# Node Deployment
### Deployment Methods Overview
This guide provides three deployment methods. If you are not sure which one to pick, start with **Method 1: One-Command Deployment**.
| Method | Best for | Trade-off |
| ---------------------------------------------------------- | ----------------------------------------------------------- | --------------------------------------------------------- |
| **Method 1: One-Command Deployment (Recommended)** | First-time deployment and fastest bootstrap | Less manual control |
| **Method 2: Advanced Quick Deployment (Manual Variables)** | Fast deployment with explicit environment variable control | Sensitive variables are handled directly in shell session |
| **Method 3: Manual Deployment** | Teams that need full control and manual review of each step | More setup time and manual work |
Before running any method, review [Preparation - Server Infrastructure](/dotswap/developers/nexus-protocol/deployment-guide/preparation.md#server-infrastructure).
### Method 1: One-Command Deployment (Recommended)
For a fast bootstrap, run:
```shell
curl -fsSL https://on.nexus/install.sh | bash
```
{% hint style="info" %}
Run this command on your target server. For production environments, review the script before execution.
{% endhint %}
### Method 2: Advanced Quick Deployment (Manual Variables)
```shell
# Log in to the remote server
ssh root@xxx.xxx.xxx.xx
```
```shell
# See below for environment variable configuration requirements
export APP_ENV=test
# Network endpoint variables (configure according to APP_ENV):
# DOTSWAP_HOST, ORD_URL, NODES_BTC_NODE_CONFIG_HOST, NODES_BTC_NODE_CONFIG_USER, NODES_BTC_NODE_CONFIG_PASS, NODES_BTC_NODE_ZMQ_HOST
export DOTSWAP_ACCOUNT_ADDRESS=tb1qmlp2ghv2xfv6h2ypmg9gt58uhmegse6c3tyhzq
export DOTSWAP_ACCOUNT_PRIVATE_KEY_HEX=853ac0c5ba7f629c20a8df8a86ae98e18a47c1262502e8a6ad0d074f3c2cf1af
export MNEMONIC='trumpet ten limb stay exact seven digital verify chronic solve face syrup'
export POOLS_BTC_DOGGOTOTHEMOON=tb1qmlp2ghv2xfv6h2ypmg9gt58uhmegse6c3tyhzq
export POOLS_BTC_BILLIONDOLLARCAT=tb1q7qfcw03psf3tla59ahdazu2huh7vru27k24qnl,tb1pau57plr6p56984zq9xlku5ferak2jjux5ljzajlr4t6ks6lm989s6ph428
export SINGLE_LIQUIDITY_POOLS_BTC_USDCSTARKNETTEST=tb1qzn8v9g34zyqsuy2rqnk0nddyffcdgxznr6jqzu,tb1qf00w6ryyfcemvsejne2rhgdcnjl343yp6h4aux
# Taker config
export TAKER_MNEMONIC='trumpet ten limb stay exact seven digital verify chronic solve face syrup'
export TAKERS_BTC_DOGGOTOTHEMOON=tb1qf00w6ryyfcemvsejne2rhgdcnjl343yp6h4aux
# Optional: enable Safeheron MPC signer
export MPC_SIGNER=safeheron
# Safeheron detailed variables (SAFEHERON_*) are documented in:
# en/nexus-dex/deployment-guide/safeheron-configuration.md
curl -fsSL https://get.docker.com | bash -s docker
env | grep -E '^(POOLS_|TAKERS_|SINGLE_LIQUIDITY_POOLS_)' > .env
curl -fsSL https://on.nexus/docker-compose-v3.yml | docker compose -p dotswap-dex -f - up --wait --force-recreate --pull always
```
Use `sudo` only if your current user cannot run Docker commands directly.
{% hint style="info" %}
Remember to use your own address/private key/mnemonics
{% endhint %}
### Method 3: Manual Deployment
#### Docker Installation
The recommended way to deploy DOTSWAP DEX is using Docker. To install Docker, please refer to Docker's [Installation Guide](https://docs.docker.com/get-started/get-docker/). For questions regarding Docker installation, please refer to [Docker's Troubleshooting Guide](https://docs.docker.com/desktop/troubleshoot-and-support/troubleshoot/).
```shell
# Install Docker
curl -fsSL https://get.docker.com | bash -s docker
```
#### Get Deployment Script
Download the latest configuration file `docker-compose.yml` from [DOTSWAP](https://on.nexus/docker-compose-v3.yml).
#### Environment Variable Configuration
Before running DEX, you need to modify the following environment variables in `docker-compose.yml`:
* `APP_ENV`: Runtime environment. `test` maps to testnet4, `prod` maps to mainnet.
* `DOTSWAP_HOST`: Nexus API endpoint. Configure for both testnet4 and mainnet according to `APP_ENV`.
* `ORD_URL`: Ord service endpoint. Configure for both testnet4 and mainnet according to `APP_ENV`.
* `NODES_BTC_NODE_CONFIG_HOST`: Bitcoin node RPC endpoint (`host:port`). Configure for both testnet4 and mainnet according to `APP_ENV`.
* `NODES_BTC_NODE_CONFIG_USER`: Bitcoin node RPC username. Configure for both testnet4 and mainnet according to `APP_ENV`.
* `NODES_BTC_NODE_CONFIG_PASS`: Bitcoin node RPC password. Configure for both testnet4 and mainnet according to `APP_ENV`.
* `NODES_BTC_NODE_ZMQ_HOST`: Bitcoin node ZMQ endpoint (`tcp://host:port`). Configure for both testnet4 and mainnet according to `APP_ENV`.
* `MPC_SIGNER`: Signing backend. Use `local` (default, local private key), `fireblocks`, or `safeheron`.
