├── .gitattributes ├── CONNECT.md ├── IPFS_SERVICE.md ├── README.md └── WEBUI.md /.gitattributes: -------------------------------------------------------------------------------- 1 | *.md linguist-language=Markdown 2 | -------------------------------------------------------------------------------- /CONNECT.md: -------------------------------------------------------------------------------- 1 | 2 | # Connecting to your IPFS boot node 3 | 4 | The following steps will allow you to connect to an IPFS bootstrap node. 5 | This document assumes you have access to an IPFS boot node setup on AWS or on a local network. 6 | 7 | Before you connect, you will need a few things: 8 | 9 | 1. IP address of the boot node, ```$BOOTNODE_IP```. 10 | 2. IPFS peer id of boot node, ```$BOOTNODE_ID```. 11 | 3. The swarm key stored at ```$IPFS_PATH/swarm.key```. 12 | 13 | Ask your SysAdmin for the above information. They will be able to supply the boot node's peer address, 14 | which includes both ```$BOOTNODE_IP``` and ```$BOOTNODE_ID```. 15 | 16 | A peer address looks like: 17 | 18 | > /ip4/172.33.22.55/tcp/4001/ipfs/QmS4ustL54uo8FzR9455qaxZwuMiUhyvMcX9Ba8nUH4uVv 19 | 20 | For the following steps, we will assume the boot node is located at the above peer address. 21 | 22 | ---- 23 | ## 1. Setup IPFS 24 | 25 | Follow the setup instructions found in this repository at ```README.md```. 26 | 27 | Once IPFS is installed, run: 28 | 29 | ```ipfs init``` 30 | ```ipfs bootstrap rm --all``` 31 | 32 | The above commands will initialize your IPFS directory found at ```$IPFS_PATH```. 33 | The default ```$IPFS_PATH``` on Mac/Linux is ```~/.ipfs```. 34 | 35 | Ensure you have removed the default bootstrap nodes with: 36 | 37 | ```ipfs bootstrap list``` 38 | 39 | Nothing should appear. 40 | 41 | ---- 42 | ## 2. Supply the swarm key 43 | 44 | This step requires you have been given the secret file, ```swarm.key```. 45 | 46 | The contents of ```~/.ipfs``` should look like: 47 | 48 | api config datastore_spec version 49 | blocks datastore keystore 50 | 51 | If not, then IPFS is not initialized or has been initialized somewhere else. Check where ```ipfs init``` put these files. 52 | 53 | Find the file, ```swarm.key```. Now, 54 | 55 | ```mv ./swarm.key ~/.ipfs/swarm.key``` 56 | ```chmod 400 ~/.ipfs/swarm.key``` 57 | 58 | Now the contents of ```~/.ipfs``` should look like: 59 | 60 | api config datastore_spec version 61 | blocks datastore keystore swarm.key 62 | 63 | Ensure the swarm key is properly installed. 64 | Run ```ipfs daemon```. You should see this message near the top: 65 | 66 | > Swarm is limited to private network of peers with the swarm key 67 | Swarm key fingerprint: xxxxxxxxxxxxxxxx 68 | 69 | ---- 70 | ## 3. Add the boot node address to your bootstrap list 71 | 72 | This is the final step. First, check the peers you are connected to with ```ipfs swarm peers```. 73 | You should have no peers at this point since you have an empty bootstrap list. 74 | View your bootstrap list with ```ipfs bootstrap list```. 75 | 76 | It should be empty. To add the boot node to your bootstrap list, run the following command with the peer address 77 | provided to you. 78 | 79 | ```ipfs bootstrap add /ip4/172.33.22.55/tcp/4001/ipfs/QmS4ustL54uo8FzR9455qaxZwuMiUhyvMcX9Ba8nUH4uVv``` 80 | 81 | Check your bootstrap list again. The given peer address should appear. 