Installing and Running a Node as a Docker Instance
Introduction
A Full Node simply connects to the network, synchronizes ledger state, and observes the status of the network. It can be thought of as a kind of “wallet” that is connected directly to the network, with the Node’s own account available for programmatic control.
Reasons to run a full node include:
-
Prerequisite to running the node as a validator node
-
Observing the network state and operation directly and trustlessly
-
Operating a trustless account using programmatic controls. (The current Radix Desktop Wallet cannot be used as a GUI for a full node’s internal account)
This guide will run you through an example installation and deployment of a node using docker containers.
Installing a Full Node as a Docker Instance in the Cloud
We’ve split the installation into discrete stages:
-
Installing Docker and the secure key generation tools.
-
Using the
keygen
application to generate secure keys for your service. -
Installing and running the node on a provisioned server instance.
-
(An optional step converts the node into a validator, which is covered here)
We’re using Amazon Web Services throughout our example, but you can install Radix nodes on any cloud service that supports Java, such as Google’s cloud platform or Microsoft Azure – or follow similar step to deploy on a private server. |
Prerequisites
We’re assuming that you’re comfortable provisioning a cloud service instance and installing/running Docker on it. You’ll also need a working knowledge of Git, and the UNIX command line.
AWS provisioning is beyond the scope of this exercise, but there are plenty of resources dotted around the web which will help you to get started. You will also need a working knowledge of Docker.
The provisioned AWS service
We recommend the following hardware specification as a minimum starting point.
Model | vCPU | Memory (GB) | Storage(GB) | Network Bandwidth (Gbps) | Operating System |
---|---|---|---|---|---|
c5.2xlarge |
8 |
16 |
Provision a gp2 storage volume. You should initially provision 200 GB of SSD space |
Up to 10 |
If you’re using a service provider other than Amazon, then aim for a similar spec.
1. Docker Installation
If you’re using the provision recommended in the The provisioned AWS service section then you can log into the instance and run the following commands to install docker
and docker-compose
.
-
Create the directory for the compose scripts:
sudo apt update mkdir radixdlt cd radixdlt
All further instructions assume you are running commands from directory radixdlt
-
Install
wget
,Docker
and the tools for key generating randomized keys:sudo apt install wget sudo apt install docker.io sudo apt install docker-compose sudo apt install rng-tools sudo rngd -r /dev/random
-
Add user to Docker group:
sudo groupadd docker sudo usermod -aG docker $USER newgrp docker
2. Get the Docker Compose Script
You will need a docker compose script to build the node, which you can download from the Radix repository on GitHub directly to your server. You’ll need a different script, depending on whether you’re setting up a full node or an archive node. Execute one of the wget
commands below to retrieve the compose script.
3. Generate the keys
You’ll need the Radix Key Generator application to create secure keys for the node once it’s installed. (It’s a good idea to generate the keys first, just to get them out of the way).
The key file contains a randomly-generated private key that determines your node’s unique address and (if choosing to register as a validator node) validator ID. This means if you lose your key file, you will forever lose your node address and validator ID - forcing you to generate a new key file from scratch. Any tokens held by the node address will be lost. As a validator, your delegators will have to unstake from your validator ID and restake to your new ID. Always make sure that you securely back up your key file as soon as you’ve generated it, and carefully protect it. |
You can check for the latest version of the keygen
program here:
which should be used in the command given below to generate the secure keys.
docker run --rm -v ${PWD}:/keygen/key radixdlt/keygen:1.3.0 --keystore=/keygen/key/node-keystore.ks --password=node-password
If you check the directory, you should now have a key file called node-keystore.ks
.
The key generation process may take a long time if your server hasn’t generated a sufficiently large pool of random values to build fresh keys. Be prepared to wait up to twenty minutes for the key generation to complete. |
You must change the key file’s permissions so that container can use it.
sudo chmod 644 node-keystore.ks
4. Setting up your Environment
The installation uses a Docker compose script to build the instance.
4.1. Create the environment variables
The compose script needs two pieces of information from you before it can run:
RADIXDLT_NODE_KEY_PASSWORD
|
The password you used in Section 3, “Generate the keys”. |
RADIXDLT_NETWORK_NODE
|
This is the IP address of the node on radix network that your own node will use to join the network. Radix has a number of nodes set up world-wide. Use the address closest to your server’s location: |
Set up the address and the password by creating environment variables on the instance:
export RADIXDLT_NETWORK_NODE=radix://rn1qgf0tug4nmxfa7su8zsu8pejzq48eeglvxf8le09cuy0nsghzg44weacz2q@3.109.36.249
export RADIXDLT_NODE_KEY_PASSWORD=node-password
5. Configure the Ports
The node requires that a number of ports are accessible on your server instance. Ensure that ports 443
and 30000
are available and can be seen externally.
sudo ufw allow 443/tcp
sudo ufw allow 30000/tcp
Bear in mind that you must arrange for port access outside your cloud server instance: this is usually done through the management console provided by your cloud service. For more information on the ports used by the Radix service, please consult the Ports used by the Radix Node documentation. |
At this point in directory radixdlt
, you should have two files:
-
radix-fullnode-compose.yml
orradix-archivenode-compose.yml
-
node-keystore.ks
6. Configure Nginx Admin password
The node uses Nginx as its front end server. During startup, it creates an HTTP basic auth user named admin
. The password is generated automatically and printed to the logs. If you want to use your own password, you will need to use the Docker instruction below to set the password before running the node installation.
docker run --rm -v radixdlt_nginx_secrets:/secrets radixdlt/htpasswd:v1.0.0
htpasswd -bc /secrets/htpasswd.admin admin {nginx-admin-password}
If you omit the command, then |
To setup the superadmin and metrics users for your use, run these commands:
docker run --rm -v radixdlt_nginx_secrets:/secrets radixdlt/htpasswd:v1.0.0
htpasswd -bc /secrets/htpasswd.superadmin superadmin {nginx-superadmin-password}
docker run --rm -v radixdlt_nginx_secrets:/secrets radixdlt/htpasswd:v1.0.0
htpasswd -bc /secrets/htpasswd.metrics metrics {nginx-metrics-password}
Troubleshooting
If your node isn’t running at this point, then consult the Troubleshooting Guide, or drop a message on Discord where Radix staff and community will be happy to help out.
Where to next …?
Once your node is up and running you can configure it to run as a validator by following the steps in Registering a Validator Node