How to Run Your Own Codius Host

And get paid for doing so!

Stefan Thomas
Jun 6, 2018 · 10 min read

Setting Up a Codius Host

Prerequisites

Basic Configuration

hostnamectl set-hostname codius.example.com
$ uname -n
codius.example.com

Installation

Installing Hyperd

yum install -y gcc-c++ make
curl -sSl https://codius.s3.amazonaws.com/hyper-bootstrap.sh | bash

Installing Moneyd

curl --silent --location https://rpm.nodesource.com/setup_10.x | bash -
yum install -y nodejs
yum install -y https://codius.s3.amazonaws.com/moneyd-xrp-4.0.0-1.x86_64.rpm
moneyd xrp:configure 
# You will be prompted to enter your secret here
systemctl start moneyd-xrp

Installing Codiusd

yum install -y git
npm install -g codiusd --unsafe-perm
[Unit]
Description=Codiusd
After=network.target nss-lookup.target
[Service]
ExecStart=/usr/bin/npm start
Environment="DEBUG=*"
Environment="CODIUS_PUBLIC_URI=https://codius.example.com"
Environment="CODIUS_XRP_PER_MONTH=10"
WorkingDirectory=/usr/lib/node_modules/codiusd
Restart=always
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=codiusd
User=root
Group=root
[Install]
WantedBy=multi-user.target
sed -i s/codius.example.com/`uname -n`/g /etc/systemd/system/codiusd.service
curl -sSl https://codius.s3.amazonaws.com/codiusd.service | sed s/codius.example.com/`uname -n`/ > /etc/systemd/system/codiusd.service
systemctl enable codiusd
systemctl start codiusd

Domain Setup

Adding DNS Records

codius.example.com.    300     IN      A       203.0.113.1
*.codius.example.com. 300 IN A 203.0.113.1
$ ping -c 1 codius.example.com
PING codius.example.com (203.0.113.1) 56(84) bytes of data.
64 bytes from 203.0.113.1 (203.0.113.1): icmp_seq=1 ttl=48 time=4.13 ms
--- codius.example.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 4.131/4.131/4.131/0.000 ms
$ ping -c 1 foobar.codius.example.com
PING foobar.codius.example.com (203.0.113.1) 56(84) bytes of data.
64 bytes from 203.0.113.1 (203.0.113.1): icmp_seq=1 ttl=48 time=3.72 m
--- foobar.codius.example.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 3.722/3.722/3.722/0.000 ms

Requesting a Wildcard Certificate

yum install -y git
git clone https://github.com/certbot/certbot
cd certbot
git checkout v0.23.0
./certbot-auto -n --os-packages-only
./tools/venv.sh
ln -s `pwd`/venv/bin/certbot /usr/local/bin/certbot
certbot -d `uname -n` -d *.`uname -n` --manual --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory certonly
$ dig TXT _acme-challenge.codius.example.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 64965
;; flags: qr rd ra ; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 4
;; QUESTION SECTION:
;; _acme-challenge.codius.example.com. IN TXT
;; ANSWER SECTION:
_acme-challenge.codius.example.com. 300 IN TXT "QwHjEBqK2RBhk5XyjriHPmjf2h2Ijettgy4BpwdVNlY"
_acme-challenge.codius.example.com. 300 IN TXT "YOMfcUWwPsW5hs2vl5AE/CRPg5m5BH7ORjEaUJReK4U"
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/codius.example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/codius.example.com/privkey.pem
Your cert will expire on 2018-09-04. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

Setting Up Nginx

yum install -y epel-release
yum install -y nginx
systemctl enable nginx
echo 'return 301 https://$host$request_uri;' > /etc/nginx/default.d/ssl-redirect.conf
openssl dhparam -out /etc/nginx/dhparam.pem 2048
map $http_upgrade $connection_upgrade {
default upgrade;
'' $http_connection;
}
server {
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/codius.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/codius.example.com/privkey.pem;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_ecdh_curve secp384r1;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1 1.0.0.1 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
location / {
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_buffering off;
}
}
sed -i s/codius.example.com/`uname -n`/g /etc/nginx/conf.d/codius.conf
setsebool -P httpd_can_network_connect 1
systemctl start nginx

Open Port 443 in Firewalld

firewall-cmd --zone=public --add-port=443/tcp --permanent

You’re Done!

{"name":"Codiusd (JavaScript)","version":"1.0.3"}

Troubleshooting

502 Bad Gateway

connect() to 127.0.0.1:3000 failed (13: Permission denied) while connecting to upstream
setsebool -P httpd_can_network_connect 1
connect() failed (111: Connection refused) while connecting to upstream
netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 33155/nginx: master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2093/sshd
tcp 0 0 127.0.0.1:3000 0.0.0.0:* LISTEN 47079/node
tcp 0 0 169.254.77.68:7768 0.0.0.0:* LISTEN 47079/node
tcp 0 0 127.0.0.1:7768 0.0.0.0:* LISTEN 19651/node
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2017/master
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 33155/nginx: master
tcp6 0 0 :::111 :::* LISTEN 1/systemd
tcp6 0 0 :::80 :::* LISTEN 33155/nginx: master
tcp6 0 0 :::22 :::* LISTEN 2093/sshd
tcp6 0 0 ::1:25 :::* LISTEN 2017/master
udp 0 0 0.0.0.0:111 0.0.0.0:* 20975/rpcbind
udp 0 0 127.0.0.1:323 0.0.0.0:* 1344/chronyd
udp 0 0 0.0.0.0:798 0.0.0.0:* 20975/rpcbind
udp6 0 0 :::111 :::* 20975/rpcbind
udp6 0 0 ::1:323 :::* 1344/chronyd
udp6 0 0 :::798 :::* 20975/rpcbind
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --zone=public --add-port=7768/tcp --permanent
firewall-cmd --reload

Moneyd not listening

systemctl status moneyd-xrp
systemctl stop moneyd-xrp
DEBUG=* moneyd xrp:start
systemctl start moneyd-xrp

Codiusd not listening

systemctl status codiusd
systemctl restart codiusd
journalctl -t codiusd -n 200

Codius

News related to the Codius smart contracts platform

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store