docs(network): add ipns architecture with cloudflare gateway integration

2026-01-11 12:30:05 -05:00
parent 299a10b0a8
commit 13cb35bc73
6 changed files with 965 additions and 0 deletions
--- a/deploy/nginx/relay.conf
+++ b/deploy/nginx/relay.conf
@@ -0,0 +1,86 @@
+limit_req_zone $binary_remote_addr zone=ws_limit:10m rate=10r/s;
+
+upstream relay_ws {
+    server relay:4003;
+    keepalive 64;
+}
+
+upstream relay_api {
+    server relay:5020;
+    keepalive 32;
+}
+
+server {
+    listen 80;
+    listen [::]:80;
+    server_name relay.sonr.org;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name relay.sonr.org;
+
+    ssl_certificate /etc/nginx/certs/fullchain.pem;
+    ssl_certificate_key /etc/nginx/certs/privkey.pem;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers off;
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:SSL:50m;
+    ssl_session_tickets off;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    add_header Strict-Transport-Security "max-age=63072000" always;
+    add_header X-Frame-Options DENY;
+    add_header X-Content-Type-Options nosniff;
+
+    location / {
+        limit_req zone=ws_limit burst=20 nodelay;
+
+        proxy_pass http://relay_ws;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_connect_timeout 60s;
+        proxy_send_timeout 300s;
+        proxy_read_timeout 300s;
+        proxy_buffering off;
+        proxy_buffer_size 8k;
+    }
+
+    location /ipfs {
+        limit_req zone=ws_limit burst=10 nodelay;
+
+        proxy_pass http://relay_api;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_connect_timeout 30s;
+        proxy_send_timeout 30s;
+        proxy_read_timeout 30s;
+    }
+
+    location /health {
+        proxy_pass http://relay_api/ipfs;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_connect_timeout 5s;
+        proxy_read_timeout 5s;
+    }
+}
--- a/deploy/relay/Dockerfile
+++ b/deploy/relay/Dockerfile
@@ -0,0 +1,26 @@
+FROM node:20-alpine
+
+LABEL org.opencontainers.image.source="https://github.com/sonr-io/motr-enclave"
+LABEL org.opencontainers.image.description="Sonr IPFS Circuit Relay Server"
+
+RUN apk add --no-cache git python3 make g++
+
+WORKDIR /app
+
+RUN git clone --depth 1 https://github.com/Permissionless-Software-Foundation/ipfs-service-provider.git .
+
+RUN npm ci --only=production
+
+ENV NODE_ENV=production
+ENV PORT=5020
+ENV ENABLE_CIRCUIT_RELAY=1
+ENV IPFS_TCP_PORT=4001
+ENV IPFS_WS_PORT=4003
+ENV DEBUG_LEVEL=1
+
+EXPOSE 5020 4001 4003
+
+HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \
+  CMD wget --no-verbose --tries=1 --spider http://localhost:${PORT}/ipfs || exit 1
+
+CMD ["npm", "start"]
--- a/deploy/relay/config.env
+++ b/deploy/relay/config.env
@@ -0,0 +1,16 @@
+NODE_ENV=production
+
+ENABLE_CIRCUIT_RELAY=1
+CR_DOMAIN=relay.sonr.org
+
+PORT=5020
+API_PORT=5020
+IPFS_TCP_PORT=4001
+IPFS_WS_PORT=4003
+
+COORD_NAME=sonr-relay-1
+DEBUG_LEVEL=1
+
+MAX_RESERVATIONS=100
+RESERVATION_DURATION=120000
+RESERVATION_DATA_LIMIT=1048576
--- a/deploy/relay/docker-compose.yml
+++ b/deploy/relay/docker-compose.yml
@@ -0,0 +1,53 @@
+version: "3.8"
+
+services:
+  relay:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    container_name: sonr-relay
+    restart: unless-stopped
+    env_file:
+      - config.env
+    ports:
+      - "${IPFS_TCP_PORT:-4001}:4001"
+      - "${IPFS_TCP_PORT:-4001}:4001/udp"
+      - "${IPFS_WS_PORT:-4003}:4003"
+      - "${API_PORT:-5020}:5020"
+    volumes:
+      - relay_data:/app/.ipfs
+    networks:
+      - sonr-network
+    healthcheck:
+      test: ["CMD", "wget", "--spider", "-q", "http://localhost:5020/ipfs"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 40s
+    logging:
+      driver: json-file
+      options:
+        max-size: "10m"
+        max-file: "3"
+
+  nginx:
+    image: nginx:alpine
+    container_name: sonr-relay-proxy
+    restart: unless-stopped
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ../nginx/relay.conf:/etc/nginx/conf.d/default.conf:ro
+      - ./certs:/etc/nginx/certs:ro
+    depends_on:
+      - relay
+    networks:
+      - sonr-network
+
+volumes:
+  relay_data:
+
+networks:
+  sonr-network:
+    driver: bridge