OT Node Setup for Mainnet

OriginTrail provide several documents to set up an OT Node on Mainnet which is sufficient for tech-savvy people: https://origintrail.io/node-setup-mainnet.
The following guide is for those not so familiar with the basics of Linux, Docker etc.

Do Yourself a Favor!

This site is not only to help you installing an OT Node as fast as possible, it explains you what you are doing and what you need to know to run the node successfully. I saw conversations on Discord where the installation of one single node took hours. In this time you can read all pages on this site carefully twice and still have time to install some nodes without a rush. So, please take your time, don't skip through the guide but read all from top to bottom and ask yourself if this is clear to you. After installation your node still has to be approved from OriginTrail which takes a few days up to two weeks.


If you want to install an OT node to make money in the short term, look for another opportunity. Based on the jobs currently available on the ODN (OriginTrail Decentralized Network) it's hard to even cover some costs for the VPS (Virtual Private Server). But if you start from the premise that the fiat rate for earned TRAC token will gain a lot over time, then this may be seen as a reasonable investment.


1500+ TRAC Token

To setup an OT Node you need 1000 TRAC during the installation process which will be taken as a collateral as long as you run your node. To participate in bidding for a job you need additional TRAC, at least the same amount of TRAC the job will payout after completion. If you win a job „worth“ 100 TRAC, this amount of TRAC is taken from your stake as a collateral. After the job is completed you will get back 200 TRAC (your 100 TRAC collateral and 100 TRAC for the job) to your stake. The more TRAC you have still available the more jobs you can bid for while other jobs still run.

Ethereum address (Operational Wallet) created/managed via Metamask

The Operational wallet is used by your node to perform different operations in the network like creating your ERC725 identity, transferring 1000 TRAC „setup collateral“, performing payouts etc. Since these tasks are performed by your node without human interaction, the private key of this address is stored on your node.

Ethereum address (Management Wallet) preferably from a Hardware Wallet

The Management Wallet is used to deposit additional TRAC to your stake, withdraw TRAC from your stake, send ETH to your Operational Wallet and other management functions via this link: https://node-profile.origintrail.io OT Node Wallets

If you consider running more than one node...

It's recommended to have one Management Wallet for all but a separate Operational Wallet for each node.

Server which runs 24/7

The OT Node is an open source system (on Github), the recommended way to install it is via Docker image. While there are ways to run such a Docker image on Desktop systems like Windows or MacOS, it’s much better to run this on a Virtual Private Server (VPS) which you can rent for a few bucks a month. If you consider running OT Node on your home computer, bear in mind that your Internet connection needs a static IP address and/or other network adjustments to run properly. And don’t underestimate power consumption if it ran around the clock.

Client to securely access the server

To access your OT Node running on a remote system you need an SSH (Secure Shell) Client. I recommend Termius, available for Windows, MacOS, iOS and Android, the free version does the job.

Connection to Ethereum Mainnet

Your OT Node needs to communicate with the Ethereum Network. For this you either need your own Ethereum node or use a service provider which is the preferable way for most of us.

Application to participate in the OT Node Network

After setup of your OT Node is finished you still have to apply via https://origintrail.io/vostok-application to become part of the network. This usually takes a few days up to two weeks while your node already runs.

Security Awareness

When you setup a digital system where you have to store very sensitive data like a Private Key (which represents money in the end) you don’t want that anybody but you has access to this data. Therefore stick to these rules:

  • Don’t give anybody else access to your system.
  • Never share your secrets (like passwords, keys etc.) and be selective whom you give your personal data like IP, E-Mail and crypto addresses. It’s easy to connect many small pieces of information to a big picture.
  • Don’t run any program/script you got from another person on your system if you do not exactly understand what it does. It’s simple to write a script which sends your secrets to somewhere else or implement hidden access.

Ok, let’s get started

To have all the necessary data in one place I recommend to create a sheet or note with following:

  • Server (OT Node) Name
  • Operational Wallet Address
  • Operational Wallet Private Key
  • Management Wallet Address
  • Server (OT Node) IP Address
  • Node Identity
  • ERC725 Identity
  • RPC Server URL for Ethereum Mainnet
  • E-Mail address for node application

Server (OT Node) Name

Give your node a telling name, you will probably decide to create another node in the future and you don’t want to mix up data.

