Releases: logosnode/logosup
Release list
v0.5.1
logosup 0.5.1 — patch release
Four post-0.5.0 fixes surfaced during fresh-install testing on clean Ubuntu droplets. Pure quality-of-life and diagnostics — no schema changes, no migration, no operator action required beyond logosup update.
Highlights
Fresh-install now works on boxes with previous logosup state
Installs onto a host that already had an older logosup could crash during monitoring setup with:
- network logosnode-net declared as external, but could not be found
The old monitoring compose file (from before a2db098) declared the network as external; the current CLI expects compose-managed and never regenerated the on-disk file. Fixed by unconditionally regenerating the monitoring compose on logosup monitor start.
- Operators who already hit this and want to unblock without upgrading:
rm ~/.logos-node/docker-compose.monitoring.yml
logosup monitor startlogosup status now diagnoses silent failures
New Diagnostics section scans the last 60 seconds of node logs and surfaces five categories of errors that block progress in ways you can't tell from height/peers alone:
- Protocol mismatch — connected peers on the wrong network version refuse chainsync. Quotes the exact protocol string back at you and points at the release-notes cross-check. This was invisible in 0.5.0 and cost hours of debugging on the Lisbon Pi.
- IBD failure — the node graceful-shutdowns when bootstrap peers are unreachable, Docker restarts it, crash loop. Includes a copy-paste UDP probe for the fleet.
- NTP sync failure — clock drift breaks consensus timing.
- Network unreachable — usually UFW/Docker iptables clash on fresh Ubuntu droplets. Suggests systemctl restart docker.
- Gateway detection failure — libp2p NAT can't work; points at the LOGOS_EXTERNAL_IP knob.
Silent on healthy nodes — the section only appears when there's something to report.
logosup logs — less noise by default
Old default -f --tail=100 scrolled ~5 seconds of DEBUG history before starting to tail. New default: -f --tail=10.
New flags:
- -n N / --lines N / --tail N — set the per-container count
- --no-follow — dump and exit
- --all — include monitoring containers (grafana, prometheus,
otel, exporter) alongside the node - --node-only — explicit opt-out of --all
- -- — passthrough sentinel for arbitrary docker-compose flags
Bare unknown flags still pass through, so scripts using logosup logs --since 1h keep working.
settings.env.example — documented settings surface
Ships a documented template of every LOGOS_* variable operators
can put in ~/.logos-node/settings.env, defaults commented.
Previously undiscoverable — the surface was implicit in the source.
cat settings.env.example # browse
cp settings.env.example ~/.logos-node/settings.env # start editing
Covers node version pins, host ports (LOGOS_API_PORT, LOGOS_UDP_PORT), the LOGOS_EXTERNAL_IP public-IP hint, LOGOS_BOOTSTRAP_PEERS override, Grafana port + auth knobs, and LOGOS_NODE_DIR layout override.
Upgrade
logosup update
No config migration, no chain-data wipe, no keys touched. Fully compatible with 0.5.0 installs.
Full Changelog: v0.5.0...v0.5.1
v0.5.0 - Logos Blockchain 0.2.0 support
logosup 0.5.0 — Logos Blockchain 0.2.0 support
This release adds support for Logos Blockchain 0.2.0, a breaking node release (genesis reset + config schema rewrite + keystore split + CLI subcommand rename). It also fixes a class of latent bugs that meant logosup was quietly incompatible with any node release past 0.1.2.
What operators need to do for 0.2.0
- New operators: run the one-liner. Nothing else changes.
curl -sL https://raw.githubusercontent.com/logosnode/logosup/main/install.sh | bash logosup install - Existing operators on 0.1.2: run
logosup updateand confirm the breaking-migration prompt. Your node_key, KMS material, and every wallet identity are preserved through the 0.1.2 → 0.2.0 migration. Chain data is wiped (genesis reset — unavoidable) and faucet funds must be re-requested against your existing LeaderFunding key.
Highlights
- Docker build no longer 404s. The logos-blockchain-circuits-*.tar.gz asset was dropped from releases at 0.1.3-rc.13 (circuits are bundled into the node binary now). Every install past 0.1.2 was silently broken; the Dockerfile now downloads
- init → init-config. 0.2.0 renamed the config-generation subcommand and added a separate keystore.yaml alongside user_config.yaml. Both files are generated, chmod 600'd, and called out in the install summary as sensitive material.