82 | 83 | Now your node should connect to the boot node on start-up. To connect now, run: 84 | 85 | ```ipfs connect /ip4/172.33.22.55/tcp/4001/ipfs/QmS4ustL54uo8FzR9455qaxZwuMiUhyvMcX9Ba8nUH4uVv``` 86 | 87 | Now check your connected peers again with ```ipfs swarm peers```. You should see the bootstrap node listed as a peer. 88 | 89 | If so then everything went right. Otherwise there is a problem. Potential problems include but are not limited to: 90 | 91 | 1. ```swarm.key``` mis-located or mismatched. 92 | 2. Peer IP address or peer ID wrong. 93 | 3. Port 4001 not open. 94 | 95 | 96 | ---- 97 | ## Usage 98 | 99 | Usage is congruent to the default usage of ipfs. Check out the documentation [here](https://ipfs.io/docs/). 100 | 101 | 102 | -------------------------------------------------------------------------------- /IPFS_SERVICE.md: -------------------------------------------------------------------------------- 1 | # Set up IPFS daemon as a system service. 2 | 3 | In order to have the IPFS daemon run on boot you will need to create a ```systemd``` service. 4 | 5 | This is quite simple but fairly picky. First you will create a new file called ```ipfs.service```. 6 | 7 | ---- 8 | This file should contain: 9 | 10 | [Unit] 11 | Description=IPFS daemon 12 | After=network.target 13 | 14 | [Service] 15 | ExecStart=/usr/local/bin/ipfs daemon 16 | Restart=on-failure 17 | User= 18 | 19 | [Install] 20 | WantedBy=default.target 21 | 22 | Now save this file as: 23 | 24 | ```/etc/systemd/system/ipfs.service``` 25 | 26 | ---- 27 | Now ```systemctl``` will be able to find your IPFS service. 28 | 29 | Make sure the daemon is stopped, the path in ```ExecStart``` points to your IPFS executable, and ```User``` is set. 30 | 31 | Test your new system service is properly configured with: 32 | 33 | ```sudo systemctl start ipfs.service``` 34 | ```ipfs id``` 35 | 36 | If the second command returns your peer info, then the service is properly configured. Enable it on boot with: 37 | 38 | ```sudo systemctl enable ipfs.service``` 39 | 40 | > Created symlink from /etc/systemd/system/default.target.wants/ipfs.service to /etc/systemd/system/ipfs.service. 41 | 42 | This will notify you that a symlink has been created, which means success! 43 | 44 | This document assumes you are running a Debian system. Check your operating system's ```systemd``` documentation if 45 | you run into trouble. 46 | 47 | ---- 48 | ## When Running into Same-Origin Policy Issues 49 | 50 | When using the IPFS API, you will almost certainly run into "Cross-Origin Request Rejected" and XHR errors. 51 | To mitigate this, run the following commands on the machine running the IPFS daemon: 52 | 53 | ```ipfs config --json API.HTTPHeaders.Access-Control-Allow-Origin '["example.com"]'``` 54 | ```ipfs config --json API.HTTPHeaders.Access-Control-Allow-Methods '["GET", "POST"]'``` 55 | ```ipfs config --json API.HTTPHeaders.Access-Control-Allow-Credentials '["true"]'``` 56 | 57 | And if you want to use the API from somewhere other than the machine running the IPFS daemon: 58 | 59 | ```ipfs config Addresses.API "/ip4/0.0.0.0/tcp/5001"``` 60 | 61 | Ensure your firewall rules are acceptable to you for this one. 62 | 63 | 64 | 65 | 66 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # IPFS Private Swarm 2 | 3 | ---- 4 | ## 0. Requirements 5 | 6 | * [golang-go](https://golang.org/doc/) 7 | * [go-ipfs](https://github.com/ipfs/go-ipfs) 8 | * [go-ipfs-swarm-key-gen](https://github.com/Kubuxu/go-ipfs-swarm-key-gen) 9 | 10 | 11 | *Docker is useful for deploying test networks.* 12 | 13 | ---- 14 | ## 1. Setup 15 | 16 | 1. Download latest release [go-ipfs](https://dist.ipfs.io/#go-ipfs) binary and untar it. 17 | 18 | 2. Now copy ```go-ipfs/ipfs``` to ```/usr/local/bin/ipfs``` or somewhere $PATH points to. 19 | 20 | 3. Test ipfs is working with ```ipfs help``` 21 | 22 | 4. Run ```ipfs init```, this will set up a node with the default ```IPFS_PATH=/home/$USER/.ipfs``` and create a new identity. 