Operators
Operator Guides
VPS Setup

VPS Setup & Configuration

We aim for Nym Network to be reliable and quality base layer of privacy accross the globe, while growing as distributed as possible. It's essential to have a fine tuned machine as a foundation for the nodes to meet the requirements and be rewarded for their work.

ℹ️

A sub-optimally configured VPS often results in a non-functional node. To follow these steps carefully will save you time and money later on.

VPS Hardware Specs

You will need to rent a VPS to run your node on. One key reason for this is that your node must be able to send TCP data using both IPv4 and IPv6 (as other nodes you talk to may use either protocol).

Tor community created a very helpful table called Good Bad ISPs (opens in a new tab), you can use that one as a guideline for your choice of ISP for your VPS.

Update: Nym community started an ISP table called Where to host your nym node?, check it out and add your findings!

nym-node

Before we conclude the testing with exact results, these are the rough specs:

HardwareMinimum Specification w
CPU Cores4
Memory4 GB RAM
Storage40 GB
ConnectivityIPv4, IPv6, TCP/IP, UDP
Bandwidth1Tb
Port speed1Gbps

Nyx validator

The specification mentioned below is for running a full node alongside the nym-api. It is recommended to run nym-api and a full Nyx node on the same machine for optimum performance.

Bear in mind that credential signing is primarily CPU-bound, so choose the fastest CPU available to you.

Minimum Requirements

HardwareMinimum Specification
CPU8-cores, 2.8GHz base clock speed or higher
RAM16GB DDR4+
Disk500 GiB+ NVMe SSD

Recommended Requirements

HardwareMinimum Specification
CPU16-cores, 2.8GHz base clock speed or higher
RAM32GB DDR4+
Disk1 TiB+ NVMe SSD

Full node configuration (validator)

To install a full node from scratch, refer to the validator setup guide and follow the steps outlined there.

VPS Configuration

Before node or validator setup, the VPS needs to be configured and tested, to verify your connectivity and make sure that your provider wasn't dishonest with the offered services.

ℹ️

The commands listed in this chapter must be executed with a prefix sudo or from a root shell.

Install Dependencies & Configure Firewall

SSH to your server as root or become one running sudo -i or su. If you prefer to administrate your VPS from a user environment, supply the commands with prefix sudo.

1. Start with setting up the essential tools on your server.
  • Get your system up to date
apt update -y && apt --fix-broken install
  • Install dependencies
apt -y install ca-certificates jq curl wget ufw jq tmux pkg-config build-essential libssl-dev git
  • Double check ufw is installed correctly
apt install ufw --fix-missing
2. Configure your firewall using Uncomplicated Firewall (UFW)

For a nym-node or Nyx validator to recieve traffic, you need to open ports on the server. The following commands will allow you to set up a firewall using ufw.

  • Check if you have ufw installed:
ufw version
  • If it's not installed, install with:
apt install ufw -y
  • Enable ufw
ufw enable
  • Check the status of the firewall
ufw status
3. Open all needed ports to have your firewall for nym-node working correctly
  • In case of reverse proxy setup add:
ufw allow 443/tcp
  • Re-check the status of the firewall:
ufw status

For more information about your node's port configuration, check the port reference table below.

Setting ulimit

Linux machines limit how many open files a user is allowed to have. This is called a ulimit.

ulimit is 1024 by default on most systems. It needs to be set higher, because Nym Nodes make and receive a lot of connections with each others.

If you see errors such as:

Failed to accept incoming connection - Os { code: 24, kind: Other, message: "Too many open files" }

This means that the operating system is preventing network connections from being made.

Set the ulimit via systemd service file

The ulimit setup is relevant for maintenance of Nym Node only.

1. Query the ulimit with:
  • For 'nym-node`:
grep -i "open files" /proc/$(ps -A -o pid,cmd|grep nym-node | grep -v grep |head -n 1 | awk '{print $1}')/limits
  • For nyx validator
grep -i "open files" /proc/$(ps -A -o pid,cmd|grep nymd | grep -v grep |head -n 1 | awk '{print $1}')/limits

You'll get back the hard and soft limits, which looks something like this:

Max open files            65536                65536                files

If your output is the same as above, your node will not encounter any ulimit related issues.

2. If either value is 1024, you must raise the limit
  • We recommend doing it via the systemd service file. Following the steps in this guide.
  • You will see there a line setting new ulimit threshold.
LimitNOFILE=65536
3. Alternatively you can execute this command for system-wide setting of ulimit:
echo "DefaultLimitNOFILE=65535" >> /etc/systemd/system.conf
  • Then reboot your server, and restart your node. When it comes back, use:
# for nym-node
cat /proc/$(pidof nym-node)/limits | grep "Max open files"
 
# for validator
cat /proc/$(pidof nym-validator)/limits | grep "Max open files"
  • Make sure the limit has changed to 65535.

Set ulimit on non systemd based distributions

In case you choose tmux option for Nym Node automation, see your ulimit list by running:

ulimit -a

Watch for the output line -n:

-n: file descriptors          1024

You can change it either by running a command:

ulimit -u -n 4096

or editing etc/security/conf and add the following lines:

# Example hard limit for max opened files
username        hard nofile 4096
 
# Example soft limit for max opened files
username        soft nofile 4096

Then reboot your server and restart your node.

Running nym-node as a non-root

Some operators prefer to run nym-node without root privileges. It's possible but still nym-node binary needs higher privileges for network-level operations demanding these permissions. If you are starting a new nym-node and want to run it as a non-root, follow this guide before you proceed with the node setup sections.

Ports reference tables

All node-specific port configuration can be found in $HOME/.nym/<BINARY_TYPE>/<ID>/config/config.toml. If you do edit any port configs, remember to restart your client node processes and change the configuration in the wallet settings.

Nym node port reference

Mix Node functionality ports

Default portUse
1789Listen for Mixnet traffic
1790Listen for VerLoc traffic
8080Metrics http API endpoint

Gateway functionality ports

Default portUse
1789Listen for Mixnet traffic
9000Listen for Client traffic
9001WSS
8080, 80, 443Reversed Proxy & Swagger page
51822/udpWireGuard

Embedded Network Requester functionality ports

Default portUse
9000Listen for Client traffic

Validator port reference

All validator-specific port configuration can be found in $HOME/.nymd/config/config.toml. If you do edit any port configs, remember to restart your validator.

Default portUse
1317REST API server endpoint
26656Listen for incoming peer connections
26660Listen for Prometheus connections