tahoe-lafs/docs/servers.rst
Brian Warner 460cc826fd update docs
* replace sample IPv4/IPv6 addresses with reserved ones from RFC-6890
* remove initial blank line: prevents github from rendering the .rst
* emphasize --hostname, then have --port/--location as a special-case
* list --port first (describe it "from the inside out"), then --location
* explain difference between --port and --location
* in endpoint strings, put interface= at end, to emphasize port
* add servers.rst to index.rst so it'll show up on readthedocs
* don't mention "partial-cone NAT": that's only relevant if/when we get
  real ICE-style NAT-hole-punching
2016-09-14 12:45:53 -07:00

4.6 KiB

Configuring a Tahoe-LAFS server node for various network scenarios

  1. Storage node has a public DNS name
  2. Storage node has a public IPv4/IPv6 address
  3. Storage node is behind a firewall with port forwarding
  4. Using I2P/Tor to Avoid Port-Forwarding

The following are some suggested scenarios for configuring storage servers using various network transports. These examples do not include specifying an introducer FURL which normally you would want when provisioning storage nodes. For these and other configuration details please refer to configuration

Storage node has a public DNS name

The simplest case is when your storage host has a public IPv4 address, and there is a valid DNS "A" record that points to it (e.g. example.net). In this case, just do:

tahoe create-node --hostname=example.net

Ideally this should work for IPv6-capable hosts too (where the DNS name provides an "AAAA" record, or both "A" and "AAAA"). However Tahoe-LAFS support for IPv6 is new, and may still have problems. Please see ticket #867 for details.

Storage node has a public IPv4/IPv6 address

If the host has a routeable (public) IPv4 address (e.g. 203.0.113.1), but no DNS name, you will need to choose a TCP port (e.g. 3457), and use the following:

tahoe create-node --port=tcp:3457 --location=tcp:203.0.113.1:3457

--port is an "endpoint specification string" that controls which local port the node listens on. --location is the "connection hint" that it advertises to others, and describes the outbound connections that those clients will make, so it needs to work from their location on the network.

Tahoe-LAFS nodes listen on all interfaces by default. When the host is multi-homed, you might want to make the listening port bind to just one specific interface by adding a interface= option to the --port= argument:

tahoe create-node --port=tcp:3457:interface=203.0.113.1 --location=tcp:203.0.113.1:3457

If the host's public address is IPv6 instead of IPv4, use square brackets to wrap the address, and change the endpoint type to tcp6:

tahoe create-node --port=tcp6:3457 --location=tcp:[2001:db8::1]:3457

You can use interface= to bind to a specific IPv6 interface too, however you must backslash-escape the colons, because otherwise they are interpreted as delimiters by the Twisted "endpoint" specification language. The --location= argument does not need colons to be escaped, because they are wrapped by the square brackets:

tahoe create-node --port=tcp6:3457:interface=2001\:db8\:\:1 --location=tcp:[2001:db8::1]:3457

For IPv6-only hosts with AAAA DNS records, if the simple --hostname= configuration does not work, they can be told to listen specifically on an IPv6-enabled port with this:

tahoe create-node --port=tcp6:3457 --location=tcp:example.net:3457

Storage node is behind a firewall with port forwarding

To configure a storage node behind a firewall with port forwarding you will need to know:

  • public IPv4 address of the router
  • the TCP port that is available from outside your network
  • the TCP port that is the forwarding destination
  • internal IPv4 address of the storage node (the storage node itself is unaware of this address, and it is not used during tahoe create-node, but the firewall must be configured to send connections to this)

The internal and external TCP port numbers could be the same or different depending on how the port forwarding is configured. If it is mapping ports 1-to-1, and the public IPv4 address of the firewall is 203.0.113.1 (and perhaps the internal IPv4 address of the storage node is 192.168.1.5), then use a CLI command like this:

tahoe create-node --port=tcp:3457 --location=tcp:203.0.113.1:3457

If however the firewall/NAT-box forwards external port 6656 to internal port 3457, then do this:

tahoe create-node --port=tcp:3457 --location=tcp:203.0.113.1:6656

Using I2P/Tor to Avoid Port-Forwarding

I2P and Tor onion services, among other great properties, also provide NAT penetration. So setting up a server that listens only on Tor is simple:

tahoe create-node --listen=tor

For more information about using Tahoe-LAFS with I2p and Tor see anonymity-configuration