Maintenance

1. Start with setting up the essential tools on your server.

• Get your system up to date

apt update -y && apt --fix-broken install

• Install dependencies

apt -y install ca-certificates jq curl wget ufw jq tmux pkg-config build-essential libssl-dev git

• Double check ufw is installed correctly

apt install ufw --fix-missing

2. Configure your firewall using Uncomplicated Firewall (UFW)

For a nym-node or Nyx validator to recieve traffic, you need to open ports on the server. The following commands will allow you to set up a firewall using ufw.

• Check if you have ufw installed:

ufw version

• If it's not installed, install with:

apt install ufw -y

• Enable ufw

ufw enable

• Check the status of the firewall

ufw status

3. Open all needed ports to have your firewall for nym-node working correctly

• In case of reverse proxy setup add:

ufw allow 443/tcp

• Re-check the status of the firewall:

ufw status

1. Create a local directory where you want to store your backup

mkdir -pv <PATH_TO_TARGET_DIRECTORY>

# for example
# mkdir -pv $HOME/backup/my_nym_node/.nym

2. Copy configuration folder .nym from your VPS to your newly created backup directory

scp -r <SOURCE_USER_NAME>@<SOURCE_HOST_ADDRESS>:~/.nym/nym-nodes/<ID> <PATH_TO_TARGET_DIRECTORY>

3. Verify the success of the backup

The scp command should print logs, an operator can see directly whether it was successful or if it encountered any error. However, double check that all your needed configuration is in the backup target directory.

1. Create local sub-directories where you want to store your backup

mkdir -pv <PATH_TO_TARGET_DIRECTORY>
mkdir -pv <PATH_TO_TARGET_DIRECTORY>

# for example
# mkdir -pv $HOME/backup/my_nym_node/var/www
# mkdir -pv $HOME/backup/my_nym_node/etc/nginx/sites-available

1. Backup /var/www directory

scp -r <SOURCE_USER_NAME>@<SOURCE_HOST_ADDRESS>:/var/www <PATH_TO_TARGET_DIRECTORY>

2. Backup /etc/nginx/sites-available directory

scp -r <SOURCE_USER_NAME>@<SOURCE_HOST_ADDRESS>:/etc/nginx/sites-available <PATH_TO_TARGET_DIRECTORY>

3. Verify the success of the backup

The scp command should print logs, an operator can see directly whether it was successful or if it encountered any error. However, double check that all your needed configuration is in the backup target directory.

1. Prepare new VPS

SSH into your new VPS and start with:

• Do all preliminary steps needed to run a nym-node.

• Create a .nym/nym-nodes configuration folder:

mkdir -pv ~/.nym/nym-nodes

2. Restore your node configuration

Copy the folder with your node configuration and keys from your local machine to the newly created folder on your VPS using scp command. Make sure to grab the entire nym-node configuration folder, which is called after your local nym-node identifier (<ID>), the -r (recursive) flag will take care of all sub-directories and their content:

scp -r <PATH_TO_LOCAL_NODE_CONFIGURATION_FOLDER> <VPS_USER_NAME>@<VPS_HOST_ADDRESS>:~/.nym/nym-nodes/

# for example:
scp -r $HOME/backup/my_nym_node/.nym/nym-nodes/default-nym-node root@my-nym-node:~/.nym/nym-nodes/

3. Verify the success of the backup

The scp command should print logs, an operator can see directly whether it was successful or if it encountered any error. However, double check that all your needed configuration is in the target directory .nym/nym-nodes on your VPS.

4. Configure your node on the new VPS

• SSH to your VPS
• Run a command echo "$(curl -4 https://ifconfig.me)" to see your public IPv4
• Edit config file located at ~/.nym/nym-nodes/<ID>/config/config.toml correct IP - it's the field under the header [host], called public_ips = [<PUBLIC_IPS>,]
• Add your new location field location = <LOCATION>, (formats like: 'Jamaica', or two-letter alpha2 (e.g. 'JM'), three-letter alpha3 (e.g. 'JAM') or three-digit numeric-3 (e.g. '388') can be provided).
• Try to run the node and see if everything works.
• Setup the systemd automation (don't forget to add the terms and conditions flag) to ExecStart command, reload the daemon and run the service.

4. Change the node smart contract info via the wallet interface

Open Nym Wallet, go to Bonding, open Settings and change Host value to the new nym-node IP address. Otherwise the keys will point to the old IP address in the smart contract, and the node will not be able to be connected, and it will fail up-time checks, returning zero performance.

1. Copy your backed up directory /var/www for landing page to the server

• Start setting up reverse proxy and WSS following this guide but instead of creating a new /var/www/<HOSTNAME> directory, simply copy there the one from the old server, using scp command

scp -r <PATH_TO_LOCAL_WWW_CONFIGURATION_BACKUP> <VPS_USER_NAME>@<VPS_HOST_ADDRESS>:/var/www/

# for example:
scp -r $HOME/backup/my_nym_node/var/www root@my-nym-node:/var/www

2. Make sure that domain is correctly setup

As you see in the guide you use a domain (same like your <HOSTNAME>), make sure you have it registered as and redirected to the new IP by logging into your DNS provider and editing the dashboard of the domain.