- Key-preserving 0.1.2 → 0.2.0 migration. New docker_migrate_from_012 helper drives the binary's own migrate-from-0.1.2 subcommand, passing bootstrap peers + IBD flag +sion via the tip_poll: marker so re-runs don't silently rotate the leader funding key.
- IBD enabled by default. Both fresh installs and migrations now pass
--ibdsocryptarchia.network.bootstrap.ibd.peersis populated. Without this, the node has no source for historical blocks and hovers at height 0 with a healthy-looking peer count. - Compose mount-shadow fix. Previously ~/.logos-node/user_config.yaml was mounted at /app/data/user_config.yaml while ~/.logos-node/data was mounted at /app/data — the directory bind shadowed the file bind, so every patch to the outer core running container. Config is now mounted at /app/config.yaml outside the data dir; no more shadowing.
- Status/wallet/keys UX picks up the new 0.2.0 API shapes and keystore structure: consensus mode (ght
read from cryptarchia_info, wallet keys are annotated with their semantic roles (LeaderFunding, VaucherMaster, Stake, SdpFunding, BlendZk, BlendSigning, NetworkSwarm), and the LeaderFunding entry — the one operators need to fund at the faucet — is highlighted with a ★ marker. - Monitoring stack parses 0.2.0 shapes too. Grafana overview's Slot and Height now reflect real values; Consensus Mode panel flips correctly between Bootstrapping and Online; the exporter's YAML loader handles the new custom tags (!Env, !Otlp, !Zk, !Ed25519) natively.
- LOGOS_EXTERNAL_IP settings knob. When set, we pass
--external-address /ip4/<ip>/udp/<port>/quic-v1to init-config / migrate so the node advertises a known public address and skips NAT traversal. - Retired LOGOS_CIRCUITS_VERSION. Dead variable + noisy "Could not auto-detect circuits version" warning on every update are gone.
Notes / known gaps
- network.yml peer set is hardcoded to the fleet peers documented in the 0.2.0 release notes. Future peerymlPR + a logosup reset on affected nodes.
- No first-class per-role key restorrole> ) — design queued for afollow-up PR. The existing logosup keys backup / restore handles whole-config splices.
- logosup update cli -b main after this merges is one-way; downgrading a 0.5.0 install back to 0.4.x is unsupported.
New Contributors
Full Changelog: v0.4.3...v0.5.0
v0.4.3
Logos Up v0.4.3
A focused bugfix release for the monitoring + Docker network startup path.
Fixed
- Install/start no longer fails when monitoring is enabled. When the monitoring stack came up before the node, it created the shared
logosnode-netnetwork manually, without Docker Compose's labels. Compose then refused to attach the node to it (network logosnode-net was found but has incorrect label) and the node failed to start. Both stacks now let compose own the network, so it's created with the right labels regardless of which one starts first. (#16) - Real startup errors are surfaced instead of a silent 120s timeout. If the node container exits during startup,
logosup startnow detects it immediately and prints the last log lines, instead of waiting out the full health-check window with no explanation.docker_upalso no longer swallows a faileddocker compose up. (#16)
Added
- Existing broken nodes self-heal on update. A node that already hit the network-label error has a stale, unlabeled
logosnode-netwith the monitoring containers still attached — which couldn't be cleaned up in place. On the nextstart/update/monitor start, the CLI now detects an unmanagedlogosnode-net, detaches and recreates it cleanly, and brings everything back up. No manualdocker network rmneeded.
Who should update
Everyone — especially operators running the monitoring dashboard, or anyone whose install/start failed with a logosnode-net ... incorrect label error.
