The 23 € Symbol Node

Introduction

Setting up a Symbol node is a great way to enter the NEM community. Your node will join 1000s of other nodes keeping the network healthy while you can earn some well-deserved XYM.

This guide will help to create your node in a cost-efficient and secure way. We will use symbol-bootstrap to set up the node and Hetzner cloud provider to run the virtual Ubuntu box. You can read more about nodes in the official documentation.

Prerequisites

In order to follow along with this tutorial, it would be best to have knowledge of Symbol Blockchain, Symbol Wallets, Linux, and Networking. You should try the guide on Symbol's TestNet and eventually create your MainNet node where real tokens are used!

You will need a private symbol account or Wallet with some XYM for the setup. We will call this account the funder account. In Testnet, you can get free XYM using the Testnet's faucet.

Creating the box using Hetzner

For this example, we are using Hetzner as it's user-friendly and fairly low-cost. You can use a similar approach with Digital Ocean or even AWS.

1. Log/Register into the Hetzner console
2. Create a new Project.
3. Click on Add a server and select the Location
4. For this example, select Ubuntu 20.4.
5. To reach the min CPU and Memory node requirements select the CPX41 type. This box currently costs ~22.90 euros per month.
6. The included 240GB volume is good enough for the current Symbol Testnet (2.6GB) and Mainnet (7.2GB). In the future, the volume would need to be expanded increasing the cost a little bit.
7. Create a firewall opening ports 3000 and 7900. Open also port 7881 if you are creating a Supernode. Port 22 is recommended to be opened only if you are connecting to the box's terminal. If you are not, remove 22 from the list.
8. Add the SSH key of your computer. This will allow you to connect to the box terminal.
9. Add a name and create the box
10. Once the server has booted, copy the public IP address.
11. If you have a domain name, now it's a good time to create a new hostname by linking the box's IP address.

Installing the required software in the Ubuntu box

Now we will install the required software to run a Symbol node using Bootstrap in the Cloud VM. The following setup is for a typical Ubuntu OS, other distributions may be slightly different.

1. Connect to the box's terminal using ssh:
   

   ssh root@REPLACE_WITH_THE_BOX_IP
   

2. Install the following required software:
   

   curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
   curl -sL https://deb.nodesource.com/setup_14.x | sudo -E bash -
   add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
   apt-get update
   apt-cache policy docker-ce
   apt-get install -y docker-ce unzip gcc g++ make nodejs unzip docker-compose
   docker --version
   docker-compose --version
   

3. Install symbol-bootstrap tool:
   

   npm install -g symbol-bootstrap@1.0.6-alpha-202105122247
   symbol-bootstrap version
   

4. Create the bootstrap and docker user:
   

   # Create the bootstrap user
   adduser bootstrap
   # Enter a password for the bootstrap user
   usermod -aG sudo bootstrap
   groupadd -f docker
   usermod -aG docker bootstrap
   

Note: Version symbol-bootstrap@1.0.6-alpha-202105122247 is an alpha version with a new wizard feature we will be using.

Configuring the Symbol node

Here we have the option to create the Symbol node directly on the Cloud VM box, but for security reasons, we are going to create it a in separate private computer, aka, your own computer. Then, the configured node will be copied over to the VM box.

1. Install the required software in your private computer,
   • Node 12.0.0+
   • Docker 18.3.0+
   • Docker Compose 1.25.0+

2. Install bootstrap and verify the installation
   

   npm install -g symbol-bootstrap@1.0.8-alpha-202107131135
   symbol-bootstrap version
   symbol-bootstrap verify
   

3. Run the bootstrap wizard and follow the instructions. This is where the magic happens.
   

   symbol-bootstrap wizard
   

4. Select the network, let's use Testnet for this guide.

5. Select your node assembly (Dual).

6. Enter a strong password. This password will be used to encrypt and decrypt the node's private keys. Keep this password and the bootstrap files safe!
   

7. Select your Symbol Reward Program if it applies to you.

8. Generate random keys. In this example, we are going to generate new random keys for our node. If you already have keys, you can enter their private part.

9. Enter the IP/Hostname of your node and a catchy friendly name.

10. Select the default security mode (PROMPT_MAIN_TRANSPORT) and enable voting if it applies to you.

Once the wizard finishes, it will create the custom-preset.yml file with your node's customization. This file includes the private keys of your node. The private keys are encrypted using the password provided in the wizard. Keep this file and the password safe!

The wizard displays the node's generated or entered accounts. The Main account is the account that "owns" the node. It defines the node's importance (or the chance to harvest a block) and links the different secondary accounts.

The custom preset will allow you to regenerate (most) of the node's configuration. The only exceptions are voting keys. If you regenerate your voting node, you will need to re-link the voting keys.

The wizard will also show different useful commands you can use to continue the node setup.

You now have the option to start the node or to create a zip of the node configuration that can be deployed to a different machine. In our case, we want the latter, create a zip to be deployed in the Hetzner VM:

symbol-bootstrap pack -p testnet -a dual -c custom-preset.yml 

Bootstrap's pack, start, and config create the target folder. The target folder is the generated configuration based on the selected preset, assembly, and custom preset. Bootstrap maintains the files inside, they should not be manually changed. The way to tune them is via the custom preset file.

Configuring the node's accounts

A Symbol node requires several accounts and keys. Bootstrap handles them under the hood but you need to link them. Liking keys is a blockchain transaction that requires XYM to pay the nodes' fees.

First, you need to fund the node's main account. You can transfer a min amount of 10 XYM from your Symbol funder wallet providing the Main account's address.