Operational Wallet

Create a new Ethereum address via Metamask. This is necessary to get the associated private key of this address which will be stored on your node. Don't compromise any address from your hardware wallet for this use case. If you are not familiar with Metamask, it's a plugin for Chrome, which you will need for further purposes too.

Send about 0.2 ETH and exactly 1000 TRAC to this newly created address.

Don’t put more than 0.2 ETH on this Operational wallet.

Management Wallet

Use one of your Ethereum addresses - preferably from your hardware wallet - as Management Wallet.

Put some ETH and your remaining TRAC on this address. Connect this address to Metamask because after your profile is created, you have to deposit additional TRAC to your profile to be able to win jobs. This deposit has to be done via https://node-profile.origintrail.io.

If you don’t own a hardware wallet like a Ledger Nano or Trezor, consider buying one! It's not only much safer but also much more convenient. You don't have to keep track of all your addresses since they are all automatically derived from your seed.

Server Creation

If you decided to run OT Node on a remote server system you have to select a provider. It should be reliable, secure, performant and inexpensive. Hetzner and Digital Ocean (just as examples) are providers with good reputation.

Hetzner is an EU provider for Cloud Server with very competitive prices and performance.

Digital Ocean is a US company with server locations around the world. They call their virtual server Droplet.

SSH Client

Setup an SSH client (like Termius) to get access to your Server/Droplet.

Use the IP address of your Server as Hostname.

Set username „root“ and the selected authentication method (Password or Key, which you have defined under Keychain / Add Key).

There’s „Console access“ on Digital Ocean / Hetzner website which is only for emergency, in case you locked yourself out due to SSH mismatch, wrong network configuration or inappropriate firewall rules. The performance of this Console access is really bad.

RPC Server for Ethereum Blockchain

With the introduction of version 2.0.50 for Vostok Mainnet it's necessary that every node operator uses their own setup to communicate (via RPC Server) with the Ethereum Mainnet Blockchain. There are two ways to accomplish this:

  1. Run your own Ethereum Node
  2. Use a service provider (like Infura which is free and has already been used for OT Node)

For most node operators option 2 is the only reasonable way to go. Infura is part of Consensys and one of the main Ethereum service providers.

Register on Infuria.io, select the free Infura Core service and create a new project on their Dashboard. This free service allows 100.000 Blockchain calls per day which is currently sufficient for one node.

Make sure you select MAINNET as ENDPOINT. Save this URL, it will be used for your OT Node(s) as "rpc_server_url" in your node configuration file.

Security Settings

If you're not sure, don't activate any security settings for this project.

On your Server

After you setup everything correctly you get connected to your server (in case of password authentication you have to change it with your first access) and get this:


This shows that you are logged in as user root at host OTNODE1. ~ means you are in the home directory of the user which in this case is /root/

Bring your Server up to date

Before you begin to install your OT Node update your server by

apt update && apt upgrade -y
Confirm all prompts with Enter. After this upgrade is completed reboot the system by
When you reboot your server you lose connection. Wait about 15 seconds before reconnecting via SSH client.

Setup your OT Node

At first setup firewall rules for the ports OT Node needs:

ufw allow 8900
ufw allow 5278
ufw allow 3000
Just to be sure you still get access (if you use TCP Port 22 for SSH) to your server after the firewall is enabled:
ufw allow 22/tcp
Now check the firewall rules if the relevant ports (8900, 5278, 3000, 22) are allowed:
ufw show added
If you see these four ports as allowed, let’s activate and once more check the firewall:
ufw enable
ufw status
Now set up the OT Node configuration file with the editor (nano in this case):
nano /root/.origintrail_noderc

    "node_wallet": "Operational Wallet Address",
    "node_private_key": "Operational Wallet Private Key",
    "management_wallet": "Management Wallet Address",
    "blockchain": {
        "gas_price": "20000000000",
        "rpc_server_url": "https://mainnet.infura.io/v3/yourProjectID"
    "network": {
        "hostname": "Your.Server.IP.Address",
        "remoteWhitelist": ""

Paste the whole text from above including all brackets, replace the green placeholder text with your data and save the file by Ctrl-O Enter and exit nano by Ctrl-X

Be sure that the RPC Server URL (most probably from infura.io) starts with https://.


Be very careful if you plan to change gas price, the default value is 20 Gwei. 1 Gwei has nine (9) zeros. If you don't know what a reasonable gas price is, don't change it. The wrong number of zeros can lead to immensely high fees or forever pending transactions.

