Installing and Running a Standalone Full Node

Introduction

You can install a Radix Node as a standalone service, without using Docker as a container. The example given here assumes the use of an AWS instance, but can be applied to any Unix-based system. There are a number of steps to the installation:

  1. Create a radixdlt user for running the node.

  2. Install the required packages

  3. Install and run the node.

  4. Configure the Nginx server

If you’re looking to install the node as a Docker container, then follow the instructions here.

Prerequisites

We’re assuming that you have access to a Unix-based server with 100 GB of free SSD space and network bandwidth of 10 GBps or above. It’ll probably take about half an hour to run through the whole installation.

Install Required Packages

  1. Execute the following command to make sure the packages on your system are up to date.

    sudo apt update -y
  2. You’re going to need to generate secure keys during the installation, so make sure that the necessary packages for this are installed.

    sudo apt install rng-tools
    sudo rngd -r /dev/random

Configure the Ports

The node requires that a number of ports are accessible on your server. Ensure that ports 443 30000 are available and can be seen externally.

HTTPS port for all API end points

 sudo ufw allow 443/tcp

GOSSIP port for node to node communication

 sudo ufw allow 30000/tcp

If you are using a cloud service then you must also arrange for external port access through your service provider: this is usually done through the service management console.

If you are hosting the service yourself, then you may need to open access to the ports through your hardware router.

For more information on the ports used by the Radix service, please consult the Ports used by the Radix Node documentation.

Create the Radix User

For security, you’re going to run the node as specialized user, rather than an administrator.

  1. Execute the following commands to create a new user radixdlt.

    sudo useradd radixdlt -m

    And then to set the password:

    sudo passwd radixdlt
  2. You’re going to allow radixdlt user to manage the radixdlt-node service by creating a file in /etc/sudoers with the following content:

    sudo sh -c ' cat > /etc/sudoers.d/radixdlt << EOF
    radixdlt ALL= NOPASSWD: /bin/systemctl enable radixdlt-node.service
    radixdlt ALL= NOPASSWD: /bin/systemctl restart radixdlt-node.service
    radixdlt ALL= NOPASSWD: /bin/systemctl stop radixdlt-node.service
    radixdlt ALL= NOPASSWD: /bin/systemctl start radixdlt-node.service
    radixdlt ALL= NOPASSWD: /bin/systemctl reload radixdlt-node.service
    EOF'
  3. You can check that the file has been created properly by executing the following command:

    sudo ls -l /etc/sudoers.d

    You should see the radixdlt file in the directory listing.

  4. Create a system service file for the node, and put it under the ownership of the radixdlt user.

    sudo touch /etc/systemd/system/radixdlt-node.service
    sudo chown radixdlt:radixdlt /etc/systemd/system/radixdlt-node.service

Install the JDK Software Packages

  1. Execute the following command to download the Java package:

     sudo apt install -y openjdk-11-jdk
  2. Install unzip to uncompress packed files, and wget to download files from remote servers.

    sudo apt install -y unzip wget

Create Directories

Here, you will create directories which will eventually hold the Node software and the ledger data.

  1. First, create the directory and set permissions for the Node software.

    sudo mkdir  /etc/radixdlt/
    sudo chown radixdlt:radixdlt -R /etc/radixdlt
  2. Now, create the directory and set permissions for the Radix ledger.

    sudo mkdir /data
    sudo chown radixdlt:radixdlt /data

Download the Radix Distribution

Download and unpack the Radix distribution.

The following actions must be carried as the radixdlt user
  1. Execute the following command to switch to the radixdlt user you created previously.

    sudo su - radixdlt
  2. Go to https://github.com/radixdlt/radixdlt/releases and look for the entry with the Latest release marker.

  3. You should see a release asset zip file that starts with radixdlt-dist.

  4. Paste the URL you copied into a wget command to retrieve the zip file.

  5. Then unpack it.

    unzip radixdlt-dist-1.0-beta.35.1.zip  (1)
    1 The file name should correspond to the release version you have downloaded.

    Move the file to its executable directory.

    mv radixdlt-1.0-beta.35.1/ /etc/radixdlt/node
  6. Change to the directory:

    cd /etc/radixdlt/node

At this stage, it’s worth checking the directory by executing the ls -al command. It should contain directories for bin and lib.

Create the Keys

You will use the Radix key generator to create secure keys for the node.

If you lose your key file then you will also lose your original node address when you generate a new key.

Always make sure that you create a copy of your key as soon as you’ve generated it.

  1. Create a directory to hold the keys.

    mkdir /etc/radixdlt/node/secrets
  2. Then, run they key generator

    ./bin/keygen --keystore=secrets/validator.ks --password=SET_YOUR_PASSWORD

    This will create the keys and write them to the secrets folder.

Don’t forget to set your own password for the key!

Create a file with environment variables

Now you’re going to create a file that will contain the environment variables for the service.

cat > /etc/radixdlt/node/secrets/environment << EOF
JAVA_OPTS="-server -Xms3g -Xmx3g -XX:+HeapDumpOnOutOfMemoryError -Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts -Djavax.net.ssl.trustStoreType=jks -Djava.security.egd=file:/dev/urandom -DLog4jContextSelector=org.apache.logging.log4j.core.async.AsyncLoggerContextSelector"
RADIX_NODE_KEYSTORE_PASSWORD=SET_YOUR_PASSWORD (1)
EOF
1 This is the same password you used to generate the keys

Get the Universe File

Once it’s up and running, your node will need to attach itself to the network through an existing node. To do this, you’ll need to get the configuration of the other node. There are a number of Radix nodes that you can use.

Europe US Australia Asia Region

52.48.95.182

3.229.229.42

13.237.131.119

65.0.140.17

54.220.72.167

54.162.38.223

52.62.252.194

65.1.199.241

54.228.40.6

54.162.91.167

52.62.40.95

65.1.232.232

63.35.3.57

54.82.244.245

52.64.238.70

65.2.154.228

And you can use curl to retrieve the file:

curl -k https://52.48.95.182/universe.json > /etc/radixdlt/node/universe.json

Configuration

In this part, you’re going to create all the configuration files for the node.

Create Node Configuration File

Create the file: /etc/radixdlt/node/default.config and populate it with the following content:

/etc/radixdlt/node/default.config
ntp=false
ntp.pool=pool.ntp.org

universe.location=/etc/radixdlt/node/universe.json
node.key.path=/etc/radixdlt/node/secrets/validator.ks
network.tcp.listen_port=30001
network.tcp.broadcast_port=30000
network.seeds=52.48.95.182:30000
host.ip=35.178.201.42
db.location=/data

node_api.port=3334
client_api.enable=false
client_api.port=8081
log.level=debug
network.tcp.listen_port

The TCP port for listening to inbound connections. Set the port address to 30001 so that it doesn’t clash with the Nginx server you’ll be installing later.

network.seeds

This is the address of the node you are connecting to.

host.ip

The external ip address of your server. You can find out your external IP address with the following command:

curl ifconfig.me
node_api.port

The HTTP port for the node API. Set this port to 3334 to prevent clashes with the Nginx server.

client_api.enable

This is not required for full nodes, so set this to false.

client_api.port

The HTTP port for the client API. Set this port to 8081 to prevent clashes with the Nginx server. This is only needed if client_api.enable=true

Populate System Control File

The file /etc/systemd/system/radixdlt-node.service configures the node to run a system service. You created the file in an earlier section, but now you’re going to populate it with the following:

/etc/systemd/system/radixdlt-node.service
[Unit]
Description=Radix DLT Validator
After=local-fs.target
After=network-online.target
After=nss-lookup.target
After=time-sync.target
After=systemd-journald-dev-log.socket
Wants=network-online.target

[Service]
EnvironmentFile=/etc/radixdlt/node/secrets/environment

User=radixdlt
WorkingDirectory=/etc/radixdlt/node
ExecStart=/etc/radixdlt/node/bin/radixdlt
SuccessExitStatus=143
TimeoutStopSec=10
Restart=on-failure

