Router Operator

How to improve router security by P2P

Learn more about how to improve router security

jazkamer

Author

The Connext Academy’s router operators team from p2p.org created this guide on how to improve router security.

Some Tips

  1. Use private network for your Router, you don’t need to use public ip.
    So the scheme would be like:
    router --> cloud nat --> internet
    AWS docs: private instances and cloud nat
    GCP docs: private vpc and cloud nat
  1. Use web3signer to protect router signer key.
  1. Use Router Smart Contract, so Router liquidity could be moved only to recipient address. More info here
  1. Don’t expose ROUTER_EXTERNAL_PORT to public.
    Example from docker-compose file:
Copy to Clipboard
  1. Set strong adminToken for Router API
    You can use pwgen for generating strong passwords:
Copy to Clipboard
  1. To prevent leaking of adminToken you can store Router config file in the tmpfs and unmout after router is started.
    You need to generate and move config to tmpfs on each router restart. Don’t forget to backup mnemonic!!!
    Create tmpfs
Copy to Clipboard
  1. Move config to tmpfs
Copy to Clipboard
  1. Change volume point in docker-compose(use type bind):
Copy to Clipboard
  1. Run docker-compose
    Umount tmpfs dir. After that step all data in /mnt/tmpfs/ will be lost.
    umount /mnt/tmpfs
  2. Don’t use same mnemonic for testnet and mainnet
Copy to Clipboard
  1. Run docker-compose
Copy to Clipboard
  1. After that step all data in /mnt/tmpfs/ will be lost.
Copy to Clipboard
  1. Don’t use same mnemonic for testnet and mainnet