Horizen Secure Node Deployment Made Easy: Complete Step by Step Guide
According to the official project website, Horizen technology offers an additional security feature such as end-to-end encryption when it comes to inter-node communications. It significantly lowers the chance of exposure and blocking of a particular node, making the network more reliable and secure. The Horizen network needs this type of
This guide will take you through a series of steps, which will allow you to deploy a Secure Node. But before you start any activities, please get familiar with the ‘Requirements and Rewards Eligibility’ section on the official
Step 1: Check Hardware Requirements
We recommend running your node on the VPS server so that you can meet the overall uptime requirements, described on the official
For the node
Step 2: Actual Deployment Process
Add a new user on your server by entering the following command:
useradd -m -s /bin/bash -G adm,systemd-journal,sudo zen && passwd zen
Log in using credentials we have just created.
After that, we have to set up a proper full DNS name configuration. Please note, that you have to use here your own domain name.
echo "export FQDN=zen.example.com" >> $HOME/.bashrc
Then create an A record in the admin panel of your DNS registrar which will be pointing to an IP address of the server. Moreover, this record will be used later for SSL Certificates as well as tracking software.
Add a repository for
sudo add-apt-repository ppa:certbot/certbot -y
Update and install available software packages by entering the following commands:
sudo apt-get update
sudo apt-get upgrade
Install all required utilities for node deployment, as well as dependencies for
sudo apt-get install build-essential pkg-config libc6-dev m4 g++-multilib \
autoconf libtool ncurses-dev unzip git python \
zlib1g-dev bsdmainutils automake curl \
software-properties-common apt-transport-https \
lsb-release dirmngr pwgen git jq ufw curl aria2 \
Download the source code of the Secure Node from the official
git clone https://github.com/ZencashOfficial/zen.git
Then run the build.sh using all CPU cores.
Fetch key parameters (This command will download approximately 2GB to the directory ~/.zcash-params)
We'll append the following parameters to the default config file(add your server IP to "
cat <<EOF >> ~/.zen/zen.conf
rpcuser=$(pwgen -s 32 1)
rpcpassword=$(pwgen -s 64 1)
Please note, that the current block height is approximately
You can check the current sync status by running the following command:
If you want to get descriptive information regarding all the daemon activities, then you can refer to the debug.log file.
During this process, you will have time to configure SSH, certifies and firewall.
If you read carefully you will be able to configure key-based authentication and disable password-based and root logins.
Run the following commands using
ufw default allow outgoing
ufw default deny incoming
ufw allow ssh/tcp
ufw limit ssh/tcp
ufw allow http/tcp comment "Certbot"
ufw allow https/tcp comment "Certbot"
ufw allow 9033/tcp comment "Zend daemon"
ufw logging on
Now let's check the firewall status:
Check if the UFW starts on boot, and if it doesn’t - enable it.
sudo systemctl status ufw
sudo systemctl enable ufw
Now get a certificate from Let's Encrypt:
sudo certbot certonly -n --agree-tos --register-unsafely-without-email --standalone -d $FQDN
After that copy the root CA:
sudo cp /etc/letsencrypt/live/$FQDN/chain.pem /usr/local/share/ca-certificates/chain.crt
Update the certificate store with the root CA copied in the previous step:
Add the certificate and key locations to zen.conf:
echo "tlscertpath=/etc/letsencrypt/live/$FQDN/cert.pem" >> ~/.zen/zen.conf
echo "tlskeypath=/etc/letsencrypt/live/$FQDN/privkey.pem" >> ~/.zen/zen.conf
Modify group ownership and permissions to allow the sudo group
sudo chown -R root:sudo /etc/letsencrypt/
sudo chmod -R 750 /etc/letsencrypt/
Now stop and start the zend daemon so that it can start using the new configuration, the certificate and the private key.
ps aux | grep zend
Check if the certificate is installed and configured correctly.
Verify if ‘true’ statement is returned in this row - "tls_cert_verified": true.
You can get more details on certificates types here.
While configuring and testing everything you can stop the
Our team has used an AppImage of the Sphere wallet, that can be downloaded from the Github.
Consider buying ZEN on exchanges listed on official site - https://www.horizen.global/exchanges/
Also, there is an option to get completely FREE ZEN using faucet paying out up to 60000 Satoshis every 20 hours.
Now you have to install Node.js LTS ( Current version of LTS is 10.16 and it comes with
curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -
sudo apt-get install -y nodejs
After the Node.js installation, clone the Node Tracker software:
cd ~/ && git clone https://github.com/ZencashOfficial/nodetracker.git
Next, install the Node Tracker with
cd nodetracker && npm install
Configure the tracker by running the setup process (node setup.js), for this action you have to go through the following steps:
- Enter node type (Secure Node or Super Node)
- Stake t_address (the t_address that will contain 42 or 500 ZEN)
- Email address - to receive alerts in case of downtimes or other events related to your node
- Fully-Qualified Domain Name (FQDN)
- IP address version (ipv4, or ipv6)
- Region code (choose NA, or EU), defaults to your node's nearest region
- Optional node category - alphanumeric (used to help categorize nodes)
Check the status of your node on the website that tracks node activities by entering the FQDN.
Moreover, use to view your transactions you can use the
Follow news and updates from Everstake by subscribing to the newsletter on our website and join the discussion on our social channels through the links below.