Installing and Running a Node as a Docker Instance

Introduction

A Full Node simply connects to the network, synchronizes ledger state, and observes the status of the network. It can be thought of as a kind of “wallet” that is connected directly to the network, with the Node’s own account available for programmatic control.

Reasons to run a full node include:

Prerequisite to running the node as a validator node
Observing the network state and operation directly and trustlessly
Operating a trustless account using programmatic controls. (The current Radix Desktop Wallet cannot be used as a GUI for a full node’s internal account)

This guide will run you through an example installation and deployment of a node using docker containers.

Installing a Full Node as a Docker Instance in the Cloud

We’ve split the installation into discrete stages:

Installing Docker and the secure key generation tools.
Using the keygen application to generate secure keys for your service.
Installing and running the node on a provisioned server instance.
(An optional step converts the node into a validator, which is covered here)

We’re using Amazon Web Services throughout our example, but you can install Radix nodes on any cloud service that supports Java, such as Google’s cloud platform or Microsoft Azure – or follow similar step to deploy on a private server.

Prerequisites

We’re assuming that you’re comfortable provisioning a cloud service instance and installing/running Docker on it. You’ll also need a working knowledge of Git, and the UNIX command line.

AWS provisioning is beyond the scope of this exercise, but there are plenty of resources dotted around the web which will help you to get started. You will also need a working knowledge of Docker.

The provisioned AWS service

We recommend the following hardware specification as a minimum starting point.

Model	vCPU	Memory (GB)	Storage(GB)	Network Bandwidth (Gbps)	Operating System
c5.2xlarge	8	16	Provision a gp2 storage volume. You should initially provision 200 GB of SSD space	Up to 10	Ubuntu 20.04.2.0 LTS (Focal Fossa)

Model

vCPU

Memory (GB)

Storage(GB)

Network Bandwidth (Gbps)

Operating System

c5.2xlarge

Provision a gp2 storage volume.

You should initially provision 200 GB of SSD space

Up to 10

Ubuntu 20.04.2.0 LTS (Focal Fossa)

If you’re using a service provider other than Amazon, then aim for a similar spec.

1. Docker Installation

If you’re using the provision recommended in the The provisioned AWS service section then you can log into the instance and run the following commands to install docker and docker-compose.

Create the directory for the compose scripts:
```
sudo apt update
mkdir radixdlt
cd  radixdlt
```
All further instructions assume you are running commands from directory radixdlt

Install wget, Docker and the tools for key generating randomized keys:

sudo apt install wget
sudo apt install docker.io
sudo apt install docker-compose
sudo apt install rng-tools
sudo rngd -r /dev/random

Add user to Docker group:

sudo groupadd docker
sudo usermod -aG docker $USER
newgrp docker

2. Get the Docker Compose Script

You will need a docker compose script to build the node, which you can download from the Radix repository on GitHub directly to your server. You’ll need a different script, depending on whether you’re setting up a full node or an archive node. Execute one of the wget commands below to retrieve the compose script.

full node

wget https://raw.githubusercontent.com/radixdlt/node-runner/1.3.2/node-runner-cli/release_ymls/radix-fullnode-compose.yml

3. Generate the keys

You’ll need the Radix Key Generator application to create secure keys for the node once it’s installed. (It’s a good idea to generate the keys first, just to get them out of the way).

The key file contains a randomly-generated private key that determines your node’s unique address and (if choosing to register as a validator node) validator ID.

This means if you lose your key file, you will forever lose your node address and validator ID - forcing you to generate a new key file from scratch.

Any tokens held by the node address will be lost.

As a validator, your delegators will have to unstake from your validator ID and restake to your new ID.

Always make sure that you securely back up your key file as soon as you’ve generated it, and carefully protect it.

You can check for the latest version of the keygen program here:

hub.docker.com/radixdlt/keygen

which should be used in the command given below to generate the secure keys.

docker run --rm -v ${PWD}:/keygen/key radixdlt/keygen:1.3.0 --keystore=/keygen/key/node-keystore.ks --password=node-password

If you check the directory, you should now have a key file called node-keystore.ks.

The key generation process may take a long time if your server hasn’t generated a sufficiently large pool of random values to build fresh keys. Be prepared to wait up to twenty minutes for the key generation to complete.

You must change the key file’s permissions so that container can use it.

sudo chmod 644 node-keystore.ks

4. Setting up your Environment

The installation uses a Docker compose script to build the instance.

