Default Port Requirements for SSNs
|Inbound||33133||Protocol level port for receiving network data|
|Inbound||4501||Staking API service|
|Outbound||443||For getting initial node data for syncing|
Preparing the Node
Mainnet has been upgraded to support staking phase 1. You can now start to run a staked seed node on mainnet. Smart contract enrollment will happen 1-2 days before staking phase 1 launch.
Launching a seed node for staking is similar to launching a normal seed node, with some additional configuration steps.
In this guide, we will walk you through the steps on how to set up the seed node via
- Native build
You can go for either one of the options below (click to expand).
- Native Build
Launching the Node Using Docker
We highly recommend using Docker to set up a seed node, as we provide a tested, production-ready image for your use. If you have not yet set up Docker, please follow the instructions on the official documentation.
Once you have set up Docker, you may proceed to download and uncompress the configuration tarball for the Mainnet:
The seed node requires some configuring before it can successfully join the network and be used for staking. Most configuration is contained in
constants.xml, which should be in the directory you extracted ssn-configuration.tar.gz to. Minimally, the following changes are required:
- Optional: Change the value of
33133(default), or a port of your choice. If you do not select
33133, be sure to note this down for the subsequent whitelisting step.
If you have used a port other than 33133, and have opted for IP-based whitelisting, please notify us immediately so that we can adjust our whitelisted port for you.
- Optional: Change the value of
trueif your seed node will support WebSockets (refer to the Zilliqa Websocket Server documentation).
Finally, launch the seed node:
A seed node needs a key pair to communicate with other nodes in the network. launch_docker.sh will automatically generate and use a key pair stored in the file mykey.txt in the same folder.
We highly recommend to use another keypair for depositing stake, withdrawing stake and withdrawing reward.
Configuring Domain Name
Once your seed node is fully set up, it is time to configure your domain name to point to the address of your seed node.
If your seed node is not behind a load balancer, you can set an
A record in your domain registrar to point your domain/subdomain to your seed node’s IP address.
If your seed node is behind a load balancer, you can set a
CNAME record in your domain registrar to point your domain/subdomain to the hostname of your load balancer.
As the staked seed nodes are for public consumption, we expect these nodes to have high availability and be secure and reliable. As such, all operators are required to support serving of API and raw data requests over SSL/TLS.
Whitelisting and API Servicing
It is necessary for the staked seed node to be whitelisted by Zilliqa in phase 1 in order to receive data broadcasts about the blockchain and its state. Currently, there are 2 forms of whitelisting supported:
- Whitelisting via a static IP
- Whitelisting via public key of the SSN
We recommend SSN operators to use the whitelisting by public key approach.
Testing Your SSN's JSON-RPC Port
To check whether your node's JSON-RPC server is publicly available, you can use the following curl command.
If you received the latest blockchain information (similar to the one below) from the staked seed node, your JSON-RPC service is running well.
Testing Your SSN's WebSocket Port
You can use an online WebSocket test utility to test whether your WebSocket is publicly accessible.
- Visit https://www.websocket.org/echo.html
- Under location, put your WebSocket URL link (e.g.,
wss://<yourdomain here or ip:port>)
- Click on connect
- If “CONNECTED” is shown in the log, your WebSocket port is publicly accessible
Different node operators may wish to have a different setup to secure their SSN. It is possible as long as:
- JSON-RPC port (by default 4201) and WebSocket port are accessible by anyone without any restriction
- Staking API port (by default 4501) is accessible by the verifier to check the SSN
SSN operators are allowed to:
- Change the default port numbers (please inform us)
- Add a load balancer in front of their node
- Add additional services such as Cloudflare proxy in front of the node
- Run more than 1 SSN node behind a load balancer (these will collectively be treated as a single SSN)
SSN operators are not allowed to:
- Outsource API service to other node operators or Zilliqa seed nodes
- Restrict or censor any API service to the public or any region