OpenADP Raspberry Pi QuickStart Guide

🎯 Overview

This guide will help you set up an OpenADP server on your Raspberry Pi running either Raspberry Pi OS or Fedora 42. OpenADP servers provide distributed secret sharing capabilities, allowing users to securely encrypt files with threshold cryptography.

🔒 Secure

Noise-NK encrypted communications with authentication codes

🌐 Distributed

Part of a global network of OpenADP servers

⚡ Efficient

Optimized for Raspberry Pi hardware

🔧 Easy Setup

Automated installation and configuration

📋 Requirements

Hardware Requirements

Raspberry Pi 4 (2GB RAM minimum, 4GB+ recommended)
MicroSD Card (32GB minimum, Class 10 or better)
Reliable Internet Connection (Ethernet preferred)
Power Supply (USB-C 3A+ recommended for Pi 4 stability)

Software Requirements

Operating System: Raspberry Pi OS (64-bit) or Fedora 42 (ARM64)
Go 1.21+ (will be installed automatically)
Git (usually pre-installed)
SSH access (for remote management)

Network Requirements

Choose your hosting approach:

Option A - Direct Public IP: Static IP or Dynamic DNS, any port accessible
Option B - Cloudflare Proxy: Hide your IP behind Cloudflare (recommended for home users)

For Direct Public IP only: Domain name and SSL certificate (Let's Encrypt) recommended

For Cloudflare Proxy: We provide subdomain (like xyzzy.openadp.org) and SSL automatically

🚀 Installation Steps

Prepare Your Raspberry Pi

Choose the instructions for your operating system:

🍓 For Raspberry Pi OS (Debian-based):

# Update your system
sudo apt update
sudo apt upgrade -y

# Install essential packages
sudo apt install -y git curl wget build-essential

# Enable SSH (if not already enabled)
sudo systemctl enable ssh
sudo systemctl start ssh
                        

🎩 For Fedora 42:

# Update your system
sudo dnf update -y

# Install essential packages
sudo dnf install -y git curl wget gcc gcc-c++ make

# Enable SSH (if not already enabled)
sudo systemctl enable sshd
sudo systemctl start sshd
                        

Install Go

OpenADP requires Go 1.21 or later:

# Download and install Go (ARM64 for Pi 4)
wget https://go.dev/dl/go1.21.5.linux-arm64.tar.gz

# Remove any existing Go installation and install new one
sudo rm -rf /usr/local/go
sudo tar -C /usr/local -xzf go1.21.5.linux-arm64.tar.gz

# Add Go to PATH
echo 'export PATH=$PATH:/usr/local/go/bin' >> ~/.bashrc
echo 'export PATH=$PATH:$HOME/go/bin' >> ~/.bashrc
source ~/.bashrc

# Verify installation
go version
                        

🚀 One-Command Installation

OpenADP includes an automated installation script that does everything for you!

# Clone the repository
cd ~
git clone https://github.com/OpenADP/openadp.git
cd openadp

# Run the automated installer (does everything!)
sudo ./scripts/update-openadp-node.sh

# That's it! The script will:
# - Install dependencies (Go, build tools, etc.)
# - Build OpenADP server and tools
# - Create service user and directories
# - Set up systemd service
# - Start the server
# - Run health checks
                        

✨ What the Script Does Automatically:

Detects your OS (Raspberry Pi OS, Fedora, etc.)
Installs the right packages for your system
Downloads and installs Go compiler
Builds OpenADP server binary
Creates service user and directories
Sets up systemd service
Starts the server and runs tests

🔄 Easy Updates

To update your server later, just run the same script again:

# Update to latest version
cd ~/openadp
sudo ./scripts/update-openadp-node.sh

# The script will:
# - Pull latest code from git
# - Rebuild binaries
# - Restart service with new version
                        

🌐 Hosting Options

Choose how you want to make your server accessible to the internet:

Option A: Direct Public IP Hosting

Host your server directly with your own public IP address. This gives you full control but exposes your IP address.