23 | 24 | > initializing IPFS node at /home/$USER/.ipfs 25 | generating 2048-bit RSA keypair...done 26 | peer identity: QmS4ustL54uo8FzR9455qaxZwuMiUhyvMcX9Ba8nUH4uVv 27 | 28 | 29 | 5. Since this is a private swarm, delete the default bootstrap nodes with ```ipfs bootstrap rm --all``` 30 | 31 | 32 | 33 | ---- 34 | ## 2. Generate swarm.key 35 | 36 | Skip these steps if you have a pre-shared ```swarm.key```. 37 | 38 | 1. ```git clone https://github.com/Kubuxu/go-ipfs-swarm-key-gen``` 39 | 2. ```cd go-ipfs-swarm-key-gen/``` 40 | 3. :warning: **Next command will Overwrite existing swarm.key** 41 | 4. ```go run ipfs-swarm-key-gen/main.go > $IPFS_PATH/swarm.key``` 42 | 43 | ## 2.1 Generate swarm.key without Above Repository 44 | 45 | As mentioned in https://github.com/ahester57/ipfs-private-swarm/issues/1, you can also generate a `swarm.key` using the following command: 46 | 47 | > :warning: **Next command will Overwrite existing swarm.key** 48 | 49 | ``` 50 | (echo -e '/key/swarm/psk/1.0.0/\n/base16/' ; head -c 32 /dev/urandom | od -t x1 -A none - | tr -d '\n '; echo '') > $IPFS_PATH/swarm.key 51 | ``` 52 | 53 | ##### I have a pre-shared swarm.key 54 | 55 | Ok. Put that file in the default IPFS directory. On Linux that is ```/home/$USER/.ipfs/```. 56 | 57 | This directory should also contain configuration and keystores. If it does not, go back and check where ```ipfs init``` put these. 58 | 59 | Great, now your node won't connect to anyone without the same swarm.key. Be sure to remove the default ipfs bootstrap addresses before continuing. 60 | 61 | 62 | ---- 63 | ## 3. Connect to your swarm 64 | 65 | 1. Start your ipfs node with ```ipfs daemon```. You should see a message near the top. If you don't see the following message ensure the ```swarm.key``` file is in the correct location. 66 | 67 | > Swarm is limited to private network of peers with the swarm key 68 | Swarm key fingerprint: xxxxxxxxxxxxxxxx 69 | 70 | 2. In a new terminal, run ```ipfs id```. You will see the peer id, public key, addresses, and versions. We are interested in the ```Addresses``` list. 71 | 72 | 3. There will be an address for each active network interface. Copy the address which other nodes will be able to reach you with. 73 | It looks like ```/ip4/192.168.1.11/tcp/4001/ipfs/```. 74 | 75 | 4. Hopefully you will have other nodes you have set up with the same configuration as above. Add the above address to the bootstrap list of those nodes with ```ipfs bootstrap add /ip4/192.168.1.11/tcp/4001/ipfs/```. 76 | 77 | 5. You should have multiple nodes set as bootstrap nodes to ensure network connectivity. 78 | 79 | Congrats, you now have a private ipfs swarm up and running. Now to learn ipfs! 80 | 81 | ---- 82 | ## Usage 83 | 84 | Usage is congruent to the default usage of ipfs. Check out the documentation [here](https://ipfs.io/docs/). 85 | 86 | * Set up boot node to run IPFS deamon on boot: [IPFS_SERVICE](https://github.com/ahester57/ipfs-private-swarm/blob/master/IPFS_SERVICE.md) 87 | * Configure your local IPFS node for the private swarm: [CONNECT](https://github.com/ahester57/ipfs-private-swarm/blob/master/CONNECT.md) 88 | * Enable the WebUI at localhost:5001/webui for your private swarm: [WEBUI](https://github.com/ahester57/ipfs-private-swarm/blob/master/WEBUI.md) 89 | 90 | 91 | 92 | -------------------------------------------------------------------------------- /WEBUI.md: -------------------------------------------------------------------------------- 1 | # Get your node up and running with the WebUI 2 | 3 | In a private swarm, the default bootstrap nodes are not available to serve the WebUI 4 | at http://localhost:5001/webui. 