Installing and Running a Node Using systemd

Introduction

You can install a Radix Node as a systemd service, without using Docker as a container. The example given here assumes the use of an AWS instance, but can be applied to any Unix-based system. There are a number of steps to the installation:

  1. Create a radixdlt user for running the node.

  2. Install the required packages

  3. Install and run the node.

  4. Configure the Nginx server

If you’re looking to install the node as a Docker container, then follow the instructions here.

Prerequisites

We’re assuming that you have access to a Unix-based server with 100 GB of free SSD space and network bandwidth of 10 GBps or above. It’ll probably take about half an hour to run through the whole installation.

1. Install Required Packages

  1. Execute the following command to make sure the packages on your system are up-to-date.

    sudo apt update -y
  2. You’re going to need to generate secure keys during the installation, so make sure that the necessary packages for this are installed.

    sudo apt install rng-tools
    sudo rngd -r /dev/random

2. Configure the Ports

The node requires that a number of ports are accessible on your server. Ensure that ports 443 and 30000 are available and can be seen externally.

HTTPS port for all API end points

 sudo ufw allow 443/tcp

GOSSIP port for node to node communication

 sudo ufw allow 30000/tcp

If you are using a cloud service then you must also arrange for external port access through your service provider: this is usually done through the service management console.

If you are hosting the service yourself, then you may need to open access to the ports through your hardware router.

For more information on the ports used by the Radix service, please consult the Ports used by the Radix Node documentation.

3. Create the Radix User

For security, you’re going to run the node as a specialized user, rather than an administrator.

  1. Execute the following commands to create a new user called radixdlt.

    sudo useradd radixdlt -m

    And then to set the password:

    sudo passwd radixdlt
  2. You’re going to allow the radixdlt user to manage the radixdlt-node service by creating a file in /etc/sudoers with the following content:

    sudo sh -c ' cat > /etc/sudoers.d/radixdlt << EOF
    radixdlt ALL= NOPASSWD: /bin/systemctl enable radixdlt-node.service
    radixdlt ALL= NOPASSWD: /bin/systemctl restart radixdlt-node.service
    radixdlt ALL= NOPASSWD: /bin/systemctl stop radixdlt-node.service
    radixdlt ALL= NOPASSWD: /bin/systemctl start radixdlt-node.service
    radixdlt ALL= NOPASSWD: /bin/systemctl reload radixdlt-node.service
    EOF'
  3. You can check that the file has been created properly by executing the following command:

    sudo ls -l /etc/sudoers.d

    You should see the radixdlt file in the directory listing.

4. Create the system service file

Create a system service file for the node, and put it under the ownership of the radixdlt user.

sudo touch /etc/systemd/system/radixdlt-node.service
sudo chown radixdlt:radixdlt /etc/systemd/system/radixdlt-node.service

5. Install the JDK Software Packages

  1. Execute the following command to download the Java package:

     sudo apt install -y openjdk-11-jdk
  2. Install unzip to uncompress packed files, and wget to download files from remote servers.

    sudo apt install -y unzip wget

6. Create Directories

Here, you will create directories which will eventually hold the Node software and the ledger data.

  1. First, create the directory and set permissions for the Node software.

    sudo mkdir  /etc/radixdlt/
    sudo chown radixdlt:radixdlt -R /etc/radixdlt
  2. Now, create the directory and set permissions for the Radix ledger.

    sudo mkdir /data
    sudo chown radixdlt:radixdlt /data

7. Download the Radix Distribution

Download and unpack the Radix distribution.

The following actions must be carried as the radixdlt user
  1. Execute the following command to switch to the radixdlt user you created in Section 3, “Create the Radix User”.

    sudo su - radixdlt
  2. Go to https://github.com/radixdlt/radixdlt/releases and look for the entry with the Latest release marker.

  3. You should see a release asset zip file that starts with radixdlt-dist.

  4. Paste the URL you copied into a wget command to retrieve the zip file.

  5. Then unpack it.

    unzip radixdlt-dist-1.0-beta.40.zip  (1)
    1 The file name should correspond to the release version you have downloaded.