4.1. Create the environment variables

The compose script needs two pieces of information from you before it can run:

`RADIXDLT_NODE_KEY_PASSWORD`	The password you used in Section 3, “Generate the keys”.
`RADIXDLT_NETWORK_NODE`	This is the IP address of the node on radix network that your own node will use to join the network. Radix has a number of nodes set up world-wide. Use the address closest to your server’s location:

Mainnet Seed Nodes
Stokenet Seed Nodes

Asia Pacific (south-east)

radix://rn1q2jt0jswv3lpct8tavr5tvlg2kv25f26x7w8kf6dz2hp4pu9cwq4we9tm5f@13.238.198.54

radix://rn1qvmp586ylq9e26n98zwyu9s5hdkq8j63t8l028x8wj4vqzk32dwzw0vrg58@54.66.161.181

Asia Pacific (south)

radix://rn1qgf0tug4nmxfa7su8zsu8pejzq48eeglvxf8le09cuy0nsghzg44weacz2q@3.109.36.249

radix://rn1qg54vufz29c5hcwqxuv4pr60f4fsq6ds0qpa7qnrchdwnapkw6qcxymhy7l@3.109.57.223

EU (west)

radix://rn1qthu8yn06k75dnwpkysyl8smtwn0v4xy29auzjlcrw7vgduxvnwnst6derj@54.216.99.177

radix://rn1qtk3g0a2ra663wyua0l4720vfzdje9uqsdzgzjet5w9dhspkaywnjal6dv6@52.212.46.210

US (east)

radix://rn1qtq336a2nn2269fjes53pynwlytrv0katm6uzlfcyl6m7yscac5g7mh8prw@23.22.58.54

radix://rn1qvw5v4w8llexz99uc9gmeh47qp2h9ax2y3aewm5e6vj5sdx8uuph2vfuvg3@52.200.121.204

EU (west)

radix://tn1q28eygvxshszxk48jhjxdmyne06m3x6hfyvxg7a45qt8cksffx6z7uu6392@15.236.228.96

radix://tn1qt9kqzzqyj27zv4n67f2jrzgd24hsxfwe8d4kw9j4msze7rpdg3guvk07jy@54.76.86.46

radix://tn1qww9pj98l4jy3wlzw85yerte8780n9qx7crgx5fks56lzzu85dtdsxjamtv@35.180.3.148

radix://tn1qw3dyujr8ss29648wfqzenwx7el08yj6mpru6z62hxzlh9n3sgwwqdkl295@54.195.7.167

US (east)

radix://tn1qvluh8d3e6uxnm2k0h6zfnng0r7hkgcd8ppjn8slzyhs7vqlavw0va9de6q@3.222.172.90

EU (central)

radix://tn1qd8jmck6zmns4mpe2dpjndw92qtxpj4j0lm3fwk96f68xc63kmjt6gx8w6y@3.121.58.170

radix://tn1qw2hfn7q7ywyff79h74f69jd6p2r7ec2n9vp58hadr4hz6zzkhh27uq25rh@3.121.255.51

Set up the address and the password by creating environment variables on the instance:

export RADIXDLT_NETWORK_NODE=radix://rn1qgf0tug4nmxfa7su8zsu8pejzq48eeglvxf8le09cuy0nsghzg44weacz2q@3.109.36.249
export RADIXDLT_NODE_KEY_PASSWORD=node-password

5. Configure the Ports

The node requires that a number of ports are accessible on your server instance. Ensure that ports 443 and 30000 are available and can be seen externally.

HTTPS port for all API end points

 sudo ufw allow 443/tcp

GOSSIP port for node to node communication

 sudo ufw allow 30000/tcp

Bear in mind that you must arrange for port access outside your cloud server instance: this is usually done through the management console provided by your cloud service.

For more information on the ports used by the Radix service, please consult the Ports used by the Radix Node documentation.

At this point in directory radixdlt, you should have two files:

radix-fullnode-compose.yml or radix-archivenode-compose.yml
node-keystore.ks

6. Configure Nginx Admin password

The node uses Nginx as its front end server. During startup, it creates an HTTP basic auth user named admin. The password is generated automatically and printed to the logs. If you want to use your own password, you will need to use the Docker instruction below to set the password before running the node installation.

docker run --rm -v radixdlt_nginx_secrets:/secrets radixdlt/htpasswd:v1.0.0
htpasswd -bc /secrets/htpasswd.admin admin {nginx-admin-password}

If you omit the command, then nginx will create a password and print it out in the log. It will not appear in the logs if the nginx container restarts for any other reason.

To setup the superadmin and metrics users for your use, run these commands:

docker run --rm -v radixdlt_nginx_secrets:/secrets radixdlt/htpasswd:v1.0.0
htpasswd -bc /secrets/htpasswd.superadmin superadmin {nginx-superadmin-password}

docker run --rm -v radixdlt_nginx_secrets:/secrets radixdlt/htpasswd:v1.0.0
htpasswd -bc /secrets/htpasswd.metrics metrics {nginx-metrics-password}

7. Running the node

Run the compose script to install and run the node.

full node

docker-compose -f radix-fullnode-compose.yml up -d

Troubleshooting

If your node isn’t running at this point, then consult the Troubleshooting Guide, or drop a message on Discord where Radix staff and community will be happy to help out.

Where to next …?

Once your node is up and running you can configure it to run as a validator by following the steps in Registering a Validator Node