{"id":45949984,"url":"https://github.com/fystack/fystack-selfhost-scripts","last_synced_at":"2026-02-28T12:16:05.923Z","repository":{"id":324567863,"uuid":"1032263699","full_name":"fystack/fystack-selfhost-scripts","owner":"fystack","description":"Self host crypto custody platform with one single command line","archived":false,"fork":false,"pushed_at":"2026-02-09T05:42:43.000Z","size":12463,"stargazers_count":15,"open_issues_count":0,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-02-09T11:34:45.898Z","etag":null,"topics":["crypto","custody","multichain"],"latest_commit_sha":null,"homepage":"https://fystack.io/blog/open-source-fystack-ignite-self-host-a-full-fledged-stablecoin-custody-platform-with-one-command-line","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fystack.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-08-05T04:12:10.000Z","updated_at":"2026-02-09T05:42:47.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/fystack/fystack-selfhost-scripts","commit_stats":null,"previous_names":["fystack/fystack-selfhost-scripts"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/fystack/fystack-selfhost-scripts","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fystack%2Ffystack-selfhost-scripts","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fystack%2Ffystack-selfhost-scripts/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fystack%2Ffystack-selfhost-scripts/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fystack%2Ffystack-selfhost-scripts/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fystack","download_url":"https://codeload.github.com/fystack/fystack-selfhost-scripts/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fystack%2Ffystack-selfhost-scripts/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29933338,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-28T09:58:13.507Z","status":"ssl_error","status_checked_at":"2026-02-28T09:57:57.047Z","response_time":90,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["crypto","custody","multichain"],"created_at":"2026-02-28T12:16:04.829Z","updated_at":"2026-02-28T12:16:05.883Z","avatar_url":"https://github.com/fystack.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Fystack Self-host Quick Start Guide\n\nWelcome to **Fystack**! This guide will help you get up and running quickly with our infrastructure, including:\n\n- **Apex**: The backend core API\n- **MPCIUM**: Self-hosted MPC nodes for secure signing and key management\n\n## Platform Support\n\n| Platform | Status |\n|----------|--------|\n| **Linux** | Fully supported |\n| **macOS** | Fully supported (requires Docker Desktop) |\n| **Windows** | Supported via WSL2 (see below) |\n\n---\n\n## Overview\n\n![Fystack Sandbox](images/fystack-sandbox.png)\n\n**Fystack** is a self-hosted custodial wallet platform built on **MPC (Multi-Party Computation)** so you can run secure threshold cryptography on hardware you control—no third-party custody required.\n\nWith Fystack you keep full ownership of:\n\n- **MPC nodes** that handle distributed keygen and signing\n- **Key material and policies** with no external dependencies\n- **Threshold signature security** that scales across on-prem and private cloud setups\n\nRun `./fystack-ignite.sh` to spin up the entire test stack in minutes. The quick start gives you hands-on access to Apex plus a local MPCIUM cluster so you can explore the architecture, build against real services, and validate the workflow before production.\n\n---\n\n## Components\n\n![Fystack Architecture](images/fystack-achitecture.png)\n\n### 1. Apex (Backend Core)\n\nThe API backend that handles:\n\n- Wallet and User management\n- Key orchestration and policy enforcement\n- Audit logging\n- API Keys\n- Transaction indexing\n\n### 2. MPCIUM (MPC Nodes)\n\nEach node runs part of the threshold signing/keygen logic (based on Binance's `tss-lib`) and communicates securely with Apex and otherpeers.