    Move the file to its executable directory.

    mv radixdlt-1.0-beta.40/ /etc/radixdlt/node
  6. Change to the directory:

    cd /etc/radixdlt/node

At this stage, it’s worth checking the directory by executing the ls -al command. It should contain directories for bin and lib.

8. Create the Keys

You will use the Radix key generator to create secure keys for the node.

The key file contains a randomly-generated private key that determines your node’s unique address and (if choosing to register as a validator node) validator ID.

This means if you lose your key file, you will forever lose your node address and validator ID - forcing you to generate a new key file from scratch.

Any tokens held by the node address will be lost.

Always make sure that you securely back up your key file as soon as you’ve generated it, and carefully protect it.

  1. Create a directory to hold the keys.

    mkdir /etc/radixdlt/node/secrets
  2. Then, run they key generator

    ./bin/keygen --keystore=secrets/node-keystore.ks --password=node-password

    This will create the keys and write them to the secrets folder.

Don’t forget to set your own password for the key!

9. Create a file with environment variables

Now you’re going to create a file that will contain the environment variables for the service.

cat > /etc/radixdlt/node/secrets/environment << EOF
JAVA_OPTS="-server -Xms8g -Xmx8g -XX:+HeapDumpOnOutOfMemoryError -XX:+UseCompressedOops -Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts -Djavax.net.ssl.trustStoreType=jks -Djava.security.egd=file:/dev/urandom -DLog4jContextSelector=org.apache.logging.log4j.core.async.AsyncLoggerContextSelector"
RADIX_NODE_KEYSTORE_PASSWORD=node-password (1)
EOF
1 This is the same password you used to generate the keys

10. Configuration

In this part, you’re going to create all the configuration files for the node.

10.1. Create Node Configuration File

Create the file: /etc/radixdlt/node/default.config and populate it with the following content:

/etc/radixdlt/node/default.config
ntp=false
ntp.pool=pool.ntp.org

network.id=2    (1)
node.key.path=/etc/radixdlt/node/secrets/node-keystore.ks    (2)
network.p2p.listen_port=30001    (3)
network.p2p.broadcast_port=30000
network.p2p.seed_nodes=radix://tv1qt9kqzzqyj27zv4n67f2jrzgd24hsxfwe8d4kw9j4msze7rpdg3guvk07jy@54.76.86.46:30000    (4)
network.host_ip=35.178.201.42   (5)
db.location=/data    (6)

api.node.port=3334    (7)
api.archive.port=8081    (8)
log.level=debug

api.archive.enable=true    (9)
api.construction.enable=true    (10)
api.account.enable=true    (11)
api.health.enable=true    (12)
api.metrics.enable=true    (13)
api.system.enable=true    (14)
api.validation.enable=true    (15)
api.version.enable=true    (16)