Update and start as usual:
logosup update
logosup startNew Contributors
- @strudelPi made their first contribution in #16
Full Changelog: v0.4.2...v0.4.3
v0.4.2
What's Changed
- 0.4.1 - hotfix: post-rename update self-heals symlinks + re-exec by @shayanb in #12
- 0.4.2 - rename docker network + README cleanup by @shayanb in #13
- wallet: default --change to funding key + banner rebrand by @shayanb in #14
- Remove peer ids from bootstrap peers list by @davidrusu in #15
New Contributors
- @davidrusu made their first contribution in #15
Full Changelog: v0.4.0...v0.4.2
v0.4.0
v0.4.0 — logosup rebrand + everything since v0.2.2
Headline: the project moves to its own org (logosnode) and the CLI's primary command is now logosup. Both old commands (logos-node, logosnode) keep working forever as aliases. Existing operators run logos-node update once and the CLI auto-migrates the git remote and rebuilds the symlinks — zero manual steps.
This release also bundles ~13 versions of incremental work that landed between v0.2.2 (Apr 14, 2026) and now, none of which were tagged as standalone releases.
Install (new operators)
curl -sL https://raw.githubusercontent.com/logosnode/logosup/main/install.sh | bash
logosup installExisting operators
logos-node update # works exactly the same as before — and self-migratesAfter that single command:
- Git remote auto-rewrites from
shayanb/logos-node→logosnode/logosup(GitHub redirects either form, but the rewrite cleans up warnings) - Symlinks are healed:
logosupbecomes the primary command,logos-nodeandlogosnodekeep working - Config gets a one-time patch that disables runaway disk-based tracing logs (see "Disk fixes" below)
Headline features
logos-node wallet — new subcommand for transfers, balance, tx lookup
Thin HTTP client over the node's existing /wallet/* and /cryptarchia/* endpoints. All cryptography happens inside the node; no new dependencies.
logosup wallet balance # all known_keys + total
logosup wallet balance <key> # single key + per-note breakdown
logosup wallet transfer <to_pk> <amount> # auto-pick funding key, confirm, submit
logosup wallet send <to> <n> --from <key> --change <key> --yes
logosup wallet tx <tx_hash> # transaction lookupThis is the base-layer wallet built into the node. The Logos Execution Zone (LEZ) layer-2 wallet is tracked separately as a future feature.
keys backup / keys restore actually preserves keys across resets and node upgrades
Previous implementation only saved the wallet.known_keys block — public mappings without the corresponding KMS signing material. A restore-after-reset gave you an unsignable wallet.
Backup is now a small keys-only YAML containing every key-bearing path (wallet.known_keys, full kms.backend.keys with !Zk / !Ed25519 secrets, libp2p node_key, blend signing key ids, funding-pk references). Restore splices those paths into the existing config without touching anything else — cross-version safe. Operators can back up on one node version and restore onto another. Soft dep on python3 + PyYAML (pre-installed on most distros).
Honest tx-lookup messaging
After deep research traced both the wallet API hash (MantleTx::hash() = Poseidon2 over Fr from BLAKE) and the public testnet explorer's id (SHA-256 of canonical JSON, derived in logos-blockchain-block-explorer-template), and confirmed /cryptarchia/transaction/<id> was added in upstream PR #2550 (merged 3 days after v0.1.2 was cut, so the operator's v0.1.2 node returns 404 because the route literally doesn't exist), the post-transfer + wallet tx 404 messages are now precise instead of hand-waving "in-progress upstream." When the operator's node upgrades to v0.1.3+, wallet tx <hash> starts working without any CLI change.
Disk-fill fixes (two distinct causes, both seen in production)
Container log rotation (v0.2.2)
Generated docker-compose.yml now caps Docker's json-file logs:
logos-node:max-size: 50m,max-file: 5(250 MB ceiling)logos-exporter/logos-otel/logos-prometheus/logos-grafana:20m × 3(60 MB each)
Without these, an operator's pi filled with a single 60 GB json log over a few weeks.
Reset now regenerates the node compose (v0.3.2)
Previous behavior only regenerated the monitoring compose. Operators whose docker-compose.yml was generated before v0.2.2 (no logging caps) stayed on the old schema indefinitely, even after multiple resets.
Tracing module disk logs disabled (v0.3.2)
By default the upstream node tracing module writes the SAME log lines to BOTH stdout (Docker captures, capped) AND to per-hour files in the data dir, which were NOT capped. At DEBUG level this hits ~10 GB/hour. One operator's pi went from clean to full (102 GB consumed) in 17 hours.
