service (sost-node.service) |
| SSL | Let's Encrypt (auto-renewal via certbot) |
| Reverse proxy | nginx — static files + RPC proxy |
| RPC binding | localhost only — not directly exposed |
| Layer | Configuration |
|---|---|
| SSH | Key-only authentication (password auth disabled) |
| fail2ban | Brute-force protection active |
| UFW firewall | Allow 22/80/443/19333 only — deny all other inbound |
| nginx rate limiting | Rate-limited |
| RPC access | localhost only — nginx proxies selected read-only methods |
| RPC auth | Basic Auth required for state-changing methods |
| P2P DoS | Automatic ban scoring with peer limits enforced |
| P2P encryption | X25519 + ChaCha20-Poly1305 (default: on) |
The block explorer is a static HTML page that queries the node via nginx-proxied RPC endpoints. No backend framework, no database — pure client-side JavaScript.
Static HTML + JS
→Reverse proxy + rate limit
→JSON-RPC on 127.0.0.1:18232
→Full node (chain + UTXO + mempool)
| Method | Purpose |
|---|---|
| getinfo | Chain height, difficulty, connections, UTXO count |
| getblockcount | Current block height |
| getblockhash | Block hash at height |
| getblock | Full block data (hash, time, difficulty, cASERT) |
| getaddressinfo | Address balance, UTXO list |
| gettransaction | Full transaction data (inputs, outputs, fee) |
| getmempoolinfo | Mempool size and fee stats |
| estimatefee | Recommended fee per byte |
| getpeerinfo | Connected peer list |
Nodes discover each other through the seed node and maintain persistent connections for block and transaction relay.
sost-node binary
→seed.sostcore.com
→Port 19333
→VERS → VACK → Sync
| Parameter | Value |
|---|---|
| Magic bytes | 0x534F5354 ("SOST") |
| Default port | 19333 |
| Peer limits | Enforced (inbound + outbound) |
| DoS protection | Automatic ban scoring |
| Ping interval | 30 seconds |
| Encryption | X25519 + ChaCha20-Poly1305 (default: on) |
| Block batch size | 500 blocks per GETB request |
| Fast sync | Hard checkpoints + assumevalid (default on) |
| Command | Direction | Description |
|---|---|---|
| VERS | Both | Version handshake (height + genesis hash) |
| VACK | Reply | Version acknowledged |
| EKEY | Both | X25519 ephemeral public key exchange |
| GETB | Request | Request blocks from height |
| BLCK | Reply | Full block with transactions |
| TXXX | Broadcast | Transaction relay (hex-encoded) |
| PING | Request | Keepalive ping |
| PONG | Reply | Keepalive response |
Clone the repository from GitHub:git clone https://github.com/Neob1844/sost-core.git
Build from source (C++17, CMake):mkdir build && cd build && cmake .. && make -j$(nproc)
Start the node — it connects to seed.sostcore.com:19333 automatically for peer discovery and chain sync.
The node downloads and validates all blocks from genesis. Full PoW verification, UTXO replay, and mempool initialization. Your node is sovereign.