LumeWeb
/
skynet-webportal
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
A webapp that makes Skynet accessible to web browsers.
This repository has been archived on 2022-10-07. You can view files and clone it, but cannot push or open issues or pull requests.
3,062 Commits 38 Branches 120 Tags 50 MiB
Python 53.2%
Shell 46.8%
Go to file
Ivaylo Novakov 39c4790364 Weekly Deploy for Dec 6, 2021. Including cache pruning fix 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEl73IdNcm91gzFlRkmt3TRPEwV/YFAmGuXlsACgkQmt3TRPEw
 V/b+dA//THc5/LWTRs8r7BAOQj8V9QzxJsuS7g+gV4zeDW5ymXlK0lSRSXvjNsOW
 mQ21Qx5fE05ztRlUNOUPKd1bZUgnL4O5AUBWUm87rq6NXHVop1JYaFGOpbfUpRZT
 HWE2SwGgwBRUjSgkwkz+jsg8SkajADwThLf8aSNAmKWienondtEFA8hMtBqUcyjK
 A7AsQbjjjS62lUsP78SJEPM5pG0vX+FxHzMAUtkqT94foJlI4RosyAp3yDPjrR/8
 eUn/CCci9p/ORzKnKos9DAo+1G5X0qgrP/9aGlnpDlkYZ2SQfJVMAKWaMpfIUsWi
 zihJYPogFAUHaDY1ddEnx47aYRN7hmumDGM+iUvbi39LshPBdBaeW56RRyA3qBel
 pD5eXr53C6kje5Wu6t9SbzILjh5cuQ8vd50hnrJ282vSMZbwqwwKjpliZu4FsrQC
 OiA1K7l7P8gAiL8d5YQOJ2uBTviAA0A8wNVPHx8qd/hWNOr7WxSM75POyTvRNtRq
 GdZko6/FDrK48Gw8LNxZMUa7x5LfjgtyiWfGsYomRG3GLBcy44neEhk3P37sELJv
 /jr0aOhLW+95r3OI7sUqnMppWdCKa5XFEqxTHc5Zax+NKzao3aSvRDNtujKxe+IC
 NfzJVXLtsde/Bho1B1q7GSG3YTINcJ422YwDNWfbCV0qajW40GU=
 =JEZB
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEWWr7bKPf/zmGZCrIBrk1SrCL6cYFAmGyAhsACgkQBrk1SrCL
 6ca/cwf/eXbHwojF27fYPoziWWskatsdCKJ2jnu1ovqVceVYztX9Kt+CQ++Ri4A9
 LqKvDPwLfKXF0W3x/nK6FtL2CSq81SPED/mLKMH/XTsbwtsnPFbnAzxdl7tqSA2Y
 6mqyBnyeyGby6tGW2ZE5EAYRv/dkKYzlTp7WMqoalleoRy6sbS6RZ8bJMA8xrbPo
 RwIAfvl4MVItt/qpws+J9g/qQ2QR8ZZKZtDxLxGNSFw9GDQBk/hKxRI9nP1WEsVp
 SEHCmfveOAdbzf8Cbr4j/m6wmoXPr+2qF5QIJ8eDiEAQ2YLPKbMpk6xO500geAFl
 k+6BHOQR2dOfsyyo33IFIcV9NyvDAQ==
 =F885
 -----END PGP SIGNATURE-----

