LogoLogo
Threshold WebsitetBTC v2 DocsTACo Docs
  • What is the Threshold Network?
  • THRESHOLD DASHBOARD
    • tBTC Minting Walkthrough
  • Applications
    • tBTC Bitcoin Bridge
      • Fees
      • Wallet Generation
      • Wallet Signing
      • The Path to Permissionlessness
      • Sweeping
      • Coverage Pool
    • Threshold USD
      • Overview of thUSD
      • Borrowing
      • Stability Pool and Liquidations
      • Redemptions and thUSD Price Stability
      • Recovery Mode
      • Bootstrapping
        • Initial Protocol Loan
      • B. Protocol
      • thUSD on Build on Bitcoin (BOB)
        • Connecting to BOB Network
        • Bridging Collateral to BOB Network
        • Opening Collateral Vaults and Minting thUSD
  • Governance
    • Threshold DAO
      • 🗳️Governance Process
      • 🙋‍♀️Guilds
      • 💰Threshold Multisigs
      • Threshold DAO Rules
    • Vote Delegation
      • Liquid Token Delegation
  • Staking & Running a Node
    • tBTC v2 Node Setup
      • Operator Account
      • Application Authorization & Operator Registration
      • Network Configuration
      • Data Storage
      • Installation
        • Docker Installation
        • Binary Installation
      • Updating tBTC v2 Node
      • Advanced Options
        • Alternatives to Dashboard
        • Logging
        • Config File
        • CLI Options
        • Client Info
      • Frequently Asked Questions
      • Sepolia Testnet
        • Testnet tBTC v2 node Setup
    • tBTC Beta Stakers Program
  • App Development
    • DAO Contracts
      • DAO Contracts API
        • BaseTokenholderGovernor
        • Checkpoints
        • GovernorParameters
        • IApplication
        • ILegacyTokenStaking
        • IStaking
        • IVotesHistory
        • KeepStake
        • PercentUtils
        • ProxyAdminWithDeputy
        • SafeTUpgradeable
        • StakerGovernor
        • StakerGovernorVotes
        • T
        • TokenholderGovernor
        • TokenholderGovernorVotes
        • TokenStaking
        • VendingMachine
    • Random Beacon
      • Random Beacon API
        • AltBn128
        • BeaconAuthorization
        • BeaconDkg
        • BeaconDkgValidator
        • BeaconInactivity
        • BLS
        • BytesLib
        • Callback
        • Governable
        • Groups
        • IRandomBeacon
        • IRandomBeaconConsumer
        • ModUtils
        • RandomBeacon
        • RandomBeaconChaosnet
        • RandomBeaconGovernance
        • Reimbursable
        • ReimbursementPool
        • Relay
    • tBTC
      • tBTC SDK
        • Quickstart
        • Architecture
        • Guides
          • Initialize SDK
            • Ethereum and Bitcoin mainnet
            • Ethereum and Bitcoin testnet
            • Crosschain
            • Custom mode
          • Deposit and mint
          • Unmint and redeem
        • API Reference
      • tBTC Contracts API
        • Bridge API
          • Bank
          • BitcoinTx
          • Bridge
          • BridgeGovernance
          • BridgeGovernanceParameters
          • BridgeState
          • Deposit
          • DepositSweep
          • DonationVault
          • EcdsaLib
          • Fraud
          • GovernanceUtils
          • Heartbeat
          • IReceiveBalanceApproval
          • IRelay
          • IVault
          • L2TBTC
          • L2WormholeGateway
          • LightRelay
          • LightRelayMaintainerProxy
          • MaintainerProxy
          • MovingFunds
          • Redemption
          • TBTC
          • TBTCOptimisticMinting
          • TBTCVault
          • VendingMachine
          • VendingMachineV2
          • VendingMachineV3
          • WalletCoordinator
          • Wallets
        • ECDSA API
          • EcdsaAuthorization
          • EcdsaDkg
          • EcdsaDkgValidator
          • EcdsaInactivity
          • IWalletOwner
          • IWalletRegistry
          • WalletRegistry
          • WalletRegistryGovernance
          • Wallets
  • Resources
    • T Token
    • Contract Addresses
      • Mainnet
        • Threshold DAO
        • tBTC
        • thUSD
        • Legacy
      • Görli Testnet
      • Sepolia Testnet
    • tBTC Pools
    • Upgrade NU & KEEP to T
    • Contribution
    • Security
    • Brand Assets
    • Links
Powered by GitBook
On this page
  • Install Docker
  • Docker and Security Best Practices
  • Client Startup and Logs

Was this helpful?

