Welcome to Zero To Node! This is a step-by-step guide for setting up a Pocket node. While there are many different ways to set up a node, the focus of this tutorial is on keeping things simple and with the minimum of steps, while still focusing on security and stability.
The main utility of a Pocket node is to relay transactions to other blockchains. So, Pocket nodes need access to other nodes for the blockchains they’ll be relaying to. However, the focus of this guide is just on setting up a Pocket node that will relay to the Pocket network, essentially, through itself. Setting up nodes for other blockchains such as Harmony, Ethereum, or any of the other supported blockchains is beyond the scope of this guide.
After completing the steps outlined here, you’ll have a fully functional Pocket node up and running. If you choose, you can also opt to stake your node and earn rewards. We’ll cover that here, but staking is not required unless you want to earn rewards.
Who is this guide for?
This guide is for anyone interested in running Pocket nodes. While the goal is to keep things simple, the assumption is that you have some general blockchain and computer networking knowledge, and some Linux terminal experience.
What you’ll need
In order to complete this guide, you’ll need:
A server connected to the internet
A domain name
The ability to add DNS records for your domain
15,100 POKT (if you want to stake your node)
About 2-4 hours to complete and test everything
Part 1 – Server setup
This section will help you set up and configure a server to prepare it for being a Pocket node.
Setup a server
The first thing you’ll need to run a Pocket node is a server. For this guide, we’ll be using a virtual machine on the Linode cloud service, but you can use any cloud service you like, or run a server of your own.
Info
Pocket has no affiliation with Linode and does not recommend any one provider over another. The general steps outlined here should work for most cloud providers.
Let’s start by creating a Linode instance (a virtual machine).
The Pocket blockchain is very large and growing all the time, and the snapshot we’ll be downloading in a later step is too large to fit on this Linode instance.
Because of this, we’ll need to create a secondary storage volume. We recommend a size of at least 500GB, but as this requirement will keep growing, a larger volume size (or a dynamically adjustable disk size) will be important.
In your Linode account, click Volumes and then Create Volume.
Create a volume with the following specifications:
Label: poktuserdir
Size: 800GB
Region: [Same as your instance]
Linode: pokt001
Configure DNS
Now that the Linode instance is created and running, you’ll need to set up a DNS record that points to the IP address of the Linode instance.
Pocket nodes require a DNS name. DNS (Domain Name Service) names are used to map an IP address to more human-friendly names. So rather than referencing a server with an address like 134.23.153.21 we can use a name like pokt001.pokt.run.
Info
Most domain registrars allow you to add DNS records. Please refer to the DNS setup documentation for your provider.
Specifically, you’ll need to add an A record for the domain name. For the exact steps, consult the DNS documentation for your provider. Then create a record with the following information:
Name: pokt001
Type: A
Value: [Linode_IP_Address]
TTL: 300
After setting up your DNS record, wait a few minutes for the DNS to propagate. Then use the following command to check that the DNS record is working:
Info
The examples in this tutorial will use pokt001 as the server on the pokt.run domain, so pokt001.pokt.run will be used as the DNS name. Please replace this throughout with your own server and domain name.
ping -c 3 pokt001.pokt.run
You should see a response that looks something like this:
64 bytes from 134.23.153.21: icmp_seq=0 ttl=47 time=92.403 ms
64 bytes from 134.23.153.21: icmp_seq=1 ttl=47 time=142.828 ms
64 bytes from 134.23.153.21: icmp_seq=2 ttl=47 time=182.456 ms
If the IP address matches the IP address of your Linode instance, you’re all set!
Info
It can sometimes take longer than a minute for the DNS to propagate. So, be patient if things don’t seem to work right away.
Login with SSH
Now that we have a DNS record setup, we will look at using SSH to log in and continue the setup process.
The Secure Shell Protocol (SSH) is a secure way to connect to your Linode instance from a remote machine, like your local computer. We’ll be using SSH to complete the remainder of the setup process.
SSH from Mac or Linux
If you’re using a Mac, or Linux, on your local computer, you can SSH into your node by doing the following:
Open a terminal
SSH into your node using the following command:
ssh root@pokt001.pokt.run
Info
Don’t forget to replace pokt001.pokt.run with your DNS name.