api.node.bind.address=0.0.0.0    (17)
api.archive.bind.address=0.0.0.0    (18)
1 The id of the Radix network. The value for Stokenet is 2
2 the location and name of node key file.
Always make sure you have an up-to-date copy of this file
3 the TCP port for listening to inbound connections. Set the port address to 30001 so that it doesn’t clash with the Nginx server you’ll be installing later.
4 this is the address of the node you are connecting to. Select the node closest to your server from the following list:
Asia Pacific (south-east)
radix://tn1qdg87mk4gr8dlmfv82y9cqleqkcjm0fxlxe8vhcxvskd3k90jcmgk4ewsmw@13.210.91.116
radix://tn1qfzy56n7wsspqjn8kal8n4ls9rs6lth3x6fzqhhdgqa7emwqz9w8j0xp4e3@3.106.19.89
radix://tn1qt86e6vjvlcvmhgcgeu4szkmd70kg54g0j2fef9ttpt738xp0jjlv693c92@54.206.193.154
Asia Pacific (south)
radix://tn1qvgnymu94dw5gfug2e678x9h0puupk8vkm0z0083744jscukqvgsxjpgrnr@3.108.246.15
radix://tn1qdhf7aeat739n77e227l3vgvv56kntp20ennaj38t5jc8988r5s2zxzxp77@3.108.209.244
radix://tn1qwrerrj64fc66v8ztcgd2fr8szx73k7ermkg5hyy8q7qelnu48svw44m362@3.108.183.207
EU (west)
radix://tn1qt9kqzzqyj27zv4n67f2jrzgd24hsxfwe8d4kw9j4msze7rpdg3guvk07jy@54.76.86.46
radix://tn1qw3dyujr8ss29648wfqzenwx7el08yj6mpru6z62hxzlh9n3sgwwqdkl295@52.16.242.94
radix://tn1qgtjz4432e7ghdfsdc6ssu4v63rwxk2g84e4yedadeasfsfaw3995l9gl6l@52.215.119.169
US (east)
radix://tn1qvluh8d3e6uxnm2k0h6zfnng0r7hkgcd8ppjn8slzyhs7vqlavw0va9de6q@3.222.172.90
radix://tn1q0g9zpvv2ggw99fz86q52csdjk2t0ynqz0r0e23xhdszx3r7sv9jyx84lc4@54.210.93.129
radix://tn1qt2rma6397uytnusr0ct777tp3gnzkh65apnmhz9zqjqvmwjxwvhv8rmdd3@34.195.139.75
5 the external ip address of your server. You can find out your external IP address with the following command:
curl ifconfig.me
6 the location of the node’s ledger database.
7 the HTTP port for the node API. Set this port to 3334 to prevent clashes with the Nginx server.
8 the HTTP port for the archive API. Set this port to 8081 to prevent clashes with the Nginx server.
9 set this to true if you want to enable the node’s JSON-RPC service. Only archive nodes support the REST service client.
10 enables the construction API which is used for building transactions for token transfers, staking and unstaking.
11 enables the API which allows for the retrieval of account information.
12 enable the API for extracting health information from the nodes.
13 activates the API for extracting monitoring and metrics information.
14 this API is used for extracting operational data for the node, for example: network peers, network identifier and native token information
15 API used for retrieving information about validator nodes.
16 activates API that is used to return the version identifier of the node software.
17 the address to use for the system API.
18 the address used for the client API. This API is only available for archive nodes.

10.2. Populate System Control File

The file /etc/systemd/system/radixdlt-node.service configures the node to run a system service. You created the file in Section 4, “Create the system service file”, but now you’re going to populate it with the following:

/etc/systemd/system/radixdlt-node.service
[Unit]
Description=Radix DLT Validator
After=local-fs.target
After=network-online.target
After=nss-lookup.target
After=time-sync.target
After=systemd-journald-dev-log.socket
Wants=network-online.target

[Service]
EnvironmentFile=/etc/radixdlt/node/secrets/environment

User=radixdlt
WorkingDirectory=/etc/radixdlt/node
ExecStart=/etc/radixdlt/node/bin/radixdlt
SuccessExitStatus=143
TimeoutStopSec=10
Restart=on-failure

[Install]
WantedBy=multi-user.target

11. Start Your Node

You are now ready to start your node. Execute the command:

sudo systemctl start radixdlt-node.service

12. Enable Your Node at Startup

You can now enable your node service to start up at when the server starts. Execute the command:

sudo systemctl enable radixdlt-node.service

13. Installing Nginx

Nginx is the front-end web server that handles secure requests between the node and the outside world. The installation runs as a superuser, so if you are still using your terminal as radixdlt user then exit the radixdlt session now:

exit

Now run the following command to run the installation:

sudo apt install -y nginx apache2-utils

Nginx comes with a predefined site directories that you’re not going to need, so you can delete them.

sudo rm -rf /etc/nginx/{sites-available,sites-enabled}

14. Download Nginx Configuration Files

Download and unpack the Nginx distribution.

