ICON Node Installation — Docker + AWS

May 27, 2019 · 6 min read

In this tutorial article we will be setting up a P-Rep node on the ICON network (TestNet) using docker images, deploying the instances to Amazon Web Services (AWS).

Let’s first examine the requirements and make sure we have everything needed,

SW Requirements

OS requirements

  • Linux (CentOS 7 or Ubuntu 16.04+)

Package requirements

  • Docker 18.x or higher

For your reference, ICON node depends on the following packages. The packages are included in the P-Rep docker image that we provide, so you don’t need to install them separately.

  • Python 3.6.5 or higher (3.7 is not supported)
  • RabbitMQ 3.7 or higher


In this tutorial we will go with Ubuntu 18.04, we’ll be working on AWS so make sure you have an account there.

Log in and launch EC2 dashboard, launch a new EC2 instance

From instance types, pick Ubuntu 18.04

Image for post
Image for post

Make sure to create a new private key, name it however you like. For security, we’ll be using the private key to log into the instance in the future.

Image for post
Image for post

Download the privatekey .pem

Next we’ll allocate a static IP and associate it to the instance

Image for post
Image for post

Top right of the EC2 dashboard you’ll find “Elastic IPs”, click on it and allocate from the Amazon pool. Right click on the newly allocated IP and associate it to the instance that we just created

Image for post
Image for post

Now we’re ready for installation, log into the instance with the private key we downloaded earlier.

For windows users using PuTTY, follow this guide https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/putty.html to convert the .pem into .ppk file.

For mac users you can simply SSH from terminal with the downloaded .pem

Log into the server (ubuntu@public_dns_name), port 22 (load ppk under SSH->auth menu for PuTTY).

Let’s inspect the installation document https://www.icondev.io/docs/p-rep-installation-and-configuration

We see the first requirement is to download an IP whitelist from the

IP List: https://download.solidwallet.io/conf/prep_iplist.json

ICON foundation will maintain the IP list of P-Reps. The JSON file will contain the list of IPs. You should configure your firewalls to allow in/outbound traffic from/to the IP addresses. Following TCP ports should be open.

Port 7100: Used by gRPC for peer to peer communication between nodes.

Port 9000: Used by JSON-RPC API server.

This has been updated to dynamic IP update, P-Reps no longer need to download an IP list manually. The IP list will be updated automatically on a daily basis from the endpoint of the seed node inside the P-Rep Node Docker.

Install P-Rep Node

## Update the apt package index:
$ sudo apt-get update

## Install necessary packages:
$ sudo apt-get install -y systemd apt-transport-https ca-certificates curl gnupg-agent software-properties-common

## Add Docker's official GPG key:
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

## Add the apt repository
$ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"

## Update the apt package index:
$ sudo apt-get update

## Install docker-ce:
$ sudo apt-get -y install docker-ce docker-ce-cli containerd.io

## Add your user to the docker group with the following command.
$ sudo usermod -aG docker $(whoami)

## Set Docker to start automatically at boot time:
$ sudo systemctl enable docker.service

## Finally, start the Docker service:
$ sudo systemctl start docker.service

## Then we'll verify docker is installed successfully by checking the version:
$ sudo docker version

If everything was installed correctly you should get something similar to

Version: 18.09.6
API version: 1.39
Go version: go1.10.8
Git commit: 481bc77
Built: Sat May 4 02:35:57 2019
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Version: 18.09.6
API version: 1.39 (minimum version 1.12)
Go version: go1.10.8
Git commit: 481bc77
Built: Sat May 4 01:59:36 2019
OS/Arch: linux/amd64
Experimental: false

Next install docker compose

## Install python-pip
$ sudo apt-get install -y python3-pip

## Then install Docker Compose:
$ sudo pip3 install docker-compose

## To verify the successful Docker Compose installation, run:
$ docker-compose version

By now we have docker installed and we can simply pull the latest iconloop prep-node image

