Own domain (Nginx + TLS)

Use this flow when you own a DNS name and want HTTPS on your server via Nginx and Let’s Encrypt. The wizard’s command includes --with-nginx. In /setup, on Setup FQDN, choose Bring your own FQDN, enter your hostname in Node FQDN, configure an A record at your provider (or a CNAME to another hostname) as the in-wizard notice describes, then confirm with I have completed my FQDN settings before Next.

← Back to Installation overview · Related: Wizard tunnel · Manual full node setup

Prerequisites

Environment meeting Server requirements (certified Ubuntu 24.04 LTS on Linux, or Windows 11 + WSL 2 + Ubuntu 24.04 LTS), with root access.
Ports 80 and 443 free on the host (ACME HTTP-01 + HTTPS).
Port 7400 (TCP + UDP) free and allowed through host firewall and cloud security groups — see Manual full node setup → Network configuration for the port table.
FQDN (e.g. node1.example.com) with an A record to your server’s public IP, propagated before install.
Node private key (64 hex) from the wizard or your own.

FQDN is a reward prerequisite. The installer obtains a certificate for that name; the ecosystem probes https://<fqdn>/rpc for uptime. Misconfigured DNS or blocked 80/443 prevents rewards. See Glossary.

One-line command

The wizard shows Linux / WSL and macOS tabs. Use the line that matches where Docker runs. <network> is mainnet or testnet.

Linux / WSL (Ubuntu 24.04) — /install-linux; run as root:

curl -sL https://fullnode.<network>.coti.io/install-linux | sudo bash -s -- "<PRIVATE_KEY>" "<FQDN>" --with-nginx

macOS — /install-mac; do not use sudo:

curl -sL https://fullnode.<network>.coti.io/install-mac | bash -s -- "<PRIVATE_KEY>" "<FQDN>" --with-nginx

Windows 11: use WSL 2 + Ubuntu 24.04 LTS and the Linux command above.

What the installer does (this flow)

OS and inputs — Certified Ubuntu version check, root, valid key and FQDN (non-24.04 may prompt; see Server requirements → Windows 11 with WSL 2).
Pre-checks — Disk space; ports 80, 443, and 7400 free; ufw / iptables must not block them when those checks apply.
Packages — Docker, Compose, certbot, plus curl, git, jq, dnsutils.
Clone — coti-full-node into an empty directory.
Config — installer.env, .env, nodekey (FRPC_ENABLED=false unless you use --with-frp).
HTTPS — Temporary Nginx on :80, Certbot for your FQDN, then full Nginx config for /rpc, /ws, /metrics with TLS.
Launch — ./start_coti-full-node.sh starts the stack.

Public RPC is https://<your-fqdn>/rpc — that is what monitoring uses.

After the command finishes

The script prints success with your HTTPS URL. The node syncs; the wizard waits on peer discovery. Warm-up / hot / NFT: Glossary.

Flags relevant to this flow

Flag

Purpose

--with-nginx

Nginx + Let’s Encrypt on the host (this guide).

--staging

Let’s Encrypt staging CA (for dry runs; browsers won’t trust the cert).

--with-frp

COTI tunnel path instead — see Wizard tunnel. Do not combine with --with-nginx.

Host Nginx is off by default; use --with-nginx to enable TLS on this machine.

Dry-run example (Linux / WSL):

curl -sL https://fullnode.<network>.coti.io/install-linux | sudo bash -s -- "0x..." "node1.example.com" --with-nginx --staging

Troubleshooting

Certbot failed — Check dig <fqdn>, wait for DNS, confirm 80/443 reachable from the internet.
Port in use — Free 80, 443, or 7400 (old Nginx, Apache, another COTI install).
Wizard does not see the node — docker ps, docker logs -f coti-<network>-full-node, confirm FQDN A record matches the server’s public IP.

PreviousWizard tunnel (COTI subdomain)NextManual full node setup (without the wizard)

Last updated 8 days ago

Was this helpful?