From e0e02affb97cacdf1ef6f3d2138e33dc7370a4f6 Mon Sep 17 00:00:00 2001 From: Christopher Chong Date: Mon, 11 Dec 2023 16:04:20 +0800 Subject: [PATCH 1/7] Add running notary server instruction. --- src/SUMMARY.md | 1 + src/developers/notary_server.md | 34 +++++++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+) create mode 100644 src/developers/notary_server.md diff --git a/src/SUMMARY.md b/src/SUMMARY.md index 22e9b42..c5a19e4 100644 --- a/src/SUMMARY.md +++ b/src/SUMMARY.md @@ -3,6 +3,7 @@ [Introduction](./intro.md) [Motivation](./motivation.md) [Quick Start](./developers/quick_start.md) +[Run a Notary Server](./developers/notary_server.md) # Protocol diff --git a/src/developers/notary_server.md b/src/developers/notary_server.md new file mode 100644 index 0000000..2b7e30e --- /dev/null +++ b/src/developers/notary_server.md @@ -0,0 +1,34 @@ +# Run a Notary Server + +This guide shows you how to run a [notary server](https://github.com/tlsnotary/tlsn/tree/dev/notary-server) in an Ubuntu server instance. + +## Using Cargo +1. Install required system dependencies +```bash +sudo apt-get update && sudo apt-get upgrade +sudo apt-get install libclang-dev pkg-config build-essential libssl-dev +``` +2. Install rust +```bash +curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh +source ~/.cargo/env +``` +3. Download notary server source code +```bash + mkdir ~/src; cd ~/src + git clone https://github.com/tlsnotary/tlsn.git +``` +4. Run the server +```bash +cd tlsn/notary-server +cargo run --release +``` +5. For more customisation of the server, please refer to the repo's [readme](https://github.com/tlsnotary/tlsn/blob/31708c080597b1e176cd5d892bfd44496bfdbf36/notary-server/README.md#using-cargo) + +## Using Docker +1. Install docker following your preferred method [here](https://docs.docker.com/engine/install/ubuntu/) +2. Run the notary server docker image +```bash +docker run --init -p 127.0.0.1:7047:7047 ghcr.io/tlsnotary/notary-server:latest +``` +3. For more customisation of the server, please refer to the repo's [readme](https://github.com/tlsnotary/tlsn/blob/31708c080597b1e176cd5d892bfd44496bfdbf36/notary-server/README.md#using-docker) From 2b2af37605f181095d33513a329c2db9ab1e7887 Mon Sep 17 00:00:00 2001 From: Christopher Chong Date: Thu, 14 Dec 2023 10:35:13 +0800 Subject: [PATCH 2/7] Add more instructions. --- src/developers/notary_server.md | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/src/developers/notary_server.md b/src/developers/notary_server.md index 2b7e30e..9bb26d9 100644 --- a/src/developers/notary_server.md +++ b/src/developers/notary_server.md @@ -3,6 +3,7 @@ This guide shows you how to run a [notary server](https://github.com/tlsnotary/tlsn/tree/dev/notary-server) in an Ubuntu server instance. ## Using Cargo + 1. Install required system dependencies ```bash sudo apt-get update && sudo apt-get upgrade @@ -18,17 +19,25 @@ source ~/.cargo/env mkdir ~/src; cd ~/src git clone https://github.com/tlsnotary/tlsn.git ``` -4. Run the server +4. To configure the [server setting](#configure-server-setting), please refer to the `Using Cargo` section in the repo's [readme](https://github.com/tlsnotary/tlsn/blob/dev/notary-server/README.md#using-cargo) +5. Run the server ```bash cd tlsn/notary-server cargo run --release ``` -5. For more customisation of the server, please refer to the repo's [readme](https://github.com/tlsnotary/tlsn/blob/31708c080597b1e176cd5d892bfd44496bfdbf36/notary-server/README.md#using-cargo) ## Using Docker + 1. Install docker following your preferred method [here](https://docs.docker.com/engine/install/ubuntu/) -2. Run the notary server docker image +2. To configure the [server setting](#configure-server-setting), please refer to the `Using Docker` section in the repo's [readme](https://github.com/tlsnotary/tlsn/blob/dev/notary-server/README.md#using-docker) +3. Run the notary server docker image ```bash docker run --init -p 127.0.0.1:7047:7047 ghcr.io/tlsnotary/notary-server:latest ``` -3. For more customisation of the server, please refer to the repo's [readme](https://github.com/tlsnotary/tlsn/blob/31708c080597b1e176cd5d892bfd44496bfdbf36/notary-server/README.md#using-docker) + +## Configure Server Setting +All the following setting can be configured in the [config file](https://github.com/tlsnotary/tlsn/blob/dev/notary-server/config/config.yaml). + +1. *REMEMBER* to change the path of the TLS private key, TLS certificate, notary signature private key, and notary signature public key to point to the actual ones (by default dummy fixture keys/certs are used) +2. Expose the notary server port (specified in the config file) on your server networking setting +3. Optionally one can turn on [authorization](https://github.com/tlsnotary/tlsn/tree/dev/notary-server#authorization), or turn off [TLS](https://github.com/tlsnotary/tlsn/tree/dev/notary-server#optional-tls) if TLS is handled by an external setup From d5a99d9be6664dbc93ee6a73e7dcd3c138ba6e85 Mon Sep 17 00:00:00 2001 From: Christopher Chong Date: Mon, 18 Dec 2023 