3. Proceed with all needed node configuration

• In the guide follow the steps to configure your node reverse proxy, like installing Nginx, opening the needed ports etc

4. Restore Nginx config

• When you arrive to the point to configure your /etc/nginx/sites-available/<HOSTNAME>, use again scp instead of creating a new one

scp -r <PATH_TO_LOCAL_NGINX_CONFIGURATION_BACKUP> <VPS_USER_NAME>@<VPS_HOST_ADDRESS>:/etc/nginx/sites-available

# for example:
scp -r $HOME/backup/my_nym_node/etc/nginx/sites-available root@my-nym-node:/etc/nginx/sites-available

5. Edit Nginx configuration file with correct hostname

• Open the Nginx config file on your server and see if a domain name needs to be changed to new one. To open the file, use for example nano text editor:

nano /etc/nginx/sites-available/<HOSTNAME>

6. Continue with the Nginx setup

• Go back to the proxy setup guide and continue from the point #3

7. Edit WSS configuration with the correct hostname

• Open the WSS config file on your server and see if a domain name needs to be changed to new one. To open the file, use for example nano text editor:

nano /etc/nginx/sites-available/wss-config-nym

8. Finish and test the setup

Continue with the activating and testing your reverse proxy and WSS until the end of the guide.

1. Prepare both servers

Assuming both machines are remote VPS.

• Make sure your ~/.ssh/<SSH_KEY>.pub is in both of the servers ~/.ssh/authorized_keys file
• Create a nym-node folder in the target VPS. SSH in from your terminal and run:

# in case none of the nym configs was created previously
mkdir ~/.nym
 
#in case no `nym-node` was initialized previously
mkdir ~/.nym/nym-nodes

2. Move the node data and keys to the new machine

• Open your local terminal (as that one's ssh key is authorized in both of the VPS) and run:

scp -r -3 <SOURCE_USER_NAME>@<SOURCE_HOST_ADDRESS>:~/.nym/nym-nodes <TARGET_USER_NAME>@<TARGET_HOST_ADDRESS>:~/.nym/nym-nodes/

3. Open new/target VPS terminal and configure the node

• Edit ~/.nym/nym-nodes/<ID>/config/config.toml config with the new listening address IP - it's the one under the header [host], called public_ips = [<PUBLIC_IPS>,] and add your new location (field location = <LOCATION>, formats like: 'Jamaica', or two-letter alpha2 (e.g. 'JM'), three-letter alpha3 (e.g. 'JAM') or three-digit numeric-3 (e.g. '388') can be provided). You can see your IP by running a command echo "$(curl -4 https://ifconfig.me)".

• Try to run the node and see if everything works.

• Setup the systemd automation (don't forget to add the terms and conditions flag) to ExecStart command, reload the daemon and run the service. If you want to use the exact same service config file, you can also copy it from one VPS to another following the same logic by opening your local terminal (as that one's ssh key is authorized in both of the VPS) and running:

scp -r -3 <SOURCE_USER_NAME>@<SOURCE_HOST_ADDRESS>:/etc/systemd/system/nym-node.service <TARGET_USER_NAME>@<TARGET_HOST_ADDRESS>:/etc/systemd/system/nym-node.service

4. Change the node smart contract info via the wallet interface

• Open Nym Wallet, go to Bonding, open Settings and change Host value to the new nym-node IP address. Otherwise the keys will point to the old IP address in the smart contract, and the node will not be able to be connected, and it will fail up-time checks, returning zero performance.

• Make sure to stop the old node.

1. Copy the configuration directory to the new one

cp -r  ~/.nym/nym-nodes/<ID> ~/.nym/nym-nodes/default-nym-node/

2. Rename all original <ID> occurrences in config.toml to default-nym-node

# check occurences of the <SOURCE_ID>
grep -ir  "<ID>" ~/.nym/nym-nodes/default-nym-node/*

• If you are clear with occurrence found above, move on using sed command:

sed -i -e "s/<ID>/default-nym-node/g" ~/.nym/nym-nodes/default-nym-node/config/config.toml

• If you are not sure and want to play it safe, do it manually by opening config.toml and rewriting each occurence of <ID>:

nano ~/.nym/nym-nodes/default-nym-node/config/config.toml

3. Validate by rechecking the config file content

# either re-run
grep -ir  "<ID>" ~/.nym/nym-nodes/default-nym-node/*
 
# or by reading the config file
less ~/.nym/nym-nodes/default-nym-node/config/config.toml

• Pay extra attention to the hostname line. In case its value was somehow correlated with the source <ID> string you may need to correct it back

4. Reload your systemd service daemon and restart the service

• If you chosen default-nym-node as an ID, you can drop --id flag from node running commands, otherwise specify with the new <ID>.
• If automation isn't your thing, simply reboot the node. To automate with systemd is highly recommended.

5. Be careful before removing old config

• If you double-checked that everything works fine, you can consider removing your old config directory