Ubuntu Linux with Container
This page explains all the steps required to get your node up and running using a Ubuntu Linux (virtual) server.
So you decided you want to be part of the LTO Network, awesome!
A great way to be part of the community is by actively participating as a node in the network.
This tutorial is meant for beginners who want to set up an Ubuntu server for the first time. It contains the very basic steps of installing Ubuntu on a new server, enhance security and installing the LTO Network Public node. The tutorial is based on Ubuntu 16.04. It is recommended to run nodes on a rented VPS. Most providers offer a single click to install an OS. Things may differ depending on your provider.
Replace everything between < > with your own values.
Make sure to install OpenSSH in step 10 of the official installation proces. Others are optional.
Mac users can use the built-in terminal (spotlight, command + spacebar: search for terminal)
It is most likely that you’ve created a user with your own username during the installation and you’ll never have to login as ‘root’. If this is the case for you, you can skip to step 3.
By default, the root account password is locked in Ubuntu. This means that you cannot login as root directly or use the su command to become the root user. However, since the root account physically exists it is still possible to run programs with root-level privileges. This is where sudo comes in — it allows authorized users to run certain programs as root without having to know the root password. If you are, for some reason, logging in as root, please first follow step 1 and 2.
If you are done with the installation, connect to your server through SSH, using the root account provided by your host.
Change the root password (type your new password twice):
Login again to your system using a different terminal to make sure your password change was successful.
Now, we’re going to create a new regular user as it is not recommended to use the ‘root’ account for your node.
# adduser <new_user>
example: adduser john
Enter a new and strong password twice and press enter six times to accept the default values.
Now we’re going to add the new user to the ‘sudo’ group. sudo allows a permitted user to execute a command as the superuser or another user, as specified by the security policy.
# usermod -a -G sudo <new_user>
example: sudo usermod -a -G sudo john
Exit and connect to your server as the new user, not as root. Use the password you’ve set while creating the new user.
While it is possible to manage your servers using password-based logins, it is often a better idea to set up and use SSH key pairs. SSH keys are more secure than passwords, and can help you login without having to remember long passwords.
If you’ve followed step 1 and 2, you can now skip to step 4. If you are done with the installation, connect to your server through SSH, using the account you have set up during the installation process.
We need to add the user to the ‘sudo’ group. sudo allows a permitted user to execute a command as the superuser or another user, as specified by the security policy.
$ sudo usermod -a -G sudo <user>
example: sudo usermod -a -G sudo john
The following commands require root privileges. To grant root privileges, simply prepend sudo to all the commands you need to run as root. If you ever get a ‘permission denied’ error, you probably forgot to prepend sudo to the command. Example: ‘sudo apt-get install npm’. Whenever you get the question if you want to continue and additional disk space will be used, just press Y on your keyboard.
It is important to update all the existing packages on the server. Ubuntu will ask you to fill in your password once again since you are now logged in as a ‘regular’ user.
To update the packages, use the following commands as the root user (and repeat those commands at least every week to get the latest security updates):
$ sudo apt-get update
$ sudo apt-get dist-upgrade
Reboot your server (just in case the kernel has been updated) and connect again.
It is important to have an accurate time on your system as this sometimes can cause for conflicts. In most cases it’s best to use pool.ntp.org to find an NTP server. The system will try finding the closest available servers for you.
$ sudo apt-get install ntp
$ sudo apt-get install ntpdate
$ sudo service ntp stop
$ sudo ntpdate pool.ntp.org
$ sudo service ntp start
Now, install additional packages which are needed or useful. We install nano text editor to edit the docker-compose file later in this tutorial.
$ sudo apt-get install nano
We’re going to change the standard SSH port to make your server just a bit more secure.
We’re not recommending this, as you won’t be able to login anymore from any computer or mobile phone on the go.