15:49:16 +0800 Subject: [PATCH 3/7] Add more details about key/cert files. --- src/developers/notary_server.md | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/src/developers/notary_server.md b/src/developers/notary_server.md index 9bb26d9..d71a13d 100644 --- a/src/developers/notary_server.md +++ b/src/developers/notary_server.md @@ -2,6 +2,21 @@ This guide shows you how to run a [notary server](https://github.com/tlsnotary/tlsn/tree/dev/notary-server) in an Ubuntu server instance. +## Configure Server Setting +All the following setting can be configured in the [config file](https://github.com/tlsnotary/tlsn/blob/dev/notary-server/config/config.yaml). + +1. One *MUST* change the path of the following files, as by default dummy fixtures are used which is not secured at all + + | File | Purpose | File Type | Compulsory to change | + ----- | ------- | ------------------ | -------------------- | + | TLS private key | Private key used for notary server's TLS certificate to establish TLS connection with prover | Compatible TLS private key in PEM format | Yes unless TLS is turned off | + | TLS certificate | Notary server's TLS certificate to establish TLS connection with prover | Compatible TLS certificate in PEM format | Yes unless TLS is turned off | + | Notary signature private key | Private key used for notary server's signature on the generated transcript of the TLS session with prover | A P256 elliptic curve private key in PEM format | Yes | + | Notary signature public key | Public key used for notary server's signature on the generated transcript of the TLS session with prover | A public key (in PEM format) that corresponds to the private key above | Yes | +2. Expose the notary server port (specified in the config file) on your server networking setting +3. Optionally one can turn on [authorization](https://github.com/tlsnotary/tlsn/tree/dev/notary-server#authorization), or turn off [TLS](https://github.com/tlsnotary/tlsn/tree/dev/notary-server#optional-tls) if TLS is handled by an external setup + + ## Using Cargo 1. Install required system dependencies @@ -34,10 +49,3 @@ cargo run --release ```bash docker run --init -p 127.0.0.1:7047:7047 ghcr.io/tlsnotary/notary-server:latest ``` - -## Configure Server Setting -All the following setting can be configured in the [config file](https://github.com/tlsnotary/tlsn/blob/dev/notary-server/config/config.yaml). - -1. *REMEMBER* to change the path of the TLS private key, TLS certificate, notary signature private key, and notary signature public key to point to the actual ones (by default dummy fixture keys/certs are used) -2. Expose the notary server port (specified in the config file) on your server networking setting -3. Optionally one can turn on [authorization](https://github.com/tlsnotary/tlsn/tree/dev/notary-server#authorization), or turn off [TLS](https://github.com/tlsnotary/tlsn/tree/dev/notary-server#optional-tls) if TLS is handled by an external setup From d75a6051fcd7ba42bbb39f4d961322a24e070243 Mon Sep 17 00:00:00 2001 From: Christopher Chong Date: Mon, 18 Dec 2023 16:39:08 +0800 Subject: [PATCH 4/7] Update src/developers/notary_server.md Co-authored-by: Hendrik Eeckhaut --- src/developers/notary_server.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/developers/notary_server.md b/src/developers/notary_server.md index d71a13d..9ca5f8a 100644 --- a/src/developers/notary_server.md +++ b/src/developers/notary_server.md @@ -3,7 +3,7 @@ This guide shows you how to run a [notary server](https://github.com/tlsnotary/tlsn/tree/dev/notary-server) in an Ubuntu server instance. ## Configure Server Setting -All the following setting can be configured in the [config file](https://github.com/tlsnotary/tlsn/blob/dev/notary-server/config/config.yaml). +All the following settings can be configured in the [config file](https://github.com/tlsnotary/tlsn/blob/dev/notary-server/config/config.yaml). 1. One *MUST* change the path of the following files, as by default dummy fixtures are used which is not secured at all From 9851287dd4ddeabc00de14da55a69c81eceb527b Mon Sep 17 00:00:00 2001 From: Christopher Chong Date: Mon, 18 Dec 2023 16:40:17 +0800 Subject: [PATCH 5/7] Update src/developers/notary_server.md Co-authored-by: Hendrik Eeckhaut --- src/developers/notary_server.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/developers/notary_server.md b/src/developers/notary_server.md index 9ca5f8a..b7d789a 100644 --- a/src/developers/notary_server.md +++ b/src/developers/notary_server.md @@ -5,7 +5,7 @@ This guide shows you how to run a [notary server](https://github.com/tlsnotary/t ## Configure Server Setting All the following settings can be configured in the [config file](https://github.com/tlsnotary/tlsn/blob/dev/notary-server/config/config.yaml). -1. One *MUST* change the path of the following files, as by default dummy fixtures are used which is not secured at all +1. Before running a notary server you need the following files. The default dummy fixtures are for testing only and should never be used in production. | File | Purpose | File Type | Compulsory to change | ----- | ------- | ------------------ | -------------------- | From df251f26e9b520e976867da18780d95516380fcd Mon Sep 17 00:00:00 2001 From: Christopher Chong Date: Mon, 18 Dec 2023 16:40:58 +0800 Subject: [PATCH 6/7] Update src/developers/notary_server.md Co-authored-by: Hendrik Eeckhaut --- src/developers/notary_server.