メインコンテンツまでスキップ

「dig-node」タグのついた10記事

全てのタグを見る

Configure dig-node

Configure a dig-node: listen ports and listeners, the cache cap, and the upstream the node blind-fetches from — via config and DIGNODE_* environment variables.

DIGノードを運用する

dig-nodeとは何か、なぜそれを運用するのか、そしてその方法 — Ubuntu/Debian向けのaptリポジトリか、クロスプラットフォームの汎用インストーラーで。

Install anywhere — the universal installer

The cross-platform dig-node installer for Windows, macOS, and any Linux: one curl | sh (or a direct download), installs the service and the digstore CLI, and registers dig.local.

Install on Ubuntu/Debian (apt)

Install dig-node and the digstore CLI on Ubuntu/Debian from the apt.dig.net repository, and run dig-node as a managed systemd service.

L7 · DIG Node peer network

The normative node↔node protocol: mTLS peer identity (peer_id = SHA-256(TLS SPKI DER)), the two RPC tiers (mTLS-authenticated PEER/CONTROL vs anonymous PUBLIC-READ so browsers can retrieve content), the ordered NAT-traversal ladder (direct → UPnP → NAT-PMP → PCP → relay-coordinated hole-punch (signalling only) → relayed/TURN transport), the relay's four roles (STUN, introducer, hole-punch signalling, relayed transport), STUN reflexive-address discovery, introducer + gossip peer discovery, PEX peer-exchange (node↔node stream + the RLY-008 relay introducer binding), the Kademlia DHT with provider records that locate which peers hold content (find_node/find_providers/add_provider/ping over a framed dig-nat mTLS stream; content-key = SHA-256(domain-tag ‖ store_id[‖root[‖retrieval_key]])), the relay RelayMessage wire (RLY-001..RLY-008), the peer RPC methods (dig.getPeers/dig.announce/dig.getNetworkInfo/dig.getAvailability/dig.listInventory/dig.fetchRange), and the relay-last-fallback invariant (prefer hole-punch signalling over full relaying).

L7 · Private retrieval (onion routing)

The normative privacy-mode content-retrieval protocol: the per-request speed-vs-privacy toggle on the dig RPC surface, how a private read is onion-routed end-to-end (requester → guard/entry → middle → exit → providers → back) with a who-knows-what table, telescoping circuit construction over dig-nat mTLS (ntor X25519 + HKDF-SHA256 handshake, fixed-size 512-byte ChaCha20-Poly1305 layered cells, the RELAY command set), the onion-relay directory (dig-dht tag 0x04) and relay advertisement, guard nodes, the exit reusing the ordinary merkle-verified content read, and the honest threat model (partial-adversary unlinkability, stronger than Tor on exit integrity, weaker on anonymity-set size and Sybil cost).

Manage your node

Operate a running dig-node: the control.* admin RPCs (status, cache, peers) and the DIG Browser's My Node UI that drives them.

Point a consumer at your node

Make the DIG Browser or extension read from your local dig-node first (dig.local → localhost), falling back to rpc.dig.net — local-first reads that share one .dig cache.

Run a relay

How a DIG node stays reachable behind NAT through a relay, the relay.dig.net default, and how to run your own relay.

コンテンツ消費者向け

自分のブラウザがブロックチェーンに照らして検証するchia://コンテンツを開く — どのホストもそれを改ざんしたり偽造したりできず、非公開のコンテンツはホストからも非公開のままで、永続的かつどこにでも再ホスト可能なので、誰もそれを停止させたり閉じ込めたりできません。