Skip to content
/ raiden-service-bundle Public
forked from raiden-network/raiden-service-bundle

Configuration and instructions for running a Matrix Raiden transport server

0 stars 15 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ulope/raiden-service-bundle

BranchesTags
 
 

Repository files navigation

Raiden Transport

What is this repository

This repository contains the documentation and configuration necessary to run a Raiden Transport Matrix server.

Current release: 2018.8.1

Table of Contents

Overview

The Raiden Network uses a federation of Matrix servers as it's transport layer. To ensure reliability, availability and neutrality it is desirable that those servers are being operated by multiple independent entities.

Therefore we provide this repository which allows easy setup of such a transport server. It uses docker and docker-compose for easy installation and upgrades.

Currently only this single-server configuration is supported, in the future we may also provide configurations with services split among multiple servers.

Used software

  • docker
  • docker-compose
  • Synapse
  • Postgres
  • Traefik

Structure

+-------------------+
|                   |
|   Raiden clients  |
|                   |
+---------+---------+
          |
==========|==========
          |
+---------v---------+
|                   |
|      Traefik      |  
|                   |
+---------+---------+
          |
+---------v---------+
|                   |
|      Synapse      <-----> Federation to other
|                   |       Raiden Matrix servers
+---------+---------+
          |
+---------v---------+
|                   |
|     Postgres      |
|                   |
+-------------------+

We use Traefik as a reverse proxy and also utilize it's capability of automatically provisiong Let's Encrypt TLS certificates.

The Synapse server is being run in the so-called split worker configuration which increases throughput.

The database stores the message data. Since the transport layer is considered ephemeral in Raiden it is not necessary to arrange for backups of the database data.

Network

After a successful deployment the following ports will be in use:

  • 80 - HTTP
    • Redirects to HTTPS
    • Let's Encrypt HTTP challenge for certificate provisioning
  • 443 - HTTPS
    • Synapse web and API client access
    • Metrics export (IP restricted, see below)
  • 8448 - HTTPS
    • Synapse Server-to-Server federation

Requirements

Hardware

Minumum recommended for a production setup:

  • 16 GiB Ram
  • 8 Cores
  • 50 GiB SSD

Software

  • Docker >= 17.06
  • docker-compose >= 1.16.0

Other

  • A domain (or subdomain) for exclusive use by this server

Installation

Preparation

  1. Provision a server that meets the hardware and software requirements listed above.

  2. Ensure a domain (or subdomain) is available

    Examples:

    • raidentransport.somecompany.tld
    • raidentransport-somecompany.tld
    • somecompany-raidentransport.tld

  3. Configure A (and optionally AAAA) DNS records for the domain pointing to the servers IP address(es)

  4. Configure a CNAME DNS record for *.<domain> pointing back to <domain>

Installing

  1. Clone the current release version of this repository to a suitable location on the server:

    git clone -b 2018.8.1 https://github.com/raiden-network/raiden-transport.git

  2. Copy .env.template to .env and modify the values to fit your setup (see inline comments for details)

    • We would appreciate it if you allow us access to the monitoring interfaces (to do that uncomment the default values of the CIDR_ALLOW_METRICS and CIDR_ALLOW_PROXY settings).
    • We also recommend that you provide your own monitoring. The setup of which is currently out of scope of this document.

  3. Run docker-compose build to build the containers

  4. Run docker-compose up -d to start all services

    • The services are configured to automatically restart in case of a crash or reboot

  5. Add a cron job to regularly (i.e. once a day) restart the synapse service in order to pick up new whitelisted federation peers

    • This will be better automated in future releases
    • Recommended cron job command: 
      docker-compose -f <path-to-compose-file> restart synapse

  6. Verify the service is up by opening the domain in a browser. You should see the synapse login screen.

Submit

  1. Create an issue and submit the domain / URL of the newly deployed server for inclusion in the list of known servers.

Upgrades

To upgrade to a new release please check the changelog for any necessary configuration changes and then run the following commands:

git fetch origin --tags
git reset --hard <new-release-tag>
docker-compose build
docker-compose up -d

Known issues

Protection against Spam / (D)DoS attacks

There is currently only some protection against Spam and / or DDoS attacks. This will be addressed in future updates.

Known servers

The known servers the Raiden clients try to connect to are currently tracked in a file in this repository and also shipped as a hard-coded list with the Raiden client. We intend to change this in the future to use a decentralized scheme (for example an on-chain registry).

Contact / Troubleshooting

To report issues or request help with the setup please open an issue or contact us via email at [email protected].

Changelog

  • 2018-08-09 - 2018.8.1 - Initial public release
  • 2018-08-02 - 2018.8.0 - Initial version

About

Configuration and instructions for running a Matrix Raiden transport server

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

19 tags

Packages

No packages published

Languages

  • Python 72.7%
  • Dockerfile 22.0%
  • Shell 5.3%