You’ll be prompted for your password. This is the root password that you set when you created your Linode.
SSH from Windows
Windows 10 and later have a built-in SSH client. You can use SSH on Windows by doing the following:
Open the Windows terminal
SSH into your node using the following command:
ssh root@pokt001.pokt.run
Info
Don’t forget to replace pokt001.pokt.run with your DNS name.
If you’re using an older version of Windows, you might need to install PuTTY or some other SSH client.
Set the hostname
At this point you should be logged into your node as the root user.
In a previous step, we set the DNS name for the node. Now we’ll use the same name for the hostname on the server.
To set the server hostname use the following steps:
Open the /etc/hostname file with the following command:
nano /etc/hostname
Change the localhost value to the fully qualified hostname of your node (for example, pokt001.pokt.run).
Save the file with Ctrl+O and then Enter.
Exit nano with Ctrl+X.
Reboot the server with the following command:
reboot
Wait for the server to reboot then ssh back in as the root user before continuing on.
Create a Pocket user account
For security reasons it’s best not to use the root user. Instead, it’s better to create a new user and add the user to the sudo group.
To create a new user, enter the following commands:
Create a new user named pocket, add it to the sudo group, and set the default shell to bash. If you want to specify the location of the home directory, you can use the -d option followed by the path to the home directory:
For the rest of this guide, we’ll be using the pocket user. So now that the pocket user is created, you can switch from using root to the pocket user with the following command:
su - pocket
Mount the volume
Next we want to mount the secondary storage volume that we created in a previous step.
Verify that the volume is attached to your instance.
Many Pocket commands assume a data directory path of ~/.pocket. While it is possible to specify a different data directory with every command, it will be much easier to change the location of the pocket user home directory. For this tutorial, we will be putting the Pocket data directory at /mnt/data/.pocket.
To change the home directory of the pocket user:
sudo usermod -d /mnt/data pocket
Configure SSH Key Login (Optional):
While not required, using an SSH key provides a more secure means of accessing your server.
Using an SSH key removes the ability for credentials to be sniffed in the login process, and removes the pitfalls that can often come with user generated passwords since the key will truly be random.
One important thing to understand, is that without access to the ssh key, you won’t be able to log into your node. If you intend on accessing your node from multiple computers, it’s recommended that you repeat the Generate Key and Upload Key steps from each computer that you intend to access your node from before moving on to the Disable Root Login and Password Authentication step.
Log Out
At the terminal you’ll need to enter the logout command twice. The first logout logs you out of the pocket user, back to the root user, and the second logout logs you out of the server and back to your terminal.
Generate Key
Next, we’ll generate an ssh key. To do that you’ll run the ssh-keygen command. You’ll be prompted to specify the file you want to save the key to, and for a password. Specifying a password means that if someone has access to your key, they’d still need to know the password to be able to use it to login. To create the key, do the following:
Run the ssh-keygen command
ssh-keygen -t rsa -b 4096
Enter file in which to save the key (~/.ssh/id_rsa)
Enter a passphrase (empty for no passphrase)
Enter same passphrase again
The results should looking something like the following:
The key fingerprint is:
SHA256:jr2MLXIha188wYsp/bNflN9BuqQ3LWCAXJNTtHO7sWk
The key's randomart image is:
+---[RSA 4096]----+
| o+o |
| . oo. . |
| o ..o . . |
| . . o.+ |
| S oo= . |
| ...B o..+.B..|
| .o=.B ..E...|
| +.o*.o .o o |
| . +o.*+. |
+----[SHA256]-----+
Upload Key
Now we’re going to upload the key so that we can use it to log into the pocket user. If you choose a different path for the ssh key, it’s important to replace the ~/.ssh/id_rsa with the key you used.
Windows users may not have access to this command. If you don't have access to a Bash shell, you can use PowerShell to mimic this command. [See these instructions for more details.](https://chrisjhart.com/Windows-10-ssh-copy-id/)
Disable Root Login and Password Authentication
Now we’re now going to configure ssh to no longer allow root logins, and to not allow any password based login attempts. Meaning without access to the ssh key for the pocket user, no one will be able to log into the server.