  1. Go to https://github.com/radixdlt/radixdlt-nginx/releases and look for the entry with the Latest release marker.

  2. You should see release assets for two .zip files.

    If you’re running a full node then copy the URL for radixdlt-nginx-fullnode-conf.zip.

    If you’re running an archive node then copy the URL for radixdlt-nginx-archive-conf.zip.

  3. Paste the URL you copied into a wget command on your server to retrieve the zip file.

  4. Unzip the nginx configuration you’ve just downloaded. Either:

    • full node

    • archive node

    unzip radixdlt-nginx-fullnode-conf.zip
    unzip radixdlt-nginx-archive-conf.zip
  5. Copy the files to the Nginx setup directory.

    sudo cp -r conf.d/ /etc/nginx/
  6. And now copy the nginx configuration files for your node type:

    • full node

    • archive node

    sudo cp nginx-fullnode.conf /etc/nginx/nginx.conf
    sudo cp nginx-archive.conf /etc/nginx/nginx.conf

15. Create Nginx Cache Directory

Nginx requires a cache directory for storing the reusable artifacts it downloads. Use the following command to create the cache:

sudo mkdir -p /var/cache/nginx/radixdlt-hot

16. Create the SSL Certificates

You can use your own SSL certificates if you wish, but for convenience, you’ll find the instructions for creating a set here.

  1. Create the directory to hold the certificates:

    sudo mkdir /etc/nginx/secrets
  2. Create the SSL keys using the following command:

    sudo openssl req  -nodes -new -x509 -nodes -subj '/CN=localhost' -keyout "/etc/nginx/secrets/server.key" -out "/etc/nginx/secrets/server.pem"
  3. And now execute this command to make sure the keys are in the correct format:

    sudo openssl dhparam -out /etc/nginx/secrets/dhparam.pem  4096
    This command may take a minute or more to run.
  4. Run the next command to set the authentication password for the server’s admin user:

sudo htpasswd -c /etc/nginx/secrets/htpasswd.admin admin

17. Start Nginx

  1. Now, to start Nginx, execute the following command:

    sudo systemctl start nginx
  2. And now run this command to make sure that nginx starts up when the host server restarts:

    sudo systemctl enable nginx
  3. You can check if the service is running by executing this command:

    curl -d '{ "jsonrpc": "2.0", "method": "account.get_info", "params": [], "id":1}' -H "Content-Type: application/json" -X POST -u superadmin:nginx-password -k  "https://localhost/account"

    which spools out a few basic node details:

    {"address":"tdx1qspl7mgjqwgwqyjvy2tj8swe8a4lr6mxqdhwmn60cujl6a85mqh69eg37p9ph","balance":{"balances":{},"staked":[]}}

If you’re getting connection errors when trying to connect to the node, then you may need to restart both the node and nginx so they sync correctly. Try executing the following commands:

sudo su - radixdlt
sudo systemctl restart radixdlt-node.service
exit
sudo systemctl restart nginx

Your node doesn’t have any tokens attached to it when you first create it. You can send XRDs to it from your wallet, then execute the curl command again.

curl -d '{ "jsonrpc": "2.0", "method": "account.get_info", "params": [], "id":1}' -H "Content-Type: application/json" -X POST -u superadmin:nginx-password -k  "https://localhost/account"
{"address":"tdx1qspl7mgjqwgwqyjvy2tj8swe8a4lr6mxqdhwmn60cujl6a85mqh69eg37p9ph","balance":{"balances":{"01":20},"staked":[]}}
It might take some times for your tokens to appear, since your newly-created node will have to wait for the next epoch before it syncs with the rest of the network. If you want to know more about Radix epochs, then click here.

Troubleshooting

If your node isn’t running at this point, then consult the Troubleshooting Guide, or drop a message on Discord where Radix staff and community will be happy to help out.

Where to next …?

Once your node is up and running you can configure it to run as a validator by following the steps in Registering a Validator Node