Merge tag 'deploy-2021-12-06' into ivo/clamav

Weekly Deploy for Dec 6, 2021. Including cache pruning fix

# gpg: Signature made Mon Dec  6 20:02:51 2021 CET
# gpg:                using RSA key 97BDC874D726F758331654649ADDD344F13057F6
# gpg: key 9ADDD344F13057F6: public key "Matthew Sevey (Created on MacOS Big Sur for Yubi Key Nano 5) <mjsevey@gmail.com>" imported
# gpg: Total number processed: 1
# gpg:               imported: 1
# gpg: Good signature from "Matthew Sevey (Created on MacOS Big Sur for Yubi Key Nano 5) <mjsevey@gmail.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 97BD C874 D726 F758 3316  5464 9ADD D344 F130 57F6
 		2021-12-09 14:18:19 +01:00
.github unit tests 2021-11-05 17:12:01 +01:00
changelog Weekly Deploy for Dec 6, 2021. Including cache pruning fix 2021-12-09 14:18:19 +01:00
docker Weekly Deploy for Dec 6, 2021. Including cache pruning fix 2021-12-09 14:18:19 +01:00
packages New terms for siasky.net 2021-11-29 12:53:41 -05:00
scripts Fix condition mistake 2021-12-06 16:13:00 +01:00
setup-scripts Merge pull request #1428 from SkynetLabs/sevey/mute-more-pings 2021-12-06 19:37:06 +01:00
.gitignore Add serverload endpoint (#1410) 2021-12-06 12:49:58 +01:00
.prettierignore Accounts (#554) 2021-04-01 15:15:37 +02:00
CHANGELOG.md Update changelog for v0.1.3 2021-10-18 15:46:54 -04:00
LICENSE.md change license to custom 2021-03-15 12:58:02 +01:00
README.md --frozen-locafile 2021-07-26 19:06:15 +02:00
dc Weekly Deploy for Dec 6, 2021. Including cache pruning fix 2021-12-09 14:18:19 +01:00
docker-compose.accounts.yml Revert the change of JWKS path 2021-12-02 18:04:19 +01:00
docker-compose.blocker.yml Remove branch arg 2021-12-01 11:19:06 +01:00
docker-compose.jaeger.yml adjust docker services logging (missing ones) 2021-07-12 13:58:25 +02:00
docker-compose.malware-scanner.yml Switch to `main`. 2021-12-09 14:16:21 +01:00
docker-compose.mongodb.yml Add default value to skynet replicaset 2021-10-18 12:12:58 +02:00
docker-compose.uploads.yml Accounts (#554) 2021-04-01 15:15:37 +02:00
docker-compose.yml Update handshake to use v3.0.1 2021-11-09 18:19:49 -05:00

README.md

Skynet Portal

Web application

Change current directory with cd packages/website.

Use yarn start to start the development server.

Use yarn build to compile the application to /public directory.

You can use the below build parameters to customize your web application.

  • development example GATSBY_API_URL=https://siasky.dev yarn start
  • production example GATSBY_API_URL=https://siasky.net yarn build

List of available parameters:

  • GATSBY_API_URL: override api url (defaults to location origin)

License

Skynet uses a custom License. The Skynet License is a source code license that allows you to use, modify and distribute the software, but you must preserve the payment mechanism in the software.

For the purposes of complying with our code license, you can use the following Siacoin address:

fb6c9320bc7e01fbb9cd8d8c3caaa371386928793c736837832e634aaaa484650a3177d6714a

MongoDB Setup

Mongo needs a couple of extra steps in order to start a secure cluster.

  • Open port 27017 on all nodes that will take part in the cluster. Ideally, you would only open the port for the other nodes in the cluster.
  • Manually add a mgkey file under ./docker/data/mongo with the respective secret ( see Mongo's keyfile access control for details).
  • Manually run an initialisation docker run with extra environment variables that will initialise the admin user with a password (example below).
  • During the initialisation run mentioned above, we need to make two extra steps within the container:
    • Change the ownership of mgkey to mongodb:mongodb
    • Change its permissions to 400
  • After these steps are done we can open a mongo shell on the primary node and run rs.add() in order to add the new node to the cluster. If you don't know which node is primary, log onto any server and jump into the Mongo's container (docker exec -it mongo mongo -u admin -p) and then get the status of the replica set (rs.status()).

Example initialisation docker run command:

docker run \
	--rm \
	--name mg \
	-p 27017:27017 \
	-e MONGO_INITDB_ROOT_USERNAME=<admin username> \
	-e MONGO_INITDB_ROOT_PASSWORD=<admin password> \
	-v /home/user/skynet-webportal/docker/data/mongo/db:/data/db \
	-v /home/user/skynet-webportal/docker/data/mongo/mgkey:/data/mgkey \
	mongo --keyFile=/data/mgkey --replSet=skynet

Regular docker run command:

docker run \
	--rm \
	--name mg \
	-p 27017:27017 \
	-v /home/user/skynet-webportal/docker/data/mongo/db:/data/db \
	-v /home/user/skynet-webportal/docker/data/mongo/mgkey:/data/mgkey \
	mongo --keyFile=/data/mgkey --replSet=skynet

Cluster initialisation mongo command:

rs.initiate(
  {
    _id : "skynet",
    members: [
      { _id : 0, host : "mongo:27017" }
    ]
  }
)

Add more nodes when they are ready:

rs.add("second.node.net:27017")

Kratos & Oathkeeper Setup

Kratos is our user management system of choice and Oathkeeper is the identity and access proxy.