Once your main account has enough XYM, you can link the node's keys using the following wizard.

symbol-bootstrap link --useKnownRestGateways -c custom-preset.yml --maxFee 100000

Your node is fully configured to run, now let's copy it to the Cloud VM box.

Running the node

1. Copy the zip file from your private computer into the Cloud VM and connect to it. Note that we are connecting and copying as the bootstrap Linux user, not as the root user.
   

   scp testnet-dual-node.zip  bootstrap@REPLACE_WITH_THE_BOX_IP:~/target.zip
   ssh bootstrap@REPLACE_WITH_THE_BOX_IP
   

2. Once in the box, unzip the target.zip file.
   

   unzip target.zip -d symbol-node
   cd symbol-node
   

3. Verify once again symbol-bootstrap installation.
   

   symbol-bootstrap verify
   

4. Run the node!
   

   symbol-bootstrap run -d
   

Once the node is running, you can check it by going to the next URLs from your browser:

• HTTP://REPLACE_WITH_THE_BOX_IP_HOSTNAME:3000/node/info
• HTTP://REPLACE_WITH_THE_BOX_IP_HOSTNAME:3000/chain/info

These links display the node information and the (synching) chain state.

Upgrading your node

In general, to upgrade your node you need to connect to the VM box (remember to reopen port 22 in the firewall):

ssh bootstrap@REPLACE_WITH_THE_BOX_IP

Once in the terminal:

sudo npm install -g symbol-bootstrap
cd symbol-node
symbol-bootstrap stop
cp target backup-target -r
symbol-bootstrap start -c config-only-custom-preset.yml --upgrade -d

Before doing any update, it's recommended to backup the target folder (cp target backup-target -r). Once the network grows, the node's target folder could be fairly large. Backing up will require doubling the used disk space. A larger volume would need to be considered.

The --upgrade params recreates the node's configuration and docker-compose file upgrading any service. The target folder is upgraded, any manual changes done inside may be overwritten!

Node and account security

Why did we use a separate private computer to generate the configuration? Why not just run Bootstrap's wizard directly on the VM Cloud box? Some of the reasons:

• Private keys are randomly generated or provided in the private machine, not in the Cloud VM box.
• The main private key is never entered or stored in the VM box. The node certificates generation and the link transactions are performed from the private machine.
• The node admin may want to use a fully disconnected offline machine to generate the keys, configurations, and link transactions.

If the Cloud VM box gets compromised, the hacker wouldn't be able to retrieve the main private key.

Other security recommendations:

• If the node is not a voting node or it's not in the Symbol reward program, you can keep the node's main account with low funds. Your "wealthy" private or founder account could delegate to your node. When the founder harvests a block, it will receive the harvesting reward and the main account will receive the beneficiary account reward.
• Wealthy accounts should be secured with a multisig account or with a hardware device like Ledger. Or both!
• To reach the supernodes or voting requirements, the main account would need to be fully funded (with over 1m tokens). In this case, it's strongly recommended to convert the main account to multisig, ideally, using a hardware wallet as a cosigner.

You can read more about how to enable delegate harvesting and this awesome ultimate guide to start harvesting blocks post.

Should I run my own node?

In this guide, we explained how to run a node under 23 euros per month. But will the node pay for itself? Let's do some numbers.

At the very minute of writing, XYM price is 0.12 USD or 0.10 EUR. In XYM coins, the server costs around 230 XYM per month.

If any of the accounts delegating to your node harvests a block, your node's main account will receive 45 XYM. Meaning that your node needs to harvest around 5.1 blocks per month to pay for itself.

According to this super useful xym-calculator, to harvest those blocks your node needs to "collect" 133K XYM. Using Symbol's delegated harvesting, you don't need to have 133K XYM, instead, you need harvesters to delegate to your node this amount. Then, the node (probably) pays itself.

These numbers literally change every hour so if your margins are tight, you need to revisit them often.

The node will need to be supported. You need to spend some time keeping up with Symbol news and upgrades. If your node is down, neither the node nor the harvesters will harvest. You need to monitor the node to keep it running. Low to no downtime will keep your harvesters happy.

If running a node is not for you, you can always delegate your private wallet to another community node. Find one that brings you the best uptime and support!

Conclusion

I've created Symbol Bootstrap out of the necessity to create private networks quickly in order to end-to-end tests the Symbol's SDKs. From there, Bootstrap has evolved into a user-friendly way to create public Symbol nodes. This guide and Bootstrap's wizard reflect the learnings I have acquired along the way from NEM colleagues and the community.

Bootstrap lets you create all the types of nodes (Dual, API, Peer), include all the known components (Mongo, Server, Broker, Supernode Agent, Rest, Explorer, Wallet, Faucet, etc) for both public or private networks. It allows you to "save" your configuration with just a YML file and update your nodes with --upgrade. Bootstrap hides configuration and implementation details while retaining the tunability with custom presets.

If you are interested in creating a Symbol node from scratch without using Bootstrap, try this great Running a Symbol node manually guide. The Deploying node for paranoids post explains how to create the server certificates in detail.

Comments

[fboucquez]

Thanks @symbolico . I've seen your blog but I wasn't able to try it yet. We are working on improving and open sourcing the monitoring tools and we may get inspiration from it.

In order to scale, a monitoring tool would sit outside the node most likely monitoring multiple nodes. A node may feed a storage for the monitoring tool to report from using agents. This is all work in progress.

I also have plans to upgrade the halthCheck command to test a node remotely doing several assertions like if the node height/finalization is being updated, if the node has enough xyms, etc. This could be used in a cron job.

[symbolico]

How about some node monitoring?
symbolblog.com/article/symbol-node...