Export as PDF
  1. Staking & Running a Node
  2. tBTC v2 Node Setup
  3. Installation

Docker Installation

This page will guide you through Docker setup steps.

PreviousInstallationNextBinary Installation

Last updated 1 year ago

Was this helpful?

Install Docker

Install or update Docker to the latest version. Visit the for detailed instructions. Use the command below to find your installed version if needed:

docker --version

Docker and Security Best Practices

General best practices recommend against running the tBTC v2 client as the root user as a security precaution. One security-minded approach is to (Rootless mode).

Next, choose ONE of the following options: Docker Compose makes managing the container simple, but requires an additional step to ensure the container starts after a reboot. The tBTC v2 Service option configures the client to run as a service in order to ensure that the client is restarted automatically, should your machine reboot. The Docker Launch Script is faster to setup, but won't start the client if your machine reboots.

Navigate to cd /home/$USER/keep/

Create a file named docker-compose.yaml

Copy the the template below into the file and replace the <Placeholders> with respective details.

version: '3'
services:
  keep-client:
    image: keepnetwork/keep-client:latest
    container_name: keep-client
    restart: on-failure
    ports:
      - "3919:3919"
      - "9601:9601"
    volumes:
      - /home/$USER/keep/config/:/mnt/keep/config
      - /home/$USER/keep/storage/:/mnt/keep/storage
    environment:
      - KEEP_ETHEREUM_PASSWORD=<Operator Account keyfile password>
      - LOG_LEVEL=info
    logging:
      options:
        max-size: "100m"
        max-file: "3"
    command: start --ethereum.url "<Ethereum API WS URL>"  --ethereum.keyFile "/mnt/keep/config/<Operator Account keyfile name>" --storage.dir "/mnt/keep/storage" --network.announcedAddresses "/ip4/<PUBLIC_IP_OF_MACHINE>/tcp/3919"

Save and close the file when finished.

To start the tBTC client sudo docker compose up

tBTC will start up with the console output on screen. Verify that the client is running correctly, then press CTRL + c to stop the client.

Restart the client with the 'detach' flag: sudo docker compose up -d

To stop the container at a later time, use sudo docker compose down

Starting Container Automatically After Reboot

To ensure the tBTC container starts after a server reboot, use the template below to create a service in /etc/systemd/system/ called docker-compose-app.service

# /etc/systemd/system/docker-compose-app.service

[Unit]
Description=Docker Compose Application Service
Requires=docker.service
After=docker.service
StartLimitIntervalSec=60

[Service]
WorkingDirectory=/home/$USER/keep/
ExecStart=/usr/local/bin/docker-compose up
ExecStop=/usr/local/bin/docker-compose down
TimeoutStartSec=0
Restart=on-failure
StartLimitBurst=3

[Install]
WantedBy=multi-user.target

Adjust the WorkingDirectory to the path of your tBTC folder. Save and close the file when finished.

use sudo systemctl enable docker-compose-app to enable the service.

