Krypton L1

Appearance

Block explorer — Blockscout at kryscan.com

A Blockscout explorer for the Krypton public testnet (chain-id 473374) served at kryscan.com, branded KRY. You do not fork Blockscout — its multi-service docker-compose/ (postgres, redis, backend, frontend, nginx proxy, plus the sc-verifier / stats / sig-provider / visualizer microservices) is upstream. Krypton ships only a thin overlay: two env files plus a compose override.

The deploy artifacts are l1/from-source/deploy/explorer/. This page is the operator-facing version of that directory's README.md.

Deploy artifact — not yet run on real infra

These overlays are config-validated but have not been stood up against a live Blockscout release in this repo, and the public testnet is not live yet. Pin a specific Blockscout release tag and verify the env keys against it before production.

What's in the overlay

FilePurpose
envs/krypton.blockscout.envbackend overrides — RPC node, CHAIN_ID=473374, COIN=KRY, indexer flags
envs/krypton.frontend.envfrontend overrides — NEXT_PUBLIC_* branding + hosts for kryscan.com
docker-compose.override.ymllayers those env files onto Blockscout's own compose

Two different RPC nodes — do not conflate

Read this before you wire anything

The explorer uses two separate RPC backends. Mixing them up either breaks indexing or exposes a debug-enabled archive node to the public.

  • Explorer indexer node — an archive full node exposing eth,net,web3,debug,trace. It stays private; only Blockscout's backend reads it.
  • Public wallet RPC (rpc.kryscan.com) — a separate RPC / full node exposing eth,net,web3 only (no debug/trace/admin/txpool), with reth request caps and rate limiting. This is what MetaMask "Add network" and dapps use.

Prerequisites

  1. A Krypton testnet RPC/archive node the indexer can read — a krypton-rpc full node (see RPC / full node). It must expose eth,net,web3,debug,trace (set RPC_API=eth,net,web3,debug,trace in the node's .env) and should be archive (EL_SYNC_MODE= empty) so the indexer can backfill internal transactions and historical balances. Blockscout is RPC-heavy — give that node headroom (see Hardware specs).
  2. A host for the explorer — Blockscout is heavier than a node: ~8 vCPU / 16–32 GB / 200 GB+ SSD for the backend plus its own Postgres.
  3. DNS + TLS. Point kryscan.com (and rpc.kryscan.com if you expose public RPC) at this host, and terminate HTTPS in front of Blockscout's nginx proxy. The frontend env assumes https — see TLS / reverse proxy (Caddy).

Deploy

bash
# 1. Clone Blockscout at a PINNED release (do not track master).
git clone https://github.com/blockscout/blockscout
cd blockscout && git checkout <pinned-tag>   # e.g. a current v6.x / v7.x release
cd docker-compose

# 2. Drop in the Krypton overlay (from the explorer/ artifact dir).
cp -r <krypton>/l1/from-source/deploy/explorer/envs ./envs-krypton
cp    <krypton>/l1/from-source/deploy/explorer/docker-compose.override.yml .
#    Point the override's env_file paths at ./envs-krypton/, OR merge the keys from
#    envs/ into Blockscout's own envs/common-blockscout.env + common-frontend.env.

# 3. In krypton.blockscout.env, set ETHEREUM_JSONRPC_HTTP_URL / _TRACE_URL to your
#    archive indexer node (a docker network alias like http://krypton-rpc:8545/).

# 4. Bring it up.
docker compose -f docker-compose.yml -f docker-compose.override.yml up -d

The override merges Compose's env_file lists so the Krypton keys win over Blockscout's defaults for the backend and frontend services:

yaml
services:
  backend:
    env_file:
      - ./envs/krypton.blockscout.env
  frontend:
    env_file:
      - ./envs/krypton.frontend.env

Service names track upstream

backend and frontend match current Blockscout v6/v7 compose. If a pinned release renames them, adjust the override accordingly.

Key overlay values

Backend (krypton.blockscout.env) — chain identity and the indexer:

bash
NETWORK=Krypton
SUBNETWORK=Testnet
CHAIN_ID=473374
COIN=KRY
COIN_NAME=KRY

# bera-reth is geth-RPC-compatible -> the "geth" variant.
ETHEREUM_JSONRPC_VARIANT=geth
ETHEREUM_JSONRPC_HTTP_URL=http://krypton-rpc:8545/
ETHEREUM_JSONRPC_TRACE_URL=http://krypton-rpc:8545/
ETHEREUM_JSONRPC_WS_URL=ws://krypton-rpc:8546/

# Instant finality (no uncles/reorgs) + a fresh chain has no pending-tx firehose.
INDEXER_DISABLE_PENDING_TRANSACTIONS_FETCHER=true
INDEXER_DISABLE_INTERNAL_TRANSACTIONS_FETCHER=false

BLOCKSCOUT_HOST=kryscan.com
BLOCKSCOUT_PROTOCOL=https

Frontend (krypton.frontend.env) — the NEXT_PUBLIC_* vars baked into the UI, including NEXT_PUBLIC_NETWORK_ID=473374, the KRY currency (18 decimals), NEXT_PUBLIC_IS_TESTNET=true, the kryscan.com hosts, and the wallet RPC:

bash
NEXT_PUBLIC_NETWORK_RPC_URL=https://rpc.kryscan.com

Secrets are not in the overlay

DATABASE_URL and SECRET_KEY_BASE come from Blockscout's own compose / your secret store — never hard-code them in the Krypton env files. See Secrets (Vault / KMS).

Operate & verify

Point kryscan.com (with TLS) at the nginx proxy's published port and watch the indexer catch up to chain head. Verify success when https://kryscan.com shows the latest block, KRY balances, and Chain ID 473374. Enable the smart-contract verification microservice (MICROSERVICE_SC_VERIFIER_ENABLED=true) — it already ships in the upstream compose.

Quick local path (devnet, not kryscan.com)

For a throwaway explorer against a local Kurtosis net, the upstream beacon-kit package already bundles Blockscout — add it to the args-file additional_services:

yaml
additional_services:
  - name: blockscout

This is the fast dev loop; it is not the kryscan.com path (it is ephemeral, COIN=ETH, container ports).

Security & caveats

  • Pin the Blockscout version. The env keys are stable across v6/v7, but pin a release and verify the keys against it before production.
  • Keep the archive indexer node private — it exposes debug/trace. Only the Blockscout backend should reach it.
  • Rate-limit rpc.kryscan.com. Core Caddy has no limiter; see the rate-limit caveat in TLS / reverse proxy (Caddy).
  • Mainnet (47337) reuses this overlay with CHAIN_ID=47337 and a mainnet host once the audit + testnet soak clear. See Networks & chain IDs.

See also

Operator docs. Testnet chain-id 473374; mainnet 47337 (gated on external audit). Not financial advice.

Krypton L1