First we’ll need to log back into the server:
ssh pocket@pokt001.pokt.run
From there, we’ll want to open the /etc/ssh/sshd_config file to make some changes to the default configuration:
sudo nano /etc/ssh/sshd_config
Once there, we’ll need to find and change the following lines:
#PermitRootLogin prohibit-password -> PermitRootLogin no
#PasswordAuthentication yes -> PasswordAuthentication no
Once changed, Ctrl-O followed by Enter will save the changes, and Ctrl-X will exit nano back to the terminal.
Then we’ll need to restart the ssh server for these changes to take effect:
sudo systemctl restart sshd.service
Verify Everything Works
The last step is to log out of the server, and try logging back in. If you’re no longer prompted for a password, then everything is working as expected.
That’s it for the server setup! Continue on to install the necessary software.
Part 2 – Software installation
This section will help you install all the necessary software for your node.
Install dependencies
Now let’s move on to the Pocket CLI installation.
At this point you should be logged in via SSH as the pocket user that we set up in a previous step. Before we install the Pocket software, we need to update the existing system packages and add a few dependencies.
Updating system packages
Update the repository index with the following command:
sudo apt update
Update the distribution with the following command:
sudo apt dist-upgrade -y
After the update completes, we’re ready to install the dependencies.
Installing dependencies
There are a handful of dependencies but installing them won’t take long. Also, some might already be installed. So if one of the dependencies exists, you can just move on to the next one.
git
sudo apt-get install git -y
build tools
sudo apt-get install build-essential -y
curl
sudo apt-get install curl -y
file
sudo apt-get install file -y
nginx
sudo apt install nginx -y
certbot
sudo apt install certbot -y
python3-certbot-nginx
sudo apt-get install python3-certbot-nginx -y
jq
sudo apt install jq -y
Install Go
After installing the dependencies, there is one more dependency we’ll need to add, and that’s Go. Go (sometimes known as “Golang”) is the programming language that the Pocket software was written in.
We could install Go using apt, but we want to get the latest stable version which probably isn’t available by default in the apt repository. So, we’ll use the steps below to install Go.
Make sure you’re in the pocket home directory.
cd ~
Find the latest version of Go from https://golang.org/dl/ then download it with the following command. (Make sure to change the link below to point to the correct version of Go.)
You may see a warning about being in a “detached HEAD” state. This is normal.
Build project code:
go build -o $GOPATH/bin/pocket $GOPATH/src/github.com/pokt-network/pocket-core/app/cmd/pocket_core/main.go
Test that the build succeeded:
pocket version
AppVersion: RC-0.9.2
That’s it for the software installation. Now let’s move on to the Pocket core configuration.
Part 3 – Pocket configuration
This section will help you configure your instance of Pocket.
Download snapshot
Rather than synchronizing your Pocket node from block zero (which could take weeks), you can use a snapshot. A snapshot of the Pocket blockchain is taken every 12 hours and can be downloaded using the instructions on the Pocket Snapshots Repository page.
Info
As of this writing, the snapshots are refreshed every 12 hours. In the GitHub repo you can look at when the README.md file was last updated to determine when the last snapshot was taken. It’s best to download the snapshot that is less than a few hours old.
Downloading a snapshot will likely take a few hours, so we’re going to use the screen command so that the download can run in the background, allowing you to perform other tasks.
To download the most recent snapshot:
Create a screen instance:
screen
Press Enter to get back to a prompt.
Change into the .pocket directory.
cd ~/.pocket
Create a directory named data and change into it:
mkdir data && cd data
Download the latest snapshot using the following command:
wget -qO- https://snapshot.nodes.pokt.network/latest.tar.gz | tar xvfz -
While the snapshot is downloading, press Ctrl-A and then d to let the process run in the background and be returned to a prompt.
