The go-ipfs config file is a JSON document located at $IPFS_PATH/config. It
is read once at node instantiation, either for an offline command, or when
starting the daemon. Commands that execute on a running daemon do not read the
config file at runtime.
Configuration profiles allow to tweak configuration quickly. Profiles can be
applied with --profile flag to ipfs init or with the ipfs config profile
apply command. When a profile is applied a backup of the configuration file
will be created in $IPFS_PATH.
The available configuration profiles are listed below. You can also find them
documented in ipfs config profile --help.
server
Disables local host discovery, recommended when running IPFS on machines with public IPv4 addresses.
randomports
Use a random port number for swarm.
default-datastore
Configures the node to use the default datastore (flatfs).
Read the “flatfs” profile description for more information on this datastore.
This profile may only be applied when first initializing the node.
local-discovery
Sets default values to fields affected by the server profile, enables discovery in local networks.
test
Reduces external interference of IPFS daemon, this is useful when using the daemon in test environments.
default-networking
Restores default network settings. Inverse profile of the test profile.
flatfs
Configures the node to use the flatfs datastore.
This is the most battle-tested and reliable datastore, but it’s significantly slower than the badger datastore. You should use this datastore if:
This profile may only be applied when first initializing the node.
badgerds
Configures the node to use the badger datastore.
This is the fastest datastore. Use this datastore if performance, especially when adding many gigabytes of files, is critical. However:
This profile may only be applied when first initializing the node.
lowpower
Reduces daemon overhead on the system. May affect node functionality - performance of content discovery and data fetching may be degraded.
This document refers to the standard JSON types (e.g., null, string,
number, etc.), as well as a few custom types, described below.
flagFlags allow enabling and disabling features. However, unlike simple booleans,
they can also be null (or omitted) to indicate that the default value should
be chosen. This makes it easier for go-ipfs to change the defaults in the
future unless the user explicitly sets the flag to either true (enabled) or
false (disabled). Flags have three possible states:
null or missing (apply the default value).true (enabled)false (disabled)priorityPriorities allow specifying the priority of a feature/protocol and disabling the feature/protocol. Priorities can take one of the following values:
null/missing (apply the default priority, same as with flags)false (disabled)1 - 2^63 (priority, lower is preferred)stringsStrings is a special type for conveniently specifying a single string, an array of strings, or null:
null"a single string"["an", "array", "of", "strings"]durationDuration is a type for describing lengths of time, using the same format go
does (e.g, "1d2h4m40.01s").
Addresses
API
AutoNAT
BootstrapDatastore
Discovery
Gateway
Identity
Ipns
Mounts
Pinning
Pubsub
Peering
Reprovider
Routing
Swarm
AddressesContains information about various listener addresses to be used by this node.
Addresses.APIMultiaddr or array of multiaddrs describing the address to serve the local HTTP API on.
Supported Transports:
/ipN/.../tcp/.../unix/path/to/socketDefault: /ip4/127.0.0.1/tcp/5001
Type: strings (multiaddrs)
Addresses.GatewayMultiaddr or array of multiaddrs describing the address to serve the local gateway on.
Supported Transports:
/ipN/.../tcp/.../unix/path/to/socketDefault: /ip4/127.0.0.1/tcp/8080
Type: strings (multiaddrs)
Addresses.SwarmArray of multiaddrs describing which addresses to listen on for p2p swarm connections.
Supported Transports:
/ipN/.../tcp/.../ipN/.../tcp/.../ws/ipN/.../udp/.../quicDefault:
[
"/ip4/0.0.0.0/tcp/4001",
"/ip6/::/tcp/4001",
"/ip4/0.0.0.0/udp/4001/quic",
"/ip6/::/udp/4001/quic"
]
Type: array[string] (multiaddrs)
Addresses.AnnounceIf non-empty, this array specifies the swarm addresses to announce to the network. If empty, the daemon will announce inferred swarm addresses.
Default: []
Type: array[string] (multiaddrs)
Addresses.NoAnnounceArray of swarm addresses not to announce to the network.
Default: []
Type: array[string] (multiaddrs)
APIContains information used by the API gateway.
