# Generic Build a VPS Guide

## Recommendation

If you are going to build your VPS on a cloud provider that we offer a specific guide to follow, skip this document and move directly to one of those [guides](#cloud-provider-specific)

* AWS
* Digital Ocean
* Hetzner

## Before We Begin

This guide does **not** include cloud provider-specific steps or images.  You may use the specific cloud provider documentation [here](#cloud-provider-specific).

There are many **cloud providers** available to choose from, and unfortunately, we cannot cover each one in these tutorials and guides.

We encourage you to **research and select** a provider that best fits your needs in terms of **performance, pricing, reliability, and regional availability**.

You may also:

* **Adapt an existing setup guide** by intuitively translating the steps to match your chosen provider’s interface.
* **Ask for advice or recommendations** in the **Constellation Network Official Discord** channel, where community members and team members can share their experience and guidance.

> The right provider is the one that aligns best with your technical comfort level and validator node requirements.

## Create SSH Keys <a href="#create-ssh-keys" id="create-ssh-keys"></a>

{% content-ref url="/pages/StWxkojAivRRSCSubSn6" %}
[Create SSH Keys](/run-a-node/references/ssh-remote-access/create-ssh-keys.md)
{% endcontent-ref %}

## Cloud Provider Specific

While this guide provides **generic, provider-agnostic steps** to help you build a VPS on **any cloud service**, it is designed so you can follow along using **intuitive actions** regardless of the platform.

However, if you prefer a more tailored experience, you may choose to **opt into service-specific guides** that have been prepared for popular providers. These offer more detailed, platform-specific instructions to streamline the setup process.

> Choose the path that best fits your comfort level and desired level of guidance.

{% content-ref url="/pages/NujRBVvmL2YhTQ8SLH0R" %}
[Build AWS EC2 Instance](/run-a-node/validator-node-guides/build-your-node/cloud-provider-specific/build-aws-ec2-instance.md)
{% endcontent-ref %}

{% content-ref url="/pages/zA1jD6wamXuDWREpjLfR" %}
[Build DigitalOcean Droplet](/run-a-node/validator-node-guides/build-your-node/cloud-provider-specific/build-digitalocean-droplet.md)
{% endcontent-ref %}

{% content-ref url="/pages/UKIECIQNHbDOAnnl2N0H" %}
[Build Hetzner Server](/run-a-node/validator-node-guides/build-your-node/cloud-provider-specific/build-hetzner-server.md)
{% endcontent-ref %}

## Create a Firewall

#### Create a Firewall (Security Group)

It's recommended to **create your firewall policy (also known as a Security Group)** **before** launching your VPS. Doing this upfront allows you to immediately **assign the correct firewall rules** when the VPS is created, ensuring proper and secure access from the start.

{% hint style="warning" %}

#### **IMPORTANT**&#x20;

Do **NOT** rely on software firewalls such as **UFW (Uncomplicated Firewall)** or **IP Tables** for securing your validator node.

Because your node will have **direct Internet access**, these tools are **not sufficient** as a primary IP packet security layer and can **interfere with the proper operation** of your node on the VPS.

Instead, always use your **cloud provider’s built-in firewall or security group features** to manage port access and protect your server at the network level.
{% endhint %}

{% hint style="danger" %}
If your **cloud provider of choice does not offer built-in firewall or security group features**, it is **strongly advised not to use that provider** for hosting your validator node.
{% endhint %}

#### **Firewall Mappings Chart**[**​**](https://docs-v1.constellationnetwork.io/validate/quick-start/vps-quickstart#firewall-mappings-chart)

{% content-ref url="/pages/PLsQV5fTUy0WQnf7wzZW" %}
[Firewall Settings Table](/run-a-node/references/firewall-settings-table.md)
{% endcontent-ref %}

## **Advanced Checklist: Manual Node Build Steps**

This checklist is intended for **advanced users** who are **not** following a pre-configured cloud provider guide.&#x20;

If you’re building your Validator node manually on a custom VPS or bare-metal environment, use this sequence to ensure a complete and secure setup.

These steps assumes familiarity with manual system setup, firewall management, and node operations. Be sure to follow official documentation closely when applying any configurations related to the Tessellation protocol or node lifecycle.

***

{% stepper %}
{% step %}

### Build Your VPS or Bare-Metal Server

* Refer to the [**Validator Specifications Documen**](/run-a-node/validator-node-guides/build-your-node/node-specifications.md#hardware-requirements)**t** to determine the appropriate system configuration.
* Choose a provider or hardware setup that meets or exceeds the minimum system requirements.
  {% endstep %}

{% step %}

### Apply Network Access Requirements

* **SSH Access**:
  * Generate a secure key pair.
  * Lock down your SSH configuration to allow access only from known IP addresses.
  * Disable root login.
* **Local Administration**:
  * Ensure you have non-root administrative access (e.g., a user in the `sudo` group).
    {% endstep %}

{% step %}

### Create and Apply Firewall Rules

Configure your VPS or provider-level firewall to:

* Allow only necessary inbound ports (e.g., SSH, Tessellation API ports).
* Restrict SSH to trusted IPs only.
* Deny all other traffic by default.
  {% endstep %}

{% step %}

### Build your Node

Turn your server into a **validator node** by performing the following:

* Install all **required dependencies**.
* Install the **Tessellation binaries** and any Constellation-specific tooling.
* Place and secure your **keystore**.
* Configure the **API endpoints** needed for Layer0 and/or Layer1 connectivity.
  {% endstep %}

{% step %}

### Collateralize

* Stake the required amount of $DAG tokens to activate your validator node.
* Follow official guidelines to complete the collateralization process.
  {% endstep %}

{% step %}

### Submit Your Node Information

* Join the **Constellation Network Official Discord**.
* Navigate to the appropriate validator channel and **submit your node profile details** to the team.
  {% endstep %}

{% step %}

### Dor Metagraph Specific

* Log in to your **Lattice dashboard**.
* Navigate to the **Dor** section.
* Link your nodid for tax rewards.
  {% endstep %}

{% step %}

### IntegrationNet Specific

* Log in to your **Lattice dashboard**.
* Navigate to the **IntegrationNet** section.
* Link your wallet for rewards.
  {% endstep %}
  {% endstepper %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.constellationnetwork.io/run-a-node/validator-node-guides/build-your-node/generic-build-a-vps-guide.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.