isle/docs/operator/contributing-a-lighthouse.md

# Contributing a Lighthouse

The [nebula][nebula] project provides the VPN component which is used by
cryptic-net. Every nebula network requires at least one (but preferably more)
publicly accessible hosts. These hosts are called lighthouses.

Lighthouses do _not_ route traffic between hosts on the VPN. Rather, they
coordinate VPN hosts to talk directly to each other, and handle the details of
NAT punching through any NATs that hosts might be behind. As such, they are very
lightweight to run, and require no storage resources at all.

If your host machine has a public static IP, or a dynamic public IP with
[dDNS][ddns] set up, then it can contribute a lighthouse for cryptic-net.

[nebula]: https://github.com/slackhq/nebula
[ddns]: https://www.cloudflare.com/learning/dns/glossary/dynamic-dns/

## Setup network

The first step is to pick a UDP port you will expose the lighthouse on. It
doesn't really matter which port you pick, but a number over 1024 is
recommended.

If your host is behind a NAT, ensure that the gateway is setup to forward UDP
traffic on that port to your host.

Configure your host's firewall to allow all UDP traffic on that port.

## Create daemon.yml

First, if you haven't already, [create a `daemon.yml`
file](../user/creating-a-daemonyml-file.md). This will be used to
configure your `cryptic-net daemon` process with the public address that other
hosts can find your daemon on.

## Edit daemon.yml

Open your `daemon.yml` file  in a text editor, and find the `vpn.public_addr`
field. Update that field to reflect your host's IP/DNS name and your chosen UDP
port.

## Restart the Daemon

With the `daemon.yml` configured, you should restart your `cryptic-net daemon`
process. On startup the daemon will add its public address to the global
configuration, which other hosts will pick up on and begin using.
First public commit There has been over 1 year of commit history leading up to this point, but almost all of that has had some kind network configuration or secrets built into the code. As of today all of that has been removed, and the codebase can finally be published! I am keeping a private copy of the previous commit history, though it's unclear if it will ever be able to be published. 2021-04-20 21:31:37 +00:00			`# Contributing a Lighthouse`

			`The [nebula][nebula] project provides the VPN component which is used by`
			`cryptic-net. Every nebula network requires at least one (but preferably more)`
			`publicly accessible hosts. These hosts are called lighthouses.`

			`Lighthouses do _not_ route traffic between hosts on the VPN. Rather, they`
			`coordinate VPN hosts to talk directly to each other, and handle the details of`
			`NAT punching through any NATs that hosts might be behind. As such, they are very`
			`lightweight to run, and require no storage resources at all.`

			`If your host machine has a public static IP, or a dynamic public IP with`
			`[dDNS][ddns] set up, then it can contribute a lighthouse for cryptic-net.`

			`[nebula]: https://github.com/slackhq/nebula`
			`[ddns]: https://www.cloudflare.com/learning/dns/glossary/dynamic-dns/`

			`## Setup network`

			`The first step is to pick a UDP port you will expose the lighthouse on. It`
			`doesn't really matter which port you pick, but a number over 1024 is`
			`recommended.`

			`If your host is behind a NAT, ensure that the gateway is setup to forward UDP`
			`traffic on that port to your host.`

			`Configure your host's firewall to allow all UDP traffic on that port.`

			`## Create daemon.yml`

			First, if you haven't already, [create a `daemon.yml`
			`file](../user/creating-a-daemonyml-file.md). This will be used to`
			configure your `cryptic-net daemon` process with the public address that other
			`hosts can find your daemon on.`

			`## Edit daemon.yml`

			Open your `daemon.yml` file in a text editor, and find the `vpn.public_addr`
			`field. Update that field to reflect your host's IP/DNS name and your chosen UDP`
			`port.`

			`## Restart the Daemon`

			With the `daemon.yml` configured, you should restart your `cryptic-net daemon`
			`process. On startup the daemon will add its public address to the global`
			`configuration, which other hosts will pick up on and begin using.`