Added patch_user_config_for_log_files in lib/docker.sh that rewrites tracing.logger.file: { directory, prefix } → file: null after init. Stdout via logos-node logs is sufficient for diagnostics. Idempotent.
Post-update auto-fix
When lib/docker.sh changes in an update, the on-disk docker-compose.yml is regenerated and the operator is offered a one-click container recreate to apply the new caps. Same hook for monitoring compose.
UX polish (cumulative across the release window)
- HTTP error messaging —
wallet balance/statusshow the actual API response inline (e.g.,error (HTTP 408): timeout) instead of a silent "unavailable". For HTTP 000 (connection refused / timeout / no response), prints(no response — connection refused, timed out, or node API not reachable)instead of an empty message. confirmfail-closed when no /dev/tty — previously fell through to the default answer when/dev/ttywasn't available (non-interactive SSH, automation pipes), silently submitting destructive operations likewallet transfer. Now pre-flight tests/dev/ttyopenability via fd 3; if missing, log a warn and return 1 (cancel).- Full 64-char addresses in
wallet balance,wallet transfersummary,statuswallet section — copy-paste from terminal works. keyssubcommand:import/exportaliases — keys silently fell into the*default (which printed keys) when the operator typedkeys import. Nowimport/exportwork as aliases forrestore/backup, and unknown subcommands print help and return 1.keys_io.pyhandles all YAML tag forms — scalar (!Zk hex), mapping (!Otlp { endpoint, host_identifier }), and sequence — so backup/restore round-trips the entire config includingtracing.metrics: !Otlpetc.- Subshell unbound-var fix in wallet helpers — early version of
wallet balanceused$(wallet_get_balance ...)which ran the helper in a subshell, soWALLET_HTTP_CODE(set as a global) didn't propagate back. Underset -uthis crashed every wallet command. Helpers now set globals; callers invoke bare and read globals. - Drift detection in
updateflow — settings.env entries that masknetwork.yml(e.g. stale bootstrap peer IDs from an older install) trigger a one-time interactive cleanup prompt. - Update flow re-exec passthrough —
cli_changed_filesis now passed through the re-exec via env var so post-update hooks (compose regen, monitoring rebuild) actually fire on a normallogos-node update. Previous behavior silently disabled all the hooks because the re-exec dropped state.
Monitoring / dashboards
- Deep Dive dashboard rewritten to align with metrics actually exported by the OTel collector on a v0.1.2 testnet node. Removed panels backed by un-emitted metrics (consensus apply latency, proposals, blend, KMS sign requests, SDP, orphans). Added:
consensus_connections, network dial failures, KMS public key requests, block download latency. New "Wall-clock vs Chain Time" section computing sync lag (time_current_slot − consensus_current_slot). - Pi cgroup memory hint — System & Containers dashboard panels for Memory now point operators at the
cgroup_enable=memory cgroup_memory=1cmdline flag when memory shows 0 B (Pi kernel default omits this). - Prometheus exporter wallet-key parsing fix — exporter was matching all 64-hex strings in
user_config.yaml(including KMS key IDs and node_key), producing 6 wallet legend entries when the operator only has 2 keys. Now navigateswallet.known_keyscorrectly. Also stops zeroing the gauge on transient API failures (was painting fake "balance dropped to zero" lines).
Upstream issues filed during this work
For transparency on the operator-side investigations:
- logos-blockchain#2622 — wallet service crash loop on initial backfill (
LIBUpdate vs LIBrace). Hit reliably on a long-running testnet; documented the cascade and operator-side symptoms. - logos-blockchain#2663 — wallet service silently never starts after enough crash-loop iterations (overwatch supervisor exhausts restart budget).
- logos-blockchain#2661 — clarification ask about which
consensus_*/blend_*/kms_*/sdp_*metrics are wired vs. declared-but-uncalled. - logos-blockchain-block-explorer-template#15 — docs ask: clarify in the README that the explorer's transaction id is SHA-256 of canonical JSON (independent from the node's
TxHash).