\n\n### 3. Multichain Indexer\n\nIndexes the latest blocks from the blockchain in real-time, keeping track of on-chain transactions and events relevant to your wallets.\n\n### 4. Rescanner\n\nReindexes block gaps to ensure complete blockchain data coverage, filling in any missing blocks or transactions that may have been skipped during initial indexing.\n\n---\n\n## Prerequisites\n\n- Docker and Docker Compose installed\n- Bash shell\n- Internet connection\n- Recommended system: 4 vCPU, 4 GB RAM\n\n### Windows (WSL2)\n\n\u003e **Non-Windows users can skip this section.**\n\nWindows users must run the scripts inside **WSL2** (Windows Subsystem for Linux). Docker Desktop for Windows already uses WSL2 under the hood, so this is the natural fit.\n\n**1. Install WSL2** (if you haven't already)\n\nOpen PowerShell as Administrator and run:\n\n```powershell\nwsl --install\n```\n\nThis installs WSL2 with Ubuntu by default. Restart your machine when prompted.\n\n**2. Install Docker Desktop for Windows**\n\nDownload and install [Docker Desktop](https://www.docker.com/products/docker-desktop/). During setup, ensure **\"Use the WSL 2 based engine\"** is checked (it's the default).\n\nAfter installation, go to Docker Desktop **Settings \u003e Resources \u003e WSL Integration** and enable integration for your WSL2 distro (e.g., Ubuntu).\n\n**3. Install `jq` inside WSL2**\n\nOpen your WSL2 terminal (Ubuntu) and run:\n\n```bash\nsudo apt update \u0026\u0026 sudo apt install -y jq\n```\n\n**4. Open a WSL2 terminal**\n\nAll subsequent commands must be run from within a WSL2 terminal, not from PowerShell or CMD. The `docker` command inside WSL2 talks to Docker Desktop automatically.\n\n```bash\nwsl\n```\n\n## Quick Start Steps\n\n\u003e **📺 Video Tutorial:** Watch the complete setup walkthrough on YouTube:\n\u003e\n\u003e [![Fystack Setup Tutorial](https://img.shields.io/badge/YouTube-Watch%20Tutorial-FF0000?style=for-the-badge\u0026logo=youtube\u0026logoColor=white)](https://www.youtube.com/watch?v=AjY9t7orbs4)\n\n### 1. Clone the Repository\n\n```bash\ngit clone git@github.com:fystack/fystack-selfhost-scripts.git\ncd fystack-selfhost-scripts\n```\n\n### 2. Docker Login\n\nFirst, authenticate with the Fystack Labs Docker registry:\n\n```bash\ndocker login -u fystacklabs\n```\n\nWhen prompted, enter your password.\n\n\u003e **Need the Docker password?** Join the Fystack Telegram community to get access:\n\u003e\n\u003e [![Telegram](https://img.shields.io/badge/Telegram-Join%20Community-2CA5E0?style=for-the-badge\u0026logo=telegram\u0026logoColor=white)](https://t.me/+9AtC0z8sS79iZjFl)\n\n### 3. Copy config files from the template\n\n```\ncp ./dev/config.yaml.template ./dev/config.yaml\ncp ./dev/config.rescanner.yaml.template ./dev/config.rescanner.yaml\ncp ./dev/config.indexer.yaml.template ./dev/config.indexer.yaml\n```\n\n\u003e **Important:** You don't need to update all configuration values. The only mandatory configuration is the **CoinMarketCap API key**. Visit https://pro.coinmarketcap.com/login/ to create a CoinMarketCap API key, then add it to `config.yaml` under the `price_providers` configuration.\n\n### 4. Make Start Script Executable\n\nChange to the root directory, make the start script executable.\nMake sure you are at the root folder of the project\n\n```bash\nchmod +x ./fystack-ignite.sh\n```\n\n### 5. Start the Fystack Cluster\n\nRun the complete setup and startup script at the root folder of the project.