feat+docs: add complete setup docs/guides #37
Comments
|
I would also add a future-research topic on relying specifically in nginx, does other industry-level proxy/webserver can handle TLS termination as we need? AFAIK know Caddy doesn't, but maybe traeffik? |
This issue payjoin/ohttp-relay#37 outlines a need for some documentation for a quickstart guide on a docker server with a nginx proxy.
|
Is there a reason to choose using |
|
Guessing you'd use waiting for @oleonardolima to chime in |
This issue payjoin/ohttp-relay#37 outlines a need for some documentation for a quickstart guide on a docker server with a nginx proxy.
This issue payjoin/ohttp-relay#37 outlines a need for some documentation for a quickstart guide on a docker server with a nginx proxy.
This issue payjoin/ohttp-relay#37 outlines a need for some documentation for a quickstart guide on a docker server with a nginx proxy.
Not sure if this is the best place for this, but I can confirm that Traefik works beautifully as a reverse-proxy and greatly simplifies a Dockerized approach to running ohttp-relay. I am running it right now in production with the following configs: docker-compose.yml: services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
command:
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.websecure.address=:443"
- "--providers.file.directory=/config"
- "--serversTransport.insecureSkipVerify=true"
- "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare"
- "--certificatesresolvers.letsencrypt.acme.dnschallenge.delaybeforecheck=0"
ports:
- target: 443
published: 443
mode: host
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./traefik.yml:/config/traefik.yml"
environment:
- [email protected]
- CF_DNS_API_TOKEN=REDACTED
ohttp-relay:
container_name: ohttp-relay
restart: unless-stopped
build: ./
environment:
- PORT=3000
- GATEWAY_ORIGIN=https://payjo.intraefik.yml: tcp:
routers:
ohttp-relay:
rule: "HostSNI(`ohttp.cakewallet.com`)"
service: "ohttp-relay"
tls:
certResolver: letsencrypt
services:
ohttp-relay:
loadBalancer:
servers:
- address: "ohttp-relay:3000"Dockerfile: FROM nixos/nix:latest AS builder
# Update Nix
RUN nix-channel --update
# Clone our source and setup our working dir.
RUN git clone https://github.com/payjoin/ohttp-relay.git /tmp/build
WORKDIR /tmp/build
# Build our Nix environment
RUN nix \
--extra-experimental-features "nix-command flakes" \
--option filter-syscalls false \
build
# Copy the Nix store closure into a directory. The Nix store closure is the
# entire set of Nix store values that we need for our build.
RUN mkdir /tmp/nix-store-closure && cp -R $(nix-store -qR result/) /tmp/nix-store-closure
# Stage 2: running ohttp-relay
# Final image is based on scratch. We copy a bunch of Nix dependencies
# but they're fully self-contained so we don't need Nix anymore.
FROM scratch AS final
WORKDIR /ohttp-relay
# Copy necessary files from builder stage
COPY --from=builder /tmp/nix-store-closure /nix/store
COPY --from=builder /tmp/build/result/bin/ohttp-relay /bin/ohttp-relay
# Run ohttp-relay at start
CMD ["/bin/ohttp-relay"] |
|
This is great! is it ok if I explore this as a possible alternative approach to my quickstart guide here payjoin/payjoin.org#90? |
Of course! Let me know if you have any questions if you do. I had planned to open a PR with all of this myself but just haven't had the time, you're welcome to use any of it, no need for credit etc. Note that if you do use this you may want to use the standard ACME LetsEncrypt method instead of Cloudflare, as that will work in almost all setups where as this one is a bit specific. |
This issue payjoin/ohttp-relay#37 outlines a need for some documentation for a quickstart guide on a docker server with a nginx proxy. This iteration uses the existing dockerfile with a nginx reverse proxy in front.
This issue payjoin/ohttp-relay#37 outlines a need for some documentation for a quickstart guide on a docker server with a nginx proxy. This iteration uses the existing dockerfile with a nginx reverse proxy in front.
Yes, I only see a use for |
Describe the enhancement
A step towards the adoption of Oblivious HTTP, in my view, is making it simple for any end-user set up and host their own
ohttp-relay, even as an ephemeral one for timed use (?).I don't know any other FOSS Oblivious HTTP relay projects, besides this one. AFAIK you can use hosted "alike" versions with Cloudflare Workers and Fastly OHTTP Relay.
ohttp-relayis pretty self-contained and somewhat simple to run and host, but I think we could cover some ground and have richer/complete docs for any user-level.I have some issues in mind that could help towards the goal afore mentioned:
nginx&nohupusage on common cloud infrastructureDockerfilewithout Nix dependency, and usage documentationI got these inspirations on how we do at fedimint, having the docker images, and the setup script that relies on them allows any user-level to pretty much setup a federation in instants. While having nixpkgs and modules for sophisticated users.
Use case
Improve adoption, and usage of ohttp-relay by making it simple and easy to host.
Additional context
TBD
The text was updated successfully, but these errors were encountered: