Hosting a Gateway


npm run build


The server needs the following environment variables.

variable example Default comments (see also below)
M_LD_GATEWAY_GATEWAY ≪required≫ External hostname or origin
M_LD_GATEWAY_AUTH__KEY rootacc.keyid:0gcsqgsib3dqebaquaa4gna ≪required≫ Root API access key
M_LD_GATEWAY_KEY__PRIVATE MIIC3TBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG... ≪required≫ Root private key
M_LD_GATEWAY_KEY__TYPE rsa rsa Root key type
M_LD_GATEWAY_DATA_PATH ./local/edge/gw/data OS-specific path Directory path for data
M_LD_GATEWAY_ADDRESS__HOST localhost or :: Local listen host
M_LD_GATEWAY_ADDRESS__PORT 3000 3000 Local listen port
LOG_LEVEL DEBUG INFO Service stdout log level

We provide a utility script for generating these environment variables:

node ext/genenv.js

(For convenience the variables can be specified in a .env file in the working directory. You can pipe the output of the script to the file like this: node ext/genenv.js | tee .env.)

When using the script, or if you want to generate the variables manually, the following paragraphs provide further details.

The external hostname or origin is used for HTTP and websocket connections to the Gateway from clients. If no protocol is included, it will be https. The hostname will also be used as the root name for m-ld domains.

(Note that the Gateway needs to know a host and port to bind to when it starts up. If these are not the same as the external origin – for example because the Gateway is running behind a proxy – you can also set the local listen hostname and port using M_LD_GATEWAY_ADDRESS__HOST and M_LD_GATEWAY_ADDRESS__PORT.)

The root API access key will be of the form rootacc.keyid:secret, where rootacc and keyid are at least 5 characters of lowercase text. The rootacc will be the root account name. The keyid and secret should be random UTF-8 text; the secret should be at least 22 characters.

(Note the components are never used separately; once created, you always use the whole key, e.g. for HTTP Basic Authorization.)

The root public key is an RSA public key of type SPKI and encoded with DER and base64 (note: not PEM). The corresponding root private key is of type PKCS8, encrypted with AES-256-CBC using the root API access key, and encoded with DER and base64. Note that rsa is the only supported root key type at present (and can be omitted).

The directory path for data should point to a volume with capacity for the all the data managed by the Gateway. It can be omitted, in which case an OS-specific data area on the local file system will be used.


npm run start -- --genesis true

The genesis flag indicates that this is the first gateway of a potential cluster, and must be included for the first startup.