Nyx Validator & Nym API Configuration
Our documentation often refer to syntax annotated in <>
brackets. We use this expression for variables that are unique to each user (like path, local moniker, versions etcetra).
Any syntax in <>
brackets needs to be substituted with your correct name or version, without the <>
brackets. If you are unsure, please check our table of essential parameters and variables (opens in a new tab).
Automation
Validator systemd
Automation
To automate with systemd
use this init service file by saving it as /etc/systemd/system/nymd.service
and follow the steps below running all commands with root permissions (root shell or sudo
prefix).
1. Create an init service file
- Open text editor
nano /etc/systemd/system/nymd.service
- Paste this file
[Unit]
Description=Nyxd
StartLimitInterval=350
StartLimitBurst=10
[Service]
User=<USER> # change to your user
Type=simple
Environment="LD_LIBRARY_PATH=<PATH>" # change to correct path
ExecStart=<PATH>/nymd start # change to correct path
Restart=on-failure
RestartSec=30
LimitNOFILE=infinity
[Install]
WantedBy=multi-user.target
2. Start validator as systemd
service
- To pick up new unit file, run:
systemctl daemon-reload
- Enable the service:
systemctl enable nymd
- Start the service:
systemctl start nymd
- Optionally you can monitor status logs by running:
journalctl -f -u nymd
3. If you make any changes to your systemd
script after you've enabled it
- You need to run:
systemctl daemon-reload
This lets your operating system know it's ok to reload the service configuration. Then restart your validator.
Nym API systemd
Automation
To automate with systemd
use this init service file by saving it as /etc/systemd/system/nym-api.service
and follow the steps below running all commands with root permissions (root shell or sudo
prefix).
1. Create an init service file
- Open text editor
nano /etc/systemd/system/nym-api.service
- Paste this file
[Unit]
Description=NymAPI
StartLimitInterval=350
StartLimitBurst=10
[Service]
User=<USER> # change to your user
Type=simple
ExecStart=<PATH>/nym-api start # change to correct path
Restart=on-failure
RestartSec=30
LimitNOFILE=infinity
[Install]
WantedBy=multi-user.target
2. Start your API as systemd
service
- To pick up new unit file, run:
systemctl daemon-reload # to pickup the new unit file
- Enable the service:
systemctl enable nym-api # to enable the service
- Start the service:
systemctl start nym-api # to actually start the service
- Optionally you can monitor status logs by running:
journalctl -f -u nym-api # to monitor system logs showing the service start
Note: if you make any changes to your systemd
script after you've enabled it, you will need to run:
systemctl daemon-reload
3. If you make any changes to your systemd
script after you've enabled it
- You need to run:
systemctl daemon-reload
This lets your operating system know it's ok to reload the service configuration. Then restart your API.
Nym API (previously 'Validator API') endpoints
Numerous API endpoints are documented on the Nym API (previously 'Validator API')'s Swagger Documentation (opens in a new tab). There you can also try out various requests from your browser, and download the response from the API. Swagger will also show you what commands it is running, so that you can run these from an app or from your CLI if you prefer.
sudo ufw allow 'Nginx Full'
Check nginx is running via systemctl:
systemctl status nginx
Which should return:
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2018-04-20 16:08:19 UTC; 3 days ago
Docs: man:nginx(8)
Main PID: 2369 (nginx)
Tasks: 2 (limit: 1153)
CGroup: /system.slice/nginx.service
├─2369 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
└─2380 nginx: worker process
Full Node Configuration
Proxying various full node services through port 80 can then be done by creating a file with the following at /etc/nginx/sites-enabled/nyxd-webrequests.conf
:
Setting up a reverse proxy using a webserver such as Nginx allows you to easily configure SSL certificates for the endpoints. When running on mainnet, it is recommended to encrypt all web traffic to your node.