Files NOT renamed (intentionally)
~/.logos-node/data dir — refers to the upstream node, not our tool. Renaming would break every existing install.logos-nodeDocker container,logos-netDocker network — refer to the actual node.- Internal env vars (
LOGOS_NODE_VERSION,LOGOS_NODE_DIR,LOGOS_NODE_LIB,LOGOS_CLI_REPO, ...) — no flag day on operators'~/.logos-node/settings.env. - File names inside
lib/—cmd_*.shfilenames stay as is.
What's coming next
- Once upstream lands a fix for the wallet backfill race, base-layer wallet usage on long-running testnets becomes reliable.
- Once upstream cuts v0.1.3,
wallet tx <hash>starts working against the operator's own node. - Logos Executio...
v0.2.2
v0.2.2 — Log rotation + post-update hook fix
A maintenance release prompted by an operator whose 115G pi disk filled to 100%, traced to a single 60GB Docker log file on logos-node. Fixes both the immediate cause (no log caps) and the related delivery gap (post-update hooks were silently dead).
What you get
-
Log size caps on every container. Compose generators now emit
logging:blocks. Total log ceiling across the full stack (node + exporter + otel + prometheus + grafana) is capped at ~490MB instead of unbounded.logos-node: 50MB × 5 files = 250MB- monitoring services: 20MB × 3 files = 60MB each
-
logos-node updatenow actually applies changes. Previously, after pulling new CLI code the re-exec dropped state, so the post-update block (compose regen + monitoring rebuild prompt) never ran. Fixed by passing the changed-files list through the re-exec env. The existing monitoring auto-rebuild logic now fires correctly too. -
Auto-regenerate
docker-compose.ymlon schema changes. When an update toucheslib/docker.shordocker/, the on-disk compose is regenerated and you're prompted to recreate the container.
Upgrade
logos-node updateThat's it — the new flow regenerates the compose and offers to recreate the container in one go. Caps apply automatically once the container is recreated.
Reclaiming space if your disk is already full
If you're hitting the same 100% disk issue, do this first (existing logs aren't truncated by adding a cap):
logos-node stop
logos-node monitor stop
# Truncate existing Docker logs in place (json-file driver)
sudo find /var/lib/docker/containers/ -type f -name "*-json.log*" \
-exec truncate -s 0 {} \;
# Reclaim build cache + unused images
docker builder prune -af
docker image prune -af
df -h / # verify space freed
logos-node update # pull v0.2.2 + regen compose
logos-node start # bring up with the new caps
Verify after restart:
docker inspect logos-node | grep -A5 LogConfig
# Should show: max-size 50m, max-file 5
Compatibility
- No breaking changes — Logos Blockchain still pinned at 0.1.2
- No reset required; just logos-node update and accept the recreate prompt
Full Changelog: v0.2.1...v0.2.2
v0.2.1
What's new
Breaking-change migration flow
- New command: logos-node reset — wipes ~/.logos-node/data/, backs up and regenerates user_config.yaml with fresh keys, rebuilds the Docker image, and restarts the node. Use after any release that resets the genesis block. Pass -y for non-interactive use.
- Auto-detection in logos-node update — a maintained registry of breaking versions (LOGOS_BREAKING_VERSIONS in lib/releases.sh) automatically diverts the update flow into the migration path when you cross a breaking release. No manual steps needed.
- Pre-migration backups are preserved at
~/.logos-node/user_config.yaml.pre-migration-<timestamp>.
Network rotation for 0.1.2
- Updated bootstrap peer IDs in network.yml to match the rotated IDs in the 0.1.2 release (same IPs/ports, new peer keys).
- Renamed devnet → testnet across the codebase: faucet URL, dashboard URL, all user-facing strings.
Native node metrics via OpenTelemetry
- New container: logos-otel (OpenTelemetry Collector) — receives OTLP metrics pushed by the node binary and re-exposes them in Prometheus format. This unlocks ~70 native metrics across consensus, mempool, chainsync, blend, KMS, SDP, storage, HTTP API, and more.
- user_config.yaml is automatically patched on install/reset to enable OTLP push (tracing.metrics: !Otlp). Idempotent — existing custom values are preserved.
- The Python exporter (logos-exporter) is retained for container/host stats and wallet balances, which the node doesn't emit natively.