Create the tbtcv2.service file:

cd /etc/systemd/system/
nano tbtcv2.service

Paste the following in the tbtcv2.service file:

[Unit]
Description=tBTC v2 client
After=network.target
Wants=network.target

[Service]
Environment="ETHEREUM_WS_URL=<Ethereum API WS URL>"
Environment="OPERATOR_KEY_FILE_NAME=<Operator Account keyfile name>"
Environment="OPERATOR_KEY_FILE_PASSWORD=<Operator Account keyfile password>"
Environment="PUBLIC_IP=/ip4/<PUBLIC_IP_OF_MACHINE>/tcp/3919"
Environment="CONFIG_DIR=/home/<user name>/keep/config"
Environment="STORAGE_DIR=/home/<user name>/keep/storage"

# These items only apply if you setup rootless-mode.
# Do not enable unless using rootless mode. Don't forget to adjust user UID.
#Environment="XDG_RUNTIME_DIR=/run/<user name>/<user UID>/"
#Environment="DOCKER_HOST=unix:///run/<user name>/<user UID>/docker.sock"

Type=simple
WorkingDirectory=/home/$USER

ExecStart=/usr/bin/docker run \
    --volume ${CONFIG_DIR}:/mnt/keep/config \
    --volume ${STORAGE_DIR}:/mnt/keep/storage \
    --env KEEP_ETHEREUM_PASSWORD=${OPERATOR_KEY_FILE_PASSWORD} \
    --env LOG_LEVEL=info \
    --log-opt max-size=100m \
    --log-opt max-file=3 \
    -p 3919:3919 \
    -p 9601:9601 \
    keepnetwork/keep-client:latest \
    start \
    --ethereum.url ${ETHEREUM_WS_URL} \
    --ethereum.keyFile /mnt/keep/config/${OPERATOR_KEY_FILE_NAME} \
    --storage.dir /mnt/keep/storage \
    --network.announcedAddresses $PUBLIC_IP

Restart=always
RestartSec=15s

[Install]
WantedBy=default.target

Replace the placeholders inside the <> brackets, remove the <> brackets but be sure to not edit anything further.

When done, save and close the file.

Next, test to make sure your configuration works:

sudo systemctl start tbtcv2

There will be no console output because it will be running in the background. Use systemctl to get the status of the service:

sudo systemctl status tbtcv2

If the service failed, go back and double check your configuration.

Another option is to see if the Docker container is running:

docker ps

If everything is running as intended, enable the service:

systemctl enable tbtcv2

Now, with the service running, you should make sure that your configuration will tolerate a reboot and start up again automatically.

reboot now

Log back in to your machine and check that the service is running. If it is, you're done. If not, go back and review your work.

Docker Launch Script

To launch the tBTC v2 client, several configuration flags and environmental values need to be set. For simplicity, a bash script can be used rather than typing or pasting all the flags into the console.

Create the launch script:

nano keep.sh

And paste the following:

# Keep tBTC v2 Client
#
# Ethereum endpoint WebSocket URL
# This can be a provider such as Infura, Alchemy, Ankr, etc or your own Geth Nodeq
# ETHEREUM_WS_URL="wss://mainnet.infura.io/ws/v3/redacted_credentials"
# note: only replace characters inside the " ". The Quotation marks must be retained
ETHEREUM_WS_URL="<Ethereum API WS URL>"

# copied to home/keep/config earlier
OPERATOR_KEY_FILE_NAME="<Operator Account keyfile name>"

# password set during Operator Account Address creation
OPERATOR_KEY_FILE_PASSWORD="<Operator Account keyfile password>"

# To configure your node with a Public IP, enter it below.
PUBLIC_IP="<PUBLIC_IP_OF_MACHINE>"
# Alternatively, you can use DNS.
# To configure DNS, modify the last line of the script
# and add your DNS in the following format:
# /dns4/bootstrap-1.test.keep.network/tcp/3919

# Setup configuration and storage directories
# THESE MUST BE PERSISTENT STORAGE
CONFIG_DIR="/home/$USER/keep/config"
STORAGE_DIR="/home/$USER/keep/storage"

docker run \
    --detach \
    --restart on-failure \
    --volume $CONFIG_DIR:/mnt/keep/config \
    --volume $STORAGE_DIR:/mnt/keep/storage \
    --env KEEP_ETHEREUM_PASSWORD=$OPERATOR_KEY_FILE_PASSWORD \
    --env LOG_LEVEL=info \
    --log-opt max-size=100m \
    --log-opt max-file=3 \
    -p 3919:3919 \
    -p 9601:9601 \
    keepnetwork/keep-client:latest \
    start \
    --ethereum.url $ETHEREUM_WS_URL \
    --ethereum.keyFile /mnt/keep/config/$OPERATOR_KEY_FILE_NAME \
    --storage.dir /mnt/keep/storage \
    --network.announcedAddresses /ip4/$PUBLIC_IP/tcp/3919