Security advice

Never ever share this configuration file, even if you hide the private key in some way! It’s easy to decipher just with the visible parts of the characters and/or by brute force routines to find the missing characters - since the result (your public address) is also shown.

Check the file content and syntax:

jq "." /root/.origintrail_noderc
It's secure to use jq, is a JSON tool which in this case only checks the file syntax. If you get an error then the syntax of your config file is wrong. Check the brackets, double quotes and commas. Everything except your data has to be exactly like the example above.

Install OT Node

If this file looks good and your Operational Wallet is filled with 1000 TRAC and ~0.2 ETH you are ready to install OT Node. Run this command to install it:

docker run -it --name=otnode -p 8900:8900 -p 5278:5278 -p 3000:3000 -v ~/.origintrail_noderc:/ot-node/.origintrail_noderc quay.io/origintrail/otnode-mariner:release_mariner
Copy/paste the whole line. After the OT Node Docker image is downloaded and the OT Node Container is installed, the node creates a node identity, an ERC725 identity and a Houston password.

After a few minutes you should see the following line on your screen:

2019-01-09T09:11:05.359Z - info - OT Node started
Usually you exit this log view by pressing Ctrl-C but after setup this may not work. Instead disconnect and then reconnect your SSH client to get the usual prompt again.

Now check if OT Node still runs:

docker ps
If you get something like this everything is fine:
CONTAINER ID        IMAGE                                                COMMAND                  CREATED             STATUS              PORTS                                                                    NAMES
8bfff3300796        quay.io/origintrail/otnode-mariner:release_mariner   "sh /ot-node/testnet…"   27 hours ago        Up 10 hours>3000/tcp,>5278/tcp,>8900/tcp   otnode
If there is no process running try to start OT Node by:
docker start otnode
If you want to stop OT Node (which you shouldn’t if everything is fine):
docker stop otnode
To open the log of OT Node and follow it (-f):
docker logs -f otnode
Exit this log view by pressing Ctrl-C

Now copy your identities the node created during installation:

docker cp otnode:/ot-node/data/erc725_identity.json ~/erc725_identity.json
docker cp otnode:/ot-node/data/identity.json ~/identity.json
If you get an error at this stage like Error: No such container:path... or similar, check your Operational Wallet on https://etherscan.io. If you don’t see any recent transaction then the creation of your ERC725 ID went wrong, too little ETH on this wallet is the most probable reason.

Otherwise these two files are now in the home directory of the user root. To see the content use

more erc725_identity.json
more identity.json
Copy these two files via SFTP or copy/paste the content of each file to a secure place. If you lose them you may lose your stake of TRAC in your profile.

Get your Node ID and ERC725 ID which you need to apply for Vostok by:

docker logs otnode | grep Identity
In this line you see the Node ID (in this case 299...) and the ERC725 ID (here 0x974...)
2019-01-08T16:37:15.535Z - notify - Identity has already been created for node 29995c7b153f9f140bf9ac3d062744ca9499ca9d. Identity is 0x974AfF520c88311b7dA09583e5c07a55D41858Ba.
After getting Node ID and ERC725 ID you can close your SSH connection by
or just closing the SSH window. If OT Node was started via docker start otnode it runs as a server process in the background, therefore closing your SSH connection won’t stop OT Node.

Application for OT Mainnet (Vostok)

Apply for Vostok via https://origintrail.io/vostok-application. After submitting your application you get an email and are requested to confirm your email address.

Just in case you want to run more than one OT Node: currently you need a unique e-mail address for every single OT Node application.

Transfer Additional TRAC to Profile

To be able to bid for offers - after your node was approved - you have to transfer additional (500+) TRAC from your Management Wallet to your profile. This is done via Deposit TRAC on https://node-profile.origintrail.io. You can find out more on OT Mgmt Profile Interface. Make sure you do this before OriginTrail approved your node.

OT Hub

Once you setup your node correctly you can find additional information about your node (even if it’s not approved yet) and other interesting OT network data on https://www.othub.info created and operated by Discord user bbnm#6997.

Houston Interface for OT Node

Houston is a remote control for your OT Node. It can be installed on Windows and MacOS. In this article you find a short description about Houston and where you can download it from.

To get the Houston password needed for access, you can call this on your server:

echo $(docker exec otnode cat /ot-node/data/houston.txt)

Keep in mind Houston password changes whenever your OT Node is restarted.