Raptoreum Docs

How To Setup a Public IPFS Cluster Gateway

Charlie -

If you have not already, you will need to setup a IPFS node and Join The IPFS Cluster.

What You Need

  • A domain name or existing domain you can create a sub-domain on. Namesilo has great pricing and accepts Bitcoin without any KYC.
  • A Cloudflare account (free).
  • A VPS / server that has already joined the Raptoreum cluster. I use Ubuntu 20.04 for this doc.

If you need help on how to change nameservers on your domain to use Cloudflares do a quick search, it is very well documented. I strongly recommend using Cloudflare, it puts a layer of protection in front of your gateway and hides the IP.

Update OS & Install NGINX

apt update && apt upgrade -y
apt install nginx -y

Configure IPFS Gateway For Public Use

nano ~/.ipfs/config

Make the following changes:

  • "NoFetch": true, >> "NoFetch": false,
  • Add this line: "Writable": false,

Restart IPFS:

systemctl restart ipfs

Cloudflare Setup

If you have purchased a domain and changed the nameservers on it to Cloudflare nameservers, make sure the changed have fully propagated. The change normally takes 3-4 hours, but can take up to 24. Cloudflare will notify you, that your domain is active once it detects the change.

Add an A-Record

This is how you point your domain, or sub-domain at your servers IP address.

  • Click DNS on the left hand menu
  • Click Add Record and fill it out like this:

If using a sub-domain, replace @ with the first part of the sub-domain. For example ipfs.raptoreum.com, I would put only "ipfs". Click save.

Generate Cloudflare Origin SSL

  • In left menu go to SSL/TLS > Origin Server
  • Click Create Certificate

Fill it out like this:

*Don't forget to replace ipfs.raptoreum.com with your domain.

Once you click create you will be shown the certificate and the private key. Don't close this page until you have put them on the server.

Add the certificate:

sudo nano /etc/ssl/yourdomain.com.pem

Add the private key:

sudo nano /etc/ssl/yourdomain.com.key
Note: Don't forget to replace yourdomain.com with your domain.

Configure Nginx as Reverse Proxy For IPFS Gateway

Create nginx config:

sudo nano /etc/nginx/sites-available/yourdomain.com

Paste in this config:

server {
    listen 443 ssl;
    server_name yourdomain.com;

    ssl_certificate /etc/ssl/yourdomain.com.pem;
    ssl_certificate_key /etc/ssl/yourdomain.com.key;

    # Real IP from Cloudflare
    set_real_ip_from 173.245.48.0/20;
    set_real_ip_from 103.21.244.0/22;
    set_real_ip_from 103.22.200.0/22;
    set_real_ip_from 103.31.4.0/22;
    set_real_ip_from 141.101.64.0/18;
    set_real_ip_from 108.162.192.0/18;
    set_real_ip_from 190.93.240.0/20;
    set_real_ip_from 188.114.96.0/20;
    set_real_ip_from 197.234.240.0/22;
    set_real_ip_from 198.41.128.0/17;
    set_real_ip_from 162.158.0.0/15;
    set_real_ip_from 104.16.0.0/12;
    set_real_ip_from 172.64.0.0/13;
    set_real_ip_from 131.0.72.0/22;
    real_ip_header CF-Connecting-IP;

    location / {
        proxy_pass http://127.0.0.1:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        server_tokens off;

        # Rate limiting
        limit_req_zone $binary_remote_addr zone=ipfs:10m rate=1r/s;
        limit_req zone=ipfs burst=10;

        # Allow only GET, HEAD, OPTIONS
        limit_except GET HEAD OPTIONS {
            deny all;
        }
    }

    client_max_body_size 10M; # Limit request size
}

server {
    listen 80;
    server_name yourdomain.com;
    return 301 https://$host$request_uri;
}

Link the config to sites-enabled: