Once you have a secure Linux server prepared, you can set up a Zen Node. See Build a ZenCash Secure Node – Part 1 – Prepare the VPS if you still need to prepare your server.
This part covers building the Zen node and getting an SSL certificate, as well as some other tasks to make the node and certificate usable. These steps will be necessary in order to run a Zen Secure Node.
Part 3 (still to be published) will finish this series and will be published after the Zen developers update the software for Secure Node functionality.
Build the Zen Node
Open your browser at the Zen Node Github page, copy the link for Clone or Download
Login to your VPS. If it has been a few days, update it using the upgrade script you created before:
Create a directory, navigate to it, and clone the Zen repository
mkdir zencash cd zencash git clone https://github.com/ZencashOfficial/zen.git
Following the directions on the Github page, add the prerequisites for building the software:
sudo apt -y install build-essential pkg-config libc6-dev m4 g++-multilib autoconf libtool ncurses-dev unzip git python zlib1g-dev wget bsdmainutils automake
Continuing to follow the directions, build, get the proving key, then run the zend software. The compiling of the software will take a while. While it is doing this you can start getting the SSL certificate below.
cd zen ./zcutil/build.sh -j$(nproc)
When it is finished compiling, if it worked, it will look something like this:
Next, the Zen parameters need to be downloaded. Enter this command:
After that is complete, run the zen application.
It will start, stop, then give you a message that you need to create a zen.conf file. OK, let’s do that. Navigate to your root directory, then to the hidden .zen directory, and see what’s in it:
cd cd .zen ls
There’s nothing in it! That’s ok, there will be soon. Create a new file zen.conf
Then paste this into it. I STRONGLY recommend changing your username and address to something different. If you have a text only application on your PC or Mac, like textedit or notepad, paste it into the text only application first, change what you need, then copy and paste into the the zen.conf file:
addnode=zen.suprnova.cc addnode=zpool.blockoperations.com addnode=zenmine.pro addnode=minez.zone rpcuser=znodeuser rpcpassword=63Qa5VybvCTPppBpVmn8HpjrKgxqaaEAqfYVrHjk9WtBG738 rpcport=18231 rpcallowip=127.0.0.1 server=1 daemon=1 listen=1 txindex=1 logtimestamps=1
Now navigate back to the place where the zend file is located and run it and check its status:
cd ~/zencash/zen/src ./zend ./zen-cli getinfo
It should look like this. See the blocks? That needs to count up to over 110,000. You can use up arrow to repeat the command and keep checking on it if you want, or go on and do something else while it is updating.
Let’s make this a little more user friendly and automatic. We are going to copy the two main files we need to the user application directory, and make the zend application start when the server boots.
sudo cp zend /usr/bin/ sudo cp zen-cli /usr/bin/
Let’s go back to our user level crontab and make the zend application start on boot. There are fancier ways to do this, but this will be good enough for now.
Navigate to the bottom, and paste this:
If you really want to test this, you can reboot your server and see if the application starts on reboot. For right now, let’s do a partial test. Navigate to your base directory, check on the server, stop it, start it, then check on it. Do this slowly, not superfast, so the server has a little bit of time to stop and start back up again.
cd zen-cli getinfo zen-cli stop zend zen-cli getinfo
If you want to see what the current node height is, there are some Zen block explorers out there. I just check my Zen mining pool statistics at https://zpool.blockoperations.com/stats for the latest. Right now it looks like this:
What we have done so far is create a working Zen node that maintains the full set of transactions, and the index. It is also set up to accept RPC commands. It is not yet a Zen Secure Node. We need a few more things for that.
By the way, if you are concerned the blockchain is filling up your system storage, an easy way to check on disk usage is df -h. It shows you how much used and free space your entire system has.
If you want to see how much space the blockchain is taking up, run ncdu (we installed that in part one). Do this from your base user directory, navigate with arrow keys, and exit with q. The zen blockchain is stored in ~/.zen/blocks/
If the storage gets too full, you should probably upgrade your VPS to one that has more storage space.
Create an SSL certificate
For an SSL certificate, you need your own domain. I will use one of mine from Namecheap in the example but there are many other ways to do this.
Login to Namecheap, buy a domain, and go to your dashboard.
