This guide is written for people that have absolutely no or little experience with terminal and remote server configuration. Should work on all Debian based distros although this has been tested only with fresh Debian 10 Buster. It does not yet cover the actual node configuration yet. For that see the official Nym docs here https://nymtech.net/docs/run-nym-nodes/mixnodes/
If you are complete beginner and just installed Debian on your VPS then I suggest going through the bash crash course in the introduction section
If you are at least little experienced, then skip to section Nym installation.
- a computer running Linux/MacOS X/Windows 10
- VPS with full root access
- courage and patience if this is the first time you are managing server.
Opening up a terminal for the first time might be intimadating at least, you might think to yourself "Damn what do I do now??? I am not a programmer, I want to go back to my window where I can see all files and use my mouse!"
Don't be scared, using terminal can give you the ultimate powers over your machine, automate stuff and realize what is really going on under the hood. It gives you the ultimate freedom, what you type is what you get, an answer, an exit code perhaps, but the machine always gives you an honest answer.
But enough talk ...
Majority of you will probably be using a Windows or MacOS so I will focus on these two operating systems in the introduction.
I assume you know how to open spotlight on your Mac, when you search for stuff on your computer ...
- press cmd + space and type terminal and hit enter. You can also find it in your Applications or launchpad in subfolder Other. Whatever is your workflow ... Open the terminal. This is what you should see. >> image
- If this is the firs time you are using terminal, let me walk you throught some essential commands and basics. Try them for yourself before you attempt to connect to the server. Try creating a directory test in your home folder.
Command | description |
---|---|
whoami | tells you which account are you using in the current shell |
which COMMAND | shows you the path to the command if it is in your $PATH(*explained later) |
cd | change directory - if you type cd, it will get you back to your home directory |
cd DIRECTORY | for example, you want to go to nym/. Type cd nym and it will get you there if the folder exists |
cd .. | go(back) to a lower level directory. /home/username/test/ or on MacOS /Users/username/test/ cd .. would get you one level lower in the directory tree. |
cd - | returns you to the previous directory you were in before changing to the current directory |
pwd | shows you the full path of the directory you are currently in |
mkdir DIRECTORY NAME | creates a new directory with a name you choose for it |
whatis COMMAND | tells you a short info about a given command |
COMMAND --help | shows you the help output of any given command, syntax and available arguments. |
man COMMAND | opens up a manual page for a given command, most of the time just RTFM if you get stuck ! :} |
cat FILENAME | prints the content of a file. Example: You want to read your ssh key. ```cat .ssh/id_ecdsa.pub and voila, you can copy it! |
ls | lists files in the current directory or you can specify the directory. Example: you are in your home folder and want to see if you have the ssh keys in directory .ssh/ ls .ssh/ |
ls -la | more detailed output of the ls command. Prints out permissions, who is the owner and which group, size, time of creation and also prints the hidden dot files (usually system files) |
nano FILENAME | opens a simple text editor, you can also create new files with it. Press CTRL+O to save then CTRL+X to quit |
touch FILENAME | creates a new file with a current time stamp. We will use this just for some practices in the following exercise |
mv FILENAME PATH | move a file from SOMEWHERE to SOMEWHERE ELSE. This command can also change name of a file so watch out for this. For copying use the following command. mv can be dangerous if you are root! |
cp FILENAME PATH | copy a file from SOMEWHERE to SOMEWHERE ELSE |
rm | removes a file. Use with extreme caution !!! If you type rm -rf / as a root user, you will wipe out the entire server haha. |
ssh-keygen | generates an ssh key in your home directory in folder .ssh/ . Use this with argument -t ecdsa for stronger encryption algorithm. |
ssh root@x.x.x.x | ssh means secure shell connection and it will create a tunnel between your computer and your server. Syntax is ssh USERNAME@IPADDRESS OF THE REMOTE SERVER |
All these commands work on MacOS and also on any UNIX system. Remember, if you get lost, type pwd
and it shows you where you are. If you need help with command arguments, type --help
after the command.
If you need to get back to your home folder, just type cd
and you are back home. Need to get back to the previous directory? Type cd -
.
Do you want to see what files are inside the directory? Type ls -la
or simply ls
.
It is really that simple
All right ! So you have your cheatsheet with some essential commands, now let's try it out before we move on to the actual connection to the server!
Create a folder, create some files in the folder, copy a file, write something in a file and print the output to the file.
OK try this simple exercise:
-
Where are you? Which command prints you the full path of the current directory you're in?
-
Make sure you are inside your home folder and create a new folder named test.
-
Then create file1 file2 file3 in that folder.
