Deploying Tox Bootstrap Node

Introduction

Tox is a peer-to-peer instant messaging and video calling protocol that offers end-to-end encryption. Unlike centralized messaging services, Tox operates on a distributed network where users connect directly to each other. Bootstrap nodes serve as entry points to this network, helping new clients discover peers and join the Tox DHT (Distributed Hash Table).

Running your own Tox bootstrap node contributes to the network’s resilience and decentralization. While not required for personal use, bootstrap nodes help new users find the network and can be particularly valuable for organizations deploying Tox internally.

Key highlights of Tox Bootstrap Nodes:

Network Infrastructure: Help clients discover the Tox peer-to-peer network
DHT Participation: Contribute to the distributed hash table
Zero Message Storage: Bootstrap nodes never see or store messages
Minimal Resources: Low CPU and memory requirements
UDP/TCP Support: Handle both UDP and TCP fallback connections
MOTD Support: Optional message of the day for connecting clients
Public Key Identity: Cryptographic identity for network trust
No Maintenance: Once running, requires minimal attention
100% Open Source: Part of the Tox project under GPL-3.0

This guide walks through deploying a Tox bootstrap node on Klutch.sh using Docker to support the Tox network.

Why Deploy a Tox Bootstrap Node on Klutch.sh

Deploying a bootstrap node on Klutch.sh provides several advantages:

24/7 Availability: Your node remains online continuously, providing reliable network entry for Tox clients.

Stable IP Address: Klutch.sh provides consistent networking, unlike home connections with dynamic IPs.

Network Contribution: Support the privacy-focused Tox network’s decentralization goals.

GitHub Integration: Manage configuration through version control with automatic redeployments.

Minimal Resource Cost: Bootstrap nodes are lightweight, making them economical to run.

Prerequisites

Before deploying a Tox bootstrap node on Klutch.sh, ensure you have:

A Klutch.sh account
A GitHub account with a repository for your configuration
Basic familiarity with Docker and networking concepts

Understanding Tox Bootstrap Architecture

Tox bootstrap nodes serve specific network functions:

DHT Bootstrap: When a Tox client starts, it needs to find peers. Bootstrap nodes provide initial contacts in the distributed hash table.

Connection Relay: For clients behind restrictive NATs, nodes can relay TCP connections to help establish peer-to-peer links.

Public Key System: Each node has a unique cryptographic identity. Clients can verify they’re connecting to known nodes.

No Message Handling: Bootstrap nodes only facilitate connections. They never decrypt, store, or route actual messages.

Preparing Your Repository

Create a GitHub repository with your bootstrap node configuration.

Repository Structure

tox-bootstrap/
├── Dockerfile
├── tox-bootstrapd.conf
├── README.md
└── .dockerignore

Creating the Dockerfile

Create a Dockerfile in the root of your repository:

FROM debian:bookworm-slim

# Install dependencies and tox-bootstrapd
RUN apt-get update && \
    apt-get install -y --no-install-recommends \
        tox-bootstrapd \
        ca-certificates && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*

# Create directories
RUN mkdir -p /var/lib/tox-bootstrapd /var/run/tox-bootstrapd

# Copy configuration
COPY tox-bootstrapd.conf /etc/tox-bootstrapd.conf

# Set permissions
RUN chown -R tox-bootstrapd:tox-bootstrapd /var/lib/tox-bootstrapd /var/run/tox-bootstrapd

# Expose ports
EXPOSE 33445/udp
EXPOSE 3389/tcp

# Run as tox-bootstrapd user
USER tox-bootstrapd

# Start the bootstrap daemon
CMD ["tox-bootstrapd", "--config", "/etc/tox-bootstrapd.conf", "--foreground"]

Creating the Configuration File

Create a tox-bootstrapd.conf file:

