Setting up the SSN

Default Port Requirements for SSNs

Inbound33133Protocol level port for receiving network data
Inbound4201/443API service
Inbound4401WebSocket service
Inbound4501Staking API service
Outbound443For getting initial node data for syncing

Preparing the Node


Mainnet has been upgraded to support staking phase 1. You can now start to run a staked seed node on mainnet. Smart contract enrollment will happen 1-2 days before staking phase 1 launch.

Launching a seed node for staking is similar to launching a normal seed node, with some additional configuration steps.

In this guide, we will walk you through the steps on how to set up the seed node via

  1. Docker
  2. Native build

You can go for either one of the options below (click to expand).

Launching the Node Using Docker

We highly recommend using Docker to set up a seed node, as we provide a tested, production-ready image for your use. If you have not yet set up Docker, please follow the instructions on the official documentation.

Once you have set up Docker, you may proceed to download and uncompress the configuration tarball for the Mainnet:

# create a directory
$ mkdir my_seed && cd my_seed
# download and extract the SSN configuration files
$ wget
$ tar -zxvf ssn-configuration.tar.gz

The seed node requires some configuring before it can successfully join the network and be used for staking. Most configuration is contained in constants.xml, which should be in the directory you extracted ssn-configuration.tar.gz to. Minimally, the following changes are required:

  • Optional: Change the value of SEED_PORT to 33133 (default), or a port of your choice. If you do not select 33133, be sure to note this down for the subsequent whitelisting step.
    Important notice

    If you have used a port other than 33133, and have opted for IP-based whitelisting, please notify us immediately so that we can adjust our whitelisted port for you.

  • Optional: Change the value of ENABLE_WEBSOCKET to true if your seed node will support WebSockets (refer to the Zilliqa Websocket Server documentation).

Finally, launch the seed node:

$ ./

A seed node needs a key pair to communicate with other nodes in the network. will automatically generate and use a key pair stored in the file mykey.txt in the same folder.


We highly recommend to use another keypair for depositing stake, withdrawing stake and withdrawing reward.

Configuring Domain Name

Once your seed node is fully set up, it is time to configure your domain name to point to the address of your seed node.

If your seed node is not behind a load balancer, you can set an A record in your domain registrar to point your domain/subdomain to your seed node’s IP address.

If your seed node is behind a load balancer, you can set a CNAME record in your domain registrar to point your domain/subdomain to the hostname of your load balancer.

SSL/TLS Configuration

As the staked seed nodes are for public consumption, we expect these nodes to have high availability and be secure and reliable. As such, all operators are required to support serving of API and raw data requests over SSL/TLS.

Whitelisting and API Servicing

It is necessary for the staked seed node to be whitelisted by Zilliqa in phase 1 in order to receive data broadcasts about the blockchain and its state. Currently, there are 2 forms of whitelisting supported:

  1. Whitelisting via a static IP
  2. Whitelisting via public key of the SSN

We recommend SSN operators to use the whitelisting by public key approach.

Testing Your SSN's JSON-RPC Port

To check whether your node's JSON-RPC server is publicly available, you can use the following curl command.

curl -d '{
"id": "1",
"jsonrpc": "2.0",
"method": "GetBlockchainInfo",
"params": [""]
}' -H "Content-Type: application/json" -X POST "<staked seed node address>"

If you received the latest blockchain information (similar to the one below) from the staked seed node, your JSON-RPC service is running well.


Testing Your SSN's WebSocket Port

You can use an online WebSocket test utility to test whether your WebSocket is publicly accessible.

  1. Visit
  2. Under location, put your WebSocket URL link (e.g., wss://<yourdomain here or ip:port>)
  3. Click on connect
  4. If “CONNECTED” is shown in the log, your WebSocket port is publicly accessible

Advanced Setup

Different node operators may wish to have a different setup to secure their SSN. It is possible as long as:

  1. JSON-RPC port (by default 4201) and WebSocket port are accessible by anyone without any restriction
  2. Staking API port (by default 4501) is accessible by the verifier to check the SSN

SSN operators are allowed to:

  • Change the default port numbers (please inform us)
  • Add a load balancer in front of their node
  • Add additional services such as Cloudflare proxy in front of the node
  • Run more than 1 SSN node behind a load balancer (these will collectively be treated as a single SSN)

SSN operators are not allowed to:

  • Outsource API service to other node operators or Zilliqa seed nodes
  • Restrict or censor any API service to the public or any region