\n\n```bash\n./fystack-ignite.sh\n```\n\nThis script will automatically:\n\n- Generate MPCIUM node configurations\n- Start all Docker Compose services\n- Extract encryption keys\n- Configure and restart the Apex service\n\nServices started include:\n\n- **NATS messaging server** (port 4223)\n- **Consul service discovery** (port 8501)\n- **PostgreSQL database** (port 5433)\n- **Redis** (port 6380)\n- **MongoDB** (port 27018)\n- **Apex API** (port 8150)\n- **3 MPC nodes** (node0, node1, node2)\n- **Automatic peer registration**\n\n### 6. Visit the Fystack Portal\n\nOnce all services are running, you can access the Fystack portal at [http://localhost:8015](http://localhost:8015)\n\n![Fystack Portal](images/fystack-portal.png)\n\n### 7. Verify the Setup\n\nCheck that all services are running:\n\n```bash\ndocker compose -f ./dev/docker-compose.yaml ps\n```\n\nYou should see all services in the \"Up\" state.\n\n### 8. View Logs (Optional)\n\nMonitor the cluster logs:\n\n```bash\n# View all service logs\ndocker compose -f ./dev/docker-compose.yaml logs -f\n\n# View logs from a specific node\ndocker compose -f ./dev/docker-compose.yaml logs -f mpcium-node0\n```\n\n## What's Running\n\nYour Fystack cluster includes:\n\n\u003e **Note:** PostgreSQL, Redis, MongoDB, NATS, and Consul ports have been increased by 1 to avoid conflicts with your development environment. All ports are bound to 127.0.0.1 (localhost) for security.\n\n| Service                  | Purpose                                      | Port  |\n| ------------------------ | -------------------------------------------- | ----- |\n| **NATS Server**          | Messaging layer for node communication       | 4223  |\n| **Consul**               | Service discovery and health checks          | 8501  |\n| **PostgreSQL**           | Database for custody operations              | 5433  |\n| **Redis**                | In-memory data store                         | 6380  |\n| **MongoDB**              | Document database                            | 27018 |\n| **Apex API**             | Main API service                             | 8150  |\n| **Migrate**              | Database migration service                   | -     |\n| **Rescanner**            | Reindexes block gaps for complete data       | -     |\n| **Multichain Indexer**   | Indexes blockchain transactions in real-time | -     |\n| **Fystack UI Community** | Community web interface for Fystack          | 8015  |\n| **MPC Node 0**           | First MPC node                               | 8080  |\n| **MPC Node 1**           | Second MPC node                              | 8081  |\n| **MPC Node 2**           | Third MPC node                               | 8082  |\n| **MPCIUM Init**          | Peer registration service                    | -     |\n\n## E2E Testing\n\nOnce your Fystack cluster is running, you can test the wallet creation flow using the provided end-to-end test script.\n\n### 1. Make Test Script Executable\n\nMake the E2E test script executable:\n\n```bash\nchmod +x ./e2e/create-wallet.sh\n```\n\n### 2. Run the E2E Test\n\nExecute the wallet creation test:\n\n```bash\n./e2e/create-wallet.sh\n```\n\nThis script will:\n\n- Register a test user\n- Sign in and create a workspace\n- Start a session\n- Create an MPC wallet\n\n### 3. Check Apex API Logs\n\nMonitor the Apex API logs to verify successful wallet creation:\n\n```bash\ndocker compose -f ./dev/docker-compose.yaml logs -f apex\n```\n\n**Expected successful output:**\n\n```\n3:15AM INF Enqueueing message\n3:15AM INF Message published message len=407 topic=auditlog.event.dispatch\n3:15AM INF Received message meta={\"Consumer\":\"event\",\"Domain\":\"\",\"NumDelivered\":1,\"NumPending\":0,\"Sequence\":{\"consumer_seq\":2,\"stream_seq\":2},\"Stream\":\"auditlog\",\"Timestamp\":\"2025-08-06T03:15:55.887251886Z\"}\n3:15AM INF Message Acknowledged meta={\"Consumer\":\"event\",\"Domain\":\"\",\"NumDelivered\":1,\"NumPending\":0,\"Sequence\":{\"consumer_seq\":2,\"stream_seq\":2},\"Stream\":\"auditlog\",\"Timestamp\":\"2025-08-06T03:15:55.887251886Z\"}\n3:15AM INF Received message meta={\"Consumer\":\"mpc_keygen_result\",\"Domain\":\"\",\"NumDelivered\":1,\"NumPending\":0,\"Sequence\":{\"consumer_seq\":1,\"stream_seq\":1},\"Stream\":\"mpc\",\"Timestamp\":\"2025-08-06T03:15:59.081703423Z\"}\n3:15AM