New Grafana dashboard: Deep Dive
- "Logos Node — Deep Dive" dashboard added alongside the existing Overview dashboard. Organized by service:
- Consensus — slot, tip/finalized height, epoch, forks, peers, block-apply latency (p50/p95/p99), proposals (created/received/ignored/failed), blocks imported
- Mempool — pending transactions, add/remove throughput
- Chain Sync & Orphans — tip request latency, download rate, orphan queue depth, fetch failures
- Blend — connected peers, message send/receive/failure rates
- KMS & SDP — sign requests and success/failure rates, declarations, withdrawals
- HTTP API & Storage — request rate by path, p95 latency, storage failures
- Overview dashboard now links to Deep Dive from the top nav.
Stale settings.env drift detection
- Passive warning: if settings.env overrides network-identity fields (bootstrap peers, faucet URL, etc.) with values that differ from network.yml, a one-time warning is shown on any command.
- Active cleanup: logos-node update and logos-node reset interactively prompt to remove stale overrides, with a timestamped backup. Prevents the scenario where an old settings.env silently masks rotated peer IDs.
Update flow reliability
- After a CLI branch switch or pull, the script now execs itself for the node-update step so freshly-pulled code takes effect immediately (previously, the old in-memory bash functions were used).
- Monitoring compose file is regenerated during reset so new services (e.g. logos-otel) are included automatically.
- monitoring_up creates the logos-net Docker network if it doesn't exist yet (fixes the "network declared as external but could not be found" error when monitoring starts before the node during install).
- _parse_network_yml now tolerates comments inside YAML list blocks (was truncating the bootstrap peer list on comment lines).
Compatibility: Logos Blockchain 0.1.2 (new genesis block — breaking change, requires migration)
Upgrade instructions
logos-node update # detects the breaking release and walks you through it
Or update the CLI manually first:
cd ~/.logos-node/cli && git pull
logos-node reset # wipes data, regenerates config, restarts
logos-node faucet # re-claim testnet tokens (old chain funds don't carry over)
Important: Your existing user_config.yaml is backed up to user_config.yaml.pre-migration- before regeneration. If you had stale overrides in settings.env (e.g. old bootstrap peer IDs), the CLI will detect them and prompt you to clean up.
Full Changelog: v0.1.9...v0.2.1
v0.1.9
v0.1.9
Grafana Authentication
- New logos-node monitor auth — toggle Grafana login on/off interactively
- logos-node monitor auth on — set admin password (masked input, confirmation)
- logos-node monitor auth off — disable auth, revert to anonymous access
- Auth prompt added to install flow when monitoring is enabled
HTTPS for Grafana
- Self-signed SSL certificate auto-generated on first monitor start (valid 10 years)
- Stored at ~/.logos-node/monitoring/certs/ — delete to regenerate
- All Grafana URLs now use https://
- Browser warning hint shown in status and monitor output
Security Improvements
- Firewall scan now detects running services (node, Grafana) with blocked ports
- logos-node security apply offers to open service ports when firewall is active
UI & Update
- logos-node update shows git diff stats on branch switch
- logos-node status shows Grafana URL with machine IP and cert hint
- Update pulls directly without extra confirmation prompt
Bug Fixes
- Fix broken logos-node.json dashboard (trailing comma from Blocks section removal)
- Fix LOGOS_GRAFANA_AUTH: unbound variable on older installs
- Fix Grafana password not applying (env vars only work on first boot — now resets via grafana cli)
- Fix port extraction in start error message
Full Changelog: v0.1.7...v0.1.9
Upgrade
Update the CLI
logos-node update
Regenerate monitoring with HTTPS + auth support
logos-node monitor stop
rm ~/.logos-node/docker-compose.monitoring.yml
logos-node monitor start
Optional: enable Grafana password
logos-node monitor auth on
Check firewall for blocked service ports
logos-node security
Troubleshooting
Grafana not loading in Chrome
Chrome may force HTTPS on your server's IP. With v0.1.9, Grafana runs HTTPS by default — accept the self-signed cert warning. If still blocked, clear HSTS in chrome://net-internals/#hsts or use Safari/Firefox.
