Help with running second Storj node on the same server (LXC) – port forwarding and config doubts

cirobrandao · July 8, 2025, 1:51pm

Hi everyone,

I’m currently running two Storj nodes on the same physical server, each inside a separate LXC container, both sharing the same public IP.

My first node is working fine, but I’m having issues with the second node, especially regarding QUIC misconfigured errors, and I’m not sure if my docker run parameters are correct.

I’m trying to run the second node with this configuration:

docker run -d --restart unless-stopped \
  -p 28972:28967/tcp \
  -p 28972:28967/udp \
  -p 14002:14002/tcp \
  -e WALLET="0x<wallet_address>" \
  -e EMAIL="example@example.com" \
  -e ADDRESS="mydomain.ddns.net:28972" \
  -e STORAGE="4TB" \
  --user $(id -u):$(id -g) \
  --mount type=bind,source=$HOME/.local/share/storj/identity/storagenode,destination=/app/identity \
  --mount type=bind,source=/mnt/storj/data/storage,destination=/app/config \
  --name storagenode \
  storjlabs/storagenode:latest

But I’ve seen some people using this version instead:

docker run -d --restart unless-stopped \
  -p 28972:28972/tcp \
  -p 28972:28972/udp \
  -p 14002:14002/tcp \
  -e WALLET="0x<wallet_address>" \
  -e EMAIL="example@example.com" \
  -e ADDRESS="mydomain.ddns.net:28972" \
  -e STORAGE="4TB" \
  --user $(id -u):$(id -g) \
  --mount type=bind,source=$HOME/.local/share/storj/identity/storagenode,destination=/app/identity \
  --mount type=bind,source=/mnt/storj/data/storage,destination=/app/config \
  --name storagenode \
  storjlabs/storagenode:latest

I’m confused about what’s the correct way to map the ports when running multiple nodes on the same public IP. Is it safe to expose different external ports (e.g., 28971, 28972, etc.) and still map them internally to 28967, or should the internal and external ports match (e.g., 28972:28972)?

Also, since QUIC uses UDP, should I explicitly open the chosen UDP port (e.g., 28972) in the firewall and forward it individually for each node?

Any help clarifying this would be greatly appreciated.

Thanks in advance!

LrrrAc · July 8, 2025, 3:12pm

I map the same internal port 28967 to different external ports. No issues, but I guess safe is a different question.

EasyRhino · July 8, 2025, 4:39pm

for me it’s docker containers, but as far as each container is concerned the port is unchanged. mapped externally it’s just 28972, 28973, 28974, etc.

arrogantrabbit · July 8, 2025, 6:45pm

You can ignore misconfigured quic:

You can attempt to fix misconfigured quic:

I have also recently noticed that it’s more stable if the port number remains the same throughout the forwards and bindings. I.e. if you decide to use port 28893, then port-forward it to 28893, and tell docker to port forward it to 28893, and tell node to listen at 28893.

Alexey · July 9, 2025, 4:38am

Hello @cirobrandao,
Welcome to the forum!

This will not work:

without changing also an internal port with this option after the image name:

--server.address=:28972

So, usually you shouldn’t change the internal port unless you use a host network instead of NAT (which is the default network for the containers).

Yes, you need to forward the UDP 28972 port and allow UDP 28972 in the firewall, if they do not allow to use a combined TCP+UDP option for the packets type.