This repository has been archived on 2022-10-07. You can view files and clone it, but cannot push or open issues or pull requests.
skynet-webportal/setup-scripts
Peter-Jan Brone f3b2a130fe
Wildcard Subdomains Documentation (#416)
* Add documentation on subdomains

* Update copy

* Fix typo

* Link Karol his repo

* Update copy

* Update setup-scripts/README.md

Co-authored-by: Karol Wypchło <kwypchlo@gmail.com>

Co-authored-by: Karol Wypchło <kwypchlo@gmail.com>
2020-09-22 12:23:53 +02:00
..
support update ssh keys 2020-09-17 15:50:47 +02:00
README.md Wildcard Subdomains Documentation (#416) 2020-09-22 12:23:53 +02:00
bot_utils.py Mention role in discord, rather than online users 2020-04-14 14:50:25 -04:00
funds-checker.py Add a health checker script to Gollum. 2020-09-04 16:12:20 +02:00
health-checker.py fix health checks 2020-09-10 15:16:31 +02:00
log-checker.py Add free disk space check to health-checker.py. 2020-09-07 17:56:47 +02:00
setup-docker-services.sh improve docs 2020-09-14 15:57:44 +02:00
setup-health-check-scripts.sh Make the time comparisons in the health checker timezone-aware. 2020-09-08 18:07:33 +02:00
setup-server.sh docker setup 2020-07-31 00:50:42 +02:00

README.md

Skynet Portal Setup Scripts

This directory contains a setup guide and scripts that will install and configure some basic requirements for running a Skynet Portal. The assumption is that we are working with a Debian Buster Minimal system or similar.

Initial Setup

You may want to fork this repository and replace ssh keys in setup-scripts/support/authorized_keys and optionally edit the setup-scripts/support/tmux.conf and setup-scripts/support/bashrc configurations to fit your needs.

Step 0: stack overview

  • dockerized services inside docker-compose.yml
  • discord integration
    • funds-checker: script that checks wallet balance and sends status messages to discord periodically
    • health-checker: script that monitors health-check service for server health issues and reports them to discord periodically
    • log-checker: script that scans siad logs for critical errors and reports them to discord periodically
  • blacklist-skylink: script that can be run locally from a machine that has access to all your skynet portal servers that blacklists provided skylink and prunes nginx cache to ensure it's not available any more (that is a bit much but that's the best we can do right now without paid nginx version) - if you want to use it, make sure to adjust the server addresses

Step 1: setting up server user

  1. SSH in a freshly installed Debian machine on a user with sudo access (can be root)
  2. apt-get update && apt-get install sudo -y to make sure sudo is available
  3. adduser user to create user called user (creates /home/user directory)
  4. usermod -aG sudo user to add this new user to sudo group
  5. Quit the ssh session with exit command

You a can now ssh into your machine as the user user.

Step 2: setting up environment

  1. On your local machine: ssh-copy-id user@ip-addr to copy over your ssh key to server
  2. On your local machine: ssh user@ip-addr to log in to server as user user
  3. You are now logged in as user

Following step will be executed on remote host logged in as a user:

  1. sudo apt-get install git -y to install git
  2. git clone https://github.com/NebulousLabs/skynet-webportal
  3. run setup scripts in the exact order and provide sudo password when asked (if one of them fails, you can retry just this one before proceeding further)
    1. /home/user/skynet-webportal/setup-scripts/setup-server.sh
    2. /home/user/skynet-webportal/setup-scripts/setup-docker-services.sh
    3. /home/user/skynet-webportal/setup-scripts/setup-health-check-scripts.sh (optional)

Step 3: configuring siad

At this point we have almost everything running, we just need to set up your wallet and allowance:

  1. Create new wallet (remember to save the seeds)

    docker exec -it sia siac wallet init

  2. Unlock wallet (use seed as password)

    docker exec -it sia siac wallet unlock

  3. Generate wallet addresse (save them for later to transfer the funds)

    docker exec -it sia siac wallet address

  4. Set up allowance

    docker exec -it sia siac renter setallowance

    1. 10 KS (keep 25 KS in your wallet)
    2. default period
    3. default number of hosts
    4. 8 week renewal time
    5. 500 GB expected storage
    6. 500 GB expected upload
    7. 5 TB expected download
    8. default redundancy
  5. Instruct siad to start making 10 contracts per block with many hosts to potentially view the whole network's files

    docker exec -it sia siac renter setallowance --payment-contract-initial-funding 10SC

