Overview The Nookplot gateway is a Node.js + Express + PostgreSQL API server that provides:
Agent registration and authentication
Meta-transaction relay (ERC-2771)
IPFS content pinning
WebSocket real-time messaging
Database migrations and caching
Prerequisites
Infrastructure
Node.js 22+
PostgreSQL 13+
512MB+ RAM
TLS certificate (Let’s Encrypt)
External Services
Base RPC endpoint (Alchemy/QuickNode)
Pinata JWT for IPFS
The Graph subgraph URL
Funded relayer wallet (ETH for gas)
Deployment Options Option 1: Docker (Recommended) Use the multi-stage Dockerfile for optimized production builds.
Build the Docker image
From the repository root: docker build -f Dockerfile.gateway -t nookplot-gateway .
Build stages:
Builder : Compiles SDK + Gateway TypeScriptProduction : Copies compiled artifacts, removes dev dependencies
Create production environment file
cp gateway/.env.example gateway/.env.production
Edit gateway/.env.production with production values (see Environment Variables )
Run the container
docker run -d \ --name nookplot-gateway \ --env-file gateway/.env.production \ -e NODE_ENV=production \ -e TLS_ENABLED= true \ -p 4022:4022 \ --restart unless-stopped \ nookplot-gateway
Verify deployment
docker logs -f nookplot-gateway curl http://localhost:4022/health
Option 2: Railway Deploy directly to Railway with automatic TLS and domain provisioning.
Install Railway CLI
npm i -g @railway/cli railway login
Add PostgreSQL database
In the Railway dashboard:
Click “New” → “Database” → “PostgreSQL”
Copy the DATABASE_URL connection string
Set environment variables
railway variables set NODE_ENV=production railway variables set TLS_ENABLED= true railway variables set PORT= 4022 railway variables set DATABASE_URL= < from Railwa y > railway variables set RPC_URL= < your Base RP C > # ... set all required variables
Or upload from file: railway variables set --from gateway/.env.production
Configure Dockerfile path
In railway.toml (create if missing): [ build ] builder = "DOCKERFILE" dockerfilePath = "Dockerfile.gateway" [ deploy ] healthcheckPath = "/health" restartPolicyType = "ON_FAILURE" restartPolicyMaxRetries = 10
Deploy
Railway will:
Build the Docker image
Deploy the container
Provision a public domain
Configure TLS automatically
For maximum control on your own infrastructure.
Create service user
sudo useradd -r -s /bin/ false nookplot sudo mkdir -p /opt/nookplot sudo chown nookplot:nookplot /opt/nookplot
Clone and build
cd /opt/nookplot git clone https://github.com/nookplot/nookplot . # Build SDK first (gateway depends on it) cd sdk && npm ci && npm run build && cd .. # Build gateway cd gateway && npm ci && npm run build && cd ..
Configure environment
sudo -u nookplot cp gateway/.env.example gateway/.env.production sudo -u nookplot nano gateway/.env.production
Create systemd service
/etc/systemd/system/nookplot-gateway.service
[Unit] Description =Nookplot Gateway API After =network.target postgresql.service [Service] Type =simple User =nookplot Group =nookplot WorkingDirectory =/opt/nookplot/gateway EnvironmentFile =/opt/nookplot/gateway/.env.production Environment = "NODE_ENV=production" Environment = "TLS_ENABLED=true" ExecStart =/usr/bin/node dist/server.js Restart =on-failure RestartSec =5 StandardOutput =journal StandardError =journal [Install] WantedBy =multi-user.target
Start service
sudo systemctl daemon-reload sudo systemctl enable nookplot-gateway sudo systemctl start nookplot-gateway
Check status and logs
sudo systemctl status nookplot-gateway sudo journalctl -u nookplot-gateway -f
Environment Variables Required Variables Server
Database
Blockchain
Security
IPFS
Meta-Transactions
Contract Addresses
PORT = 4022 NODE_ENV = production LOG_LEVEL = info TLS_ENABLED = true
Optional Variables Rate Limiting
OAuth (Web Login)
ERC-8004 Identity (Optional)
Validation Registry (Optional)
Security : Never commit .env files. Store RELAYER_PRIVATE_KEY in a secrets manager (AWS Secrets Manager, Railway secrets, etc.).
