All-in-one Docker image with IPFS node best practices

The custom domains is probably the least self-hosty, you’re right.

A user would have at least one domain and create Turning on subdomain support means that lots of sites could look like

I didn’t think the _DNSLink stuff was hard but I was also thinking that Cloudron (for example) has let’s encrypt cert generation and would be done outside this app.

I think host gets passed to Kubo and Kubo looks it up, and nginx doesn’t have to do anything?

@walkah can you describe how this works?

1 Like

I think’s pricing has changed since. Based on my experience, Kubo needed a minimum of 512MB of RAM So it was around $10/month.( Resource Pricing · Fly Docs)

1 Like

Have a look at this issue and feel free to share any thoughts:

When I compared some of these services a while back to host IPFS stuff, they didn’t support hosting UDP services which is needed for QUIC, WebTransport, and WebRTC.
This may have changed, but it’s worth considering depending on the use-case.

1 Like

This is a great question and a topic with a lot of nuance.
@tennox To keep this on topic, would you mind opening a new topic for this?


=> Moved to here


I set up a basic git repo (RFC). (if anyone wants write access, tell me :wink: )

Nginx caching

Set up a basic test on a branch, but it seems to me there are no performance gains (hurray, kubo gateway - you are as efficient as an nginx cache). Further testing / test cases could change that :face_with_monocle: (or I misconfigured something :thinking: )

1 Like

yeah, afaik there’s nothing required at the nginx/proxy layer - kubo itself will resolve DNSLinks (I always assumed based on Host: header but I guess I’ve never actually looked at that code).

1 Like

Yep, correct. Somehow I only thought about static hosting & nginx, and didn’t think of kubo :sweat_smile: Nevermind then :ok_hand:

Ucan Store Proxy

Started a PoC for a service that checks if a UCAN if it authorizes to store/pin, and forwards that request to the Kubo RPC API (and later maybe other pinning services :thinking:).

Does that sound like a decent strategy?


First PoC success :tada:

‘Happy path’ PoC-complete:

  1. Deployed to Akash (my cloud of choice for this test & costs 3$/month - let’s see :yum:), adding my note3 did in TRUSTED_DIDS env (which not checked yet)
  2. Created a UCAN & used this code in our browser app to PUT a CAR file via the proxy to the Kubo node
  3. retrieved it via the Kubo Gateway (demo link)

Open questions

I’ve added some feature ideas & questions to the repo - what I deem relevant to this thread:

  1. Is hosting a public gateway a good idea?
    • Can/will it be abused? (probably)
    • is it a problem? (e.g. fetching data and no GC - full disk, hosting, but also responsibility for content)
    • Option 1: Gateway only serves pinned/stored data (NoFetch)
    • Option 2: Use Gateway through ucan proxy (bit finnicky, but might make some use-cases possible)
    • Option 3: Disable Gateway, and fetch via own Kubo or public GW only… kinda defeats the purpose :sweat_smile:
  2. Implement pinning API on the proxy? (or even as an extra storage?)
    • Instead of “just” API for uploading (e.g. via CAR-file) - I thought we might as well add pinning possibility. (PoC already implemented) This allows to pin someone else’s data on “your” server.
    • but how much of the pinning API is relevant/useful

Would be happy about feedback :slight_smile:
(to the general strategy of this concept, but also specific parts)


Woo hoo!

Y’all should create a Project in the Wovin OpenCollective so we can support this.

And supporter votes on features should be taken into consideration :wink:




rather here? or on the issues in gitlab?

At your discretion :sweat_smile:
I guess for the general concept & topic here, and for specific features in the issues.
Also not sure if part of this discussion would better belong in a separate thread. :thinking: (anyone feeling spammed? :yum: )

New repos & Opencollective

Consolidated repos to new org:

And we have set up our opencollective sub-project
in case anyone want’s to help make it happen on a financial level :wink:

Regarding “Is hosting a public gateway a good idea?”

Option 2: Use gateway through ucan proxy (bit finnicky, but might make some use-cases possible)

I thought: as we probably need a reverse proxy for Letsencrypt SSL anyways - we could add a forward_auth middleware in front of kubo.

But I’m not sure how different self-hosting situations would look and if that would make sense… @boris any idea on that?

1 Like

I’d love to support this financially. There are a couple of different targets.

Maybe @danieln or someone else could take a look at getting this running on FlyIO and see what it needs — those systems typically run their own nginx networking layer and then reverse proxy to the app that’s running.

Cloudron is the platform is one of the self hosting platforms I’d love to see this running on. It’s got some specific requirements:


I just came across this guide: Enhancing IPFS Performance in Kubernetes Environments :: Terminal Thoughts which I thought might be relevant for this thread


Some containers for various ipfs peers can be found here - GitHub - boyroywax/ipfs-liftoff: Tools & Examples for IPFS, Libp2p, OrbitDB, Bacalhua, and more.

1 Like

Thanks for sharing! Had a quick look and these are mostly packaged as Docker Compose. Do you have any thoughts on other deployment config best practices?