python2 (if not present): `$ sudo apt install python2`
### Open port 3001 on myNode
### Open port 53001 on myNode
**note**: This port can be whatever number you want. Just add PORT to your environment like `export PORT=5005`.
**note**: Port 3001 is now taken by one of myNode apps. In this document we use port 53001, but this port can be whatever number you want. Just add PORT to your environment like `export PORT=55005`.
Open up a console window with SSH. And login as root
```sh
$ sudo su
```
Open up port 3001 on your machine and make sure it has been added to the list.
Open up port 53001 on your machine and make sure it has been added to the list.
```sh
# ufw allow 3001 comment 'allow Sphinx-Chat'
# ufw allow 53001 comment 'allow Sphinx-Chat'
# ufw status
> Status: active
>
> To Action From
> -- ------ ----
> 3001 (v6) ALLOW Anywhere (v6) # Sphinx-Chat
> 53001 (v6) ALLOW Anywhere (v6) # Sphinx-Chat
```
### Download
@ -98,21 +98,108 @@ $ export NODE_IP=x.x.x.x:3001
```
where `x.x.x.x` is the local IP address of the machine running your Sphinx-Relay on your local network.
**note:** Sphinx client uses HTTP to communicate with **sphinx-relay**. Since setting up SSL on a local network is problematic (you don't have any domain names to authenticate with certificates), you have to rely on your local network security. Below is an example of how Sphinx/sphinx-relay communications look like in **tcpdump**:
*Message payloads are encrypted with **sphinx cypher**, but all metadata is transmitted in cleartext.*
#### If you want to connect to your Sphinx-Relay from outside of your local network
**note:** it is recommended to use SSL encryption for any communications between **Sphinx** and **sphinx-relay** outside of a trusted network. [**Docker deployment guide**](docs/docker-deployment.md) sets up SSL encryption for you automatically, you only have to obtain your domain and certificates. If you still want to set up **sphinx-relay** manually, the instructions to set up the SSL are below.
```sh
$ cd
$ cd sphinx-relay/config/
$ export NODE_IP=x.x.x.x:3001
$ export NODE_IP=x.x.x.x:53001
```
where `x.x.x.x` is the permanent public IP address of your router.
Make sure that port 3001 forwarding is properly set up.
Make sure that port 53001 forwarding is properly set up.
For extra security:
```sh
$ export USE_PASSWORD=true
```
As noted in the previous section, you might want to protect communications between your Sphinx client and **sphinx-relay** with SSL.
In order to do that, obtain a domain and an SSL certificate for your **sphinx-relay** server and set up a reverse proxy with NGINX (or a more lightweight alternative).
We recommend using Let's Encrypt service to obtain a free SSL certificate and [**acme.sh**](https://acme.sh) for setting it up and renewals.
To configure NGINX as an SSL reverse proxy:
```sh
$ sudo apt install nginx
sudo nano /etc/nginx/sites-available/YOUR-DOMAIN
```
Use the following NGINX config:
```
server {
listen 53001 ssl;
server_name YOUR-DOMAIN;
# Edit the above _YOUR-DOMAIN_ to your domain name
} # Don't leave this out! It "closes" the server block we started this file with.
```
Save and exit:
`Ctrl + X`
`Y`
`Enter`
To make the file active, we will need to link the file in the sites-available folder to a location within the sites-enabled folder. Again, change YOUR-DOMAIN here with the actual name of the file you created earlier.
where `x.x.x.x` is the local IP address of the machine running your Sphinx-Relay on your local network.
**note:** Sphinx client uses HTTP to communicate with **sphinx-relay**. Since setting up SSL on a local network is problematic (you don't have any domain names to authenticate with certificates), you have to rely on your local network security. Below is an example of how Sphinx/sphinx-relay communications look like in **tcpdump**:
*Message payloads are encrypted with **sphinx cypher**, but all metadata is transmitted in cleartext.*
#### If you want to connect to your Sphinx-Relay from outside of your local network
**note:** it is recommended to use SSL encryption for any communications between **Sphinx** and **sphinx-relay** outside of a trusted network. [**Docker deployment guide**](docs/docker-deployment.md) sets up SSL encryption for you automatically, you only have to obtain your domain and certificates. If you still want to set up **sphinx-relay** manually, the instructions to set up the SSL are below.
where `x.x.x.x` is the permanent public IP address of your router.
> Make sure that port 3001 forwarding is properly set up.
Make sure that port 3001 forwarding is properly set up.
For extra security:
```sh
$ export USE_PASSWORD=true
```
As noted in the previous section, you might want to protect communications between your Sphinx client and **sphinx-relay** with SSL.
In order to do that, obtain a domain and an SSL certificate for your **sphinx-relay** server and set up a reverse proxy with NGINX (or a more lightweight alternative).
We recommend using Let's Encrypt service to obtain a free SSL certificate and [**acme.sh**](https://acme.sh) for setting it up and renewals.
To configure NGINX as an SSL reverse proxy:
```sh
$ sudo apt install nginx
sudo nano /etc/nginx/sites-available/YOUR-DOMAIN
```
Use the following NGINX config:
```
server {
listen 53001 ssl;
server_name YOUR-DOMAIN;
# Edit the above _YOUR-DOMAIN_ to your domain name
} # Don't leave this out! It "closes" the server block we started this file with.
```
Save and exit:
`Ctrl + X`
`Y`
`Enter`
To make the file active, we will need to link the file in the sites-available folder to a location within the sites-enabled folder. Again, change YOUR-DOMAIN here with the actual name of the file you created earlier.
Evan Feenstra
4 years ago
GitHub