VPS Setup & Configuration
We aim for Nym Network to be reliable and quality base layer of privacy accross the globe, while growing as distributed as possible. It's essential to have a fine tuned machine as a foundation for the nodes to meet the requirements and be rewarded for their work.
A sub-optimally configured VPS often results in a non-functional node. To follow these steps carefully will save you time and money later on.
VPS Hardware Specs
You will need to rent a VPS to run your node on. One key reason for this is that your node must be able to send TCP data using both IPv4 and IPv6 (as other nodes you talk to may use either protocol).
Tor community created a very helpful table called Good Bad ISPs (opens in a new tab), you can use that one as a guideline for your choice of ISP for your VPS.
Update: Nym community started an ISP table called Where to host your nym node?, check it out and add your findings!
nym-node
Before we conclude the testing with exact results, these are the rough specs:
Hardware | Minimum Specification w |
---|---|
CPU Cores | 4 |
Memory | 4 GB RAM |
Storage | 40 GB |
Connectivity | IPv4, IPv6, TCP/IP, UDP |
Bandwidth | 1Tb |
Port speed | 1Gbps |
Nyx validator
The specification mentioned below is for running a full node alongside the nym-api. It is recommended to run nym-api
and a full Nyx node on the same machine for optimum performance.
Bear in mind that credential signing is primarily CPU-bound, so choose the fastest CPU available to you.
Minimum Requirements
Hardware | Minimum Specification |
---|---|
CPU | 8-cores, 2.8GHz base clock speed or higher |
RAM | 16GB DDR4+ |
Disk | 500 GiB+ NVMe SSD |
Recommended Requirements
Hardware | Minimum Specification |
---|---|
CPU | 16-cores, 2.8GHz base clock speed or higher |
RAM | 32GB DDR4+ |
Disk | 1 TiB+ NVMe SSD |
Full node configuration (validator)
To install a full node from scratch, refer to the validator setup guide and follow the steps outlined there.
VPS Configuration
Before node or validator setup, the VPS needs to be configured and tested, to verify your connectivity and make sure that your provider wasn't dishonest with the offered services.
The commands listed in this chapter must be executed with a prefix sudo
or from a root shell.
Install Dependencies & Configure Firewall
SSH to your server as root
or become one running sudo -i
or su
. If you prefer to administrate your VPS from a user environment, supply the commands with prefix sudo
.
1. Start with setting up the essential tools on your server.
- Get your system up to date
apt update -y && apt --fix-broken install
- Install dependencies
apt -y install ca-certificates jq curl wget ufw jq tmux pkg-config build-essential libssl-dev git
- Double check ufw is installed correctly
apt install ufw --fix-missing
2. Configure your firewall using Uncomplicated Firewall (UFW)
For a nym-node
or Nyx validator to recieve traffic, you need to open ports on the server. The following commands will allow you to set up a firewall using ufw
.
- Check if you have
ufw
installed:
ufw version
- If it's not installed, install with:
apt install ufw -y
- Enable ufw
ufw enable
- Check the status of the firewall
ufw status
3. Open all needed ports to have your firewall for nym-node
working correctly
- In case of reverse proxy setup add:
ufw allow 443/tcp
- Re-check the status of the firewall:
ufw status
For more information about your node's port configuration, check the port reference table below.
Setting ulimit
Linux machines limit how many open files a user is allowed to have. This is called a ulimit
.
ulimit
is 1024 by default on most systems. It needs to be set higher, because Nym Nodes make and receive a lot of connections with each others.
If you see errors such as:
Failed to accept incoming connection - Os { code: 24, kind: Other, message: "Too many open files" }
This means that the operating system is preventing network connections from being made.
Set the ulimit
via systemd
service file
The ulimit setup is relevant for maintenance of Nym Node only.
1. Query the ulimit
with:
- For 'nym-node`:
grep -i "open files" /proc/$(ps -A -o pid,cmd|grep nym-node | grep -v grep |head -n 1 | awk '{print $1}')/limits
- For nyx validator
grep -i "open files" /proc/$(ps -A -o pid,cmd|grep nymd | grep -v grep |head -n 1 | awk '{print $1}')/limits
You'll get back the hard and soft limits, which looks something like this:
Max open files 65536 65536 files
If your output is the same as above, your node will not encounter any ulimit
related issues.
2. If either value is 1024
, you must raise the limit
- We recommend doing it via the
systemd
service file. Following the steps in this guide. - You will see there a line setting new
ulimit
threshold.
LimitNOFILE=65536
3. Alternatively you can execute this command for system-wide setting of ulimit
:
echo "DefaultLimitNOFILE=65535" >> /etc/systemd/system.conf
- Then reboot your server, and restart your node. When it comes back, use:
# for nym-node
cat /proc/$(pidof nym-node)/limits | grep "Max open files"
# for validator
cat /proc/$(pidof nym-validator)/limits | grep "Max open files"
- Make sure the limit has changed to
65535
.
Set ulimit
on non systemd
based distributions
In case you choose tmux option for Nym Node automation, see your ulimit
list by running:
ulimit -a
Watch for the output line -n
:
-n: file descriptors 1024
You can change it either by running a command:
ulimit -u -n 4096
or editing etc/security/conf
and add the following lines:
# Example hard limit for max opened files
username hard nofile 4096
# Example soft limit for max opened files
username soft nofile 4096
Then reboot your server and restart your node.
Running nym-node
as a non-root
Some operators prefer to run nym-node
without root privileges. It's possible but still nym-node
binary needs higher privileges for network-level operations demanding these permissions. If you are starting a new nym-node
and want to run it as a non-root, follow this guide before you proceed with the node setup sections.
Ports reference tables
All node-specific port configuration can be found in $HOME/.nym/<BINARY_TYPE>/<ID>/config/config.toml
. If you do edit any port configs, remember to restart your client node processes and change the configuration in the wallet settings.
Nym node port reference
Mix Node functionality ports
Default port | Use |
---|---|
1789 | Listen for Mixnet traffic |
1790 | Listen for VerLoc traffic |
8080 | Metrics http API endpoint |
Gateway functionality ports
Default port | Use |
---|---|
1789 | Listen for Mixnet traffic |
9000 | Listen for Client traffic |
9001 | WSS |
8080, 80, 443 | Reversed Proxy & Swagger page |
51822/udp | WireGuard |
Embedded Network Requester functionality ports
Default port | Use |
---|---|
9000 | Listen for Client traffic |
Validator port reference
All validator-specific port configuration can be found in $HOME/.nymd/config/config.toml
. If you do edit any port configs, remember to restart your validator.
Default port | Use |
---|---|
1317 | REST API server endpoint |
26656 | Listen for incoming peer connections |
26660 | Listen for Prometheus connections |