API.HTTPHeadersMap of HTTP headers to set on responses from the API HTTP server.
Example:
{
"Foo": ["bar"]
}
Default: null
Type: object[string -> array[string]] (header names -> array of header values)
AutoNATContains the configuration options for the AutoNAT service. The AutoNAT service helps other nodes on the network determine if they’re publicly reachable from the rest of the internet.
AutoNAT.ServiceModeWhen unset (default), the AutoNAT service defaults to enabled. Otherwise, this field can take one of two values:
Additional modes may be added in the future.
Type: string (one of "enabled" or "disabled")
AutoNAT.ThrottleWhen set, this option configure’s the AutoNAT services throttling behavior. By default, go-ipfs will rate-limit the number of NAT checks performed for other nodes to 30 per minute, and 3 per peer.
AutoNAT.Throttle.GlobalLimitConfigures how many AutoNAT requests to service per AutoNAT.Throttle.Interval.
Default: 30
Type: integer (non-negative, 0 means unlimited)
AutoNAT.Throttle.PeerLimitConfigures how many AutoNAT requests per-peer to service per AutoNAT.Throttle.Interval.
Default: 3
Type: integer (non-negative, 0 means unlimited)
AutoNAT.Throttle.IntervalConfigures the interval for the above limits.
Default: 1 Minute
Type: duration (when 0/unset, the default value is used)
BootstrapBootstrap is an array of multiaddrs of trusted nodes to connect to in order to initiate a connection to the network.
Default: The ipfs.io bootstrap nodes
Type: array[string] (multiaddrs)
DatastoreContains information related to the construction and operation of the on-disk storage system.
Datastore.StorageMaxA soft upper limit for the size of the ipfs repository’s datastore. With StorageGCWatermark,
is used to calculate whether to trigger a gc run (only if --enable-gc flag is set).
Default: "10GB"
Type: string (size)
Datastore.StorageGCWatermarkThe percentage of the StorageMax value at which a garbage collection will be
triggered automatically if the daemon was run with automatic gc enabled (that
option defaults to false currently).
Default: 90
Type: integer (0-100%)
Datastore.GCPeriodA time duration specifying how frequently to run a garbage collection. Only used if automatic gc is enabled.
Default: 1h
Type: duration (an empty string means the default value)
Datastore.HashOnReadA boolean value. If set to true, all block reads from disk will be hashed and verified. This will cause increased CPU utilization.
Default: false
Type: bool
Datastore.BloomFilterSizeA number representing the size in bytes of the blockstore’s bloom filter. A value of zero represents the feature being disabled.
This site generates useful graphs for various bloom filter values:
https://hur.st/bloomfilter/?n=1e6&p=0.01&m=&k=7 You may use it to find a
preferred optimal value, where m is BloomFilterSize in bits. Remember to
convert the value m from bits, into bytes for use as BloomFilterSize in the
config file. For example, for 1,000,000 blocks, expecting a 1% false positive
rate, you’d end up with a filter size of 9592955 bits, so for BloomFilterSize
we’d want to use 1199120 bytes. As of writing, 7 hash
functions
are used, so the constant k is 7 in the formula.
Default: 0 (disabled)
Type: integer (non-negative, bytes)
Datastore.SpecSpec defines the structure of the ipfs datastore. It is a composable structure, where each datastore is represented by a json object. Datastores can wrap other datastores to provide extra functionality (eg metrics, logging, or caching).
This can be changed manually, however, if you make any changes that require a different on-disk structure, you will need to run the ipfs-ds-convert tool to migrate data into the new structures.
For more information on possible values for this configuration option, see docs/datastores.md
Default:
{
"mounts": [
{
"child": {
"path": "blocks",
"shardFunc": "/repo/flatfs/shard/v1/next-to-last/2",
"sync": true,
"type": "flatfs"
},
"mountpoint": "/blocks",
"prefix": "flatfs.datastore",
"type": "measure"
},
{
"child": {
"compression": "none",
"path": "datastore",
"type": "levelds"
},
"mountpoint": "/",
"prefix": "leveldb.datastore",
"type": "measure"
}
],
"type": "mount"
}
Type: object
DiscoveryContains options for configuring ipfs node discovery mechanisms.