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/developers/notary_server.md b/src/developers/notary_server.md index b7d789a..a990bc1 100644 --- a/src/developers/notary_server.md +++ b/src/developers/notary_server.md @@ -9,10 +9,10 @@ All the following settings can be configured in the [config file](https://github | File | Purpose | File Type | Compulsory to change | ----- | ------- | ------------------ | -------------------- | - | TLS private key | Private key used for notary server's TLS certificate to establish TLS connection with prover | Compatible TLS private key in PEM format | Yes unless TLS is turned off | - | TLS certificate | Notary server's TLS certificate to establish TLS connection with prover | Compatible TLS certificate in PEM format | Yes unless TLS is turned off | - | Notary signature private key | Private key used for notary server's signature on the generated transcript of the TLS session with prover | A P256 elliptic curve private key in PEM format | Yes | - | Notary signature public key | Public key used for notary server's signature on the generated transcript of the TLS session with prover | A public key (in PEM format) that corresponds to the private key above | Yes | + | TLS private key | The private key used for the notary server's TLS certificate to establish TLS connections with provers | Compatible TLS private key in PEM format | Yes unless TLS is turned off | + | TLS certificate | The notary server's TLS certificate to establish TLS connections with provers | Compatible TLS certificate in PEM format | Yes unless TLS is turned off | + | Notary signature private key | The private key used for the notary server's signature on the generated transcript of the TLS sessions with provers | A P256 elliptic curve private key in PEM format | Yes | + | Notary signature public key | The public key used for the notary server's signature on the generated transcript of the TLS sessions with provers | A matching public key (in PEM format) | Yes | 2. Expose the notary server port (specified in the config file) on your server networking setting 3. Optionally one can turn on [authorization](https://github.com/tlsnotary/tlsn/tree/dev/notary-server#authorization), or turn off [TLS](https://github.com/tlsnotary/tlsn/tree/dev/notary-server#optional-tls) if TLS is handled by an external setup From 973a67b522e34e6aa882d3ae401b6c3ced4c959c Mon Sep 17 00:00:00 2001 From: Christopher Chong Date: Mon, 18 Dec 2023 16:48:40 +0800 Subject: [PATCH 7/7] Minor adjustment to instruction. --- src/developers/notary_server.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/developers/notary_server.md b/src/developers/notary_server.md index a990bc1..f5539fb 100644 --- a/src/developers/notary_server.md +++ b/src/developers/notary_server.md @@ -9,10 +9,10 @@ All the following settings can be configured in the [config file](https://github | File | Purpose | File Type | Compulsory to change | ----- | ------- | ------------------ | -------------------- | - | TLS private key | The private key used for the notary server's TLS certificate to establish TLS connections with provers | Compatible TLS private key in PEM format | Yes unless TLS is turned off | - | TLS certificate | The notary server's TLS certificate to establish TLS connections with provers | Compatible TLS certificate in PEM format | Yes unless TLS is turned off | + | TLS private key | The private key used for the notary server's TLS certificate to establish TLS connections with provers | TLS private key in PEM format | Yes unless TLS is turned off | + | TLS certificate | The notary server's TLS certificate to establish TLS connections with provers | TLS certificate in PEM format | Yes unless TLS is turned off | | Notary signature private key | The private key used for the notary server's signature on the generated transcript of the TLS sessions with provers | A P256 elliptic curve private key in PEM format | Yes | - | Notary signature public key | The public key used for the notary server's signature on the generated transcript of the TLS sessions with provers | A matching public key (in PEM format) | Yes | + | Notary signature public key | The public key used for the notary server's signature on the generated transcript of the TLS sessions with provers | A matching public key in PEM format | Yes | 2. Expose the notary server port (specified in the config file) on your server networking setting 3. Optionally one can turn on [authorization](https://github.com/tlsnotary/tlsn/tree/dev/notary-server#authorization), or turn off [TLS](https://github.com/tlsnotary/tlsn/tree/dev/notary-server#optional-tls) if TLS is handled by an external setup