[Install]
WantedBy=multi-user.target

Start Your Node

You are now ready to start your node. Execute the command:

sudo systemctl start radixdlt-node.service

Enable Your Node at Startup

You can now enable your node service to start up at when the server starts. Execute the command:

sudo systemctl enable radixdlt-node.service

Installing Nginx

Nginx is the front-end web server that handles secure requests between the node and the outside world. The installation runs as a superuser, so if you are still using your terminal as radixdlt user then exit the radixdlt session now:

exit

Now run the following command to run the installation:

sudo apt install -y nginx apache2-utils

Nginx comes with a predefined site directories that you’re not going to need, so you can delete them.

sudo rm -rf /etc/nginx/{sites-available,sites-enabled}

Download Nginx Configuration Files

Download and unpack the Nginx distribution.

  1. Go to https://github.com/radixdlt/radixdlt-nginx/releases/ and look for the entry with the Latest release marker.

  2. You should see a release asset radixdlt-nginx-fullnode-conf.zip.

  3. Paste the URL you copied into a wget command on your server to retrieve the zip file.

  4. Unzip the nginx configuration.

    unzip radixdlt-nginx-fullnode-conf.zip
  5. Copy the files to the Nginx installation directory.

    sudo cp -r conf.d/ /etc/nginx/
    sudo cp nginx-fullnode.conf /etc/nginx/nginx.conf

Create Nginx Cache Directory

Nginx requires a cache directory for storing the reusable artifacts it downloads. Use the following command to create the cache:

sudo mkdir -p /var/cache/nginx/radixdlt-hot

Create the SSL Certificates

You can use your own SSL certificates if you wish, but for convenience, you’ll find the instructions for creating a set here.

  1. Create the directory to hold the certificates:

    sudo mkdir /etc/nginx/secrets
  2. Create the SSL keys using the following command:

    sudo openssl req  -nodes -new -x509 -nodes -subj '/CN=localhost' -keyout "/etc/nginx/secrets/server.key" -out "/etc/nginx/secrets/server.pem"
  3. And now execute this command to make sure the keys are in the correct format:

    sudo openssl dhparam -out /etc/nginx/secrets/dhparam.pem  4096
    This command may take a minute or more to run.
  4. Run the next command to set the authentication password for the server’s admin user:

sudo htpasswd -c /etc/nginx/secrets/htpasswd.admin admin

Start Nginx

  1. Now, to start Nginx, execute the following command:

    sudo systemctl start nginx
  2. And now run this command to make sure that nginx starts up when the host server restarts:

    sudo systemctl enable nginx
  3. You can check if the service is running by executing this command:

    curl -k -u admin:<nginx_password_of_your_choice> https://localhost/node

    which spools out a few basic node details:

    {"address":"brx1qsprzs83dkl78mgu2yu5m0v94qk3n9ftz8f43j05cyu6s5dshkh54vgn4nf2h","balance":{"balances":{},"staked":[]}}

If you’re getting connection errors when trying to connect to the node, then you may need to restart both the node and nginx so they sync correctly. Try executing the following commands:

sudo su - radixdlt
sudo systemctl restart radixdlt-node.service
exit
sudo systemctl restart nginx

Your node doesn’t have any tokens attached to it when you first create it. You can send XRDs to it from your wallet, then execute the curl command again.

curl -k -u admin:<nginx_password_of_your_choice> https://localhost/node
{"address":"brx1qsprzs83dkl78mgu2yu5m0v94qk3n9ftz8f43j05cyu6s5dshkh54vgn4nf2h","balance":{"balances":{"01":20},"staked":[]}}
It might take some times for your tokens to appear, since your newly-created node will have to wait for the next epoch before it syncs with the rest of the network. If you want to know more about Radix epochs, then click here.

Troubleshooting

If your node isn’t running at this point, then consult the Troubleshooting Guide, or drop a message on Discord where Radix staff and community will be happy to help out.

Where to next …?

Once your node is up and running you can configure it to run as a validator by following the steps in Running a Validator Node