Open the sshd_config file with nano:
$ sudo nano /etc/ssh/sshd_config
Go to the line with ‘Port 22’ and change it to another port number between 49152 and 65535.
example ‘Port 51234’
From now on, we will be referring to this new port as <new_ssh_port>.
Go to line ‘PermitRootLogin yes’ and change it to ‘PermitRootLogin no’.
example ‘PermitRootLogin no’
Press control + X, press Y and press enter to save your new configuration.
Restart the SSH service:
$ sudo service ssh restart
Now we’re going to disconnect and reconnect again to test if the new port is working and remember to add your new port as following:
It’s not recommended to enable swap with SSD drives as it can cause drive degradation over time.
It is recommended to enable Swap on your server if you don’t have an SSD drive, if not done already.
First check if swap isn’t already enabled:
$ sudo swapon -s
$ free -m
Fail2ban scans log files and bans IPs that show the malicious signs: too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time.
$ sudo apt-get install fail2ban
Now we’re going to edit the fail2ban config to your modified ssh port:
$ sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
$ sudo nano /etc/fail2ban/jail.local
Replace every line that looks like this:
port = ssh
With your new ssh port:
port = <new_ssh_port>
It should look then similar to this:
# SSH servers
port = 51234
logpath = %(sshd_log)s
Save and exit with ctrl + X, Y, ENTER.
Now, restart fail2ban:
$ sudo service fail2ban restart
First check the status of the firewall:
$ sudo ufw status
Now we’re going to set up the firewall, blocking all the ports but allowing traffic on the ports for your SSH connection and opening the port for synchronization with other nodes in the network.
$ sudo ufw disable
$ sudo ufw default deny incoming
$ sudo ufw default allow outgoing
$ sudo ufw allow 6868
$ sudo ufw allow <sshport>
example: sudo ufw allow 51234
$ sudo ufw logging on
$ sudo ufw enable
Check the status again to see if the rules are updated:
$ sudo ufw status
After a short period of time you can reconnect to your VPS.
We’re finally getting close to installing your LTO Network Public node! The node is easily installed through a Docker image, so first we’re going to need to install Docker & Docker Compose on our server. Use the following guides to do so and stop when you’ve ran the test provided in this guide (sudo docker run hello-world):
Now, give docker the proper privileges:
$ sudo groupadd docker
$ sudo usermod -aG docker $USER
Log out and log back in so that your group membership is re-evaluated.
Verify that you can run docker commands without sudo.
$ docker run hello-world
Yay, it’s finally time to start your node! At least you have a more secure server now, and that is super important!
Look up your IP address by entering the following command in your command line, copy the IP address and save it somewhere, you will need it in the next step.
$ curl https://api.ipify.org
Now, all you need is the docker-compose.yml file. What works best is copying the content in a new file. So let’s make the new file on your server:
$ sudo touch docker-compose.yml
Open the file with nano:
$ sudo nano docker-compose.yml
Paste the contents from the docker-compose.yml file from the LTO Github repository in a code editor like Visual Studio Code and enter your details. Now copy it and paste the contents in the file in your node with your right mouse click. Example:
- LTO_WALLET_SEED=<place the fifteen words here>
(not mandatory) If you want to approach your node from your localhost with a browser, add the following lines after the last line:
Press ctrl +x and y to close and save the file.
Now it’s really time to start your node! Use the following command to run the Docker container in the background. It will pull the latest image from the LTO node and start running.
$ docker-compose up -d
To see the progress use the following command:
$ docker logs -f public-node
To leave the node running in the background either close the terminal or press ctrl + c.
If you get an ‘unsupported version’ error after starting your node, change the version number to ‘2’ in the docker-compose.yml file.
That’s it. You’ve successfully mastered setting up a LTO Network public node on your own Linux server. Awesome!
Depending on your stake (the number of LTO tokens you have in the “2nd wallet”) it will take more or less time for you to start earning LTO. Be patient and be happy. Welcome to the amazing LTO Network community! Read more about community programs.