INF Process MPC generation successfully walletID=a8f47f60-540d-4d23-8743-6fd8b5abe5ce\n3:15AM INF Message Acknowledged meta={\"Consumer\":\"mpc_keygen_result\",\"Domain\":\"\",\"NumDelivered\":1,\"NumPending\":0,\"Sequence\":{\"consumer_seq\":1,\"stream_seq\":1},\"Stream\":\"mpc\",\"Timestamp\":\"2025-08-06T03:15:59.081703423Z\"}\n```\n\n### 4. Check MPC Node Logs\n\nVerify the MPC key generation process on any node (e.g., node0):\n\n```bash\ndocker compose -f ./dev/docker-compose.yaml logs -f mpcium-node0\n```\n\n**Expected successful output:**\n\n```\n2025-08-06 03:15:55.000 INF Initializing session with partyID: {1,keygen}, peerIDs [{0,keygen} {1,keygen} {2,keygen}]\n2025-08-06 03:15:55.000 INF [INITIALIZED] Initialized session successfully partyID: {1,keygen}, peerIDs [{0,keygen} {1,keygen} {2,keygen}], walletID a8f47f60-540d-4d23-8743-6fd8b5abe5ce, threshold = 2\n2025-08-06 03:15:55.000 INF Initializing session with partyID: {1,keygen}, peerIDs [{0,keygen} {1,keygen} {2,keygen}]\n2025-08-06 03:15:55.000 INF [INITIALIZED] Initialized session successfully partyID: {1,keygen}, peerIDs [{0,keygen} {1,keygen} {2,keygen}], walletID a8f47f60-540d-4d23-8743-6fd8b5abe5ce, threshold = 2\n2025-08-06 03:15:56.000 INF Starting to generate key ECDSA walletID=a8f47f60-540d-4d23-8743-6fd8b5abe5ce\n2025-08-06 03:15:56.000 INF Starting to generate key EDDSA walletID=a8f47f60-540d-4d23-8743-6fd8b5abe5ce\n2025-08-06 03:15:59.000 INF Publishing message consumerName=mpc_keygen_result topic=mpc.mpc_keygen_result.a8f47f60-540d-4d23-8743-6fd8b5abe5ce\n2025-08-06 03:15:59.000 INF [COMPLETED KEY GEN] Key generation completed successfully walletID=a8f47f60-540d-4d23-8743-6fd8b5abe5ce\n```\n\nThe successful completion of these logs indicates that your MPC wallet has been created and the key generation process completed across all nodes.\n\n## Deploying on a VPS / Reverse Proxy\n\nBy default, the Fystack UI connects to the Apex API at `http://localhost:8150`. If you're deploying on a VPS (e.g., Linode, DigitalOcean) behind a reverse proxy, you need to set the `API_BASE_URL` environment variable so the UI can reach the API.\n\n**Option 1: Export the variable before running the script**\n\n```bash\nexport API_BASE_URL=https://api.yourdomain.com\n./fystack-ignite.sh\n```\n\n**Option 2: Create a `.env` file in the `dev/` directory**\n\n```bash\necho \"API_BASE_URL=https://api.yourdomain.com\" \u003e dev/.env\n./fystack-ignite.sh\n```\n\nReplace `https://api.yourdomain.com` with the public URL where your Apex API is accessible through your reverse proxy.\n\n### Changing the API URL later\n\nTo update the `API_BASE_URL` after the initial setup (e.g., switching domains):\n\n```bash\nexport API_BASE_URL=https://new-domain.com\ndocker compose -f ./dev/docker-compose.yaml up -d --force-recreate fystack-ui-community\n```\n\nThis recreates the UI container with the new URL. No other services are affected.\n\n## Update version\n\nTo update version of a component (New docker image version)\n\n```\ncd dev\ndocker compose pull apex\ndocker compose up -d --no-deps --force-recreate apex\n```\n\n---\n\n## ⚠️ Important Notice\n\n\u003e **WARNING: This setup is for testing environments only.**\n\u003e\n\u003e For **manual deployment, Docker Compose, or Kubernetes deployment** for **maximum security**, please contact the **Fystack team** to get support and guidance on enterprise-grade deployment configurations.\n\u003e\n\u003e [![Telegram](https://img.shields.io/badge/Telegram-Contact%20Fystack%20Team-2CA5E0?style=for-the-badge\u0026logo=telegram\u0026logoColor=white)](https://t.me/+IsRhPyWuOFxmNmM9)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffystack%2Ffystack-selfhost-scripts","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffystack%2Ffystack-selfhost-scripts","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffystack%2Ffystack-selfhost-scripts/lists"}