How to host a Swarm Gateway

# How to setup a Swarm Gateway to host your websites and dapps **Note:** If you're planning to run a Swarm Gateway, there are a few things you should be aware of to ensure that your setup is secure and functional. Please be aware of the risks and legal liabilities of allowing anyone to upload/access arbitrary content, understand the resource requirements and keep your software up to date. ## TLDR This tutorial will show you how to set up a public Swarm gateway. By following the steps outlined, you can quickly host a bee node, install a gateway proxy, and configure SSL certificates and DNS records for your gateway's domain. This will enable you to offer a Swarm gateway service with your own domain and allow you to serve your web3 dapps in a more traditional way where end users can be onboarded easily. ## Introduction ### What is a Swarm Gateway? Swarm is a decentralised p2p network. Users need an access point to read/write content that is stored on the Swarm network. Running a Bee node or installing the Swarm Desktop are two of the ways to accomplish this. Gateways provide a convenient third alternative that: * requires no installation or bee node setup on the dapp user’s end * and allows users to access content on the Swarm network through standard HTTP/HTTPS requests in the web browser In other words, Swarm Gateways enable HTTP traffic to access the p2p Swarm. Like an RPC endpoint for a blockchain, they make some compromises in return for ease of access - so that your dapp’s users can access your dapp without running a bee node themselves. ### What is BZZ.link Bzz.link is a Swarm gateway provided and maintained by the Swarm Foundation. It serves as a public access point to the Swarm network, enabling interaction with content hosted on Swarm. By incorporating an ENS domain name or a Swarm CID as a subdomain under bzz.link, you can access your preferred dapps in a simple and user-friendly format. It also provides a secure context for accessing these dapps, ensuring that your data and communications are protected and encrypted. A few such examples are: \ * [https://swarm.bzz.link](http://swarm.bzz.link) * [https://fairdataprotocol.bzz.link/](https://fairdataprotocol.bzz.link/) * [https://bah5qcgza7x6rod3tsu54eywzg3j2kmu3pb4yam25ybkhamv3fjrdt27jlj3a.bzz.link/](https://bah5qcgza7x6rod3tsu54eywzg3j2kmu3pb4yam25ybkhamv3fjrdt27jlj3a.bzz.link/) You can learn to host your own gateway (just like BZZ.link) by following this tutorial. \ \ What you will need: * a domain name * a host machine running a linux server at home or on the cloud * a cloudflare account to manage your gateway domain’s DNS records and to resolve your domain’s SSL/TLS certificates from [Lets Encrypt](https://letsencrypt.org/). ## Setting up the Gateway ### Step 1: Purchase a domain name You can buy a domain name from one of the many domain registrars. For the next steps, we will assume that the purchased domain is `my-swarm-gateway.org` ### Step 2: Find a Host If you are hosting at home, you can use any old machine running a linux server to host the gateway. A static IP is preferred although a DDNS setup can be an alternative solution. If you are hosting on the cloud, any standard VPS server or droplet would suffice. Next we will need the ip address of your host. You can find your IP address by running `curl icanhazip.com` or `curl ident.me`. For the article, we will assume that the IP address of our host server is `12.123.123.12` ### Step 3: Cloudflare Signup Register for an account at [Cloudflare](https://www.cloudflare.com/). \ \ _Note: We are using Cloudflare in this example to manage our domain’s DNS and SSL certificates. You may use any other provider of your choice to accomplish this._ ### Step 4: Setup Cloudflare to manage your domain After signing in to your Cloudflare account: \ 1. click “Add a Site” button 2. enter the gateway domain 3. click “Add Site” button 4. On the next ‘Select Plans’ page, 1. scroll down 2. select the “Free” plan 3. and click “Continue” button 5. On the next “DNS Management” page 1. click “Add Record” and add a record with your domain name and IP address: * Type: **A** * Name:** my-swarm-gateway.org** * IPv4 address:** 12.123.123.12 (Your IP address from Step 2)** 2. click “Save” 3. click “Add Record” and add a catch-all subdomain record for your domain: * Type: A * Name: *.