Run a Notary Server
This guide shows you how to run a notary server in an Ubuntu server instance.
Configure Server Setting
All the following settings can be configured in the config file.
-
Before running a notary server you need the following files. The default dummy fixtures are for testing only and should never be used in production.
File Purpose File Type Compulsory to change Sample Command TLS private key The private key used for the notary server's TLS certificate to establish TLS connections with provers TLS private key in PEM format Yes unless TLS is turned off <Generated when creating CSR for your Certificate Authority, e.g. using Certbot> TLS certificate The notary server's TLS certificate to establish TLS connections with provers TLS certificate in PEM format Yes unless TLS is turned off <Obtained from your Certificate Authority, e.g. Let's Encrypt> Notary signature private key The private key used for the notary server's signature on the generated transcript of the TLS sessions with provers A P256 elliptic curve private key in PKCS#8 PEM format Yes openssl genpkey -algorithm EC -out eckey.pem -pkeyopt ec_paramgen_curve:P-256 -pkeyopt ec_param_enc:named_curve
Notary signature public key The public key used for the notary server's signature on the generated transcript of the TLS sessions with provers A matching public key in PEM format Yes openssl ec -in eckey.pem -pubout -out eckey.pub
-
Expose the notary server port (specified in the config file) on your server networking setting
-
Optionally one can turn on authorization, or turn off TLS if TLS is handled by an external setup, e.g. reverse proxy, cloud setup
Using Cargo
- Install required system dependencies
sudo apt-get update && sudo apt-get upgrade
sudo apt-get install libclang-dev pkg-config build-essential libssl-dev
- Install rust
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
source ~/.cargo/env
- Download notary server source code
mkdir ~/src; cd ~/src
git clone https://github.com/tlsnotary/tlsn.git
- Switch to your desired released version, or stay in the
dev
branch to use the latest code (⚠️ only prover of the same version is supported for now)
git checkout tags/<version>
- To configure the server setting, please refer to the
Using Cargo
section in the repo's readme - Run the server
cd tlsn/notary-server
cargo run --release
Using Docker
- Install docker following your preferred method here
- To configure the server setting, please refer to the
Using Docker
section in the repo's readme - Run the notary server docker image of your desired version (⚠️ only prover of the same version is supported for now)
docker run --init -p 127.0.0.1:7047:7047 ghcr.io/tlsnotary/tlsn/notary-server:<version>
API Endpoints
Please refer to the list of all HTTP APIs here, and WebSocket APIs here.
PSE Development Notary Server
⚠️ WARNING: notary.pse.dev is hosted for development purposes only. You are welcome to use it for exploration and development; however, please refrain from building your business on it. Use it at your own risk.
The TLSNotary team hosts a public notary server for development, experimentation, and demonstration purposes. The server is currently open to everyone, provided that it is used fairly.
We host multiple versions of the notary server:
Version | Notary URL | Info/Status | GitHub | Note |
---|---|---|---|---|
v0.1.0-alpha.5 | https://notary.pse.dev/v0.1.0-alpha.5 | info/health | v0.1.0-alpha.5 | Release notes |
(deprecated) | https://notary.pse.dev | info/health | v0.1.0-alpha.4 | This url will be removed when alpha.6 is released |
v0.1.0-alpha.4 | https://notary.pse.dev/v0.1.0-alpha.4 | info/health | v0.1.0-alpha.4 | Release notes |
v0.1.0-alpha.3 | https://notary.pse.dev/v0.1.0-alpha.3 | info/health | v0.1.0-alpha.3 | Release notes |
nightly | https://notary.pse.dev/nightly | info/health | dev |
For more details on the deployment, refer to this GitHub Action.
To check the status of the notary server, visit the healthcheck
endpoint at:
https://notary.pse.dev/<version>/healthcheck
WebSocket Proxy Server
Because web browsers don't have the ability to make TCP connections directly, TLSNotary requires a WebSocket proxy to set up TCP connections when it is used in a browser. To facilitate the exploration of TLSNotary and to run the examples easily, the TLSNotary team hosts a public WebSocket proxy server. This server can be used to access the following whitelisted domains:
api.twitter.com:443
twitter.com:443
gateway.reddit.com:443
reddit.com:443
swapi.dev:443
You can utilize this WebSocket proxy with the following syntax:
wss://notary.pse.dev/proxy?token=<domain>
Replace <domain>
with the domain you wish to access (for example, swapi.dev
).