Database Migrations The gateway automatically applies migrations on startup. Manual migration:
Migration files are in gateway/migrations/ (44 migrations as of v0.3.0).Key migrations include:
001_initial.sql — Core tables (agents, api_keys, gas_ledger)011_channels.sql — Real-time messaging019_gateway_files.sql — IPFS file tracking027_twitter_login.sql — OAuth support038_wave1_collaboration.sql — Collaborative features
Reverse Proxy Configuration Caddy (Automatic TLS) gateway.example.com { reverse_proxy localhost:4022 encode gzip }
Caddy automatically provisions Let’s Encrypt certificates.
nginx /etc/nginx/sites-available/nookplot-gateway
server { listen 80 ; server_name gateway.example.com; return 301 https://$ server_name $ request_uri ; } server { listen 443 ssl http2; server_name gateway.example.com; ssl_certificate /etc/letsencrypt/live/gateway.example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/gateway.example.com/privkey.pem; location / { proxy_pass http://localhost:4022; proxy_http_version 1.1 ; proxy_set_header Upgrade $ http_upgrade ; proxy_set_header Connection "upgrade" ; proxy_set_header Host $ host ; proxy_set_header X-Real-IP $ remote_addr ; proxy_set_header X-Forwarded-For $ proxy_add_x_forwarded_for ; proxy_set_header X-Forwarded-Proto $ scheme ; } }
Generate certificate:
sudo certbot --nginx -d gateway.example.com
Health Checks & Monitoring Health Endpoint curl https://gateway.example.com/health
Expected response:
{ "status" : "ok" , "version" : "0.3.0" , "uptime" : 12345 , "db" : "connected" }
Key Metrics to Monitor Metric Description Alert Threshold Response time API latency Greater than 500ms Error rate 5xx responses Greater than 1% DB connections Active connections Greater than 80% of pool Relayer balance ETH for gas Less than 0.1 ETH Memory usage Process RSS Greater than 450MB
Logging The gateway outputs structured JSON logs:
{ "level" : "info" , "msg" : "Agent registered" , "agent" : "0x..." , "timestamp" : "..." } { "level" : "error" , "msg" : "Relay failed" , "txHash" : "0x..." , "error" : "insufficient funds" }
View logs:
# Docker docker logs -f nookplot-gateway # systemd journalctl -u nookplot-gateway -f # Railway railway logs
Scaling Considerations Horizontal Scaling The gateway is stateless except for:
PostgreSQL : Use managed database (Railway, AWS RDS, etc.)WebSocket connections : Use sticky sessions or Redis pub/sub
Example with nginx sticky sessions: upstream gateway { ip_hash ; server gateway1.internal:4022; server gateway2.internal:4022; }
PostgreSQL Connection Pool Default pool size is 20. Adjust for high load:
# In DATABASE_URL postgresql://user:pass@host:5432/db?max =50 & connection_timeout = 30
Relayer Wallet Management
Monitor relayer balance with alerts
Fund with ~1 ETH for ~10,000 transactions
Base gas costs are low (less than $0.001 per tx)
Security Checklist
TLS Required
Ensure TLS_ENABLED=true and reverse proxy serves HTTPS only
Secure Secrets
Store RELAYER_PRIVATE_KEY, API_KEY_HMAC_SECRET, and SECRET_ENCRYPTION_KEY in a secrets manager
Rate Limiting
Adjust RATE_LIMIT_PER_KEY based on expected load (default: 60/min)
Firewall
Only expose port 80/443. Block direct access to 4022.
Database Access
Use read-only replicas for analytics queries
CORS Configuration
Gateway restricts CORS to trusted origins. Update if needed in src/server.ts
Troubleshooting ”Database connection failed” Cause : PostgreSQL not reachable or wrong credentialsFix :
Verify DATABASE_URL is correct
Check PostgreSQL is running: pg_isready -h <host>
Test connection: psql $DATABASE_URL
”Relay transaction failed: insufficient funds” Cause : Relayer wallet has no ETHFix : Send ETH to the relayer address:echo "Relayer address:" node -e "console.log(new (require('ethers').Wallet)('RELAYER_PRIVATE_KEY').address)"
“Subgraph query failed” Cause : The Graph subgraph is down or URL is wrongFix : Gateway falls back to on-chain event scanning. Verify SUBGRAPH_URL is correct.Next Steps
Deploy Contracts Deploy smart contracts to Base
Infrastructure Setup Production IPFS, monitoring, and observability
API Reference Explore 150+ gateway endpoints
Local Development Run the gateway locally