Local network only IPFS about orbitdb HOT 14 CLOSED

Thanks. I have created a question. I will leave the issue open here and if I get an answer I will add also the answer here and close it.

from orbitdb.

We do this by providing a set of preshared trusted peer ids to each node and leveraging the ConnectionGater and manually managing the dialing. Also, if you want a totally private network, just remove the Bootstrap Peer Discovery.

from orbitdb.

I believe you can create a private IPFS network. However, your question might be better directed at the IPFS community as they would be better positioned to help.

from orbitdb.

I have not received an answer from the IPFS community so far but I found this very good tutorial in IPFS. Key findings are:

• Set LIBP2P_FORCE_PNET=1 to enforce a local only network
• Set the CLUSTER_KEY so that no other can join. This seems to be the "cluster secret" in the IPFS implementation.
• Remove all bootstrap nodes

Is it possible to pass the CLUSTER_KEY to orbitdb somehow or utilize some already running cluster on the system?

from orbitdb.

Is it possible to pass the CLUSTER_KEY to orbitdb somehow or utilize some already running cluster on the system?

I'm guessing you would pass it to the IPFS instance that you have used to configure OrbitDB.

from orbitdb.

I could not find a configuration options for this. I have asked it again in the IPFS forum: https://discuss.ipfs.tech/t/setting-cluster-secret-in-ipfs-js/17459. Let's see if someone is able to give an answer.

from orbitdb.

@justin0mcateer if you remove the default bootstrap nodes, it is still possible to join the libp2p network by anyone and subscribe and publish to any topic if a public IP of such node is known. ipfs cids could be gathered like this imho.

from orbitdb.

@justin0mcateer if you remove the default bootstrap nodes, it is still possible to join the libp2p network by anyone and subscribe and publish to any topic if a public IP of such node is known. ipfs cids could be gathered like this imho.

I would guess the remote peer could dial the other peer manually once it has its address. I believe I've seen discussions around using pubsub as a method of peer discovery.

from orbitdb.

@haydenyoung Yes, sure that would be possible. Pub-sub-peer-discovery is a nice way to let other nodes know about each other. I am using it myself inside a WebRTC-Rust-Node successfully for the browsers to connect to each other.

However, if we want to prevent other nodes except a certain list, we need to use the connection gater as it seems as @justin0mcateer stated: https://github.com/libp2p/js-libp2p/blob/main/doc/CONFIGURATION.md#configuring-connection-gater.

I'd guess this could be also dynamically configured in open networks, e.g. when certain peers start misbehaving or spamming. But here I am still unclear if that could work without a blockchain.

from orbitdb.

However, if we want to prevent other nodes except a certain list, we need to use the connection gater as it seems as @justin0mcateer stated: https://github.com/libp2p/js-libp2p/blob/main/doc/CONFIGURATION.md#configuring-connection-gater.

The simplest solution seems to involve a list of deny peers.

I'd guess this could be also dynamically configured in open networks, e.g. when certain peers start misbehaving or spamming. But here I am still unclear if that could work without a blockchain.

What is the definition of a misbehaving peer? is this in the context of OrbitDB? Or IPFS?

from orbitdb.

@haydenyoung in context of OrbitDB e.g. some peer starts spamming a by all writable db. E.g. a AccessController could find out about such peers and add it to a deny peers list at some point.

from orbitdb.

@haydenyoung in context of OrbitDB e.g. some peer starts spamming a by all writable db. E.g. a AccessController could find out about such peers and add it to a deny peers list at some point.

Yes I was thinking that care should be taken opening up dbs to too much write access. If it is necessary to, say, have everyone write to a database, a rethink on why the database needs to be so open might be necessary.

from orbitdb.

So far I have not received any answer from the IPFS forum. Maybe setting the swarm key is not supported in Helia. I have found this issue: ipfs/js-ipfs#4005
As an alternative I was thinking about a way to manually check if the other peer is trusted, Can I check e.g in the join event or any other event maybe lower level in libp2p the other peers key?

from orbitdb.

You may get better traction asking the libp2p devs about peer verification.

from orbitdb.