Choose the Advanced DNS option:
Add a New Record, and make it an A record:
Type in the hostname and the IP address of your VPS, then save the changes
Test the setup by going to your own computer and pinging the Fully Qualified Domain Name (FQDN) you just created:
It should work right away. I find changes take some time to propagate, but new records update over the internet quickly. Open a second ssh session to your VPS so you can do things in parallel with the compiling and downloading we are doing, and let’s get the certificate going.
Get a certificate and set up copying to user directory
We are going to use Letsencrypt free SSL certificate. It is also possible to buy a certificate and install it, but that’s kind of expensive, and not really necessary.
If your zen software is still compiling, login using a second terminal session. Just remember what you are doing in each session.
From your VPS command line, add the respository and install:
sudo apt -y install software-properties-common python-software-properties sudo add-apt-repository ppa:certbot/certbot sudo apt update sudo apt -y install certbot
Make sure your firewall ports are open for http and https:
and that you don’t have a webserver running. There should be nothing listening on ports 80 and 443
Now install the certificate. You will need to enter your email address and decide whether you will accept email from the Electronic Frontier Foundation.
sudo certbot certonly --standalone -d znode.blockoperations.io
If everything goes well, you will see a message like this:
Now let’s set up the system so the keys get renewed when they need to be.
sudo crontab -e
Put this info in the file:
15 3 * * * /usr/bin/certbot renew --quiet
It will look like this:
Now we are going to set up a way to copy the certificate to your userspace for the zen daemon to use it.
The problem is that a regular user can’t access the keys where they normally are kept. It’s possible to change the permissions on the keys, but those will get overwritten on renewal. Instead of messing with the original keys, we are going to make a copy of them so the user can read them. There are many different ways to do them, and if you want to do it a different way more power to you.
Create a script to copy the keys on a regular basis, and a place to put the keys:
mkdir ~/keys cd ~/keys mkdir znode vim copykeys.sh
This is what goes into the file. Substitute your FQDN for the znode.blockoperations.io and your directory structure in the example below:
#!/bin/bash sudo cp /etc/letsencrypt/live/znode.blockoperations.io/privkey.pem /home/blockops/keys/znode/ sudo cp /etc/letsencrypt/live/znode.blockoperations.io/chain.pem /home/blockops/keys/znode/ sudo cp /etc/letsencrypt/live/znode.blockoperations.io/cert.pem /home/blockops/keys/znode/ sudo cp /etc/letsencrypt/live/znode.blockoperations.io/fullchain.pem /home/blockops/keys/znode/
Let’s make this script executable then test that it works.
chmod +x copykeys.sh sudo ./copykeys.sh
Then add it to your user’s crontab to copy the keys every day.
Add this line to the bottom of the crontab file:
3 15 * * * /usr/bin/sudo /home/blockops/keys/copykeys.sh
Unfortunately, this script needs your password to work. And the crontab won’t supply the password. We can get around that by allowing this one script to execute with root privileges without requiring password. Edit the sudoers file with this command:
And paste the allowed command at the bottom of the file.. You will need to put in your own username in TWO places instead of blockops. On my system the visudo editor is nano, so use the arrow keys to scroll down, copy and paste the command the regular way your system supports, then hit ctrl-x and Enter to save the file:
blockops ALL=(ALL) NOPASSWD: /home/blockops/keys/copykeys.sh
Now test it. Logout of the VPS, log back in, and run the script:
The script should work without having to enter your password. And there should be four SSL keys in the directory. Look at the permissions on the files by typing ls -al:
The files are still owned by root, but users have permissions to read the files. You can test this by looking at the cert.pem file:
It will show the contents of the certificate file on your screen. File permissions are important to understand in Linux. Here is a good reference for file permissions and how to change them.
That’s it for part 2!
Part 3 will be the rest of the work to get a ZenCash secure node running. It will be something like this, but the final details still need to be worked out by the Zen development team
- Send >=42 ZenCash to a t_address on the node
- Set up GNUnet or IPFS publishing and test by publishing something on GNUnet or IPFS
- Create a script to check a z_address channel for new information. When there is new info, assemble info and sign it with z_address private key.
- Have the script publish some information to GNUnet
- Set up a cronjob to run the script every 2 minutes.
The main Zen software is ready, you can find it here: https://github.com/ZencashOfficial/zen
More Information on Block Operations