Installing the Haveno Daemon with Docker Securely

For those seeking a secure, private, and decentralized peer-to-peer trading platform, Haveno offers a robust solution. By running the Haveno Daemon within a Dockerized environment, you can leverage privacy tools like Tor and advanced traffic management with Envoy. This guide will walk you through deploying Haveno Daemon in a Linux environment, ensuring privacy and seamless traffic flow, without overwhelming you with raw specifications.

Why Use Haveno Daemon with Tor and Envoy?

Haveno is a decentralized exchange that focuses on privacy and anonymity by connecting users through the Monero blockchain. When integrating Tor, we take this privacy to the next level by routing all network traffic through the anonymous Tor network. Envoy, on the other hand, adds a layer of flexibility in managing how traffic is processed, especially when handling both gRPC and HTTP requests. Together, they make your trading experience not only decentralized but also securely shielded from prying eyes.

Key Components of the Setup

Before diving into deployment, let’s break down the components that will form the backbone of our setup:

1. Haveno Daemon

The core of this setup, Haveno Daemon, connects to the Monero network to facilitate decentralized trades. It interacts with seed nodes to discover the network and uses key environment variables to control its operation, such as memory limits, network name, and API security. The service exposes port 3201 for API interactions, and by default, connects to the Monero blockchain via a specified node.

2. Tor

Tor is the linchpin for securing network traffic. All communications through the Haveno Daemon are routed via the Tor network, ensuring anonymity. You can further configure Tor through its torrc file if needed, but its primary role here is to anonymize traffic without manual intervention.

3. Envoy

Envoy handles the proxying of both gRPC and HTTP requests, making it ideal for managing the varied traffic that interacts with Haveno Daemon. By using Envoy, you can route traffic efficiently while transforming gRPC requests into HTTP when necessary, simplifying connections from external apps.

4. dnsmasq

This service ensures efficient DNS resolution within the Docker network, routing .onion addresses via Tor and standard DNS queries through a public resolver like Cloudflare.

5. Watchtower

Watchtower makes life easier by keeping your Docker containers updated. It automatically checks for updates to services and pulls in new versions, ensuring your stack is always running the latest features.

Setting Up the Docker Environment

Let’s get into the details of setting this up on a Linux server.

Step 1: Writing the Docker Compose File

Docker Compose simplifies multi-container Docker applications by letting you define all services in one file. Below is the configuration you’ll need for this setup:

version: '3'
services:
  haveno-daemon:
    image: haveno-daemon:latest
    build: .
    volumes:
      - ./haveno-daemon/user:/app/user/
      - ./haveno-daemon/data:/app/data/
    ports:
      - "3201:3201"
    environment:
      TOR_CONTROL_HOST: 172.23.0.3
      TOR_CONTROL_PORT: 9051
      TOR_CONTROL_PASSWORD: "yourTorPassword"
      NETWORK_NAME: HavenoNetwork
      NODE_PORT: 9999
      API_PASSWORD: "secureAPIPassword"
      MAX_MEMORY: 2400
      SEED_NODES: "onion1:2002,onion2:3003"
      XMR_NODE: http://your.monero.node:18081
    networks:
      lockdown_net:
        ipv4_address: 172.23.0.4
    depends_on:
      tor:
        condition: service_healthy
      dnsmasq:
        condition: service_healthy
    dns:
      - 172.23.0.2

  tor:
    image: dperson/torproxy
    environment:
      - TZ=UTC
      - SERVICE=80;172.23.0.4:3201,80:172.23.0.5:2222
      - EXITNODE=0
    volumes:
      - ./torrc:/etc/tor/torrc:ro
      - ./tordata:/tor/data
    restart: unless-stopped
    networks:
      lockdown_net:
        ipv4_address: 172.23.0.3
    cap_add:
      - NET_ADMIN
      - NET_RAW

  dnsmasq:
    image: havenodex/dnsmasq:latest
    networks:
      lockdown_net:
        ipv4_address: 172.23.0.2
    cap_add:
      - NET_ADMIN
      - NET_RAW
    ports:
      - "53/tcp"
      - "53/udp"
    restart: unless-stopped

  envoy:
    image: envoyproxy/envoy:v1.24.0
    volumes:
      - ./transformer-envoy.yaml:/etc/envoy/envoy.yaml
    depends_on:
      - tor
    networks:
      lockdown_net:
        ipv4_address: 172.23.0.5
    ports:
      - "2222:2222"

  watchtower:
    image: containrrr/watchtower
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      WATCHTOWER_CLEANUP: "true"
      WATCHTOWER_POLL_INTERVAL: 300
    networks:
      lockdown_net:
        ipv4_address: 172.23.0.6

networks:
  lockdown_net:
    driver: bridge
    ipam:
      config:
        - subnet: 172.23.0.0/16

Step 2: Adjust Environment Variables

As seen above, the Haveno Daemon service is highly configurable via environment variables. You’ll need to set the Monero node (XMR_NODE), API password (API_PASSWORD), and Tor control options (TOR_CONTROL_HOST, TOR_CONTROL_PORT, TOR_CONTROL_PASSWORD) to your desired values.

Step 3: Running the Setup

Once your docker-compose.yml file is ready, bring up the entire stack with the following command:

docker-compose up -d

This starts all services in detached mode, allowing you to run them in the background. To check that everything is running smoothly, use:

docker-compose ps

This will list the status of all services in the stack.

Step 4: Accessing Logs

To monitor any issues or view activity, you can check the logs for each service. For example, to view logs for the Haveno Daemon, use:

docker-compose logs haveno-daemon

Logs are also available for services like tor, envoy, and dnsmasq by substituting their names in the command above.

Fine-Tuning: Customizing the Setup

You may need to make adjustments depending on your specific needs. Here are a few common tweaks:

  • Custom torrc Configuration: If you need to further customize Tor’s behavior, you can mount a custom torrc configuration file to the tor service.
  • Envoy Proxy Rules: Modify the transformer-envoy.yaml file to adjust how traffic is managed between Haveno and external applications. This is especially useful if you're working with both gRPC and HTTP clients.

Conclusion

By using Docker to containerize the Haveno Daemon along with Tor, dnsmasq, Envoy, and Watchtower, you’re setting up a secure and private environment for decentralized exchanges. This setup ensures that your traffic remains anonymous while providing flexible traffic management and automated updates.

As with any new setup, it’s advisable to thoroughly test everything in a non-production environment before moving it into your live system. Once configured, this stack will require minimal maintenance and provide maximum privacy for your operations.

For any specific questions, feel free to reach out via the Kewbit email.


This article has walked you through a complete deployment of Haveno Daemon with supporting services. For further reading, check out my article on dnsmasq vs DNSCrypt, which could provide additional insights into securing DNS queries.