// Tox Bootstrap Daemon Configuration

keys_file_path = "/var/lib/tox-bootstrapd/keys"
pid_file_path = "/var/run/tox-bootstrapd/tox-bootstrapd.pid"

port = 33445
tcp_relay_ports = [3389]

enable_tcp_relay = true
enable_ipv6 = false
enable_lan_discovery = false

enable_motd = true
motd = "Welcome to my Tox bootstrap node"

bootstrap_nodes = (
  {
    address = "tox.verdict.gg"
    port = 33445
    public_key = "1C5293AEF2114717547B39DA8EA6F1E331E5E358B35F9B6B5F19317911C5F976"
  },
  {
    address = "tox.initramfs.io"
    port = 33445
    public_key = "3F0A45A268367C1BEA652F258C85F4A66DA76BCAA667A49E770BCC4917AB6A25"
  }
)

Creating the .dockerignore File

Create a .dockerignore file:

.git
.github
*.md
LICENSE
.gitignore
*.log
.DS_Store

Deploying on Klutch.sh

Follow these steps to deploy your Tox bootstrap node:

Push Your Repository to GitHub

Initialize and push your repository:

git init
git add Dockerfile tox-bootstrapd.conf .dockerignore README.md
git commit -m "Initial Tox bootstrap node configuration"
git remote add origin https://github.com/yourusername/tox-bootstrap.git
git push -u origin main

Create a New Project on Klutch.sh

Navigate to the Klutch.sh dashboard and create a new project. Name it something like “tox-node” or “tox-bootstrap”.

Create a New App

Within your project, create a new app. Connect your GitHub account and select your Tox repository.

Configure UDP Traffic

Tox primarily uses UDP. In the deployment settings:

Set the port to 33445 for UDP
Additionally configure TCP port 3389 for relay connections

Attach Persistent Volumes

Add persistent storage for the node’s identity:

Mount Path	Recommended Size	Purpose
`/var/lib/tox-bootstrapd`	100 MB	Cryptographic keys and node identity

Deploy Your Application

Click Deploy to start the build process. Klutch.sh will:

Build your Docker image
Attach persistent volumes
Start the bootstrap daemon
Configure network access

Retrieve Your Node’s Public Key

After deployment, access the logs to find your node’s public key. This key is generated on first start and stored in the persistent volume.

Understanding Your Node

Public Key

Your node generates a unique public key on first start. This key:

Identifies your node on the network
Allows clients to verify they’re connecting to your node
Should be shared if you want others to use your node

How Clients Use Your Node

To use your bootstrap node, clients need:

Your server’s IP address or hostname
The port (33445)
Your node’s public key

Configuration Options

MOTD Customization

Personalize the message shown to connecting clients:

enable_motd = true
motd = "Privacy-focused Tox node - No logging, no tracking"

TCP Relay Ports

Configure additional TCP ports for firewalled clients:

tcp_relay_ports = [3389, 33445, 443]

Security Considerations

What Bootstrap Nodes Can See

Bootstrap nodes have limited visibility:

IP addresses of connecting clients
DHT queries and responses
No message content (end-to-end encrypted)
No user identities (only public keys)

What They Cannot Do

Decrypt or read messages
Identify who is talking to whom
Store conversation history
Block specific users

Troubleshooting Common Issues

Node Not Starting

Symptoms: Container exits immediately.

Solutions:

Check configuration syntax
Verify file permissions
Review startup logs for errors

No Peer Connections

Symptoms: Node runs but shows no peers.

Solutions:

Verify UDP port 33445 is accessible
Check bootstrap node list is current
Wait for DHT propagation

Additional Resources

Conclusion

Running a Tox bootstrap node on Klutch.sh is a meaningful contribution to the privacy-focused messaging network. While individual users don’t need their own nodes, each bootstrap node strengthens the network’s decentralization and helps new users join.

The lightweight nature of bootstrap nodes makes them economical to run, and the persistent identity means your node becomes a reliable part of the network over time. With minimal maintenance requirements after initial setup, you can contribute to Tox infrastructure while focusing on other projects.