Save and close the file, and make it executable:

sudo chmod +x keep.sh

To launch the tBTC v2 client, execute:

sudo bash keep.sh

The --detach property will prevent the status messages from the client to be printed to the console. Review the Docker logs for detailed status information.

The path shown in the example configuration will differ from yours. Make sure it is configured correctly.

Client Startup and Logs

Unless the --detach flag was removed from the startup script, there will be no console output. In order to check your node, retrieve the Docker logs.

First, find your Docker instance identification, it'll be a random combination of words, e.g. stinky_brownie:

sudo docker ps

Use your specific identification and substitute:

sudo docker logs stinky_brownie >& /path/to/output/file

Scroll down about half a page, and you should see the following:


▓▓▌ ▓▓ ▐▓▓ ▓▓▓▓▓▓▓▓▓▓▌▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▄
▓▓▓▓▓▓▓▓▓▓ ▓▓▓▓▓▓▓▓▓▓▌▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
  ▓▓▓▓▓▓    ▓▓▓▓▓▓▓▀    ▐▓▓▓▓▓▓    ▐▓▓▓▓▓   ▓▓▓▓▓▓     ▓▓▓▓▓   ▐▓▓▓▓▓▌   ▐▓▓▓▓▓▓
  ▓▓▓▓▓▓▄▄▓▓▓▓▓▓▓▀      ▐▓▓▓▓▓▓▄▄▄▄         ▓▓▓▓▓▓▄▄▄▄         ▐▓▓▓▓▓▌   ▐▓▓▓▓▓▓
  ▓▓▓▓▓▓▓▓▓▓▓▓▓▀        ▐▓▓▓▓▓▓▓▓▓▓         ▓▓▓▓▓▓▓▓▓▓▌        ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
  ▓▓▓▓▓▓▀▀▓▓▓▓▓▓▄       ▐▓▓▓▓▓▓▀▀▀▀         ▓▓▓▓▓▓▀▀▀▀         ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀
  ▓▓▓▓▓▓   ▀▓▓▓▓▓▓▄     ▐▓▓▓▓▓▓     ▓▓▓▓▓   ▓▓▓▓▓▓     ▓▓▓▓▓   ▐▓▓▓▓▓▌
▓▓▓▓▓▓▓▓▓▓ █▓▓▓▓▓▓▓▓▓ ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓  ▓▓▓▓▓▓▓▓▓▓
▓▓▓▓▓▓▓▓▓▓ ▓▓▓▓▓▓▓▓▓▓ ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓  ▓▓▓▓▓▓▓▓▓▓

Trust math, not hardware.
	
-----------------------------------------------------------------------------------
| Keep Client Node                                                                |
|                                                                                 |
| Version: Version: vX.X.X-XX (4d745f6d0)                                         |
|                                                                                 |
| Operator: 0x_your_operator_address                                              |
|                                                                                 |
| Port: 3919                                                                      |
| IPs : /ip4/111.222.333.444/tcp/3919/ipfs/redacted                               |
|                                                                                 |
| Contracts:                                                                      |
| RandomBeacon   : 0x5499f54b4A1CB4816eefCf78962040461be3D80b                     |
| WalletRegistry : 0x46d52E41C2F300BC82217Ce22b920c34995204eb                     |
| TokenStaking   : 0x01B67b1194C75264d06F808A921228a95C765dd7                     |
-----------------------------------------------------------------------------------

Congratulations, your node is up and running.

Official Docker website
Run the Docker daemon as a non-root user