31 restructue documentation (#138)

* removed korean documentation Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * removed CN and KOR readme Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * changed to the press theme Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * first changes Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * fixe H3 vs H1 issues Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * added missing png Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * added missing file Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * fixed warnings Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * moved documents Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * removed obsolete files Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * removed obsolete folder Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * removed obs. file Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * added some final changes Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * removed obs. reference Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com>
2026-02-20 02:23:50 +00:00 · 2022-06-09 15:00:11 +02:00
parent fa2c8a5cc5
commit 4ffd8ca9df
117 changed files with 314 additions and 1139 deletions
--- a/docs/root/source/node-setup/production-node/index.rst
+++ b/docs/root/source/node-setup/production-node/index.rst
@@ -0,0 +1,20 @@
+
+.. Copyright © 2020 Interplanetary Database Association e.V.,
+   Planetmint and IPDB software contributors.
+   SPDX-License-Identifier: (Apache-2.0 AND CC-BY-4.0)
+   Code is Apache-2.0 and docs are CC-BY-4.0
+
+Production Nodes
+================
+
+.. include:: node-requirements.md
+   :parser: myst_parser.sphinx_
+.. include:: node-assumptions.md
+   :parser: myst_parser.sphinx_
+.. include:: node-components.md
+   :parser: myst_parser.sphinx_
+.. include:: node-security-and-privacy.md
+   :parser: myst_parser.sphinx_
+.. include:: reverse-proxy-notes.md
+   :parser: myst_parser.sphinx_
+   
--- a/docs/root/source/node-setup/production-node/node-assumptions.md
+++ b/docs/root/source/node-setup/production-node/node-assumptions.md
@@ -0,0 +1,25 @@
+<!---
+Copyright © 2020 Interplanetary Database Association e.V.,
+Planetmint and IPDB software contributors.
+SPDX-License-Identifier: (Apache-2.0 AND CC-BY-4.0)
+Code is Apache-2.0 and docs are CC-BY-4.0
+--->
+
+# Production Node Assumptions
+
+Be sure you know the key Planetmint terminology:
+
+* [Planetmint node, Planetmint network and Planetmint consortium](https://docs.planetmint.io/en/latest/terminology.html)
+
+Note that there are a few kinds of nodes:
+
+- A **dev/test node** is a node created by a developer working on Planetmint Server, e.g. for testing new or changed code. A dev/test node is typically run on the developer's local machine.
+
+- A **bare-bones node** is a node deployed in the cloud, either as part of a testing network or as a starting point before upgrading the node to be production-ready.
+
+- A **production node** is a node that is part of a consortium's Planetmint network. A production node has the most components and requirements.
+
+We make some assumptions about production nodes:
+
+1. Each production node is set up and managed by an experienced professional system administrator or a team of them.
+1. Each production node in a network is managed by a different person or team.
--- a/docs/root/source/node-setup/production-node/node-components.md
+++ b/docs/root/source/node-setup/production-node/node-components.md
@@ -0,0 +1,30 @@
+<!---
+Copyright © 2020 Interplanetary Database Association e.V.,
+Planetmint and IPDB software contributors.
+SPDX-License-Identifier: (Apache-2.0 AND CC-BY-4.0)
+Code is Apache-2.0 and docs are CC-BY-4.0
+--->
+
+# Production Node Components
+
+A production Planetmint node must include:
+
+* Planetmint Server
+* MongoDB Server 3.4+ (mongod)
+* Tendermint
+* Storage for MongoDB and Tendermint
+
+It could also include several other components, including:
+
+* NGINX or similar, to provide authentication, rate limiting, etc.
+* An NTP daemon running on all machines running Planetmint Server or mongod, and possibly other machines
+* Probably _not_ MongoDB Automation Agent. It's for automating the deployment of an entire MongoDB cluster.
+* MongoDB Monitoring Agent
+* MongoDB Backup Agent
+* Log aggregation software
+* Monitoring software
+* Maybe more
+
+The relationship between the main components is illustrated below.
+
+![Components of a production node](../../_static/Node-components.png)
--- a/docs/root/source/node-setup/production-node/node-requirements.md
+++ b/docs/root/source/node-setup/production-node/node-requirements.md
@@ -0,0 +1,22 @@
+<!---
+Copyright © 2020 Interplanetary Database Association e.V.,
+Planetmint and IPDB software contributors.
+SPDX-License-Identifier: (Apache-2.0 AND CC-BY-4.0)
+Code is Apache-2.0 and docs are CC-BY-4.0
+--->
+
+# Production Node Requirements
+
+**This page is about the requirements of Planetmint Server.** You can find the requirements of MongoDB, Tendermint and other [production node components](node-components) in the documentation for that software.