-
Next list all the files in the directory to see if they are there. Make sure you
cd
to the new directory :}... -
Next, create another folder in the folder test called newfolder and copy file1 there.
-
Write something in thefile you copied there, use nano to do so. Write some shit such as "I am using terminal, much wow, very hacking!!!". Save it and exit nano.
-
Print the output of the file1 you just edited with nano it should display your message.
-
now return to the previous directory test/
-
Print the output of the file1 in THAT directory. It should be empty so print no result.
-
return back to your home directory and check if you are there with pwd
Here are all the steps broke down with exact steps/commands
cd
pwd
mkdir test
cd test
touch file1 file2 file3
ls -la
nano file1
mkdir newfolder
cp file1 newfolder/
ls -la newfolder/
cd newfolder
pwd
cat file1
cd ..
pwd
cat file1
ls -la
cd
pwd
Was it that hard? I guess not.
Now you should be almost ready to connect to your server and not fuck something up.
Later on we will discuss permissons, ownerships, users and groups. Which you can skip if you don't give a shit about security, but majority of the hacks are due to badly configured permissions and ownerships which leads to privilege escalations and pwning the machine.
So now that you now some basic commands, we may proceed to the next step, which is the actual connection to your VPS.
Note:This guide won't yet be covering details on how to set up a node running from your home through NAT or from some cloud provider without a dedicated IP address.
Now is the time to create your ssh keys with which you will authenticate yourself with the server.
Some VPS providers will send you a password, which includes some extra security steps.
Like web servers use HTTP and HTTPS, that have ports 80 and 443, SSH usually runs on port 22. Many automated scanners scan through the whole internet looking for open ports 22 and try to crack the password. On my server, I get usually 300 attacks per day from unique IP addresses.
If your VPS provider gives you a long password for your root account, it might take them years to crack it but if the actual attackers are from some government such as the US, China or Russia, they have an immense computing power which would allow them to crack the password much faster even if it is long.
General good practice is to disable root login and password login, use SSH on another port and only allow access with a key and strong password.
See the ssh website for some good practices which I won't be covering here right now in this guide.
- open your terminal
- create your keys with command
ssh-keygen -t ecdsa
- This will create your private key and public key, I suggest using some password for it as well. It will prompt you to enter it during the generation of your keys
- if all goes well, then your keys will be in a directory
.ssh/
in your home folder. - cd into the folder and do
cat id_ecdsa.pub
---> this will print the public key which you have to copy and paste into a section in your VPS web dashboard. - else if you have a password for the root account then you should use ssh-copy-id
ssh-copy-id -i someserver
where-i
is the name of the file of your PUBLIC! key. Your private key always stays on your local machine. ssh root@x.x.x.x
- you will be asked if you would like to add the server to your know_hosts list on your local machine. Press
y
and hit enter - If you got the right key on the server and chose to use password during the key generation process, then you will be asked to enter the same password.
- now you should be in!
whoami
output should be root
If you are running other distro with already created sudo user, then skip the first 3 steps. Now would be the time to install all the essentials for the installation of Nym.
I suggest running Nym node with new user without any privileges and /usr/sbin/nologin
On fresh Debian 10 Buster, there are many things not installed, it is really stripped down. So to following command should install everything even on Debian.
apt install sudo
sudo which allows user to act as a root user for the given command is not installed on Debian 10, so install it.
Next we will create a new user in sudo group, which you should use while maintaining you server. Do it with the following command
useradd --shell /bin/bash --create-home --groups sudo YOURNAME
- this will add a new user with a home folder at /home/USERNAME, with default shell /bin/bash and adds it to the group sudo
Now set a password for the username in case you haven't been asked to do so during the previous command.
passwd USERNAME
- set the password for your new user
Now change to your new user with su USERNAME
. su
means "switch user" or at least that is my understanding of it.
whoami
should tell you if you are logged in as your new user. Whenever want to exit back to being root then type exit
Let's create another user specifically for the Nym node, so if there is any vulnerability in the Nym code your server would not be so easily pwnd from there.
sudo useradd nym --create-home -U -s /usr/sbin/nologin
- this will create a user nym belonging to group nym, with home directory at
/home/nym/
and without a login option for the user nym.
sudo usermod -a -G nym YOURUSERNAME
- not sure about this * ... this adds your user to the group nym so you could then have permissions to write in
/home/nym
sudo apt update
sudo apt install git curl wget pkg-config build-essential libssl-dev ufw nano
- this will install all the essentials
Let's login as a nym user to install nym
sudo -u nym bash
- This command will "borrow" nym user and allow him to use bash for the time being.
