Documentation

EN

Advanced

Self-hosting Keyoxide

Self-hosting is an important aspect to the Keyoxide project. Users need to trust the Keyoxide instance they're using to reliably verify identities. Making Keyoxide itself decentralized means no one needs to trust a central server. If a friend or family member is hosting a Keyoxide instance, it becomes much easier to trust the instance!

Hosting Keyoxide alone will result in some claim verifications failing as they cannot be performed in the browser, such as the DNS check. This is why you would perhaps want to host a doip-proxy instance as well. The instructions are below.

Using docker

Install docker and run:

docker run -d -p 3000:3000 keyoxide/keyoxide:latest

To run the doip-proxy, run:

docker run -d -p 3001:3000 keyoxide/doip-proxy:latest

Using docker-compose

keyoxide:
    image: keyoxide/keyoxide:latest
    restart: always
    ports:
        - 3000:3000
    environment:
        - DOMAIN=localhost:3000
        - PROXY_HOSTNAME=localhost:3001
        - KX_HIGHLIGHTS_1_NAME=Your name
        - KX_HIGHLIGHTS_1_DESCRIPTION=Admin of this instance
        - KX_HIGHLIGHTS_1_FINGERPRINT=123123
        - ONION_URL=
        - ACTIVITYPUB_PUBLIC_KEY=

doip_proxy:
    image: keyoxide/doip-proxy:latest
    restart: always
    ports:
        - 3001:3000
    environment:
        - ACTIVITYPUB_URL=
        - ACTIVITYPUB_PRIVATE_KEY=
        - IRC_NICK=
        - TELEGRAM_TOKEN=
        - TWITTER_BEARER_TOKEN=
        - MATRIX_ROOM_ID=
        - MATRIX_INSTANCE=
        - MATRIX_ACCESS_TOKEN=
        - XMPP_SERVICE=
        - XMPP_USERNAME=
        - XMPP_PASSWORD=

Using node

git clone https://codeberg.org/keyoxide/keyoxide-web
cd keyoxide-web
yarn # or npm install
yarn run start # or npm run start

Configuration

You can configure Keyoxide and the doip-proxy by adding environment variables.

Have a look at the template.env file for the different configuration settings.

keyoxide-web

Environment variableTypeRequiredDescription
DOMAINstringfalseThe domain on which the instance is hosted
ONION_URLstringfalseThe onion URL that points to the same instance
PORTintfalseThe port of the file server (default: 3000)
PROXY_HOSTNAMEstringfalseThe hostname of the doip-proxy instance to use
KX_HIGHLIGHTS_1_NAMEstringfalseThe name of the first profile to hightlight on the main page
KX_HIGHLIGHTS_1_DESCRIPTIONstringfalseThe subtitle of the first profile to hightlight on the main page
KX_HIGHLIGHTS_1_FINGERPRINTstringfalseThe fingerprint of the first profile to hightlight on the main page
KX_HIGHLIGHTS_2_NAMEstringfalseThe name of the second profile to hightlight on the main page
KX_HIGHLIGHTS_2_DESCRIPTIONstringfalseThe subtitle of the second profile to hightlight on the main page
KX_HIGHLIGHTS_2_FINGERPRINTstringfalseThe fingerprint of the second profile to hightlight on the main page
KX_HIGHLIGHTS_3_NAMEstringfalseThe name of the third profile to hightlight on the main page
KX_HIGHLIGHTS_3_DESCRIPTIONstringfalseThe subtitle of the third profile to hightlight on the main page
KX_HIGHLIGHTS_3_FINGERPRINTstringfalseThe fingerprint of the third profile to hightlight on the main page
ACTIVITYPUB_PUBLIC_KEYstringfalseThe public key used to simulate an ActivityPub account and sign HTTP requests

doip-proxy

Environment variableTypeRequiredDescription
ACTIVITYPUB_URLstringfalseThe URL of the simulated ActivityPub account (https://KX_DOMAIN/user/keyoxide)
ACTIVITYPUB_PRIVATE_KEYstringfalseThe private key used to simulate an ActivityPub account and sign HTTP requests
IRC_NICKstringfalseThe nick of your IRC verifier account
MATRIX_ACCESS_TOKENstringfalseThe access token of your Matrix verifier account
MATRIX_INSTANCEstringfalseThe instance of your Matrix verifier account
MATRIX_ROOM_IDstringfalseMust be !dBfQZxCoGVmSTujfiv:matrix.org
TWITTER_BEARER_TOKENstringfalseThe bearer token for the Twitter API
XMPP_SERVICEstringfalseThe hostname of your XMPP verifier account
XMPP_USERNAMEstringfalseThe username of your XMPP verifier account
XMPP_PASSWORDstringfalseThe password of your XMPP verifier account

All of these settings are optional but you will need to provide all the settings for each service (matrix, twitter, etc) for that verification to work.

For Matrix verification to work, your verifier account must be a member of the #doipver:matrix.org room.

Content licensed under CC BY-NC-SA 4.0.
Last updated: 2022-12-06 09:22 UTC