Voodoo RoboticsDeveloper Portal

Big Block Server Setup

Step-by-step guide for setting up a self-hosted Big Block Server.

Overview

So you've been given the task of setting up a Voodoo Robotics Big Block Server. This guide walks you through the process — from provisioning the machine to final configuration. Voodoo Robotics handles the actual software installation once your server is ready.

TLDR Summary

  1. Create a (virtual) machine: 4 CPUs, 16GB RAM, 24GB SSD/NVMe storage
  2. Install RedHat 9 (requires Enterprise Subscription) or Ubuntu Server 24.04 (enable SSH)
  3. Configure firewall: Allow all outbound; inbound on ports 22, 80, 443
  4. Limit port 22 access to specific IP addresses for security
  5. Email the machine's IP address or hostname to [email protected]

Choose Your Hosting Environment

We recommend deploying Big Block Server on a cloud instance, particularly AWS or Azure, for ease of scalability, maintenance, and backups. While the software functions equally well on standalone hardware, cloud instances provide significant benefits in flexibility and reliability.

Contact us at [email protected] for guidance on optimal instance sizing and backup strategies.

Recommended Specifications

  • CPUs: 4 cores
  • RAM: 16 GB
  • Storage: 24 GB (SSD or NVMe preferred)
  • OS: Ubuntu Server 24.04 or RedHat 9

These are starting recommendations. After several months of usage, many customers adjust resources (CPU, RAM, storage) based on actual performance data and workload.

Operating System Installation

Big Block Server supports both Ubuntu and RedHat operating systems:

Ubuntu Server 24.04

Recommended for most deployments. Provides automatic security updates for up to 10 years (until 2034).

Note: Enable SSH during installation

RedHat 9

Requires an active Enterprise Subscription for installing necessary epel-release packages.

Note: Ensure registration is active before installation

Note

Some customers prefer Ubuntu Desktop over Server, but it has a larger footprint and requires more frequent security updates due to the desktop environment.

Domain Name & DNS

A domain name is essential for SSL certificates, as certificates require an associated IP address. If you don't assign a name to your server, we'll provide one via our Domain Name Server in the format:

bblock-customername.voodoorobotics.com

Firewall Configuration

Proper firewall configuration is critical for both security and functionality. The server needs to make outbound connections and accept inbound connections on specific ports.

Required Ports

PortServicePurpose
22SSHInitial setup and troubleshooting
80HTTPSSL certificate verification (Let's Encrypt)
443HTTPSSecure API and web interface access

Ubuntu (UFW)

For Ubuntu installations, we configure the firewall using UFW:

ufw default allow outgoing
ufw default deny incoming
ufw allow ssh
ufw allow http
ufw allow https
ufw enable

RedHat (firewalld)

For RedHat installations, we configure the firewall using firewalld:

firewall-cmd --permanent --add-service=ssh
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --set-default-zone=drop
firewall-cmd --reload

SSH Access Security

We strongly recommend limiting SSH access (port 22) to specific IP addresses after initial setup. Many customers restrict inbound access to only ports 80 and 443, leaving port 22 accessible only from trusted IPs.

SSL Certificates

For secure HTTPS communication, Big Block requires an SSL certificate. We use Let's Encrypt to automatically acquire and renew certificates.

Automatic Certificate Acquisition

During installation, we run certbot to acquire SSL certificates:

certbot -n -d $MACHINE_NAME

This command temporarily requires inbound port 80 for domain verification because Let's Encrypt must verify domain ownership through a standard HTTP request. After successful verification and certificate installation, all requests to port 80 are automatically redirected to the secure HTTPS port (443).

Non-Public Server Options

For environments requiring non-public-facing servers, SSL-secured communication still requires digital certificates. If you're unable or unwilling to use Let's Encrypt directly, you have several options:

  • Provide your own certificate files (fullchain.pem, chain.pem, cert.pem, and privkey.pem)
  • Provide a URL for your own ACME-compatible certificate server
  • Use a self-signed certificate (not recommended for production)
  • Forgo encryption entirely (highly discouraged)

Public IP Recommended

Without a public IP address and domain name, automatic SSL certificate acquisition is not possible. This means communications must use unencrypted HTTP rather than HTTPS, which is not recommended for production deployments.

Installation Process

Once your server is ready and you've provided us with the IP address or hostname, Voodoo Robotics handles the software installation.

What We Do

  1. SSH Access & Security

    We SSH into your server and immediately reset the password to a secure, unique one. If you'd like us to use a specific password, securely provide it via email to [email protected].

  2. Jenkins Configuration

    We configure your server as a Jenkins client for software distribution and updates.

  3. Installation Script

    Using Jenkins, we execute our installation script to build and configure the server. This includes updating /etc/hosts with the machine name:

    echo "127.0.0.10 ${MACHINE_NAME}" >> /etc/hosts
  4. Future Updates

    Future software updates can be performed via Jenkins with your involvement as needed.

Note

Typically, ongoing SSH access post-installation isn't required, though occasional access may be necessary for troubleshooting. We recommend keeping port 22 accessible (from trusted IPs) until the configuration is verified stable.

Automatic Security Updates

Both supported operating systems provide automatic security updates:

  • Ubuntu Server 24.04 LTS: Automatic security updates for up to 10 years (until 2034), provided the server can make outbound internet requests
  • RedHat 9: Security updates available through active Enterprise Subscription

Setup Checklist

Use this checklist to ensure you're ready for installation:

  • Virtual or physical machine provisioned (4 CPUs, 16GB RAM, 24GB storage)
  • Ubuntu Server 24.04 or RedHat 9 installed
  • SSH enabled and accessible
  • Firewall configured (ports 22, 80, 443 open for inbound; all outbound allowed)
  • Port 22 access limited to trusted IP addresses (recommended)
  • Domain name assigned or ready to use Voodoo-provided name
  • IP address or hostname emailed to [email protected]

After Installation

Upon completing the setup, you'll receive an account setup email containing:

  • Your Big Block server URL
  • Login credentials
  • Next steps for configuration
  • API authentication information

Resource Optimization

After several months of usage, many customers adjust their server resources (CPU, RAM, and storage) based on actual performance data. Monitor your usage patterns and scale accordingly.

Access Restrictions

Many customers further restrict inbound access after initial setup and validation:

  • Limit SSH (port 22) to specific IP addresses only
  • Keep ports 80 and 443 open primarily for automatic SSL renewals and API access
  • Consider VPN access for administrative tasks

Getting Help

If you have questions or need assistance at any point in the setup process, contact us:

Voodoo Robotics Support

Email: [email protected]

Include your server's IP address or hostname in your message for faster assistance.

Related Pages

Server & Deployment

Compare hosted vs self-hosted options

Devices & Networking

Turbo placement and network configuration

Authentication

API security and authentication

Getting Started

Overview of the Voodoo Robotics system