To return to your screen instance to see how things are going:
screen -r
You can also check on the status of the download by watching your disk usage:
df -h
Once your download is completed, make the pocket user the owner of the data directory:
sudo chown -R pocket ~/.pocket/data
And when you’re done with your screen instance, you can exit out of it:
exit
Create a Pocket wallet account
Pocket nodes are associated with a Pocket wallet account. This is the account that will be used to send and receive transactions from the node. You can either create a new account using the Pocket CLI we just installed, or you can use an existing account. For this guide, we’ll be creating a new account.
Creating an account
To create an account, run the following command:
pocket accounts create
You’ll be prompted to set a passphrase for the account. You can use any passphrase you like but for security reasons, it’s best to use a passphrase that is at least 12 characters long, preferably longer.
Info
If you already have a Pocket account that you’d like to use to run the node, you can import it here. Upload the JSON file associated with your account to the server and run the following command:
pocket accounts import-armored <armoredJSONFile>
You will be prompted for the decryption passphrase of the file, and then for a new encryption passphrase to store in the keybase.
Listing accounts
After you’ve created the account you can use the pocket accounts list command to confirm that the account was added successfully.
pocket accounts list
Setting the validator address
Next, set the account as the one the node will use with the following command:
Finally, you can confirm that the validator address was set correctly by running the following command:
pocket accounts get-validator
Create config.json
The Pocket core software uses a config file to store configuration details. By default the config file is located at ~/.pocket/config/config.json. In this step we’ll look at how to create a new config file.
To create a new config file:
Run the following command, which will create the default config.json file, add the seeds, set port 8081 to 8082, and increase the RPC timeout value:
Pocket nodes relay transactions to other blockchains. So, you’ll need to configure the chains your node can relay to. For this guide, we’ll just be setting up our node to relay to the Pocket mainnet blockchain, essentially through itself.
To maximize your rewards, you’ll want to relay to other chains. We’ll cover that in more detail later but here is a list of other blockchains you could relay to.
Generating a chains.json file with the CLI
You can use the Pocket CLI to generate a chains.json file for your node by running the following command:
pocket util generate-chains
This will prompt you for the following information:
Enter the ID of the Pocket Network RelayChain ID:
0001
Enter the URL of the local network identifier.
http://127.0.0.1:8082/
When you’re prompted to add another chain, enter n for now.
Info
By default the chains.json file will be created in ~/.pocket/config. You can use the --datadir flag to create the chains.json file in an alternate location. For example: pocket util generate-chains --datadir "/mnt/data/.pocket".
Create genesis.json
Now that we have a chains.json file set up, so we can move on to test our node.
When you start a Pocket node for the first time, it will need to find other nodes (peers) to connect with. To do that we use a file named genesis.json with details about peers the node should connect to get on the network.
To create a JSON file with the genesis information:
Change to the .pocket/config directory:
cd ~/.pocket/config
Use the following command to get the genesis.json file from GitHub:
Ubuntu and other UNIX-like systems have a ulimit shell command that’s used to set resource limits for users. One of the limits that can be set is the number of open files a user is allowed to have. Pocket nodes will have a lot of files open at times, so we’ll want to increase the default ulimit for the pocket user account.
Increasing the ulimit
Before increasing the ulimit, you can check the current ulimit with the following command:
ulimit -n
Increase the ulimit to 16384. The -Sn option is for setting the soft limit on the number of open files:
ulimit -Sn 16384
Check the new ulimit to confirm that it was set correctly. The -n option is for getting the limit for just the number of open files:
ulimit -n
Permanent settings
Using the above method for setting the ulimit only keeps the change in effect for the current session. To permanently set the ulimit, you can do the following:
Open the /etc/security/limits.conf file.
sudo nano /etc/security/limits.conf
Add the following line to the bottom of the file:
pocket soft nofile 16384
Save the file with Ctrl+O and then Enter.
Exit nano with Ctrl+X.
After permanently setting the ulimit, the next thing we’ll do is download a snapshot of the Pocket blockchain.
Configure systemd
Next, we’ll configure the Pocket service using systemd, a Linux service manager. This will enable the Pocket node to run and restart even when we’re not logged in.
