Router Operator
How to improve router security by P2P
Learn more about how to improve router security
Some Tips
- Use private network for your Router, you don’t need to use public ip.
So the scheme would be like:
router --> cloud nat --> internet
AWS docs: private instances and cloud nat
GCP docs: private vpc and cloud nat
- Use web3signer to protect router signer key.
- Use Router Smart Contract, so Router liquidity could be moved only to recipient address. More info here
- Don’t expose
ROUTER_EXTERNAL_PORT
to public.
Example from docker-compose file:
Copy to Clipboard
- Set strong
adminToken
for Router API
You can usepwgen
for generating strong passwords:
Copy to Clipboard
- To prevent leaking of
adminToken
you can store Router config file in thetmpfs
and unmout after router is started.
You need to generate and move config to tmpfs on each router restart. Don’t forget to backup mnemonic!!!
Create tmpfs
Copy to Clipboard
- Move config to tmpfs
Copy to Clipboard
- Change volume point in docker-compose(use type bind):
Copy to Clipboard
- Run docker-compose
Umount tmpfs dir. After that step all data in/mnt/tmpfs/
will be lost.
umount /mnt/tmpfs
- Don’t use same mnemonic for testnet and mainnet
Copy to Clipboard
- Run docker-compose
Copy to Clipboard
- After that step all data in
/mnt/tmpfs/
will be lost.
Copy to Clipboard
- Don’t use same mnemonic for testnet and mainnet