reinstate #1

README.md

@@ -1,42 +1,81 @@
 # Relayer for Tornado Cash [![Build Status](https://github.com/tornadocash/relayer/workflows/build/badge.svg)](https://github.com/tornadocash/relayer/actions) [![Docker Image Version (latest semver)](https://img.shields.io/docker/v/tornadocash/relayer?logo=docker&logoColor=%23FFFFFF&sort=semver)](https://hub.docker.com/repository/docker/tornadocash/relayer)
 
-## Deploy with docker-compose
+__*Tornado.cash was sanctioned by the US Treasury on 08/08/2022, this makes it illegal for US citizens to interact with Tornado.cash and all of it's mainnet contracts. Please understand the laws where you live and take all necessary steps to protect and anonomize yourself.__
 
-docker-compose.yml contains a stack that will automatically provision SSL certificates for your domain name and will add a https redirect to port 80.
+__*It is recommended to run your Relayer on a VPS ([Virtual Private Server](https://njal.la/)). It is also possible to run it locally with a capable computer running linux.__
 
-1. Download [docker-compose.yml](/docker-compose.yml) and [.env.example](/.env.example)
+__*When connecting to a server you will need to use ssh. You can find information about ssh keygen and management [here](https://www.ssh.com/academy/ssh/keygen).__
 
-```
-wget https://raw.githubusercontent.com/tornadocash/tornado-relayer/master/docker-compose.yml
-wget https://raw.githubusercontent.com/tornadocash/tornado-relayer/master/.env.example -O .env
-```
+## Deploy with docker-compose (recommended)
 
-2. Setup environment variables
+*Ubuntu 22.10 was used in this seutp.*
 
-   - set `NET_ID` (1 for mainnet, 5 for Goerli)
-   - set `HTTP_RPC_URL` rpc url for your ethereum node
-   - set `WS_RPC_URL` websocket url
-   - set `ORACLE_RPC_URL` - rpc url for mainnet node for fetching prices(always have to be on mainnet)
-   - set `PRIVATE_KEY` for your relayer address (without 0x prefix)
-   - set `VIRTUAL_HOST` and `LETSENCRYPT_HOST` to your domain and add DNS record pointing to your relayer ip address
-   - set `REGULAR_TORNADO_WITHDRAW_FEE` - fee in % that is used for tornado pool withdrawals
-   - set `MINING_SERVICE_FEE` - fee in % that is used for mining AP withdrawals
-   - set `REWARD_ACCOUNT` - eth address that is used to collect fees
-   - update `AGGREGATOR` if needed - Contract address of aggregator instance.
-   - update `CONFIRMATIONS` if needed - how many block confirmations to wait before processing an event. Not recommended to set less than 3
-   - update `MAX_GAS_PRICE` if needed - maximum value of gwei value for relayer's transaction
-   - update `BASE_FEE_RESERVE_PERCENTAGE` if needed - how much in % will the network baseFee increase
+*docker-compose.yml contains a stack that will automatically provision SSL certificates for your domain.*
 
