Install Hornet using Docker
This guide represents the recommended setup to run a Hornet node. It includes everything required to setup a public node accessible by wallets and applications:
- Hornet
- Traefik - Reverse proxy using SSL certificates to secure access to the node API and dashboard.
- Prometheus - Metrics scraper configured to collect all metrics from Hornet and INX extensions.
- Grafana - Data visualizer that can be used to display the metrics collected by Prometheus.
We only recommend running a node on hosted servers and not on personal computers. Please take into consideration the points explained in the Security 101.
Hornet Docker images (amd64/x86_64 and arm64 architecture) are available at the iotaledger/hornet Docker hub.
Requirements
- A recent release of Docker enterprise or community edition. You can find installation instructions in the official Docker documentation.
- Docker Compose CLI plugin.
- A registered domain name pointing to the public IP address of your server. (optional if not using HTTPS)
- Opening up the following ports in your servers firewall:
15600 TCP- Used for Hornet gossip.14626 UDP- Used for Hornet autopeering.80 TCP- Used for HTTP. (can be changed, see below)443 TCP- Used for HTTPS. (optional if not using HTTPS)
- curl.
Download the latest release
NOTE: The commands assume you are using Linux.
Once you have completed all the installation requirements, you can download the latest release by running:
mkdir hornet
cd hornet
curl -L -O "https://github.com/iotaledger/node-docker-setup/releases/download/v1.0.0-rc.5/node-docker-setup_chrysalis-v1.0.0-rc.5.tar.gz"
tar -zxf node-docker-setup_chrysalis-v1.0.0-rc.5.tar.gz
Prepare
1. Setup Environment
You can configure your node to either use HTTP or HTTPS. For publicly exposed nodes we heavily recommend using HTTPS.
1.1 HTTPS
Create a file named .env add the following to the file:
COMPOSE_FILE=docker-compose.yml:docker-compose-https.yml
[email protected]
NODE_HOST=node.your-domain.com
- Replace
[email protected]with the e-mail used for issuing a Let's Encrypt SSL certificate. - Replace
node.your-domain.comwith the domain pointing to your public IP address as described in the requirements.
1.2 HTTP
By default this setup will expose the Traefik reverse proxy on the default HTTP port 80.
If you want to change the port to a different value you can create a file named .env and add the following to e.g. expose it over port 9000:
HTTP_PORT=9000
2. Setup neighbors
Add your Hornet neighbor addresses to the peering.json file.
This step is recommended, but optional if you are using autopeering.
3. Create the data folder
All files used by Hornet, Traefik & co will be stored in a directory called data.
Docker image runs under user with user id 65532 and group id 65532, so this directory needs to have the correct permissions to be accessed by the containers.
To create this directory with correct permissions run the contained script:
./prepare_docker.sh
4. Set dashboard credentials
To access your Hornet dashboard, a set of credentials need to be configured. Run the following command to generate a password hash and salt for the dashboard:
docker compose run hornet tool pwd-hash
Create a file named .env if you did not create it already and add the following lines:
DASHBOARD_PASSWORD=0000000000000000000000000000000000000000000000000000000000000000
DASHBOARD_SALT=0000000000000000000000000000000000000000000000000000000000000000
- Update the
DASHBOARD_PASSWORDandDASHBOARD_SALTvalues in the.envfile with the result of the previous command.
If you want to change the default admin username, you can add this line to your .env file:
DASHBOARD_USERNAME=someotherusername
5. Enable additional monitoring
To enable additional monitoring (cAdvisor, Prometheus, Grafana), the docker compose profile needs to be configured.
Create a file named .env if you did not create it already and add the following line:
COMPOSE_PROFILES=monitoring
Run
Starting the node
You can start the Hornet node by running:
docker compose up -d
-dInstructs Docker to start the containers in the background.
HTTPS
After starting the node you will be able to access your services at the following endpoints:
- API:
https://node.your-domain.com/api/routes - Hornet Dashboard:
https://node.your-domain.com/dashboard - Grafana:
https://node.your-domain.com/grafana(optional if using "monitoring" profile)
After starting your node for the first time, please change the default grafana credentials
User: admin
Password: admin
You can configure your wallet software to use https://node.your-domain.com
HTTP
After starting the node you will be able to access your services at the following endpoints:
- API:
http://localhost/api/routes - Hornet Dashboard:
http://localhost/dashboard - Grafana:
http://localhost/grafana(optional if using "monitoring" profile)
If you changed the default HTTP_PORT value, you will need to add the port to the urls.
You can configure your wallet software to use http://localhost
Displaying Log Output
You can display the Hornet logs by running:
docker compose logs -f hornet
-fInstructs Docker to continue displaying the log tostdoutuntil CTRL+C is pressed.
Stopping the node
You can stop the Hornet node by running:
docker compose down
Tools
To access the tools provided inside Hornet you can use:
docker compose run hornet tool <tool-name>
To see the list of tools included run:
docker compose run hornet tool -h
JWT Auth
To generate a JWT token to be used to access protected routes you can run:
docker compose run hornet tool jwt-api --databasePath data/p2pstore
- If you changed the
restAPI.jwtAuth.saltvalue in theconfig.json, then you need to pass that value as a parameter as--salt <restAPI.jwtAuth.salt value from your config.json>
More Information
For more information look at the Github repository