Requirements:

Static IP address or Dynamic DNS service
Router port forwarding (your chosen port → your Pi)
Firewall configuration (covered in installation steps)
Domain name (optional but recommended)
SSL certificate setup (Let's Encrypt recommended)

# Configure your router to forward your chosen port to your Pi
# Examples:
# Port 80:   203.0.113.1:80 → 192.168.1.100:8080 (standard web port)
# Port 8080: 203.0.113.1:8080 → 192.168.1.100:8080 (default)
# Port 3000: 203.0.113.1:3000 → 192.168.1.100:8080 (custom)
# (This varies by router - check your router's admin interface)
                    

Option B: Cloudflare Proxy (Recommended for Home Users)

Hide your IP address behind Cloudflare's network! This is perfect for home users who want privacy and don't want to expose their residential IP.

✅ Benefits of Cloudflare Proxy:

IP Privacy: Your IP address stays hidden
Free Subdomain: We provide yourname.openadp.org (like xyzzy.openadp.org)
Automatic SSL: HTTPS encryption included, no setup needed
DDoS Protection: Cloudflare handles attacks
No Port Forwarding: No router configuration needed
Global CDN: Better performance worldwide

🚨 Setup Required on Discord

You MUST ping us on Discord for Cloudflare setup! We need to:

Assign you a subdomain (like dave.openadp.org)
Create a CNAME DNS record for your server
Provide you with 2 commands to run on your Pi
Configure the Cloudflare tunnel connection

Join Discord: https://discord.gg/TaHNeGsE8j

# 1. Join Discord and request Cloudflare proxy setup
# 2. We'll provide you with 2 commands like these:

# Command 1: Install cloudflared
curl -L https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64 \
     -o cloudflared
sudo mv cloudflared /usr/local/bin/
sudo chmod +x /usr/local/bin/cloudflared

# Command 2: Connect your tunnel (we'll provide the exact command)
cloudflared tunnel --url localhost:8080 --name your-server-name

# Note: The exact commands will be customized for your setup
# and provided by our team on Discord
                    

🎯 Perfect for Dave and Home Users!

This option is ideal for volunteers like Dave who want to contribute a server but don't want to expose their network. Two simple commands and you're protected by Cloudflare's global network!

📝 Port Flexibility

You can use any port you want! Common choices:

Port 80: Standard web port (no port number in URL)
Port 8080: Default OpenADP port
Custom ports: 3000, 8000, 9000, etc.

When you register on Discord, we'll include your chosen port in api/servers.json so clients can find you correctly.

⚙️ Configuration (Optional)

The installation script creates a working configuration automatically. You can customize it if needed:

Customize Server Settings

Edit the configuration file if you want to change ports or other settings:

# Edit the server configuration
sudo nano /opt/openadp/openadp-server.conf

# Common settings to change:
# - port: Change from 8080 to your preferred port
# - log_level: Change from "info" to "debug" for more details

# After making changes, restart the service:
sudo systemctl restart openadp-server
                    

⚠️ Configuration Notes

The script creates a secure default configuration
Server keys are generated automatically
Database and logs are set up in /opt/openadp/
Only edit if you need custom settings

Configure Firewall

Open the necessary ports for your operating system:

🍓 For Raspberry Pi OS (UFW):

# Install ufw if not present
sudo apt install -y ufw

# Configure firewall
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow 8080/tcp  # Change 8080 to your chosen port

# Enable firewall
sudo ufw --force enable
sudo ufw status
                    

🎩 For Fedora 42 (firewalld):

# Ensure firewalld is installed and running
sudo dnf install -y firewalld
sudo systemctl enable firewalld
sudo systemctl start firewalld

# Open necessary ports
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --permanent --add-port=8080/tcp  # Change 8080 to your chosen port