Creating a systemd service in Linux
To setup a systemd service for Pocket, do the following:
Open nano and create a new file called pocket.service:
Make sure the User is set to the user that will run the Pocket service.
Make sure the ExecStart and ExecStop paths are set to the path for the Pocket binary.
Save the file with Ctrl+O and then return.
Exit nano with Ctrl+X.
Reload the service files to include the pocket service:
sudo systemctl daemon-reload
Start the pocket service:
sudo systemctl start pocket.service
Verify the service is running:
sudo systemctl status pocket.service
pocket.service - Pocket service
Loaded: loaded (/etc/systemd/system/pocket.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2022-10-07 00:07:05 UTC; 1 weeks 0 days ago
In case you skipped the step above while the snapshot was downloading, once your download is completed, make the pocket user the owner of the data directory:
sudo chown -R pocket ~/.pocket/data
And when you’re done with your screen instance, you can exit out of it:
exit
We’re just about done. We just need to setup an HTTP proxy and we’ll be ready to go live. We’ll setup the proxy next.
Part 4 – Proxy configuration
This section will help you set up the proxy setting on your node.
Setup SSL
Pocket requires that nodes have an SSL certificate for secure communications. SSL (Secure Sockets Layer) is a layer of security that sits on top of TCP/IP. It’s used to encrypt the data sent between a client and a server. To use SSL, you need to have a certificate and a key. Thankfully, getting an SSL certificate is straightforward and free.
To get a certificate, we’ll be using Let’s Encrypt which is a service that issues SSL certificates for free. We’ll also be using software called certbot to register, install, and renew the certificate.
Registering an SSL certificate
We installed certbot in a previous step so we just need to use it to request a certificate.
To get a certificate, we’ll need to use the certbot command with the following options:
--register-unsafely-without-email: This option is required to get a certificate without an email address.
--agree-tos: This option is required to agree to the Let’s Encrypt Terms of Service.
--nginx: This option is required to use the nginx plugin.
--no-redirect: This option is required to disable the redirect to the Let’s Encrypt website.
--domain: This option is required to specify the domain name.
Here’s an example of how to request a certificate. Just replace $HOSTNAME with the DNS name of your node:
The output from this command should confirm that the certificate was successfully registered.
Testing your certificate
To be sure, you’ll also want to test that the certificate is working.
There is a command that certbot provides to test your certificate. It’s used for testing the auto-renewal of the certificate but it also confirms that the certificate is working. You can run it using the following command:
sudo certbot renew --dry-run
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/pokt001.pokt.run/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The resulting output should confirm that the certificate is working.
Configure Nginx
Nginx is a web server. We installed it in a previous step but we need to do some additional configuration.
Nginx uses config files to define servers and routes for incoming requests. For Pocket nodes, nginx needs to relay public requests to a local HTTP server that pocket core is running. This is referred to as the proxy. We’ll also need to proxy requests made by the Pocket CLI. For example, when we run the command pocket query height, the CLI makes an http request to the node’s local HTTP server.
Config files
The nginx configuration files we’re interested in are located in the /etc/nginx/sites-available/ directory. In that directory there is a default configuration file named default. This is the configuration that is created when you install nginx, but we’ll be creating our own for our node.
To configure nginx:
Confirm the name of your SSL certificate:
sudo ls /etc/letsencrypt/live/
Create a new config file with nano:
sudo nano /etc/nginx/sites-available/pocket
Add the following code, making sure to change the hostname values (pokt001.pokt.run) to your node’s DNS hostname in the three places found below:
We’re almost done, but before we finish we’ll make our server more secure by setting firewall rules to limit network exposure. The Uncomplicated Firewall (UFW) is a security tool that makes configuring the firewall reasonably simple. We’ll use it to disable unnecessary ports.