Go to nym home directory
cd
Verify you are at /home/nym
and as a user nym
whoami && pwd
output should be nym /home/nym
Install Rust with this. Enter 1 after the script asks you for the desired option.
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
source $HOME/.cargo/env
- this will install Rust and all its packages to your home folder and puts it in your $PATH in config file .bashrc
Check if Cargo is in your $PATH
cargo --version
- this should print out the version of Cargo. If it does not, you forgot something. Maybe
source $HOME/.cargo/env
or forgot tocd
to nym home directory
git clone https://github.com/nymtech/nym.git
- this will download the developer version from github
- there is one additional important step!!! In the following command. You must not forget to do so
The following command will switch the branch to the testnet version
git checkout tags/v0.9.2
You should now be ready to build NYM!
cargo build --release
- This will take some time. Maybe even up to 30 minutes. So go and grab a coffee, beer, snack or roll a nice phat joint
Now let's try to run the node. Assuming you are in /home/nym/nym/
directory then go here
cd target/release
./nym-mixnode init --help
- this will print the help of the initial configuration of the nym-mixnode. Make sure to see the official docs for further info as well.
Now make up some name for the --id
argument. You can also run the node in layer 1 or 3, right now with this version it does not matter which layer you choose.
./nym-mixnode init --id SOMENAME --layer 2 --host $(curl -sS v4.icanhazip.com)
- creates a config for the node and curl command gets the ip of your server for you.
- you may add --location CITY argument so on nym dashboard the city where the node is located would be visible. Totally up to you though.
Now try to run the node to see if everything is all right and is mixing packets.
./nym-mixnode run --id SOMENAME
- Make sure you enter the same id as in the config in the previous command.
After a while you should see your node is mixing packets. If you still see "mixed 0 packets!" after a few minutes, then something went wrong, most likely you did not set up your firewall (ufw) properly.
Exit the process anytime with CTRL + C.
switch back to your user
exit
Set up the firewall rules to allow traffic for nym and also ssh so you would not lock yourself out.
sudo ufw allow 22/tcp && sudo ufw limit 22/tcp && sudo ufw allow 1789/tcp
- Set the firewall rules to allow connections with ssh and allow in/out traffic to port 1789 which is used by the mixnode.
Now enable the firewall. Make sure you did the previous step and allowed 22/tcp else you will get LOCKED OUT! after you exit the session.
sudo ufw enable
Then check if the 22/tcp and 1789/tcp are allowed.
sudo ufw status
You should see something like this
To | Action | From |
---|---|---|
22/tcp | ALLOW | Anywhere |
22/tcp | LIMIT | Anywhere |
1789/tcp | ALLOW | Anywhere |
If you close current session, the mixnode will stop. There are multiple ways on how to make it persistent even after exiting your ssh session. Tmux, screen for instance.
Easy solution would be to use nohup -> ``nohup`./nym-mixnode run --id NYM & ``` where --id NYM is the id you set during the init command previously. You should be able to check if the node is mixing packets with multiple ways:
- nym dashboard
- nohup file in the same directory as you are launching the script from (did not verify this)
sudo ss -s -t | grep 1789
sudo lsof -i TCP:1789
if you get command not found, dosudo apt install lsof
.
However, the most reliable and elegant solution is to create a systemd.service script and run the nym-mixnode with systemctl command.
Credits to https://github.com/ststefa for writing this file.
Create a file with nano and copy there following. IMPORTANT: You need to write there your node id which you set up in the config earlier, else it won't work! At line ExecStart, rewrite the --id SOMENAME with exactly the same name as you used for the config.
sudo nano /etc/systemd/system/nym-mixnode.service
Copy there this and change the id name
[Unit]
Description=nym mixnode service
After=network.target
[Service]
Type=simple
User=nym
LimitNOFILE=65536
ExecStart=/home/nym/target/release/nym-mixnode run --id nym
KillSignal=SIGINT
Restart=on-failure
RestartSec=30
Restart=on-abort
[Install]
WantedBy=multi-user.target
Now pres CTRL + O to write the file, hit enter. Then exit with CTRL + W.
sudo systemctl enable nym-mixnode
- Enable the service
sudo systemctl start nym-mixnode
- Start the service
sudo systemctl status nym-mixnode
- Check if the service is running properly and mixnode is mixing.
Now your node should be mixing all the time unless you restart the server! Congratz and thanks for contributing to the testnet.
If you encounter any problems, feel free to ask at our Telegram chat group https://t.me/nymchan_help_chat The installation process will get easier and more automated in the future, but hopefully this guide helped you to set up and run your mixnode on your fresh server.
Next
chmod -R g+w /home/nym/
here I had to use sudo as I got a permission error
nice and easy guide though