+
+## OS Requirements
+
+Planetmint Server requires Python 3.9+ and Python 3.9+ [will run on any modern OS](https://docs.python.org/3.5/using/index.html), but we recommend using an LTS version of [Ubuntu Server](https://www.ubuntu.com/server) or a similarly server-grade Linux distribution.
+
+_Don't use macOS_ (formerly OS X, formerly Mac OS X), because it's not a server-grade operating system. Also, Planetmint Server uses the Python multiprocessing package and [some functionality in the multiprocessing package doesn't work on Mac OS X](https://docs.python.org/3.9/library/multiprocessing.html#multiprocessing.Queue.qsize).
+
+## General Considerations
+
+Planetmint Server runs many concurrent processes, so more RAM and more CPU cores is better.
+
+As mentioned on the page about [production node components](node-components), every machine running Planetmint Server should be running an NTP daemon.
--- a/docs/root/source/node-setup/production-node/node-security-and-privacy.md
+++ b/docs/root/source/node-setup/production-node/node-security-and-privacy.md
@@ -0,0 +1,18 @@
+<!---
+Copyright © 2020 Interplanetary Database Association e.V.,
+Planetmint and IPDB software contributors.
+SPDX-License-Identifier: (Apache-2.0 AND CC-BY-4.0)
+Code is Apache-2.0 and docs are CC-BY-4.0
+--->
+
+# Production Node Security & Privacy
+
+Here are some references about how to secure an Ubuntu 18.04 server:
+
+- [Ubuntu 18.04 - Ubuntu Server Guide - Security](https://help.ubuntu.com/lts/serverguide/security.html.en)
+- [Ubuntu Blog: National Cyber Security Centre publish Ubuntu 18.04 LTS Security Guide](https://blog.ubuntu.com/2018/07/30/national-cyber-security-centre-publish-ubuntu-18-04-lts-security-guide)
+
+Also, here are some recommendations a node operator can follow to enhance the privacy of the data coming to, stored on, and leaving their node:
+
+- Ensure that all data stored on a node is encrypted at rest, e.g. using full disk encryption. This can be provided as a service by the operating system, transparently to Planetmint, MongoDB and Tendermint.
+- Ensure that all data is encrypted in transit, i.e. enforce using HTTPS for the HTTP API and the Websocket API. This can be done using NGINX or similar, as we do with the IPDB Testnet.
--- a/docs/root/source/node-setup/production-node/reverse-proxy-notes.md
+++ b/docs/root/source/node-setup/production-node/reverse-proxy-notes.md
@@ -0,0 +1,58 @@
+<!---
+Copyright © 2020 Interplanetary Database Association e.V.,
+Planetmint and IPDB software contributors.
+SPDX-License-Identifier: (Apache-2.0 AND CC-BY-4.0)
+Code is Apache-2.0 and docs are CC-BY-4.0
+--->
+
+# Using a Reverse Proxy
+
+You may want to:
+
+* rate limit inbound HTTP requests,
+* authenticate/authorize inbound HTTP requests,
+* block requests with an HTTP request body that's too large, or
+* enable HTTPS (TLS) between your users and your node.
+
+While we could have built all that into Planetmint Server,
+we didn't, because you can do all that (and more)
+using a reverse proxy such as NGINX or HAProxy.
+(You would put it in front of your Planetmint Server,
+so that all inbound HTTP requests would arrive
+at the reverse proxy before *maybe* being proxied
+onwards to your Planetmint Server.)
+For detailed instructions, see the documentation
+for your reverse proxy.
+
+Below, we note how a reverse proxy can be used
+to do some Planetmint-specific things.
+
+You may also be interested in
+[our NGINX configuration file template](https://github.com/planetmint/nginx_3scale/blob/master/nginx.conf.template)
+(open source, on GitHub).
+
+
+## Enforcing a Max Transaction Size
+
+The Planetmint HTTP API has several endpoints,
+but only one of them, the `POST /transactions` endpoint,
+expects a non-empty HTTP request body:
+the transaction being submitted by the user.
+
+If you want to enforce a maximum-allowed transaction size
+(discarding any that are larger),
+then you can do so by configuring a maximum request body size
+in your reverse proxy.
+For example, NGINX has the `client_max_body_size`
+configuration setting. You could set it to 15 kB
+with the following line in your NGINX config file:
+
+```text
+client_max_body_size 15k;
+```
+
+For more information, see
+[the NGINX docs about client_max_body_size](https://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size).
+
+Note: By enforcing a maximum transaction size, you
+[indirectly enforce a maximum crypto-conditions complexity](https://github.com/planetmint/planetmint/issues/356#issuecomment-288085251).