isle/docs/operator/contributing-a-lighthouse.md

# Contributing a Lighthouse

The [nebula][nebula] project provides the VPN component which is used by
Isle. Every nebula network requires at least one (but preferably more)
publicly accessible hosts. These hosts are called lighthouses.

Lighthouses do _not_ route traffic between hosts on the VPN. Rather, they
coordinate VPN hosts to talk directly to each other, and handle the details of
NAT punching through any NATs that hosts might be behind. As such, they are very
lightweight to run, and require no storage resources at all.

If your host machine has a public static IP, or a dynamic public IP with
[dDNS][ddns] set up, then it can contribute a lighthouse.

[nebula]: https://github.com/slackhq/nebula
[ddns]: https://www.cloudflare.com/learning/dns/glossary/dynamic-dns/

## Setup network

The first step is to pick a UDP port you will expose the lighthouse on. It
doesn't really matter which port you pick, but a number over 1024 is
recommended.

If your host is behind a NAT, ensure that the gateway is setup to forward UDP
traffic on that port to your host.

Configure your host's firewall to allow all UDP traffic on that port.

## Edit daemon.yml

Open your `/etc/isle/daemon.yml` file in a text editor, and find the
`vpn.public_addr` field. Update that field to reflect your host's IP/DNS name
and your chosen UDP port.

## Restart the Daemon

With the `daemon.yml` configured, you should restart your `isle daemon`
process. On startup the daemon will add its public address to the global
configuration, which other hosts will pick up on and begin using.
First public commit There has been over 1 year of commit history leading up to this point, but almost all of that has had some kind network configuration or secrets built into the code. As of today all of that has been removed, and the codebase can finally be published! I am keeping a private copy of the previous commit history, though it's unclear if it will ever be able to be published. 2021-04-20 21:31:37 +00:00			`# Contributing a Lighthouse`

			`The [nebula][nebula] project provides the VPN component which is used by`
Perform all in-code renames which don't affect actual functionality 2023-08-05 21:53:17 +00:00			`Isle. Every nebula network requires at least one (but preferably more)`
First public commit There has been over 1 year of commit history leading up to this point, but almost all of that has had some kind network configuration or secrets built into the code. As of today all of that has been removed, and the codebase can finally be published! I am keeping a private copy of the previous commit history, though it's unclear if it will ever be able to be published. 2021-04-20 21:31:37 +00:00			`publicly accessible hosts. These hosts are called lighthouses.`

			`Lighthouses do _not_ route traffic between hosts on the VPN. Rather, they`
			`coordinate VPN hosts to talk directly to each other, and handle the details of`
			`NAT punching through any NATs that hosts might be behind. As such, they are very`
			`lightweight to run, and require no storage resources at all.`

			`If your host machine has a public static IP, or a dynamic public IP with`
Perform all in-code renames which don't affect actual functionality 2023-08-05 21:53:17 +00:00			`[dDNS][ddns] set up, then it can contribute a lighthouse.`
First public commit There has been over 1 year of commit history leading up to this point, but almost all of that has had some kind network configuration or secrets built into the code. As of today all of that has been removed, and the codebase can finally be published! I am keeping a private copy of the previous commit history, though it's unclear if it will ever be able to be published. 2021-04-20 21:31:37 +00:00
			`[nebula]: https://github.com/slackhq/nebula`
			`[ddns]: https://www.cloudflare.com/learning/dns/glossary/dynamic-dns/`

			`## Setup network`

			`The first step is to pick a UDP port you will expose the lighthouse on. It`
			`doesn't really matter which port you pick, but a number over 1024 is`
			`recommended.`

			`If your host is behind a NAT, ensure that the gateway is setup to forward UDP`
			`traffic on that port to your host.`

			`Configure your host's firewall to allow all UDP traffic on that port.`

			`## Edit daemon.yml`

Update documentation 2024-07-07 11:37:26 +00:00			Open your `/etc/isle/daemon.yml` file in a text editor, and find the
			`vpn.public_addr` field. Update that field to reflect your host's IP/DNS name
			`and your chosen UDP port.`
First public commit There has been over 1 year of commit history leading up to this point, but almost all of that has had some kind network configuration or secrets built into the code. As of today all of that has been removed, and the codebase can finally be published! I am keeping a private copy of the previous commit history, though it's unclear if it will ever be able to be published. 2021-04-20 21:31:37 +00:00
			`## Restart the Daemon`

Perform all in-code renames which don't affect actual functionality 2023-08-05 21:53:17 +00:00			With the `daemon.yml` configured, you should restart your `isle daemon`
First public commit There has been over 1 year of commit history leading up to this point, but almost all of that has had some kind network configuration or secrets built into the code. As of today all of that has been removed, and the codebase can finally be published! I am keeping a private copy of the previous commit history, though it's unclear if it will ever be able to be published. 2021-04-20 21:31:37 +00:00			`process. On startup the daemon will add its public address to the global`
			`configuration, which other hosts will pick up on and begin using.`