Discovery.MDNSOptions for multicast dns peer discovery.
Discovery.MDNS.EnabledA boolean value for whether or not mdns should be active.
Default: true
Type: bool
Discovery.MDNS.IntervalA number of seconds to wait between discovery checks.
Default: 5
Type: integer (integer seconds, 0 means the default)
GatewayOptions for the HTTP gateway.
Gateway.NoFetchWhen set to true, the gateway will only serve content already in the local repo and will not fetch files from the network.
Default: false
Type: bool
Gateway.NoDNSLinkA boolean to configure whether DNSLink lookup for value in Host HTTP header
should be performed. If DNSLink is present, content path stored in the DNS TXT
record becomes the / and respective payload is returned to the client.
Default: false
Type: bool
Gateway.HTTPHeadersHeaders to set on gateway responses.
Default:
{
"Access-Control-Allow-Headers": [
"X-Requested-With"
],
"Access-Control-Allow-Methods": [
"GET"
],
"Access-Control-Allow-Origin": [
"*"
]
}
Type: object[string -> array[string]]
Gateway.RootRedirectA url to redirect requests for / to.
Default: ""
Type: string (url)
Gateway.WritableA boolean to configure whether the gateway is writeable or not.
Default: false
Type: bool
Gateway.PathPrefixesArray of acceptable url paths that a client can specify in X-Ipfs-Path-Prefix header.
The X-Ipfs-Path-Prefix header is used to specify a base path to prepend to links in directory listings and for trailing-slash redirects. It is intended to be set by a frontend http proxy like nginx.
Example: We mount blog.ipfs.io (a dnslink page) at ipfs.io/blog.
.ipfs/config
"Gateway": {
"PathPrefixes": ["/blog"],
}
nginx_ipfs.conf
location /blog/ {
rewrite "^/blog(/.*)$" $1 break;
proxy_set_header Host blog.ipfs.io;
proxy_set_header X-Ipfs-Gateway-Prefix /blog;
proxy_pass http://127.0.0.1:8080;
}
Default: []
Type: array[string]
Gateway.PublicGatewaysPublicGateways is a dictionary for defining gateway behavior on specified hostnames.
Hostnames can optionally be defined with one or more wildcards.
Examples:
*.example.com will match requests to http://foo.example.com/ipfs/* or http://{cid}.ipfs.bar.example.com/*.foo-*.example.com will match requests to http://foo-bar.example.com/ipfs/* or http://{cid}.ipfs.foo-xyz.example.com/*.Gateway.PublicGateways: PathsArray of paths that should be exposed on the hostname.
Example:
{
"Gateway": {
"PublicGateways": {
"example.com": {
"Paths": ["/ipfs", "/ipns"],
}
}
}
}
Above enables http://example.com/ipfs/* and http://example.com/ipns/* but not http://example.com/api/*
Default: []
Type: array[string]
Gateway.PublicGateways: UseSubdomainsA boolean to configure whether the gateway at the hostname provides Origin isolation between content roots.
true - enables subdomain gateway at http://*.{hostname}/
Paths are set.
For example, Paths: ["/ipfs", "/ipns"] are required for http://{cid}.ipfs.{hostname} and http://{foo}.ipns.{hostname} to work:
"Gateway": {
"PublicGateways": {
"dweb.link": {
"UseSubdomains": true,
"Paths": ["/ipfs", "/ipns"],
}
}
}
http://{hostname}/ipfs/{cid} produce redirect to http://{cid}.ipfs.{hostname}/api is on the Paths whitelist, http://{hostname}/api/{cmd} produces redirect to http://api.{hostname}/api/{cmd}false - enables path gateway at http://{hostname}/*
"Gateway": {
"PublicGateways": {
"ipfs.io": {
"UseSubdomains": false,
"Paths": ["/ipfs", "/ipns", "/api"],
}
}
}
Default: false
Type: bool
Gateway.PublicGateways: NoDNSLinkA boolean to configure whether DNSLink for hostname present in Host
HTTP header should be resolved. Overrides global setting.
If Paths are defined, they take priority over DNSLink.
Default: false (DNSLink lookup enabled by default for every defined hostname)
Type: bool
Gateway.PublicGatewaysDefault entries for localhost hostname and loopback IPs are always present.
If additional config is provided for those hostnames, it will be merged on top of implicit values:
{
"Gateway": {
"PublicGateways": {
"localhost": {
"Paths": ["/ipfs", "/ipns"],
"UseSubdomains": true
}
}
}
}
It is also possible to remove a default by setting it to null.
For example, to disable subdomain gateway on localhost
and make that hostname act the same as 127.0.0.1:
$ ipfs config --json Gateway.PublicGateways '{"localhost": null }'
Gateway recipesBelow is a list of the most common public gateway setups.
http://{cid}.ipfs.dweb.link (each content root gets its own Origin)
$ ipfs config --json Gateway.PublicGateways '{
"dweb.link": {
"UseSubdomains": true,
"Paths": ["/ipfs", "/ipns"]
}
}'
Backward-compatible: this feature enables automatic redirects from content paths to subdomains:
http://dweb.link/ipfs/{cid} → http://{cid}.ipfs.dweb.link
X-Forwarded-Proto: if you run go-ipfs behind a reverse proxy that provides TLS, make it add a X-Forwarded-Proto: https HTTP header to ensure users are redirected to https://, not http://. It will also ensure DNSLink names are inlined to fit in a single DNS label, so they work fine with a wildcart TLS cert (details). The NGINX directive is proxy_set_header X-Forwarded-Proto "https";.:
http://dweb.link/ipfs/{cid} → https://{cid}.ipfs.dweb.link
http://dweb.link/ipns/your-dnslink.site.example.com → https://your--dnslink-site-example-com.ipfs.dweb.link
X-Forwarded-Host: we also support X-Forwarded-Host: example.com if you want to override subdomain gateway host from the original request:
http://dweb.link/ipfs/{cid} → http://{cid}.ipfs.example.com
http://ipfs.io/ipfs/{cid} (no Origin separation)
$ ipfs config --json Gateway.PublicGateways '{
"ipfs.io": {
"UseSubdomains": false,
"Paths": ["/ipfs", "/ipns", "/api"]
}
}'
Host header.
$ ipfs config --json Gateway.NoDNSLink false
NoDNSLink: false is the default (it works out of the box unless set to true manually)NoFetch: true)
and resolving DNSLink at unknown hostnames (NoDNSLink: true).
Then, enable DNSLink gateway only for the specific hostname (for which data
is already present on the node), without exposing any content-addressing Paths:
“NoFetch”: true,
“NoDNSLink”: true,
$ ipfs config --json Gateway.NoFetch true
$ ipfs config --json Gateway.NoDNSLink true
$ ipfs config --json Gateway.PublicGateways '{
"en.wikipedia-on-ipfs.org": {
"NoDNSLink": false,
"Paths": []
}
}'
IdentityIdentity.PeerIDThe unique PKI identity label for this configs peer. Set on init and never read, it’s merely here for convenience. Ipfs will always generate the peerID from its keypair at runtime.
Type: string (peer ID)
Identity.PrivKeyThe base64 encoded protobuf describing (and containing) the nodes private key.
Type: string (base64 encoded)
IpnsIpns.RepublishPeriodA time duration specifying how frequently to republish ipns records to ensure they stay fresh on the network.
Default: 4 hours.
Type: interval or an empty string for the default.
Ipns.RecordLifetimeA time duration specifying the value to set on ipns records for their validity lifetime.
Default: 24 hours.
Type: interval or an empty string for the default.
Ipns.ResolveCacheSizeThe number of entries to store in an LRU cache of resolved ipns entries. Entries will be kept cached until their lifetime is expired.
Default: 128
Type: integer (non-negative, 0 means the default)
MountsFUSE mount point configuration options.
Mounts.IPFSMountpoint for /ipfs/.
Default: /ipfs
Type: string (filesystem path)
Mounts.IPNSMountpoint for /ipns/.
Default: /ipns
Type: string (filesystem path)
Mounts.FuseAllowOtherSets the FUSE allow other option on the mountpoint.
PinningPinning configures the options available for pinning content (i.e. keeping content longer term instead of as temporarily cached storage).
Pinning.RemoteServicesRemoteServices maps a name for a remote pinning service to its configuration.
A remote pinning service is a remote service that exposes an API for managing that service’s interest in longer term data storage.
The exposed API conforms to the specification defined at https://ipfs.github.io/pinning-services-api-spec/
Pinning.RemoteServices: APIContains information relevant to utilizing the remote pinning service
Example:
{
"Pinning": {
"RemoteServices": {
"myPinningService": {
"API" : {
"Endpoint" : "https://pinningservice.tld:1234/my/api/path",
"Key" : "someOpaqueKey"
}
}
}
}
}
Pinning.RemoteServices: API.EndpointThe HTTP(S) endpoint through which to access the pinning service
Example: “https://pinningservice.tld:1234/my/api/path”
Type: string
Pinning.RemoteServices: API.KeyThe key through which access to the pinning service is granted
Type: string
Pinning.RemoteServices: PoliciesContains additional opt-in policies for the remote pinning service.
Pinning.RemoteServices: Policies.MFSWhen this policy is enabled, it follows changes to MFS and updates the pin for MFS root on the configured remote service.
A pin request to the remote service is sent only when MFS root CID has changed
and enough time has passed since the previous request (determined by RepinInterval).
One can observe MFS pinning details by enabling debug via ipfs log level remotepinning/mfs debug and switching back to error when done.
Pinning.RemoteServices: Policies.MFS.EnabledControls if this policy is active.
Default: false
Type: bool
Pinning.RemoteServices: Policies.MFS.PinNameOptional name to use for a remote pin that represents the MFS root CID.
When left empty, a default name will be generated.
Default: "policy/{PeerID}/mfs", e.g. "policy/12.../mfs"
Type: string
Pinning.RemoteServices: Policies.MFS.RepinIntervalDefines how often (at most) the pin request should be sent to the remote service.
If left empty, the default interval will be used. Values lower than 1m will be ignored.
Default: "5m"
Type: duration
PubsubPubsub configures the ipfs pubsub subsystem. To use, it must be enabled by
passing the --enable-pubsub-experiment flag to the daemon.
Pubsub.RouterSets the default router used by pubsub to route messages to peers. This can be one of:
"floodsub" - floodsub is a basic router that simply floods messages to all
connected peers. This router is extremely inefficient but very reliable."gossipsub" - gossipsub is a more advanced routing algorithm that will
build an overlay mesh from a subset of the links in the network.Default: "gossipsub"
Type: string (one of "floodsub", "gossipsub", or "" (apply default))
Pubsub.DisableSigningDisables message signing and signature verification. Enable this option if you’re operating in a completely trusted network.
It is not safe to disable signing even if you don’t care who sent the message because spoofed messages can be used to silence real messages by intentionally re-using the real message’s message ID.
Default: false
Type: bool
PeeringConfigures the peering subsystem. The peering subsystem configures go-ipfs to connect to, remain connected to, and reconnect to a set of nodes. Nodes should use this subsystem to create “sticky” links between frequently useful peers to improve reliability.
Use-cases:
When a node is added to the set of peered nodes, go-ipfs will:
Peering can be asymmetric or symmetric:
Peering.PeersThe set of peers with which to peer.
{
"Peering": {
"Peers": [
{
"ID": "QmPeerID1",
"Addrs": ["/ip4/18.1.1.1/tcp/4001"]
},
{
"ID": "QmPeerID2",
"Addrs": ["/ip4/18.1.1.2/tcp/4001", "/ip4/18.1.1.2/udp/4001/quic"]
}
]
}
...
}
Where ID is the peer ID and Addrs is a set of known addresses for the peer. If no addresses are specified, the DHT will be queried.
Additional fields may be added in the future.
Default: empty.
Type: array[peering]
ReproviderReprovider.IntervalSets the time between rounds of reproviding local content to the routing
system. If unset, it defaults to 12 hours. If set to the value "0" it will
disable content reproviding.
Note: disabling content reproviding will result in other nodes on the network not being able to discover that you have the objects that you have. If you want to have this disabled and keep the network aware of what you have, you must manually announce your content periodically.
Type: array[peering]
Reprovider.StrategyTells reprovider what should be announced. Valid strategies are:
Default: all
Type: string (or unset for the default)
RoutingContains options for content, peer, and IPNS routing mechanisms.
Routing.TypeContent routing mode. Can be overridden with daemon --routing flag.
There are two core routing options: “none” and “dht” (default).
When the DHT is enabled, it can operate in two modes: client and server.
When Routing.Type is set to dht, your node will start as a DHT client, and
switch to a DHT server when and if it determines that it’s reachable from the
public internet (e.g., it’s not behind a firewall).
To force a specific DHT mode, client or server, set Routing.Type to
dhtclient or dhtserver respectively. Please do not set this to dhtserver
unless you’re sure your node is reachable from the public network.
Example:
{
"Routing": {
"Type": "dhtclient"
}
}
Default: dht
Type: string (or unset for the default)
SwarmOptions for configuring the swarm.
Swarm.AddrFiltersAn array of addresses (multiaddr netmasks) to not dial. By default, IPFS nodes advertise all addresses, even internal ones. This makes it easier for nodes on the same network to reach each other. Unfortunately, this means that an IPFS node will try to connect to one or more private IP addresses whenever dialing another node, even if this other node is on a different network. This may trigger netscan alerts on some hosting providers or cause strain in some setups.
The server configuration profile fills up this list with sensible defaults,
preventing dials to all non-routable IP addresses (e.g., 192.168.0.0/16) but
you should always check settings against your own network and/or hosting
provider.
Default: []
Type: array[string]
Swarm.DisableBandwidthMetricsA boolean value that when set to true, will cause ipfs to not keep track of bandwidth metrics. Disabling bandwidth metrics can lead to a slight performance improvement, as well as a reduction in memory usage.
Default: false
Type: bool
Swarm.DisableNatPortMapDisable automatic NAT port forwarding.
When not disabled (default), go-ipfs asks NAT devices (e.g., routers), to open up an external port and forward it to the port go-ipfs is running on. When this works (i.e., when your router supports NAT port forwarding), it makes the local go-ipfs node accessible from the public internet.
Default: false
Type: bool
Swarm.DisableRelayDeprecated: Set Swarm.Transports.Network.Relay to false.
Disables the p2p-circuit relay transport. This will prevent this node from connecting to nodes behind relays, or accepting connections from nodes behind relays.
Default: false
Type: bool
Swarm.EnableRelayHopConfigures this node to act as a relay “hop”. A relay “hop” relays traffic for other peers.
WARNING: Do not enable this option unless you know what you’re doing. Other peers will randomly decide to use your node as a relay and consume all available bandwidth. There is no rate-limiting.
Default: false
Type: bool
Swarm.EnableAutoRelayEnables “automatic relay” mode for this node. This option does two very
different things based on the Swarm.EnableRelayHop. See
#7228 for context.
Default: false
Type: bool
EnableRelayHop is falseIf Swarm.EnableAutoRelay is enabled and Swarm.EnableRelayHop is disabled,
your node will automatically use public relays from the network if it detects
that it cannot be reached from the public internet (e.g., it’s behind a
firewall). This is likely the feature you’re looking for.
If you enable EnableAutoRelay, you should almost certainly disable
EnableRelayHop.
EnableRelayHop is trueIf EnableAutoRelay is enabled and EnableRelayHop is enabled, your node will
act as a public relay for the network. Furthermore, in addition to simply
relaying traffic, your node will advertise itself as a public relay. Unless you
have the bandwidth of a small ISP, do not enable both of these options at the
same time.
Swarm.EnableAutoNATServiceREMOVED
Please use [AutoNAT.ServiceMode][].
Swarm.ConnMgrThe connection manager determines which and how many connections to keep and can be configured to keep. Go-ipfs currently supports two connection managers:
Default: basic
Swarm.ConnMgr.TypeSets the type of connection manager to use, options are: "none" (no connection
management) and "basic".
Default: “basic”.
Type: string (when unset or "", the default connection manager is applied
and all ConnMgr fields are ignored).
The basic connection manager uses a “high water”, a “low water”, and internal
scoring to periodically close connections to free up resources. When a node
using the basic connection manager reaches HighWater idle connections, it will
close the least useful ones until it reaches LowWater idle connections.
The connection manager considers a connection idle if:
GracePeriod.Example:
{
"Swarm": {
"ConnMgr": {
"Type": "basic",
"LowWater": 100,
"HighWater": 200,
"GracePeriod": "30s"
}
}
}
Swarm.ConnMgr.LowWaterLowWater is the number of connections that the basic connection manager will trim down to.
Default: 600
Type: integer
Swarm.ConnMgr.HighWaterHighWater is the number of connections that, when exceeded, will trigger a connection GC operation. Note: protected/recently formed connections don’t count towards this limit.
Default: 900
Type: integer
Swarm.ConnMgr.GracePeriodGracePeriod is a time duration that new connections are immune from being closed by the connection manager.
Default: "20s"
Type: duration
Swarm.TransportsConfiguration section for libp2p transports. An empty configuration will apply the defaults.
Swarm.Transports.NetworkConfiguration section for libp2p network transports. Transports enabled in
this section will be used for dialing. However, to receive connections on these
transports, multiaddrs for these transports must be added to Addresses.Swarm.
Supported transports are: QUIC, TCP, WS, and Relay.
Each field in this section is a flag.
Swarm.Transports.Network.TCPTCP is the most widely used transport by go-ipfs nodes. It doesn’t directly support encryption and/or multiplexing, so libp2p will layer a security & multiplexing transport over it.
Default: Enabled
Type: flag
Listen Addresses:
Swarm.Transports.Network.WebsocketWebsocket is a transport usually used to connect to non-browser-based IPFS nodes from browser-based js-ipfs nodes.
While it’s enabled by default for dialing, go-ipfs doesn’t listen on this transport by default.
Default: Enabled
Type: flag
Listen Addresses:
Swarm.Transports.Network.QUICQUIC is a UDP-based transport with built-in encryption and multiplexing. The primary benefits over TCP are:
Default: Enabled
Type: flag
Listen Addresses:
Swarm.Transports.Network.RelayLibp2p Relay proxy transport that forms connections by hopping between multiple libp2p nodes. This transport is primarily useful for bypassing firewalls and NATs.
Default: Enabled
Type: flag
Listen Addresses: This transport is special. Any node that enables this transport can receive inbound connections on this transport, without specifying a listen address.
Swarm.Transports.SecurityConfiguration section for libp2p security transports. Transports enabled in this section will be used to secure unencrypted connections.
Security transports are configured with the priority type.
When establishing an outbound connection, go-ipfs will try each security transport in priority order (lower first), until it finds a protocol that the receiver supports. When establishing an inbound connection, go-ipfs will let the initiator choose the protocol, but will refuse to use any of the disabled transports.
Supported transports are: TLS (priority 100) and Noise (priority 300).
No default priority will ever be less than 100.
Swarm.Transports.Security.TLSTLS (1.3) is the default security transport as of go-ipfs 0.5.0. It’s also the most scrutinized and trusted security transport.
Default: 100
Type: priority
Swarm.Transports.Security.SECIOSupport for SECIO has been removed. Please remove this option from your config.
Swarm.Transports.Security.NoiseNoise is slated to replace TLS as the cross-platform, default libp2p protocol due to ease of implementation. It is currently enabled by default but with low priority as it’s not yet widely supported.
Default: 300
Type: priority
Swarm.Transports.MultiplexersConfiguration section for libp2p multiplexer transports. Transports enabled in this section will be used to multiplex duplex connections.
Multiplexer transports are secured the same way security transports are, with
the priority type. Like with security transports, the initiator gets their
first choice.
Supported transports are: Yamux (priority 100) and Mplex (priority 200)
No default priority will ever be less than 100.
Swarm.Transports.Multiplexers.YamuxYamux is the default multiplexer used when communicating between go-ipfs nodes.
Default: 100
Type: priority
Swarm.Transports.Multiplexers.MplexMplex is the default multiplexer used when communicating between go-ipfs and all other IPFS and libp2p implementations. Unlike Yamux:
Default: 200
Type: priority