Advanced Docker node configuration

Introduction

If you have used the radixnode script to set up your docker node, or used the manual installation described in Installing and Running a Node Using systemd, then the node instance will have been set up with a set of default parameters. You can change the parameters by altering the docker compose file and restarting the node.

You should not change the node’s default settings unless you are confident as to what each setting does and how changing it will affect the operation of your node

Make sure that you take a copy of the docker compose script(s) before making any changes to it.

Configuring your docker node

You can adjust many of the node’s settings by changing the parameters in the radix-fullnode-compose.yml file or radix-archivenode-compose.yml (which you downloaded yourself, or was downloaded for you by the radixnode cli).

radix-fullnode-compose.yml / radix-archivenode-compose.yml

version: '2.2'
services:
  core:
    image: radixdlt/radixdlt-core:1.3.0
    init: true
    restart: unless-stopped
    mem_limit: 7000m
    cap_add:
      - NET_ADMIN
    environment:
      RADIXDLT_HOME: "/home/radixdlt"    (1)
      RADIXDLT_NETWORK_SEEDS_REMOTE: "${RADIXDLT_NETWORK_NODE}"    (2)
      RADIXDLT_DB_LOCATION: "./RADIXDB"    (3)
      RADIXDLT_LOG_LEVEL: debug    (4)
      JAVA_OPTS: --enable-preview -server -Xms8g -Xmx8g  -XX:MaxDirectMemorySize=2048m -XX:+HeapDumpOnOutOfMemoryError -XX:+UseCompressedOops -Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts -Djavax.net.ssl.trustStoreType=jks -Djava.security.egd=file:/dev/urandom -DLog4jContextSelector=org.apache.logging.log4j.core.async.AsyncLoggerContextSelector     (5)
      RADIXDLT_VALIDATOR_KEY_LOCATION: "/home/radixdlt/node-keystore.ks"    (6)
      RADIXDLT_API_PORT: 3333    (7)
      RADIX_NODE_KEYSTORE_PASSWORD: "${RADIXDLT_NODE_KEY_PASSWORD}"
      RADIXDLT_HTTP_BIND_ADDRESS: 0.0.0.0    (8)
      RADIXDLT_NETWORK_ID: 1
      RADIXDLT_NETWORK_USE_PROXY_PROTOCOL:  "true" (9)
      RADIXDLT_TRANSACTIONS_API_ENABLE: "false" (10)
      RADIXDLT_SIGN_ENABLE: "true" (11)
#     If you want use same user from your host, you can pass LOCAL_USER_ID enviroment variable, else it will default to 999.
#     Command `id` will show your uid of the user from terminal. Replace it with <uid of local user> and uncomment the below line
#      LOCAL_USER_ID: <uid of local user>

    volumes:
      - "./node-keystore.ks:/home/radixdlt/node-keystore.ks"
# NAMED VOLUMES: To mount the ledger onto a named docker volume uncomment the below line.This named docker volumes can be externally binded to directory in below volumes section
#      - "core_ledger:/home/radixdlt/RADIXDB"

  nginx:
     image: radixdlt/radixdlt-nginx:1.3.0
     restart: unless-stopped
     ports:
       - "443:443"
       - "30000:30000"
     volumes:
       - "nginx_secrets:/etc/nginx/secrets"
     environment:
      RADIXDLT_TRANSACTIONS_API_ENABLE: "false" (12)
      RADIXDLT_NETWORK_USE_PROXY_PROTOCOL: "true" (13)


volumes:
    nginx_secrets:
# BIND MOUNT Named core ledger volume : Uncomment below lines to bind core_ledger volume. The directory /data should exist before in hand and should have permission 640
#    core_ledger:
#      driver: local
#      driver_opts:
#        o: bind
#        type: none
#        device: /data

1 the installation directory for the node.

2 the IP address of the node that your own node will use to provide a connection to the Radix network.

3 the location of the Radix ledger.

4 set to debug by default which is useful for troubleshooting, but will generate a lot of logging and potentially slow the operation of the node.

5 the parameters for the underlying Java runtime. It’s best not to change this unless you’re absolutely sure you know what you’re doing, or have been advised to so by RadixDLT support.

the location of the encrypted key file.

The key file contains a randomly-generated private key that determines your node’s unique address and (if choosing to register as a validator node) validator ID.

This means if you lose your key file, you will forever lose your node address and validator ID - forcing you to generate a new key file from scratch.

Any tokens held by the node address will be lost.

As a validator, your delegators will have to unstake from your validator ID and restake to your new ID.

Always make sure that you securely back up your key file as soon as you’ve generated it, and carefully protect it.

7 this is the internal port that the node uses for the system API. This shouldn’t be changed unless it clashes with another application using the same port.

8 the address to use for the system API.

9 set this true if you using nginx or set it to false. This allows nginx to pass the remote ip address for tcp connections on gossip port.

set this true on core container if you want transaction stream api enabled.

Whenever you enable transaction stream, ledger on the node needs wiping and then synced from fresh. Setting this to true is not recommended for validator node

enable this so you can sign the transactions using the node wallet. How to sign the transaction is in section [sign-the-transaction]

Never enable this without any authentication or make sure the api path /key/sign it isn’t accessible outside the node. If this disabled,for any registeration or config changes, you have to enable it followed by restart. After which you will be able sign the transactions and apply registration or any validator metadata changes.

12 set this true on nginx container if you want transaction stream api enabled.

13 set this true if you using nginx or set it to false.

Having made changes to the compose file, you will need to run the docker compose command (manually or through the radixnode script) for the changes to take effect.