* `DOTSWAP_ACCOUNT_ADDRESS`: The wallet address to register with Nexus as the Market Making Account.
* `DOTSWAP_ACCOUNT_PRIVATE_KEY_HEX`: The private key (hex) of the wallet address to register with Nexus, used to prove ownership of this address.
* `MNEMONIC`: The wallet mnemonic phrase for allowing the independent Nexus instance to sign transaction and provide liquidity.
* `POOLS_BTC_TOKEN`: The key is the names of the involved tokens in a trading pair, and the value is the address information for providing liquidity. For example:
* To provide liquidity for BTC and DOG•GO•TO•THE•MOON, the environment variable is configured as `POOLS_BTC_DOGGOTOTHEMOON:addr`
* If BTC and DOG•GO•TO•THE•MOON are provided liquidity from different addresses (e.g. you're using Xverse wallet), the environment variable is configured as `POOLS_BTC_DOGGOTOTHEMOON:addr1,addr2`
* Multiple trading pairs can be configured, but one address can only be configured for one trading pair.
* Note that Token names should not contain the • symbol.
* `SINGLE_LIQUIDITY_POOLS_BTC_TOKEN`: Single-sided liquidity pool address configuration. Supports one or two addresses (comma-separated). Example: `SINGLE_LIQUIDITY_POOLS_BTC_USDCSTARKNETTEST: addr1,addr2`
* Do not use special symbols (such as `•`) in env variable names.
* `TAKER_MNEMONIC`: The wallet mnemonic phrase for allowing the independent Nexus instance to sign transaction and swap.
* `TAKERS_BTC_TOKEN`: Same like `POOLS_BTC_TOKEN`
If `MPC_SIGNER=safeheron`, see [Safeheron Configuration](/dotswap/developers/nexus-protocol/deployment-guide/safeheron-configuration.md) for the complete variable list and key format options (PEM content or file path).
**Configuration Example**
Pay attention to the indentation level of the YAML configuration to ensure it is correct. If the value of a configuration item is a multi-line string, use `|` or `>` correctly to maintain the format and follow YAML's indentation rules.
```dotenv
services:
service:
environment:
APP_ENV: test
DOTSWAP_ACCOUNT_ADDRESS: tb1qmlp2ghv2xfv6h2ypmg9gt58uhmegse6c3tyhzq
DOTSWAP_ACCOUNT_PRIVATE_KEY_HEX: 853ac0c5ba7f629c20a8df8a86ae98e18a47c1262502e8a6ad0d074f3c2cf1af
MNEMONIC: trumpet ten limb stay exact seven digital verify chronic solve face syrup
POOLS_BTC_DOGGOTOTHEMOON: tb1qmlp2ghv2xfv6h2ypmg9gt58uhmegse6c3tyhzq
POOLS_BTC_BILLIONDOLLARCAT: tb1q7qfcw03psf3tla59ahdazu2huh7vru27k24qnl,tb1pau57plr6p56984zq9xlku5ferak2jjux5ljzajlr4t6ks6lm989s6ph428
SINGLE_LIQUIDITY_POOLS_BTC_USDCSTARKNETTEST: tb1qzn8v9g34zyqsuy2rqnk0nddyffcdgxznr6jqzu,tb1qf00w6ryyfcemvsejne2rhgdcnjl343yp6h4aux
TAKER_MNEMONIC: trumpet ten limb stay exact seven digital verify chronic solve face syrup
TAKERS_BTC_DOGGOTOTHEMOON: tb1qf00w6ryyfcemvsejne2rhgdcnjl343yp6h4aux
```
#### Start Service
Check the `docker-compose` version; it needs to be greater than `1.21.0`.
```shell
docker-compose -v
# docker-compose version 1.17.1 ❌
# or
docker compose version
# Docker Compose version v2.32.4 ✅
```
Execute the following command in the terminal to start DOTSWAP DEX:
```shell
# Execute in the command line
docker compose -f docker-compose.yml up --wait --pull always
# or
docker-compose -f docker-compose.yml up --wait --pull always
```
**Access Service**
After successful startup, you can access it via [http://:17610](https://github.com/DotSwap-Dev/dotswap-doc/blob/doc-en/en/nexus-dex/deployment-guide/http:/%3CYour-Server-IP%3E:17610/README.md).
**Security Operations**
```shell
# Clear environment variables
unset APP_ENV
unset DOTSWAP_HOST
unset ORD_URL
unset NODES_BTC_NODE_CONFIG_HOST
unset NODES_BTC_NODE_CONFIG_USER
unset NODES_BTC_NODE_CONFIG_PASS
unset NODES_BTC_NODE_ZMQ_HOST
unset MPC_SIGNER
unset DOTSWAP_ACCOUNT_PRIVATE_KEY_HEX
unset MNEMONIC
unset TAKER_MNEMONIC
# Clear command history
history -c
```
**Security Hardening**
After you have confirmed that your node is deployed and running stably, you **must perform the following critical step**:
* **Remove SSH Access Rule:** Return to your firewall settings and **delete or disable** the rule allowing SSH (port 22) access that you created in Stage 1.
* **How to manage the server after closing SSH?** You will no longer connect via public SSH. Instead, you should **rely exclusively on the secure, in-browser management tools provided by your cloud provider** (e.g., AWS Session Manager, Linode Lish Console), which is the industry-recommended best practice.
{% hint style="danger" %}
Never expose your private keys/mnemonics. And take the security of your server seriously.
{% endhint %}
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.on.nexus/dotswap/developers/nexus-protocol/deployment-guide/node-deployment.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
.png)
.png)