-     If you want to use more than 1 eth address for relaying transactions, please add as many `workers` as you want. For example, you can comment out `worker2` in docker-compose.yml file, but please use a different `PRIVATE_KEY` for each worker.
+__PREREQUISITES__
+1. Install docker-compose
+  - Run `sudo curl -L https://github.com/docker/compose/releases/download/2.15.1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose` with the correct [current](https://github.com/docker/compose/releases) version number after `download/`.
+  - Run `sudo chmod +x /usr/local/bin/docker-compose` to set your permissions.
+2. Install Docker
+  - Run `curl -fsSL https://get.docker.com -o get-docker.sh` to download Docker.
+  - Run `sh get-docker.sh` to install Docker.
+3. Install Git
+  - Fist run `sudo apt-get update` to make sure everything is up to date.
+  - Now run `sudo apt-get install git-all` to install Git.
+4. Install Nginx
+  - Run `sudo apt update` to make sure everything is up to date.
+  - Now run `sudo apt install nginx` to install nginx
+
+__SETUP RELAYER__
+1. Download `docker-compose.yml`, `tornado.conf`, `.env.example`, and `tornado-stream.conf`
+2. Change environment variables for `mainnet` containers in `docker-compose.yml` as needed.
+  - Add `PRIVATE_KEY` for your relayer address (remove the 0x from your private key)
+  - Set `VIRTUAL_HOST` and `LETSENCRYPT_HOST` to your domain name and add a DNS record pointing to your relayer ip address
+  - Set `RELAYER_FEE` to what you would like to charge as your fee (remember .3% is paid to the DAO)
+  - Set `RPC_URL` and `ORACLE_RPC_URL` to a non-censoring RPC (You can [run your own](https://github.com/feshchenkod/rpc-nodes), or use a [free option](https://chainnodes.org/))
+  - update `REDIS_URL` if needed
+
+__SETUP NGINX REVERSE PROXY__
+1. Open your terminal, navigate to the directory containing `docker-compose.yml` and run `docker-compose up -d`
+2. Let `docker-compose up -d` run and and wait for the certbot certificates for your domain (this should take 1-2 minutes)
+3. Make sure UFW is installed by running `apt update` and `apt install ufw` 
+4. Allow SSH in the first position in UFW by running `ufw insert 1 allow ssh`
+5. Allow HTTP, and HTTPS by running `ufw allow https/tcp/http`
+6. Create the file `/etc/nginx/conf.d/tornado.conf` with the `tornado.conf` file as the contents
+7. Edit your `/etc/ngninx/nginx.conf` and append the file with the following:
+  - ` stream {  map_hash_bucket_size 128;  map_hash_max_size 128;  include /etc/nginx/conf.d/streams/*.conf;  }`
+  - Some of the contents of stream might already be there. The most important part is `include /etc/nginx/conf.d/streams/*.conf;`
+8. Create `/etc/nginx/conf.d/streams/tornado-stream.conf`with the `tornado-stream.conf` file as the contents
+9. Run `sudo service nginx restart`
+
+__Deploy on side chains__
+1. Download `docker-compose.yml`,  `.env.example` Edit the names of these files as needed.
+2. Change environment variables for containers in `docker-compose.yml` as needed.
+- Change `mainnet` to match the name of the chain you are deploying on.
+- Set the `NET_ID` to the chain ID of the chain you are deploying to. (e.g. goerli = 5)
+- Add `PRIVATE_KEY` for your relayer address (remove the 0x from your private key)
+- Set `VIRTUAL_HOST` and `LETSENCRYPT_HOST` to your domain name and add a DNS record pointing to your relayer ip address
+- Set `RELAYER_FEE` to what you would like to charge as your fee (remember .3% is paid to the DAO)
+- Set `RPC_URL` to a non-censoring RPC (You can [run your own](https://github.com/feshchenkod/rpc-nodes), or use a [free option](https://chainnodes.org/))
+- You will need to set the `ORACLE_RPC_URL` to a mainnet RPC.
+- update `REDIS_URL` if needed
+
+## Run as a Docker container
+
+1. `cp .env.example .env`
+2. Modify `.env` as needed
+3. `docker run -d --env-file .env -p 80:8000 tornadocash/relayer`
+
+In that case you will need to add https termination yourself because browsers with default settings will prevent https
+tornado.cash UI from submitting your request over http connection
 
-3. Run `docker-compose up -d`
 
 ## Run locally
 
-1. `yarn`
+1. `npm i`
 2. `cp .env.example .env`
 3. Modify `.env` as needed
-4. `yarn start`
+4. `npm run start`
 5. Go to `http://127.0.0.1:8000`
 6. In order to execute withdraw request, you can run following command
 
