# Docker Installation ### Install Docker Install or update Docker to the latest version. Visit the [Official Docker website](https://docs.docker.com/engine/install/ubuntu/) for detailed instructions. Use the command below to find your installed version if needed: ```bash docker --version ``` ### Docker and Security Best Practices General best practices recommend against running the tBTC v2 client as the `root` user as a security precaution. One security-minded approach is to [Run the Docker daemon as a non-root user](https://docs.docker.com/engine/security/rootless/) (Rootless mode). Next, choose ONE of the following options:\ **Docker Compose** makes managing the container simple, but requires an additional step to ensure the container starts after a reboot.\ The **tBTC v2 Service** option configures the client to run as a service in order to ensure that the client is restarted automatically, should your machine reboot.\ The **Docker Launch Script** is faster to setup, but won't start the client if your machine reboots. {% tabs %} {% tab title="Docker Compose" %} Navigate to `cd /home/$USER/keep/` Create a file named `docker-compose.yaml` Copy the the template below into the file and replace the \ with respective details. ``` version: '3' services: keep-client: image: keepnetwork/keep-client:latest container_name: keep-client restart: on-failure ports: - "3919:3919" - "9601:9601" volumes: - /home/$USER/keep/config/:/mnt/keep/config - /home/$USER/keep/storage/:/mnt/keep/storage environment: - KEEP_ETHEREUM_PASSWORD= - LOG_LEVEL=info logging: options: max-size: "100m" max-file: "3" command: start --ethereum.url "" --ethereum.keyFile "/mnt/keep/config/" --storage.dir "/mnt/keep/storage" --network.announcedAddresses "/ip4//tcp/3919" ``` Save and close the file when finished. To start the tBTC client `sudo docker compose up` tBTC will start up with the console output on screen. Verify that the client is running correctly, then press `CTRL` + `c` to stop the client. Restart the client with the 'detach' flag: `sudo docker compose up -d` To stop the container at a later time, use `sudo docker compose down` #### Starting Container Automatically After Reboot To ensure the tBTC container starts after a server reboot, use the template below to create a service in `/etc/systemd/system/` called `docker-compose-app.service` ``` # /etc/systemd/system/docker-compose-app.service [Unit] Description=Docker Compose Application Service Requires=docker.service After=docker.service StartLimitIntervalSec=60 [Service] WorkingDirectory=/home/$USER/keep/ ExecStart=/usr/local/bin/docker-compose up ExecStop=/usr/local/bin/docker-compose down TimeoutStartSec=0 Restart=on-failure StartLimitBurst=3 [Install] WantedBy=multi-user.target ``` Adjust the `WorkingDirectory` to the path of your tBTC folder. Save and close the file when finished. use `sudo systemctl enable docker-compose-app` to enable the service. {% endtab %} {% tab title="Systemd Service" %} Create the tbtcv2.service file: ```bash cd /etc/systemd/system/ nano tbtcv2.service ``` Paste the following in the tbtcv2.service file: 
[Unit]
Description=tBTC v2 client
After=network.target
Wants=network.target

[Service]
Environment="ETHEREUM_WS_URL=<Ethereum API WS URL>"
Environment="OPERATOR_KEY_FILE_NAME=<Operator Account keyfile name>"
Environment="OPERATOR_KEY_FILE_PASSWORD=<Operator Account keyfile password>"
Environment="PUBLIC_IP=/ip4/<PUBLIC_IP_OF_MACHINE>/tcp/3919"
Environment="CONFIG_DIR=/home/<user name>/keep/config"
Environment="STORAGE_DIR=/home/<user name>/keep/storage"

# These items only apply if you setup rootless-mode.
# Do not enable unless using rootless mode. Don't forget to adjust user UID.
#Environment="XDG_RUNTIME_DIR=/run/<user name>/<user UID>/"
#Environment="DOCKER_HOST=unix:///run/<user name>/<user UID>/docker.sock"

Type=simple
WorkingDirectory=/home/$USER

ExecStart=/usr/bin/docker run \
    --volume ${CONFIG_DIR}:/mnt/keep/config \
    --volume ${STORAGE_DIR}:/mnt/keep/storage \
    --env KEEP_ETHEREUM_PASSWORD=${OPERATOR_KEY_FILE_PASSWORD} \
    --env LOG_LEVEL=info \
    --log-opt max-size=100m \
    --log-opt max-file=3 \
    -p 3919:3919 \
    -p 9601:9601 \
    keepnetwork/keep-client:latest \
    start \
    --ethereum.url ${ETHEREUM_WS_URL} \
    --ethereum.keyFile /mnt/keep/config/${OPERATOR_KEY_FILE_NAME} \
    --storage.dir /mnt/keep/storage \
    --network.announcedAddresses $PUBLIC_IP

