Installing the Haveno Daemon with Docker Securely
For those seeking a secure, private, and decentralized peer-to-peer trading platform, Haveno offers a robust solution. By running the Haveno Daemon within a Dockerized environment, you can leverage privacy tools like Tor and advanced traffic management with Envoy. This guide will walk you through deploying Haveno Daemon in a Linux environment, ensuring privacy and seamless traffic flow, without overwhelming you with raw specifications.
Why Use Haveno Daemon with Tor and Envoy?
Haveno is a decentralized exchange that focuses on privacy and anonymity by connecting users through the Monero blockchain. When integrating Tor, we take this privacy to the next level by routing all network traffic through the anonymous Tor network. Envoy, on the other hand, adds a layer of flexibility in managing how traffic is processed, especially when handling both gRPC and HTTP requests. Together, they make your trading experience not only decentralized but also securely shielded from prying eyes.
Key Components of the Setup
Before diving into deployment, let’s break down the components that will form the backbone of our setup:
1. Haveno Daemon
The core of this setup, Haveno Daemon, connects to the Monero network to facilitate decentralized trades. It interacts with seed nodes to discover the network and uses key environment variables to control its operation, such as memory limits, network name, and API security. The service exposes port 3201 for API interactions, and by default, connects to the Monero blockchain via a specified node.
2. Tor
Tor is the linchpin for securing network traffic. All communications through the Haveno Daemon are routed via the Tor network, ensuring anonymity. You can further configure Tor through its torrc
file if needed, but its primary role here is to anonymize traffic without manual intervention.
3. Envoy
Envoy handles the proxying of both gRPC and HTTP requests, making it ideal for managing the varied traffic that interacts with Haveno Daemon. By using Envoy, you can route traffic efficiently while transforming gRPC requests into HTTP when necessary, simplifying connections from external apps.
4. dnsmasq
This service ensures efficient DNS resolution within the Docker network, routing .onion
addresses via Tor and standard DNS queries through a public resolver like Cloudflare.
5. Watchtower
Watchtower makes life easier by keeping your Docker containers updated. It automatically checks for updates to services and pulls in new versions, ensuring your stack is always running the latest features.
Setting Up the Docker Environment
Let’s get into the details of setting this up on a Linux server.
Step 1: Writing the Docker Compose File
Docker Compose simplifies multi-container Docker applications by letting you define all services in one file. Below is the configuration you’ll need for this setup:
version: '3'
services:
haveno-daemon:
image: haveno-daemon:latest
build: .
volumes:
- ./haveno-daemon/user:/app/user/
- ./haveno-daemon/data:/app/data/
ports:
- "3201:3201"
environment:
TOR_CONTROL_HOST: 172.23.0.3
TOR_CONTROL_PORT: 9051
TOR_CONTROL_PASSWORD: "yourTorPassword"
NETWORK_NAME: HavenoNetwork
NODE_PORT: 9999
API_PASSWORD: "secureAPIPassword"
MAX_MEMORY: 2400
SEED_NODES: "onion1:2002,onion2:3003"
XMR_NODE: http://your.monero.node:18081
networks:
lockdown_net:
ipv4_address: 172.23.0.4
depends_on:
tor:
condition: service_healthy
dnsmasq:
condition: service_healthy
dns:
- 172.23.0.2
tor:
image: dperson/torproxy
environment:
- TZ=UTC
- SERVICE=80;172.23.0.4:3201,80:172.23.0.5:2222
- EXITNODE=0
volumes:
- ./torrc:/etc/tor/torrc:ro
- ./tordata:/tor/data
restart: unless-stopped
networks:
lockdown_net:
ipv4_address: 172.23.0.3
cap_add:
- NET_ADMIN
- NET_RAW
dnsmasq:
image: havenodex/dnsmasq:latest
networks:
lockdown_net:
ipv4_address: 172.23.0.2
cap_add:
- NET_ADMIN
- NET_RAW
ports:
- "53/tcp"
- "53/udp"
restart: unless-stopped
envoy:
image: envoyproxy/envoy:v1.24.0
volumes:
- ./transformer-envoy.yaml:/etc/envoy/envoy.yaml
depends_on:
- tor
networks:
lockdown_net:
ipv4_address: 172.23.0.5
ports:
- "2222:2222"
watchtower:
image: containrrr/watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
WATCHTOWER_CLEANUP: "true"
WATCHTOWER_POLL_INTERVAL: 300
networks:
lockdown_net:
ipv4_address: 172.23.0.6
networks:
lockdown_net:
driver: bridge
ipam:
config:
- subnet: 172.23.0.0/16
Step 2: Adjust Environment Variables
As seen above, the Haveno Daemon service is highly configurable via environment variables. You’ll need to set the Monero node (XMR_NODE
), API password (API_PASSWORD
), and Tor control options (TOR_CONTROL_HOST
, TOR_CONTROL_PORT
, TOR_CONTROL_PASSWORD
) to your desired values.
Step 3: Running the Setup
Once your docker-compose.yml
file is ready, bring up the entire stack with the following command:
docker-compose up -d
This starts all services in detached mode, allowing you to run them in the background. To check that everything is running smoothly, use:
docker-compose ps
This will list the status of all services in the stack.
Step 4: Accessing Logs
To monitor any issues or view activity, you can check the logs for each service. For example, to view logs for the Haveno Daemon, use:
docker-compose logs haveno-daemon
Logs are also available for services like tor
, envoy
, and dnsmasq
by substituting their names in the command above.
Fine-Tuning: Customizing the Setup
You may need to make adjustments depending on your specific needs. Here are a few common tweaks:
- Custom
torrc
Configuration: If you need to further customize Tor’s behavior, you can mount a customtorrc
configuration file to thetor
service. - Envoy Proxy Rules: Modify the
transformer-envoy.yaml
file to adjust how traffic is managed between Haveno and external applications. This is especially useful if you're working with both gRPC and HTTP clients.
Conclusion
By using Docker to containerize the Haveno Daemon along with Tor, dnsmasq, Envoy, and Watchtower, you’re setting up a secure and private environment for decentralized exchanges. This setup ensures that your traffic remains anonymous while providing flexible traffic management and automated updates.
As with any new setup, it’s advisable to thoroughly test everything in a non-production environment before moving it into your live system. Once configured, this stack will require minimal maintenance and provide maximum privacy for your operations.
For any specific questions, feel free to reach out via the Kewbit email.
This article has walked you through a complete deployment of Haveno Daemon with supporting services. For further reading, check out my article on dnsmasq vs DNSCrypt, which could provide additional insights into securing DNS queries.