$ sudo docker pull iconloop/prep-node:1904111713xdde258

Create a new docker-compose.yml

$ sudo touch docker-compose.yml
$ sudo nano docker-compose.yml

And paste the following content

version: '3'
image: 'iconloop/prep-node:1904111713xdde258'
container_name: 'prep-node'
- ./data:/data
- 9000:9000
- 7100:7100

Now we’ll run docker-compose with the above file

$ sudo docker-compose up -d

You can run

$ sudo docker ps

at any time to see which containers are running (and its health state under Status). You can also run

$ curl localhost:9000/api/v1/status/peer

to view node status similar to the following

"made_block_count": 0,
"status": "Service is online: 0",
"state": "Vote",
"peer_type": "0",
"audience_count": "0",
"consensus": "siever",
"peer_id": "hx1787c2194f56bb550a8daba9bbaea00a4956ed58",
"block_height": 184,
"round": 1,
"epoch_height": 186,
"unconfirmed_block_height": 0,
"total_tx": 93,
"unconfirmed_tx": 0,
"peer_target": "",
"leader_complaint": 185,
"peer_count": 5,
"leader": "hx7ff69280a1483c660695039c14ba954bb101bb66",
"epoch_leader": "hx7ff69280a1483c660695039c14ba954bb101bb66",
"mq": {
"peer": {
"message_count": 0
"channel": {
"message_count": 0
"score": {
"message_count": 0

Also notice data folder should be created with the following structure

|---- data
| |---- PREP-TestNet → Default ENV directory
| |---- .score_data
| | |-- db → root directory that SCOREs will be installed
| | |-- score → root directory that the state DB file will be created
| |---- .storage → root directory that the block DB will be stored
| |---- log → root directory that log files will be stored

Where you will find miscellaneous logs, for instance, this node isn’t whitelisted by ICON P-Rep team yet, so running the docker container will result in the following error under booting log

[2019-05-23 15:54:12.600] Your IP:
[2019-05-23 15:54:12.602] RPC_PORT: 9000 / RPC_WORKER: 3
[2019-05-23 15:54:12.605] DEFAULT_PATH=/data/PREP-TestNet in Docker Container
[2019-05-23 15:54:12.607] DEFAULT_LOG_PATH=/data/PREP-TestNet/log
[2019-05-23 15:54:12.610] DEFAULT_STORAGE_PATH=/data/PREP-TestNet/.storage
[2019-05-23 15:54:12.613] scoreRootPath=/data/PREP-TestNet/.score_data/score
[2019-05-23 15:54:12.615] stateDbRootPath=/data/PREP-TestNet/.score_data/db
[2019-05-23 15:54:12.618] P-REP package version info - 1904111713xdde258
[2019-05-23 15:54:14.979] iconcommons iconrpcserver 1.2.6 iconservice 1.2.2 loopchain 2.1.2
[2019-05-23 15:54:16.152] [ERROR] Download Failed - https://download.solidwallet.io/cert/ status_code=403
[2019-05-23 15:54:16.155] [ERROR] Unauthorized IP address, Please contact our support team
[2019-05-23 15:54:16.158] [ERROR] Your External IP: / Your Enviroment IPADDR:

You node should be configured now. Let’s visit security settings again, recall that we needed to enable TCP 7100 and 9000 to the peers (whitelisted IPs). This was the case during testnet phase 1, in testnet phase 2 and onwards, the foundation will register all P-Rep IPs on-chain daily, so we no longer need to keep track of whitelisted IPs. For now we’ll configure port 7100 and 9000 to everyone, go to security group, I am using launch-wizard-1 which is the default security policy created by AWS at launch. Add Custom TCP Rule to allow traffic from port 9000 and 7100.

Image for post
Image for post

This should be it, you’ll be able to produce and verify blocks on the testnet once whitelisted to our testnet program. We’ll explore more about node security, failover strategies and high availability operations in future articles.

Also check back to the official installation and configuration documentation frequently: https://www.icondev.io/docs/p-rep-installation-and-configuration, the document will be kept up-to-date when new information become available.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store