Threshold Access Control (TACo)
  • What is TACo?
    • How TACo works
    • Value Propositions
  • Use cases
    • Seed phrase recovery & transfer
    • Digital Rights Management for on-chain assets
    • Trustless channels for journalists, archivists & whistleblowers
    • Crowdsourcing real-world data with trustless contribution
  • Quickstart (Testnet)
  • Integrate TACo into apps
    • Testnets
    • Mainnet Access
    • Mainnet Deployment
  • Ecosystem Integrations
    • OrbisDB
    • Waku
    • Irys
    • ComposeDB
    • Turbo
  • Encrypt & Decrypt API
  • Authentication
    • Condition Context
  • Access Control
    • TimeCondition
    • RpcCondition
    • ContractCondition
      • Use custom contract calls
      • Implement access revocation via smart contract
    • CompoundCondition
    • WIP / Feature Requests
      • SequentialCondition
      • IfThenElseCondition
      • JSON Endpoint Conditions
        • JsonApiCondition
        • JsonRpcCondition
      • JWT Conditions
      • OAuth
      • Any (Major) EVM Chain Condition Support
  • Fees & Allowlists
    • Mainnet Fees
    • Encryptor Allowlist
  • Trust Assumptions
    • Mainnet Trust Disclosure (Provider Answers)
    • Mainnet Trust Model Foundation
    • Trust levers & parameter packages
  • Architecture
    • Porter
    • Contract Addresses
  • Extensions
  • API References
  • Threshold Community
  • NODE OPERATOR
    • Duties, Compensation & Penalties
    • Minimum System Requirements
    • Stake Authorization
    • Run a TACo Node with Docker
    • TACo Node Management
    • TACo Node Recovery
    • Run a Porter Instance
Powered by GitBook
On this page
  • Security Considerations
  • Run via Docker
  1. NODE OPERATOR

Run a Porter Instance

PreviousTACo Node Recovery

Last updated 20 days ago

Managing a Porter instance on mainnet is more involved than operating a mainnet node, requiring solid server administration skills. This includes understanding how to provision and secure servers, applying security best practices, and maintaining consistent system performance. Key competencies like network configuration, SSL/TLS encryption, and CORS, are also essential to ensure the secure and efficient operation of your Porter instance.

By default, Porter runs over HTTP. However, Porter instances must be secured with a valid HTTPS certificate in order to be compatible with network applications. A Porter instance running without SSL/TLS is not only insecure but also browser-based apps and websites will be unable to connect.

To secure your Docker-run Porter instance with HTTPS, use a reverse proxy like or for SSL processing, and potentially for automated SSL certificate issuance and renewal. Additionally, consider using cloud-based services like AWS/Digital Ocean load balancers or Cloudflare for SSL termination and enhanced security.

Security Considerations

  • HTTPS: To run the Porter service over HTTPS, it will require a TLS key and a TLS certificate.

  • CORS: Allowed origins for

  • Authentication: Optional usage restriction (non-public instance) via authentication protocols, e.g. basic authentication, etc. if desired

Run via Docker

  1. Get the latest porter image

    $ docker pull nucypher/porter:latest

  2. Run Porter HTTP Service on port 80

    $ docker run -d \
--name porter \
-v ~/.local/share/nucypher/:/root/.local/share/nucypher:rw \
-p 80:9155 \
--restart=unless-stopped \
nucypher/porter:latest \
nucypher-porter run \
--eth-endpoint https://<ETH ENDPOINT URI> \
--polygon-endpoint https://<POLYGON ENDPOINT URI> \
--domain <TACO DOMAIN>

    The command above is for illustrative purposes and can be modified as necessary.

  3. Porter will be available on default port 80 (HTTP)

  4. View Porter logs

    $ docker logs -f porter

  5. Stop Porter service

    $ docker stop porter

View the for more information.

Nginx
Apache
Let's Encrypt
Cross-Origin Resource Sharing (CORS)
Porter Github repos