5 | 6 | To make available the WebUI without running the dev build every time, you will need a go-ipfs client which 7 | points to the correct location. The WebUI is served by the IPFS network, and the client hard-codes the hash 8 | of this location. Therefore, a custom client is needed in order to point to the correct hash. 9 | 10 | Note: This only needs to be done once per private network. Once the boot node serves the WebUI, all other nodes 11 | only require the custom client which points to the correct hash. After the following steps, any node using the 12 | modified client will be able to use the WebUI at http://localhost:5001/webui. 13 | 14 | ---- 15 | ## 0. Requirements 16 | 17 | * golang-1.10+ 18 | * custom IPFS client 19 | * [ipfs-webui](https://github.com/ipfs-shipyard/ipfs-webui) 20 | 21 | ---- 22 | ## 1. Install golang-1.10+ 23 | 24 | Building go-ipfs from source requires golang-1.10+. 25 | 26 | ```add-apt-repository ppa:gophers/archive``` 27 | ```apt update``` 28 | ```apt install golang-1.10-go``` 29 | ```echo "export PATH=/usr/lib/go-1.10/bin:$PATH" >> ~/.bashrc``` 30 | ```source ~/.bashrc``` || ```bash``` 31 | 32 | Confirm the install with ```go version```. 33 | If the version is still old, then you probably still have an old version of golang installed. Remove it. 34 | 35 | ---- 36 | ## 2. Install the WebUI on the boot node 37 | 38 | Why did we just install golang-1.10? We will need it when building the client from source. 39 | But first we need the hash our client will point to. 40 | 41 | 1. Clone the [ipfs-webui](https://github.com/ipfs-shipyard/ipfs-webui) repository. 42 | 43 | ```git clone https://github.com/ipfs-shipyard/ipfs-webui``` 44 | 45 | 2. ```cd ipfs-webui && npm install``` 46 | 3. Build to ```./dist``` with ```npm run build``` 47 | 4. Upload the directory ```./dist``` to IPFS (should be running). 48 | 49 | ```ipfs add -r ./dist``` will give you a list of hashes for each file in the directory. We need the last one. 50 | 51 | Let's assume the root hash is ```QmbhqZ17mpsz9FrHyUhh3SmLURRLxVBpft94ya8njLgvBM```. 52 | 53 | 5. On the boot node, pin the last hash from the output above. 54 | 55 | ```ipfs pin add QmbhqZ17mpsz9FrHyUhh3SmLURRLxVBpft94ya8njLgvBM``` 56 | 57 | ---- 58 | ## 3. Install go-ipfs from modified source. 59 | 60 | The file we want to change is ```go-ipfs/core/corehttp/webui.go```. 61 | 62 | Grab the [go-ipfs](https://github.com/ipfs/go-ipfs) repository using ```go get```. 63 | 64 | ```go get -u -d github.com/ipfs/go-ipfs``` 65 | 66 | Then, 67 | 68 | ```cd ~/go/src/github.com/ipfs/go-ipfs``` 69 | 70 | Now, 71 | 72 | ```vi core/corehttp/webui.go``` 73 | 74 | and change ```const WebUIPath```: 75 | 76 | ```const WebUIPath = "/ipfs/QmbhqZ17mpsz9FrHyUhh3SmLURRLxVBpft94ya8njLgvBM"``` 77 | 78 | Now run ```make deps``` followed by ```make build```. 79 | 80 | The executable is written to ```./cmd/ipfs/ipfs```. Copy this file to ```/usr/local/bin/ipfs```. 81 | Now check it with ```which ipfs``` and ```ipfs version```. 82 | 83 | Location data will not work with a private swarm since geoip data is stored on the public IPFS filesystem. 84 | In order to enable location data of peers, you will have to upload geoip data to your swarm and modify the source of 85 | [ipfs-geoip](https://github.com/ipfs/ipfs-geoip) to point to the hashes of the uploaded data. 86 | 87 | 88 | 89 | 90 | 91 | --------------------------------------------------------------------------------