@@ -44,28 +83,26 @@ wget https://raw.githubusercontent.com/tornadocash/tornado-relayer/master/.env.e
 curl -X POST -H 'content-type:application/json' --data '<input data>' http://127.0.0.1:8000/relay
 ```
 
-Relayer should return a transaction hash
+Relayer should return a transaction hash.
 
-In that case you will need to add https termination yourself because browsers with default settings will prevent https
-tornado.cash UI from submitting your request over http connection
+_Note._ If you want to change contracts' addresses go to [config.js](./config.js) file.
 
-## Run geth node
+## Input data example
 
-It is strongly recommended that you use your own RPC node. Instruction on how to run full node with `geth` can be found [here](https://github.com/feshchenkod/rpc-nodes).
-
-## Monitoring
-
-You can find the guide on how to install the Zabbix server in the [/monitoring/README.md](/monitoring/README.md).
-
-## Architecture
-
-1. TreeWatcher module keeps track of Account Tree changes and automatically caches the actual state in Redis and emits `treeUpdate` event to redis pub/sub channel
-2. Server module is Express.js instance that accepts http requests
-3. Controller contains handlers for the Server endpoints. It validates input data and adds a Job to Queue.
-4. Queue module is used by Controller to put and get Job from queue (bull wrapper)
-5. Status module contains handler to get a Job status. It's used by UI for pull updates
-6. Validate contains validation logic for all endpoints
-7. Worker is the main module that gets a Job from queue and processes it
+```json
+{
+  "proof": "0x0f8cb4c2ca9cbb23a5f21475773e19e39d3470436d7296f25c8730d19d88fcef2986ec694ad094f4c5fff79a4e5043bd553df20b23108bc023ec3670718143c20cc49c6d9798e1ae831fd32a878b96ff8897728f9b7963f0d5a4b5574426ac6203b2456d360b8e825d8f5731970bf1fc1b95b9713e3b24203667ecdd5939c2e40dec48f9e51d9cc8dc2f7f3916f0e9e31519c7df2bea8c51a195eb0f57beea4924cb846deaa78cdcbe361a6c310638af6f6157317bc27d74746bfaa2e1f8d2e9088fd10fa62100740874cdffdd6feb15c95c5a303f6bc226d5e51619c5b825471a17ddfeb05b250c0802261f7d05cf29a39a72c13e200e5bc721b0e4c50d55e6",
+  "args": [
+    "0x1579d41e5290ab5bcec9a7df16705e49b5c0b869095299196c19c5e14462c9e3",
+    "0x0cf7f49c5b35c48b9e1d43713e0b46a75977e3d10521e9ac1e4c3cd5e3da1c5d",
+    "0x03ebd0748aa4d1457cf479cce56309641e0a98f5",
+    "0xbd4369dc854c5d5b79fe25492e3a3cfcb5d02da5",
+    "0x000000000000000000000000000000000000000000000000058d15e176280000",
+    "0x0000000000000000000000000000000000000000000000000000000000000000"
+  ],
+  "contract": "0xA27E34Ad97F171846bAf21399c370c9CE6129e0D"
+}
+```
 
 Disclaimer:
 

tornado-stream.conf

@@ -0,0 +1,17 @@
+map $ssl_preread_server_name $name {
+    yourserver.com tornado_mainnet;
+
+    # default
+
+    default tornado_mainnet;
+}
+
+upstream tornado_mainnet {
+    server 127.0.0.1:4380;
+}
+
+server {
+    listen 0.0.0.0:443;
+    proxy_pass $name;
+    ssl_preread on;
+}

tornado.conf

@@ -0,0 +1,70 @@
+# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
+# scheme used to connect to this server
+map $http_x_forwarded_proto $proxy_x_forwarded_proto {
+  default $http_x_forwarded_proto;
+  ''      $scheme;
+}
+# If we receive X-Forwarded-Port, pass it through; otherwise, pass along the
+# server port the client connected to
+map $http_x_forwarded_port $proxy_x_forwarded_port {
+  default $http_x_forwarded_port;
+  ''      $server_port;
+}
+# If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any
+# Connection header that may have been passed to this server
+map $http_upgrade $proxy_connection {
+  default upgrade;
+  '' close;
+}
+# Apply fix for very long server names
+server_names_hash_bucket_size 128;
+# Default dhparam
+# Set appropriate X-Forwarded-Ssl header based on $proxy_x_forwarded_proto
+map $proxy_x_forwarded_proto $proxy_x_forwarded_ssl {
+  default off;
+  https on;
+}
+gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+log_format vhost '$host $remote_addr - $remote_user [$time_local] '
+                 '"$request" $status $body_bytes_sent '
+                 '"$http_referer" "$http_user_agent" '
+                 '"$upstream_addr"';
+# HTTP 1.1 support
+proxy_http_version 1.1;
+proxy_buffering off;
+proxy_set_header Host $http_host;
+proxy_set_header Upgrade $http_upgrade;
+proxy_set_header Connection $proxy_connection;
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
+proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
+proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
+proxy_set_header X-Original-URI $request_uri;
+# Mitigate httpoxy attack (see README for details)
+proxy_set_header Proxy "";
+
+server {
+	server_name _; # This is just an invalid value which will never trigger on a real hostname.
+	server_tokens off;
+	listen 80;
+	access_log /var/log/nginx/access.log vhost;
+	return 503;
+}
+
+server {
+	server_name yourdomain.com;
+
+	listen 80 ;
+	access_log /var/log/nginx/access.log vhost;
+
+	# Do not HTTPS redirect Let'sEncrypt ACME challenge
+	location ^~ /.well-known/acme-challenge/ {
+        proxy_pass  http://127.0.0.1:8080;
+		break;
+	}
+
+	location / {
+		return 301 https://$host$request_uri;
+	}
+}