Run a Notary Server

This guide shows you how to run a notary server in an Ubuntu server instance.

Configure Server Setting

All the following settings can be configured in the config file.

  1. Before running a notary server you need the following files. The default dummy fixtures are for testing only and should never be used in production.

    FilePurposeFile TypeCompulsory to changeSample Command
    TLS private keyThe private key used for the notary server's TLS certificate to establish TLS connections with proversTLS private key in PEM formatYes unless TLS is turned off<Generated when creating CSR for your Certificate Authority, e.g. using Certbot>
    TLS certificateThe notary server's TLS certificate to establish TLS connections with proversTLS certificate in PEM formatYes unless TLS is turned off<Obtained from your Certificate Authority, e.g. Let's Encrypt>
    Notary signature private keyThe private key used for the notary server's signature on the generated transcript of the TLS sessions with proversA P256 elliptic curve private key in PKCS#8 PEM formatYesopenssl genpkey -algorithm EC -out eckey.pem -pkeyopt ec_paramgen_curve:P-256 -pkeyopt ec_param_enc:named_curve
    Notary signature public keyThe public key used for the notary server's signature on the generated transcript of the TLS sessions with proversA matching public key in PEM formatYesopenssl ec -in eckey.pem -pubout -out eckey.pub
  2. Expose the notary server port (specified in the config file) on your server networking setting

  3. Optionally one can turn on authorization, or turn off TLS if TLS is handled by an external setup, e.g. reverse proxy, cloud setup

Using Cargo

  1. Install required system dependencies
sudo apt-get update && sudo apt-get upgrade
sudo apt-get install libclang-dev pkg-config build-essential libssl-dev
  1. Install rust
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
source ~/.cargo/env
  1. Download notary server source code
 mkdir ~/src; cd ~/src
 git clone https://github.com/tlsnotary/tlsn.git
  1. Switch to your desired released version, or stay in the dev branch to use the latest code (⚠️ only prover of the same version is supported for now)
git checkout tags/<version>
  1. To configure the server setting, please refer to the Using Cargo section in the repo's readme
  2. Run the server
cd tlsn/notary-server
cargo run --release

Using Docker

  1. Install docker following your preferred method here
  2. To configure the server setting, please refer to the Using Docker section in the repo's readme
  3. Run the notary server docker image of your desired version (⚠️ only prover of the same version is supported for now)
docker run --init -p 127.0.0.1:7047:7047 ghcr.io/tlsnotary/tlsn/notary-server:<version>

API Endpoints

Please refer to the list of all API endpoints here.