Ports you need to open
For running a Pocket node, you’ll need to open the following ports:
22: SSH
80: HTTP
443: HTTPS
8081: For the Pocket HTTP API
26656: For the Pocket RPC API
Use UFW to disable unnecessary ports
To use UFW to configure the firewall:
Enable UFW. When prompted, press y to confirm:
sudo ufw enable
Set the default to deny all incoming connections:
sudo ufw default deny
Allow the SSH port:
sudo ufw allow ssh
Allow port 80:
sudo ufw allow 80
Allow port 443:
sudo ufw allow 443
Allow port 8081:
sudo ufw allow 8081
Allow port 26656:
sudo ufw allow 26656
That’s it for the UFW setup. Let’s just check the status to confirm the ports are open. To do that, run the following command:
sudo ufw status
After confirming only the necessary ports are open, you can move on to the final steps.
Part 5 – Going live
This section will details the final steps in going live with your node.
Test everything
At this point your Pocket node should be up and running!
But you’ll want to test it to confirm. The following are some of the things you can do to test your Pocket Node.
Make sure the Pocket process is running
The first thing to check is that the pocket service is running. You can do that by running the following command:
You’ll want to check that the node is fully synced with the Pocket blockchain. The easiest way is to run the following command:
pocket query height
The result should look something like the following.
{"height": 48161}
Network status
Another way to see if your node is fully synced is to check the status with the following command:
curl http://127.0.0.1:26657/status
The result should look something like the following. Note the highlighted property catching_up which indicates if the node is catching up with the blockchain or fully synced. In the example below, the node is fully synced.
You’ll also want to make sure your node is accessible to other nodes.
To test and confirm your node is visible to other nodes on the public network, you’ll make an HTTP request using the public DNS name for the node. You can use the following command to make that request:
curl https://pokt001.pokt.run:8081/v1
Info
As always, don’t forget to change pokt001.pokt.run to the DNS name for your node.
This should return the following. This is the version of pocket-core that is running.
"RC-0.9.2"
Staking your node
To earn POKT rewards, you’ll need to stake at least 15,000 POKT. That said, you should stake at least 15,100 POKT or more to be safe. This provides a little extra room in case your node gets slashed (penalized) for some reason.
Warning
Please make sure that you understand the risks associated with staking POKT and running a Pocket node.
If you’re using the Pocket CLI to fund an account, keep in mind that the CLI uses uPOKT (the smallest unit of POKT) for its calculations. The formula for converting POKT to uPOKT is: uPOKT = POKT * 10^6. So, multiplying 15050 POKT by 10^6 (one million) will result in 15050000000 uPOKT.
Also keep in mind that there is a cost for every transaction you send. At the moment, that cost is a flat fee of 0.01 POKT, or 10000 uPOKT, but this may be subject to change.
List your accounts:
pocket accounts list
Confirm the validator account is set:
pocket accounts get-validator
Confirm the validator account has enough POKT. This should be at least 15,101 POKT. You’ll want 15,100 to stake and a bit more for network fees:
pocket query balance [YOUR_VALIDATOR_ADDRESS]
Stake your node, making sure to enter the correct details for your setup:
The [CHAIN_IDS] placeholder should be a list of relay chain IDs that are defined in your ~/.pocket/config/chains.json file. In this guide we only set up 0001, but if you were relaying to multiple chains, each id would be separated by a comma. For example, 0001,0022,0040.
Info
As of RC-0.9.1.3 there are two staking methods: custodial and non-custodial. The custodial method is used in the example above.
After you send the stake command, you’ll be prompted for your passphrase, then you should see something like this:
The actual time it takes to stake will vary depending on when the last block was processed, but generally, it should take less than 15 minutes.
Confirm your node is live
After you’ve staked your node, you can confirm it’s live by running the following command:
pocket query node [YOUR_VALIDATOR_ADDRESS]
If you see something like the following, it just means your node is not live yet:
http://localhost:8082/v1/query/node
the http status code was not okay: 400, and the status was: 400 Bad Request, with a response of {"code":400,"message":"validator not found for 07f5084ab5f5246d747fd1154d5d4387ee5a7111"}
If this happens, please wait a few minutes and try again.
Tutorial complete
Congratulations! You’ve successfully set up a Pocket node.
There’s more to running a Pocket node than this, such as maintenance, upgrades, and other administrative tasks, but hopefully this has gotten you started and on the right path. Thank you for doing your part to help decentralize Web3!