Node Infrastructure Transparency
RaiblocksOne operates publicly verifiable node infrastructure. Production nodes are deployed using a reproducible Docker configuration, with explicit peering, cryptographic identity, and restricted RPC exposure.
This page is intentionally technical. The point is simple: don’t trust claims — verify them.
Canonical Node Deployment
The Docker command below represents the exact runtime configuration used by the RaiblocksOne primary node.
Note: new installs typically mount /data/nodes/xro. If you are upgrading from the legacy Docker node,
your mount path may be /root/raiblocksone — see the upgrade section below.
docker run -d --name xro --restart unless-stopped -p 0.0.0.0:8075:8075 -p 127.0.0.1:8076:8076 -p 127.0.0.1:8078:8078 -e prefix="xro_" -e name="RaiblocksOne" -e account="xro_3oh6tp9b8y65w1fzp3aaxgebptkdhnrziiqaairqfhzkcntiwn1r97cgzikp" -e source="D5E4D58E937883E01BFB0508EB989B6A4B7D31F842E8443176BFF255350E5018" -e work="9da7e03b2a2ec54b" -e signature="FBB7588466EAA76196181C3CDF249178BAC70929E28AABBD5DE284362A34899AB4C972A232824067F439E89F2672B792105D3A55763B852FD21967EC7957260D" -e peering="peering.raione.cc" -e peering_port=8075 -e RPC_PORT=8076 -e WS_PORT=8078 -v /data/nodes/xro:/root yxse/nan
Ultra Safe Upgrade (Preserve Existing Ledger)
This section is for node runners upgrading from the original Docker node:
raiblocksone/raione:R1_V.02.2.
The goal is to preserve your existing ledger + identity and make rollback instant.
Important: do not reuse legacy config-node.toml or
config-rpc.toml. These files may override ports, RPC bindings,
or peering behavior. The current node image derives configuration from
environment variables for reproducibility.
Legacy node reference (read-only)
Reference only — do not re-run this command.
Step 1 — Verify the legacy ledger directory exists (do NOT skip)
Confirm the directory exists and is not empty. If it is empty, stop and investigate before upgrading.
ls -la /root/raiblocksone | head
Step 2 — Create a snapshot backup (fast + reversible)
This makes a full copy of your node state directory. Disk usage depends on ledger size.
rsync -a --exclude="config-*.toml" /root/raiblocksone/ /root/raiblocksone-backup-$(date +%F)/
Legacy config-node.toml and config-rpc.toml are intentionally excluded.
The new node image generates configuration from environment variables.
Step 3 — Stop the legacy container (do NOT remove yet)
We stop the old node so it stops writing to the ledger while we start the new one. Keeping the container allows instant rollback.
docker stop raione-node
Step 4 — Start the new node (reusing the legacy mount path)
The new container will reuse your existing data directory by mounting it into /root inside the container
(matching the legacy layout). The node listens on XRO ports: 8075 (P2P), 8076 (RPC local), 8078 (WS local).
docker run -d --name xro --restart unless-stopped -p 0.0.0.0:8075:8075 -p 127.0.0.1:8076:8076 -p 127.0.0.1:8078:8078 -e prefix="xro_" -e name="RaiblocksOne" -e account="xro_3oh6tp9b8y65w1fzp3aaxgebptkdhnrziiqaairqfhzkcntiwn1r97cgzikp" -e source="D5E4D58E937883E01BFB0508EB989B6A4B7D31F842E8443176BFF255350E5018" -e work="9da7e03b2a2ec54b" -e signature="FBB7588466EAA76196181C3CDF249178BAC70929E28AABBD5DE284362A34899AB4C972A232824067F439E89F2672B792105D3A55763B852FD21967EC7957260D" -e peering="peering.raione.cc" -e peering_port=8075 -e RPC_PORT=8076 -e WS_PORT=8078 -v /root/raiblocksone/:/root yxse/nan
Step 5 — Verify the new node before cleanup
Check logs for peer connections and normal startup:
docker logs -n 200 xro
Verify RPC responds locally (RPC should NOT be public):
curl -s http://127.0.0.1:8076 | head
Step 6 — Cleanup legacy container (only after verified)
Once you confirm the new node is stable, you can remove the old container:
docker rm raione-node
Rollback (instant)
If the new node fails for any reason, rollback is immediate: stop the new container, restart the legacy container.
docker stop xro && docker start raione-node
Optional (recommended) — Standardize your data path to /data/nodes/xro
If you want to move away from /root/raiblocksone and standardize on /data/nodes/xro, do it after the upgrade is stable.
This keeps things tidy and avoids mixing application data under /root.
mkdir -p /data/nodes/xro rsync -a --exclude="config-*.toml" /root/raiblocksone/ /data/nodes/xro/
Configuration files are regenerated on first startup. Do not manually copy legacy TOML files into the new node.
Then restart the new container using the standardized mount:
docker stop xro && docker rm xro
docker run -d --name xro --restart unless-stopped -p 0.0.0.0:8075:8075 -p 127.0.0.1:8076:8076 -p 127.0.0.1:8078:8078 -e prefix="xro_" -e name="RaiblocksOne" -e account="xro_3oh6tp9b8y65w1fzp3aaxgebptkdhnrziiqaairqfhzkcntiwn1r97cgzikp" -e source="D5E4D58E937883E01BFB0508EB989B6A4B7D31F842E8443176BFF255350E5018" -e work="9da7e03b2a2ec54b" -e signature="FBB7588466EAA76196181C3CDF249178BAC70929E28AABBD5DE284362A34899AB4C972A232824067F439E89F2672B792105D3A55763B852FD21967EC7957260D" -e peering="peering.raione.cc" -e peering_port=8075 -e RPC_PORT=8076 -e WS_PORT=8078 -v /data/nodes/xro:/root yxse/nan
If you do this migration, you can keep the old backup at /root/raiblocksone-backup-YYYY-MM-DD until you’re fully confident.
Security & Network Design
- P2P traffic is exposed only on port
8075 - RPC (
8076) and WebSocket (8078) are bound to localhost - Node identity is cryptographically signed and persistent
- Ledger and wallet data persist outside the container via a volume mount
- Explicit peering avoids unreliable bootstrap discovery
No hidden services. No private flags. No “trust me” endpoints.
Independent Verification
Anyone may run an identical node, peer with peering.raione.cc,
inspect consensus behavior, and verify representative weight on-chain.
If a claim made by RaiblocksOne cannot be independently verified via the network, it should not be trusted.