### To expose RPC server
server {
listen 80;
listen [::]:80;
server_name "<rpc.nyx.yourdomain.tld>";
location / {
proxy_pass http://127.0.0.1:26657;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /websocket {
proxy_pass http://127.0.0.1:26657;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
}
### To expose Cosmos API server
server {
server_name "<api.nyx.yourdomain.tld>";
location / {
proxy_pass http://127.0.0.1:1317;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header Upgrade websocket;
proxy_set_header Connection Upgrade;
}
}
### To expose GRPC endpoint
server {
server_name "<grpc.nyx.yourdomain.tld>";
location / {
grpc_pass 127.0.0.1:9090;
}
}
nym-api Configuration
### To expose nym-api webserver
server {
listen 80;
listen [::]:80;
server_name "<nym-api.nyx.yourdomain.tld>";
add_header 'Access-Control-Allow-Origin' '*';
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Followed by:
sudo apt install certbot nginx python3
certbot --nginx -m <EMAIL> --agree-tos
If using a VPS running Ubuntu 20: replace certbot nginx python3
with python3-certbot-nginx
These commands will get you an https encrypted nginx proxy in front of the various endpoints.
Configuring Prometheus metrics (optional)
Configure Prometheus with the following commands (adapted from NodesGuru's Agoric setup guide (opens in a new tab)):
echo 'export OTEL_EXPORTER_PROMETHEUS_PORT=9464' >> $HOME/.bashrc
source ~/.bashrc
sed -i '/\[telemetry\]/{:a;n;/enabled/s/false/true/;Ta}' $HOME/.nymd/config/app.toml
sed -i "s/prometheus-retention-time = 0/prometheus-retention-time = 60/g" $HOME/.nymd/config/app.toml
sudo ufw allow 9464
echo 'Metrics URL: http://'$(curl -s ifconfig.me)':26660/metrics'
Your validator's metrics will be available to you at the returned 'Metrics URL'.
# HELP go_gc_duration_seconds A summary of the pause duration of garbage collection cycles.
# TYPE go_gc_duration_seconds summary
go_gc_duration_seconds{quantile="0"} 6.7969e-05
go_gc_duration_seconds{quantile="0.25"} 7.864e-05
go_gc_duration_seconds{quantile="0.5"} 8.4591e-05
go_gc_duration_seconds{quantile="0.75"} 0.000115919
go_gc_duration_seconds{quantile="1"} 0.001137591
go_gc_duration_seconds_sum 0.356555301
go_gc_duration_seconds_count 2448
# HELP go_goroutines Number of goroutines that currently exist.
# TYPE go_goroutines gauge
go_goroutines 668
# HELP go_info Information about the Go environment.
# TYPE go_info gauge
go_info{version="go1.15.7"} 1
# HELP go_memstats_alloc_bytes Number of bytes allocated and still in use.
# TYPE go_memstats_alloc_bytes gauge
go_memstats_alloc_bytes 1.62622216e+08
# HELP go_memstats_alloc_bytes_total Total number of bytes allocated, even if freed.
# TYPE go_memstats_alloc_bytes_total counter
go_memstats_alloc_bytes_total 2.09341707264e+11
# HELP go_memstats_buck_hash_sys_bytes Number of bytes used by the profiling bucket hash table.
# TYPE go_memstats_buck_hash_sys_bytes gauge
go_memstats_buck_hash_sys_bytes 5.612319e+06
# HELP go_memstats_frees_total Total number of frees.
# TYPE go_memstats_frees_total counter
go_memstats_frees_total 2.828263344e+09
# HELP go_memstats_gc_cpu_fraction The fraction of this program's available CPU time used by the GC since the program started.
# TYPE go_memstats_gc_cpu_fraction gauge
go_memstats_gc_cpu_fraction 0.03357798610671518
# HELP go_memstats_gc_sys_bytes Number of bytes used for garbage collection system metadata.
# TYPE go_memstats_gc_sys_bytes gauge
go_memstats_gc_sys_bytes 1.3884192e+07
Validator port reference
All validator-specific port configuration can be found in $HOME/.nymd/config/config.toml
. If you do edit any port configs, remember to restart your validator.
Default port | Use |
---|---|
1317 | REST API server endpoint |
26656 | Listen for incoming peer connections |
26660 | Listen for Prometheus connections |