Step 4: configuring docker services

  1. edit /home/user/skynet-webportal/.env and configure following environment variables
    • DOMAIN_NAME (optional) is your domain name if you have it
    • EMAIL_ADDRESS (required) is your email address used for communication regarding SSL certification (required)
    • SIA_WALLET_PASSWORD (required) is your wallet password (or seed if you did not set a password)
    • HSD_API_KEY (optional) this is a random security key for a handshake integration that gets generated automatically
    • CLOUDFLARE_AUTH_TOKEN (optional) if using cloudflare as dns loadbalancer (need to change it in Caddyfile too)
    • AWS_ACCESS_KEY_ID (optional) if using route53 as a dns loadbalancer
    • AWS_SECRET_ACCESS_KEY (optional) if using route53 as a dns loadbalancer
  2. if you have a custom domain and you configured it in DOMAIN_NAME, edit /home/user/skynet-webportal/docker/caddy/Caddyfile and uncomment import custom.domain
  3. only for siasky.net domain instances: edit /home/user/skynet-webportal/docker/caddy/Caddyfile, uncomment import siasky.net
  4. docker-compose up -d to restart the services so they pick up new env variables
  5. docker exec caddy caddy reload --config /etc/caddy/Caddyfile to reload Caddyfile configuration

Subdomains

It might prove useful for certain skapps to be accessible through a custom subdomain. So instead of being accessed through https://portal/[skylink], it would be accessible through https://[skylink_base32].portal. We call this subdomains and it is made possible by encoding Skylinks using a base32 encoding. We have to use a base32 encoding scheme because subdomains have to be all lower case and the base64 encoded Skylink is case sensitive and thus might contain uppercase characters.

You can convert Skylinks using this converter skapp, to see how the encoding and decoding works, please follow the link to the repo in the application itself.

To configure this on your portal, you have to make sure to configure the following:

Wildcard SSL Certificate

We need to ensure SSL encryption for skapps that are accessed through their subdomain, therefore we need to have a wildcard certificate. This is very easily achieved using Caddy.

(siasky.net) {
    siasky.net, *.siasky.net {
        tls {

(see ../docker/caddy/Caddyfile)

Nginx configuration

In Nginx two things need to happen:

  • parse the subdomain from the url
  • proxy_pass the request to the appropriate location

Siad is able to make the conversion and treat this as a regular Skylink.

  # parse subdomain (a base32 encoded Skylink) into custom variable
  server_name "~^([a-z0-9]{55})\..*$";
  set $subdomain $1;

  ...

  location / {
    ...
    error_page 418 = @subdomain;
    recursive_error_pages on;
    if ($subdomain  != "") {
      return 418;
    }
    ...
  }
  ...
  location @subdomain {
    ...
  }

(see ../docker/nginx/nginx.conf)

Useful Commands

  • Starting the whole stack

    docker-compose up -d

  • Stopping the whole stack

    docker-compose down

  • Accessing siac

    docker exec -it sia siac

  • Portal maintenance
    • Pulling portal out for maintenance

      scripts/portal-down.sh

    • Putting portal back into place after maintenance

      scripts/portal-up.sh

    • Upgrading portal containers (takes care of pulling it and putting it back)

      scripts/portal-upgrade.sh

  • Restarting caddy gracefully after making changes to Caddyfile (no downtime)

    docker exec caddy caddy reload --config /etc/caddy/Caddyfile

  • Restarting nginx gracefully after making changes to nginx configs (no downtime)

    docker exec nginx openresty -s reload

  • Checking siad service logs (since last hour)

    docker logs --since 1h $(docker ps -q --filter "name=^sia$")

  • Checking caddy logs (for example in case ssl certificate fails)

    docker logs caddy -f

  • Checking nginx logs (nginx handles all communication to siad instances)

    tail -n 50 docker/data/nginx/logs/access.log to follow last 50 lines of access log tail -n 50 docker/data/nginx/logs/error.log to follow last 50 lines of error log