Restart=always
RestartSec=15s

[Install]
WantedBy=default.target
Replace the placeholders inside the <> brackets, remove the <> brackets but be sure to not edit anything further. When done, save and close the file. Next, test to make sure your configuration works: ```bash sudo systemctl start tbtcv2 ``` There will be no console output because it will be running in the background. Use systemctl to get the status of the service: ```bash sudo systemctl status tbtcv2 ``` If the service failed, go back and double check your configuration. Another option is to see if the Docker container is running: ```bash docker ps ``` If everything is running as intended, enable the service: ```bash systemctl enable tbtcv2 ``` Now, with the service running, you should make sure that your configuration will tolerate a reboot and start up again automatically. ```bash reboot now ``` Log back in to your machine and check that the service is running. If it is, you're done. If not, go back and review your work. {% endtab %} {% tab title="Docker Container" %} ### Docker Launch Script To launch the tBTC v2 client, several configuration flags and environmental values need to be set. For simplicity, a bash script can be used rather than typing or pasting all the flags into the console. Create the launch script: ``` nano keep.sh ``` And paste the following: ```bash # Keep tBTC v2 Client # # Ethereum endpoint WebSocket URL # This can be a provider such as Infura, Alchemy, Ankr, etc or your own Geth Nodeq # ETHEREUM_WS_URL="wss://mainnet.infura.io/ws/v3/redacted_credentials" # note: only replace characters inside the " ". The Quotation marks must be retained ETHEREUM_WS_URL="" # copied to home/keep/config earlier OPERATOR_KEY_FILE_NAME="" # password set during Operator Account Address creation OPERATOR_KEY_FILE_PASSWORD="" # To configure your node with a Public IP, enter it below. PUBLIC_IP="" # Alternatively, you can use DNS. # To configure DNS, modify the last line of the script # and add your DNS in the following format: # /dns4/bootstrap-1.test.keep.network/tcp/3919 # Setup configuration and storage directories # THESE MUST BE PERSISTENT STORAGE CONFIG_DIR="/home/$USER/keep/config" STORAGE_DIR="/home/$USER/keep/storage" docker run \ --detach \ --restart on-failure \ --volume $CONFIG_DIR:/mnt/keep/config \ --volume $STORAGE_DIR:/mnt/keep/storage \ --env KEEP_ETHEREUM_PASSWORD=$OPERATOR_KEY_FILE_PASSWORD \ --env LOG_LEVEL=info \ --log-opt max-size=100m \ --log-opt max-file=3 \ -p 3919:3919 \ -p 9601:9601 \ keepnetwork/keep-client:latest \ start \ --ethereum.url $ETHEREUM_WS_URL \ --ethereum.keyFile /mnt/keep/config/$OPERATOR_KEY_FILE_NAME \ --storage.dir /mnt/keep/storage \ --network.announcedAddresses /ip4/$PUBLIC_IP/tcp/3919 ``` Save and close the file, and make it executable: ```bash sudo chmod +x keep.sh ``` To launch the tBTC v2 client, execute: 
sudo bash keep.sh
{% hint style="info" %} The `--detach` property will prevent the status messages from the client to be printed to the console. Review the Docker logs for detailed status information. {% endhint %} {% endtab %} {% endtabs %} {% hint style="danger" %} The path shown in the example configuration will differ from yours. Make sure it is configured correctly. {% endhint %} ## Client Startup and Logs Unless the `--detach` flag was removed from the startup script, there will be no console output. In order to check your node, retrieve the Docker logs. First, find your Docker instance identification, it'll be a random combination of words, e.g. `stinky_brownie`: ```bash sudo docker ps ``` Use your specific identification and substitute: ``` sudo docker logs stinky_brownie >& /path/to/output/file ``` Scroll down about half a page, and you should see the following: 

▓▓▌ ▓▓ ▐▓▓ ▓▓▓▓▓▓▓▓▓▓▌▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▄
▓▓▓▓▓▓▓▓▓▓ ▓▓▓▓▓▓▓▓▓▓▌▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
  ▓▓▓▓▓▓    ▓▓▓▓▓▓▓▀    ▐▓▓▓▓▓▓    ▐▓▓▓▓▓   ▓▓▓▓▓▓     ▓▓▓▓▓   ▐▓▓▓▓▓▌   ▐▓▓▓▓▓▓
  ▓▓▓▓▓▓▄▄▓▓▓▓▓▓▓▀      ▐▓▓▓▓▓▓▄▄▄▄         ▓▓▓▓▓▓▄▄▄▄         ▐▓▓▓▓▓▌   ▐▓▓▓▓▓▓
  ▓▓▓▓▓▓▓▓▓▓▓▓▓▀        ▐▓▓▓▓▓▓▓▓▓▓         ▓▓▓▓▓▓▓▓▓▓▌        ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
  ▓▓▓▓▓▓▀▀▓▓▓▓▓▓▄       ▐▓▓▓▓▓▓▀▀▀▀         ▓▓▓▓▓▓▀▀▀▀         ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀
  ▓▓▓▓▓▓   ▀▓▓▓▓▓▓▄     ▐▓▓▓▓▓▓     ▓▓▓▓▓   ▓▓▓▓▓▓     ▓▓▓▓▓   ▐▓▓▓▓▓▌
▓▓▓▓▓▓▓▓▓▓ █▓▓▓▓▓▓▓▓▓ ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓  ▓▓▓▓▓▓▓▓▓▓
▓▓▓▓▓▓▓▓▓▓ ▓▓▓▓▓▓▓▓▓▓ ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓  ▓▓▓▓▓▓▓▓▓▓

Trust math, not hardware.
	
-----------------------------------------------------------------------------------
| Keep Client Node                                                                |
|                                                                                 |
| Version: Version: vX.X.X-XX (4d745f6d0)                                         |
|                                                                                 |
| Operator: 0x_your_operator_address                                              |
|                                                                                 |
| Port: 3919                                                                      |
| IPs : /ip4/111.222.333.444/tcp/3919/ipfs/redacted                               |
|                                                                                 |
| Contracts:                                                                      |
| RandomBeacon   : 0x5499f54b4A1CB4816eefCf78962040461be3D80b                     |
| WalletRegistry : 0x46d52E41C2F300BC82217Ce22b920c34995204eb                     |
| TokenStaking   : 0x01B67b1194C75264d06F808A921228a95C765dd7                     |
-----------------------------------------------------------------------------------
Congratulations, your node is up and running. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.threshold.network/tbtc-signer-nodes/tbtc-v2-node-setup/installation/docker-installation.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.