Grafana login fails with correct password
Grafana stores passwords in its internal database. Use logos-node monitor auth on to set the password correctly. If you edited settings.env manually, run: docker exec logos-grafana grafana cli admin reset-admin-password YOUR_PASSWORD
Grafana port blocked by firewall
Run logos-node security apply — it will detect that monitoring is running but port 3001 is blocked and offer to open it.
v0.1.7
v0.1.7
- Show Grafana URL in logos-node status output (uses machine IP instead of localhost)
- Fix logos-node update to show git pull output (+/- file stats) when CLI is updated
- Update README with security hardening docs, updated commands table
Full Changelog: v0.1.6...v0.1.7
v0.1.6 Security Hardening
v0.1.6
Security Hardening
- New logos-node security command — scan server for security issues
- New logos-node security apply — interactively apply fixes with confirmation for each step
- Firewall: install and enable UFW/firewalld with correct ports (SSH, Node P2P), with optional prompts for API and Grafana ports
- SSH hardening: disable root login, offer key-only auth (only when SSH keys are already set up — won't lock you out)
- Automatic security updates: install and enable unattended-upgrades (Debian/Ubuntu) or dnf-automatic (RHEL/Fedora)
- fail2ban: install with sshd jail (5 retries, 1hr ban)
- File permissions: check node directory and Docker socket
- Multi-distro support: Debian/Ubuntu/Raspbian, Fedora/RHEL/CentOS/Rocky, Arch
- Security hardening offered during logos-node install (before node starts)
Update Flow Improvements
- Show git changelog (+/-) on branch switch (logos-node update -b BRANCH)
- Monitoring only rebuilds when monitoring files actually changed (no more unnecessary builds on every update)
- Monitoring rebuild is now opt-in — prompts the user instead of auto-rebuilding
- Fix single-branch refspec from --depth 1 clone — auto-repairs on update so -b BRANCH works correctly
- Install script now uses --no-single-branch for new installs
Start & Error Handling
- Detect port conflicts on logos-node start with actionable error messages (which port, how to find the process, how to change the port)
- Auto-regenerate docker-compose.yml on start if port settings changed in settings.env
- Reordered install flow: security and monitoring setup happen before node starts
Full Changelog: v0.1.4...v0.1.6
Install
curl -sL https://raw.githubusercontent.com/shayanb/logos-node/main/install.sh | bashUpdate for Existing users:
logos-node update
Commands
┌──────────────────────┬────────────────────────────────────────────────────────┐
│ Command │ Description │
├──────────────────────┼────────────────────────────────────────────────────────┤
│ logos-node install │ Full setup — download, build, configure, generate keys │
├──────────────────────┼────────────────────────────────────────────────────────┤
│ logos-node start │ Start the node (+ monitoring if enabled) │
├──────────────────────┼────────────────────────────────────────────────────────┤
│ logos-node stop │ Stop the node and monitoring │
├──────────────────────┼────────────────────────────────────────────────────────┤
│ logos-node status │ Show consensus state, peers, wallet balances │
├──────────────────────┼────────────────────────────────────────────────────────┤
│ logos-node logs │ Tail node logs │
├──────────────────────┼────────────────────────────────────────────────────────┤
│ logos-node update │ Update node and/or CLI (-b BRANCH to switch branches) │
├──────────────────────┼────────────────────────────────────────────────────────┤
│ logos-node keys │ Show, backup, or restore wallet keys │
├──────────────────────┼────────────────────────────────────────────────────────┤
│ logos-node faucet │ Show faucet URL and keys │
├──────────────────────┼────────────────────────────────────────────────────────┤
│ logos-node inscribe │ Publish text inscriptions to the blockchain │
├──────────────────────┼────────────────────────────────────────────────────────┤
│ logos-node monitor │ Manage Grafana + Prometheus monitoring dashboard │
├──────────────────────┼────────────────────────────────────────────────────────┤
│ logos-node security │ Scan and harden server security (firewall, SSH, etc.) │
├──────────────────────┼────────────────────────────────────────────────────────┤
│ logos-node version │ Show CLI and node versions │
└──────────────────────┴────────────────────────────────────────────────────────┘