Configuration Guide
Comprehensive guide to configuring Bethrou for different use cases.
Configuration Overview
Bethrou has two components with different configuration approaches:
- Client: Configured via YAML file (
client.yaml) - Node: Configured via command-line flags
Network Key Setup
Generate and distribute the network key:
# Generate once
echo "/key/swarm/psk/1.0.0/" > network.key
echo "/base16/" >> network.key
openssl rand -hex 32 >> network.key
# Secure permissions
chmod 600 network.key
# Copy to all machines
scp network.key user@client-host:~/
scp network.key user@node-host:~/
Basic Configuration
Minimal Client
key: "network.key"
server:
listen: "127.0.0.1:1080"
auth: false
routing:
strategy: random
health: 30s
timeout: 10s
nodes:
- id: 12D3KooW...
addrs:
- /ip4/192.168.1.100/tcp/4000/p2p/12D3KooW...
discovery:
enabled: false
log:
level: info
format: text
Minimal Node
bethrou-node start --listen /ip4/0.0.0.0/tcp/4000
Common Scenarios
Single Exit Node
Use case: Simple setup with one trusted exit node.
Client configuration:
key: "network.key"
server:
listen: "127.0.0.1:1080"
auth: false
routing:
strategy: random
health: 30s
timeout: 10s
nodes:
- id: 12D3KooWExample...
addrs:
- /ip4/203.0.113.50/tcp/4000/p2p/12D3KooWExample...
discovery:
enabled: false
log:
level: info
format: text
Multiple Exit Nodes
Use case: Redundancy and load balancing.
Client configuration:
key: "network.key"
server:
listen: "127.0.0.1:1080"
auth: false
routing:
strategy: round-robin
health: 30s
timeout: 15s
nodes:
- id: 12D3KooWNode1...
addrs:
- /ip4/203.0.113.10/tcp/4000/p2p/12D3KooWNode1...
- id: 12D3KooWNode2...
addrs:
- /ip4/203.0.113.20/tcp/4000/p2p/12D3KooWNode2...
- id: 12D3KooWNode3...
addrs:
- /ip4/203.0.113.30/tcp/4000/p2p/12D3KooWNode3...
discovery:
enabled: false
log:
level: info
format: text
Dynamic Discovery
Use case: Automatically discover available exit nodes.
Node:
bethrou-node start \
--listen /ip4/0.0.0.0/tcp/4000 \
--discover \
--discover-address redis://redis.example.com:6379 \
--discover-topic bethrou-prod
Client:
key: "network.key"
server:
listen: "127.0.0.1:1080"
auth: false
routing:
strategy: fastest
health: 30s
timeout: 10s
nodes: []
discovery:
enabled: true
address: "redis://redis.example.com:6379"
topic: "bethrou-prod"
timeout: "10s"
log:
level: info
format: text
NAT Traversal
Use case: Clients or nodes behind NAT/firewall.
Public relay node:
bethrou-node start \
--listen /ip4/0.0.0.0/tcp/4000 \
--relay-mode \
Client behind NAT:
key: "network.key"
server:
listen: "127.0.0.1:1080"
auth: false
routing:
strategy: random
health: 30s
timeout: 10s
nodes:
- id: 12D3KooWNode...
relay: /ip4/203.0.113.100/tcp/4000/p2p/12D3KooWRelay...
discovery:
enabled: false
log:
level: info
format: text
Routing Strategies
Random
Best for: Load distribution
routing:
strategy: random
Round-Robin
Best for: Fair distribution
routing:
strategy: round-robin
Fastest
Best for: Performance
routing:
strategy: fastest
health: 30s # Check latency every 30s
Troubleshooting Configuration
Client can't connect to nodes
- Verify node is running
- Check peer ID matches
- Verify network.key is identical
- Test connectivity:
nc -zv node-ip 4000
Discovery not working
- Test Redis:
redis-cli -h redis-host ping - Check topic names match
- Verify authentication credentials
- Enable debug logging
Performance issues
- Use
fastestrouting strategy - Increase health check interval
- Add more exit nodes
- Check network latency
Best Practices
- Use HTTPS: Always use HTTPS for sensitive traffic
- Secure keys: Set
network.keypermissions to 600 - Monitor logs: Regularly review logs for issues
- Multiple nodes: Use at least 2-3 exit nodes for redundancy
- Remote DNS: Enable "Proxy DNS" in browser
- Regular rotation: Rotate network keys periodically