**my-swarm-gateway.org** * IPv4 address:** 12.123.123.12 (IP address from Step 2)** 4. click “Save” 5. click “Continue” 6. Take note of the two Cloudflare’s nameservers from the “Change your nameservers” page. eg: * **evan.ns.cloudflare.com** * **meilani.ns.cloudflare.com** 7. Click “Done, check nameservers” 8. Click “Get Started” * Enable “Automatic HTTPS Rewrites” and click “Save” * Enable “Always Use HTTPS” and click “Save” * Enable “Brotli” and click “Save” * Click “Finish” 6. Finally, in the Overview Page, click the link “Get your API token” on the right hand sidebar 1. Click “Create Token” 2. Use “Edit Zone DNS” template 3. Under Zone Resources: * Select “All zones” 4. Scroll down and click “Continue to summary” 5. Click “Create Token” 6. Copy the DNS API token displayed and save it down somewhere safe. ### Step 4: Update DNS nameservers on your Domain Registrar Log in to your Domain Registrar where you purchased the domain. Remove existing nameservers and update it with the two Cloudflare nameservers from the previous step (5.6) . ### Step 5: Gateway Setup SSH into your host machine’s console and run the following commands. 1. Create project directory * `mkdir my-swarm-gateway` 2. Create an empty `docker-compose.yml` file * `touch docker-compose.yml` 3. Paste the contents from [this gist file](https://gist.github.com/rampall/de2ef1c3fce31b9cde658a2146e18028#file-docker-compose-yaml) into the one you created. * The docker-compose.yml file sets up: * a quickstart `bee` node running in lightweight mode 4. Replace all occurrences of the following parts with values based on your settings * `YOUR_EMAIL_ID_HERE`` * eg: my-email-id@email.com * `YOUR_GATEWAY_DOMAIN_HERE` * eg: my-swarm-gateway.org * `YOUR_CLOUDFLARE_ACCOUNT_EMAIL_ID_HERE` * eg: my-email-id@email.com * `YOUR_CLOUDFLARE_DNS_API_TOKEN_HERE` * `YOUR_PURCHASED_POSTAGE_STAMP_HERE` * `YOUR_BEE_PASSWORD_HERE` 5. Run: * `docker compose up -d` * ![image](https://hackmd.io/_uploads/ryYJlYZ4p.png) ## Wrapping up Congratulations, you’ve officially set up a public Swarm gateway! Now that your gateway is up and running you will be able to serve content on Swarm. Your users can now access content via: * Subdomain resolution * RECOMMENDED - to ensure the security provided by the same-origin policy) * [http:/<ENS-NAME>.my-swarm-gateway.org/](http://www.my-swarm-gateway.org/bzz/) * Docs - [Link an ENS domain to a website.](https://docs.ethswarm.org/docs/develop/access-the-swarm/host-your-website/#link-an-ens-domain-to-a-website) * [http:/<SWARM-CID>.my-swarm-gateway.org/](http://www.my-swarm-gateway.org/bzz/) (on subdomains ) * Use [`swarm-cid-js`](https://github.com/ethersphere/swarm-cid-js) or [`swarm-cid-converter`](https://github.com/agazso/swarm-cid-converter) * Path resolution * NOT RECOMMENDED for websites or dapps as they do not provide origin isolation * [http://www.my-swarm-gateway.org/bzz/<SWARM-HASH>/](http://www.my-swarm-gateway.org/bzz/) * [http://www.my-swarm-gateway.org/bzz/<ENS-NAME>.eth/](http://www.my-swarm-gateway.org/bzz/) (if the ENS has been mapped to the swarm hash) A few websites hosted on swarm that you can test on your gateway are * [https://fairdatasociety.my-swarm-gateway.org/](https://fairdatasociety.my-swarm-gateway.org/) * [https://fairdataprotocol.my-swarm-gateway.org/](https://fairdatasociety.my-swarm-gateway.org/) In real world scenarios, you would want to configure your gateway with whitelisting and authentication secrets so that your gateway serves only the data your dapp trusts and needs in order for optimal usage of resources and bandwidth. **Note:** If you're planning to run a Swarm Gateway, there are a few things you should be aware of to ensure that your setup is secure and functional. Please be aware of the risks and legal liabilities of allowing anyone to upload/access arbitrary content, understand the resource requirements and keep your software up to date.