diff --git a/docs/notary_server.md b/docs/notary_server.md index 3e56ad8..b79589f 100644 --- a/docs/notary_server.md +++ b/docs/notary_server.md @@ -2,57 +2,51 @@ sidebar_position: 4 --- # Run a Notary Server - This guide shows you how to run a [notary server](https://github.com/tlsnotary/tlsn/tree/main/crates/notary/server) in an Ubuntu server instance. ## Configure Server Setting -All the following settings can be configured in the [config file](https://github.com/tlsnotary/tlsn/blob/main/crates/notary/server/config/config.yaml). +Refer to the server's [README.md](https://github.com/tlsnotary/tlsn/tree/main/crates/notary/server#configuration) for instructions on how to configure the following settings. -1. Before running a notary server you need the following files. ⚠️ The default dummy fixtures are for testing only and should never be used in production. +1. The following files are needed before running a notary server. - | File | Purpose | File Type | Compulsory to change | Sample Command | + | File | Purpose | File Type | Compulsory | Sample Command | | ---------------------------- | ------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------ | ---------------------------- | --------------------------------------------------------------------------------------------------------------------- | | TLS private key | The private key used for the notary server's TLS certificate to establish TLS connections with provers | TLS private key in PEM format | Yes unless TLS is turned off | \ | | TLS certificate | The notary server's TLS certificate to establish TLS connections with provers | TLS certificate in PEM format | Yes unless TLS is turned off | \ | - | Notary signature private key | The private key used for the notary server's signature on the generated transcript of the TLS sessions with provers | A K256 elliptic curve private key in PKCS#8 PEM format | Yes | `openssl genpkey -algorithm EC -out eckey.pem -pkeyopt ec_paramgen_curve:secp256k1 -pkeyopt ec_param_enc:named_curve` | - | Notary signature public key | The public key used for the notary server's signature on the generated transcript of the TLS sessions with provers | A matching public key in PEM format | Yes | `openssl ec -in eckey.pem -conv_form compressed -pubout -out eckey.pub` | - -2. Expose the notary server port (specified in the config file) on your server networking setting -3. Optionally one can turn on [authorization](https://github.com/tlsnotary/tlsn/tree/main/crates/notary/server#authorization), or turn off [TLS](https://github.com/tlsnotary/tlsn/tree/main/crates/notary/server#optional-tls) if TLS is handled by an external setup, e.g. reverse proxy, cloud setup + | Notary signing key | The private key used by the notary server to sign the attestation | A K256 or P256 elliptic curve private key in PKCS#8 PEM format | Yes | `openssl genpkey -algorithm EC -out eckey.pem -pkeyopt ec_paramgen_curve:secp256k1 -pkeyopt ec_param_enc:named_curve` | +2. Expose the notary server port (specified in the config) on your server networking setting. +3. Optionally one can turn on [authorization](https://github.com/tlsnotary/tlsn/tree/main/crates/notary/server#authorization), or turn off [TLS](https://github.com/tlsnotary/tlsn/tree/main/crates/notary/server#tls) if TLS is handled by an external setup, e.g. reverse proxy, cloud setup. ## Using Cargo - -1. Install required system dependencies +1. Install required system dependencies. ```bash sudo apt-get update && sudo apt-get upgrade sudo apt-get install libclang-dev pkg-config build-essential libssl-dev ``` -2. Install rust +2. Install rust. ```bash curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh source ~/.cargo/env ``` -3. Download notary server source code +3. Download the notary server source code. ```bash mkdir ~/src; cd ~/src git clone https://github.com/tlsnotary/tlsn.git ``` -4. Switch to your desired [released version](https://github.com/tlsnotary/tlsn/releases), or stay in the `main` branch to use the latest version (⚠️ only prover of the same version is supported for now) +4. Switch to your desired [released version](https://github.com/tlsnotary/tlsn/releases), or stay in the `main` branch to use the latest version (⚠️ only prover of the same version is supported for now). ```bash git checkout tags/ ``` -5. To configure the [server setting](#configure-server-setting), please refer to the `Using Cargo` section in the repo's [readme](https://github.com/tlsnotary/tlsn/blob/main/crates/notary/server/README.md#using-cargo) -6. Run the server +5. To configure the server setting, please refer to the server's [README.md](https://github.com/tlsnotary/tlsn/tree/main/crates/notary/server#configuration). +6. Run the server. ```bash -cd crates/notary/server -cargo run --release +cargo run --release --bin notary-server ``` ## Using Docker - -1. Install docker following your preferred method [here](https://docs.docker.com/engine/install/ubuntu/) -2. To configure the [server setting](#configure-server-setting), please refer to the `Using Docker` section in the repo's [readme](https://github.com/tlsnotary/tlsn/blob/main/crates/notary/server/README.md#using-docker) -3. Run the notary server docker image of your desired version (⚠️ only prover of the same version is supported for now) +1. Install docker following your preferred method [here](https://docs.docker.com/engine/install/ubuntu/). +2. To configure the server setting, please refer to the server's [README.md](https://github.com/tlsnotary/tlsn/tree/main/crates/notary/server#configuration). +3. Run the notary server docker image of your desired version (⚠️ only prover of the same version is supported for now). ```bash docker run --init -p 127.0.0.1:7047:7047 ghcr.io/tlsnotary/tlsn/notary-server: ``` @@ -62,11 +56,11 @@ Please refer to the list of all HTTP APIs [here](pathname:///swagger-ui/notary_s ## PSE Development Notary Server -> **_⚠️ WARNING:_** notary.pse.dev is hosted for development purposes only. You are welcome to use it for exploration and development; however, please refrain from building your business on it. Use it at your own risk. +> **_⚠️ WARNING:_** `notary.pse.dev` is hosted for development purposes only. You are welcome to use it for exploration and development; however, please refrain from building your business on it. Use it at your own risk. The TLSNotary team hosts a public notary server for development, experimentation, and demonstration purposes. The server is currently open to everyone, provided that it is used fairly. -We host multiple versions of the notary server: Check https://notary.pse.dev to get a list of the currently hosted versions. The version with a `-sgx` suffix run the TLSNotary notary software in a Trusted Execution Environment (TEE), Intel SGX on Azure. +We host multiple versions of the notary server: Check https://notary.pse.dev to get a list of the currently hosted versions. The version with a `-sgx` suffix run the notary server software in a Trusted Execution Environment (TEE), Intel SGX on Azure. You can verify the software attestation by visiting `https://notary.pse.dev//info`. To check the status of the notary server, visit the `healthcheck` endpoint at: diff --git a/docs/quick_start/browser_extension.md b/docs/quick_start/browser_extension.md index 4098664..e0e04dc 100644 --- a/docs/quick_start/browser_extension.md +++ b/docs/quick_start/browser_extension.md @@ -82,8 +82,7 @@ If you plan to run a local notary server: ``` 2. Run the notary server: ```sh - cd crates/notary/server - cargo run --release -- --tls-enabled false + cargo run --release --bin notary-server ``` The notary server will now be running in the background waiting for connections. diff --git a/docs/quick_start/tlsn-js.md b/docs/quick_start/tlsn-js.md index b083d93..57d9e4e 100644 --- a/docs/quick_start/tlsn-js.md +++ b/docs/quick_start/tlsn-js.md @@ -102,8 +102,7 @@ For this demo, we also need to run a local notary server. ``` 2. Run the notary server: ```sh - cd crates/notary/server - cargo run --release -- --tls-enabled false + cargo run --release --bin notary-server ``` The notary server will now be running in the background waiting for connections.