# Reload firewall rules
sudo firewall-cmd --reload

# Check status
sudo firewall-cmd --list-all
                    

🧪 Testing Your Server

Start the Service

# Enable and start the service
sudo systemctl enable openadp
sudo systemctl start openadp

# Check status
sudo systemctl status openadp

# View logs
sudo journalctl -u openadp -f
                    

Test Server Functionality

# Test echo endpoint
curl -X POST http://localhost:8080 \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","method":"Echo","params":["Hello OpenADP"],"id":1}'

# Test server info
curl -X POST http://localhost:8080 \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","method":"GetServerInfo","params":[],"id":1}'

# Check health endpoint
curl http://localhost:8080/health
                    

✅ Success Indicators

Service status shows "active (running)"
Echo endpoint returns your test message
Server info includes Noise-NK public key
Health endpoint returns "OK"
No errors in the logs

🚨 CRITICAL: Server Registration Required

Your server won't be discoverable by clients until it's added to the network!

Join our Discord server immediately
Share your server details with the team
We must manually add your server to api/servers.json
Only then will clients be able to find and use your server

Don't skip this step! A working server that isn't registered is invisible to the network.

🔧 Maintenance

Regular Updates

# Update OpenADP
cd ~/openadp
git pull origin main
make build

# Stop service, update binary, restart
sudo systemctl stop openadp
sudo cp bin/openadp-server /opt/openadp/bin/
sudo systemctl start openadp
                

Log Rotation

/opt/openadp/logs/*.log {
    daily
    missingok
    rotate 7
    compress
    delaycompress
    notifempty
    postrotate
        systemctl reload openadp || true
    endscript
}
                

Monitoring

# Check service status
sudo systemctl status openadp

# View recent logs
sudo journalctl -u openadp --since "1 hour ago"

# Monitor resource usage
htop

# Check disk space
df -h /opt/openadp/data
                

🔍 Troubleshooting

Common Issues

⚠️ Service Won't Start

Check configuration file syntax
Verify file permissions
Ensure port 8080 is not in use
Check system logs: sudo journalctl -u openadp

⚠️ Connection Refused

Verify firewall settings
Check if service is running
Test local connectivity first
Verify router port forwarding

⚠️ High Memory Usage

Monitor with htop
Check database size
Consider log rotation
Restart service if needed

⚠️ Cloudflare Tunnel Issues

Check if cloudflared is running: ps aux | grep cloudflared
Restart tunnel: sudo systemctl restart cloudflared
Check tunnel logs: journalctl -u cloudflared -f
Ping Discord if tunnel stops working

Diagnostic Commands

# Check service status
sudo systemctl status openadp

# View detailed logs
sudo journalctl -u openadp -n 100

# Test network connectivity
netstat -tlnp | grep 8080  # Change 8080 to your chosen port

# Check file permissions
ls -la /opt/openadp/config/

# Monitor system resources
free -h
df -h
                

OS-Specific Package Management

# Install missing packages
sudo apt install -y package-name

# Search for packages
apt search package-name

# Check installed packages
dpkg -l | grep package-name
                

# Install missing packages
sudo dnf install -y package-name

# Search for packages
dnf search package-name

# Check installed packages
dnf list installed | grep package-name
                

💬 Support

🎉 Congratulations!

Your OpenADP server is now running and contributing to the distributed network. Thank you for supporting privacy and security!

👋 Special Thanks to Dave!

This guide was enhanced specifically to support Dave's Raspberry Pi 4 running Fedora 42. Thanks to community volunteers like Dave, we can support more diverse setups and make OpenADP accessible to everyone!

Next steps:

🚨 FIRST: Join Discord and ping us to add your server to the network!
Register your server at servers.openadp.org
Set up SSL/TLS with Let's Encrypt
Configure monitoring and alerting
Join the community discussions

🥧 OpenADP Raspberry Pi QuickStart

📋 Table of Contents