Most of the needed config is already under docker/kratos. The only two things that need to be changed are the config for Kratos that might contain you email server password, and the JWKS Oathkeeper uses to sign its JWT tokens.

Make sure to create your owndocker/kratos/config/kratos.yml by copying the kratos.yml.sample in the same directory. Also make sure to never add that file to source control because it will most probably contain your email password in plain text!

To override the JWKS you will need to directly edit docker/kratos/oathkeeper/id_token.jwks.json and replace it with your generated key set. If you don't know how to generate a key set you can use this code:

package main

import (
	"encoding/json"
	"log"
	"os"

	"github.com/ory/hydra/jwk"
)

func main() {
	gen := jwk.RS256Generator{
		KeyLength: 2048,
	}
	jwks, err := gen.Generate("", "sig")
	if err != nil {
		log.Fatal(err)
	}
	jsonbuf, err := json.MarshalIndent(jwks, "", "  ")
	if err != nil {
		log.Fatal("failed to generate JSON: %s", err)
	}
	os.Stdout.Write(jsonbuf)
}

While you can directly put the output of this programme into the file mentioned above, you can also remove the public key from the set and change the kid of the private key to not include the prefix private:.

CockroachDB Setup

Kratos uses CockroachDB to store its data. For that data to be shared across all nodes that comprise your portal cluster setup, we need to set up a CockroachDB cluster, complete with secure communication.

Generate the certificates for secure communication

For a detailed walk-through, please check this guide out.

Steps:

  1. Start a local cockroach docker instance: docker run -d -v "<local dir>:/cockroach/cockroach-secure" --name=crdb cockroachdb/cockroach start --insecure
  2. Get a shall into that instance: docker exec -it crdb /bin/bash
  3. Go to the directory we which we mapped to a local dir: cd /cockroach/cockroach-secure
  4. Create the subdirectories in which to create certificates and keys: mkdir certs my-safe-directory
  5. Create the CA (Certificate Authority) certificate and key pair: cockroach cert create-ca --certs-dir=certs --ca-key=my-safe-directory/ca.key
  6. Create a client certificate and key pair for the root user: cockroach cert create-client root --certs-dir=certs --ca-key=my-safe-directory/ca.key
  7. Create the certificate and key pair for your nodes: cockroach cert create-node cockroach mynode.siasky.net --certs-dir=certs --ca-key=my-safe-directory/ca.key. Don't forget the cockroach node name - it's needed by our docker-compose setup. If you want to create certificates for more nodes, just delete the node.* files (after you've finished the next steps for this node!) and re-run the above command with the new node name.
  8. Put the contents of the certs folder under docker/cockroach/certs/* under your portal's root dir and store the content of my-safe-directory somewhere safe.
  9. Put another copy of those certificates under docker/kratos/cr_certs and change permissions of the *.key files, so they can be read by anyone (644).

Configure your CockroachDB node

Open port 26257 on all nodes that will take part in the cluster. Ideally, you would only open the port for the other nodes in the cluster.

There is some configuration that needs to be added to your .envfile, namely:

  1. CR_IP - the public IP of your node
  2. CR_CLUSTER_NODES - a list of IPs and ports which make up your cluster, e.g. 95.216.13.185:26257,147.135.37.21:26257,144.76.136.122:26257. This will be the list of nodes that will make up your cluster, so make sure those are accurate.

Contributing

Testing Your Code

Before pushing your code, you should verify that it will pass our online test suite.

Cypress Tests Verify the Cypress test suite by doing the following:

  1. In one terminal screen run GATSBY_API_URL=https://siasky.net website serve
  2. In a second terminal screen run yarn cypress run

Setting up complete skynet server

A setup guide with installation scripts can be found in setup-scripts/README.md.