DFINITY HTTP Gateway for the Internet Computer Protocol

This repository builds a minimal, deterministic, and verifiable HTTP Gateway for the Internet Computer Protocol (ICP), designed for deployment in confidential computing environments such as AMD SEV-SNP trusted execution environments.

The HTTP Gateway is in production use by the DFINITY Foundation, serving traffic for ic0.app, icp0.io, icp-api.io, and all custom domains (e.g., internetcomputer.org).

Releases

Each release includes the following artifacts:

• initramfs
• vmlinuz
• OVMF.fd
• and an SEV-SNP measurement assuming a configuration with 30 vCPUs

initramfs

A custom initramfs image that includes:

• ic-gateway from the ic-gateway repository
• ic-http-lb from the ic-http-lb repository
• certificate-issuer for custom domain support from the main IC repository
• vector for logging
• node-exporter for system-level metrics
• runit a lightweight init system and service supervisor

vmlinuz

• Linux kernel image, sourced from the SEV-SNP dependencies repository

OVMF.fd

• UEFI firmware file for booting in a virtualized environment, also sourced from the SEV-SNP dependencies repository

Remote Attestation of SEV-SNP-enabled HTTP Gateways

See Attestation Guide for instructions on how to remotely attest and verify the SEV-SNP-enabled HTTP Gateways.

License

This project is licensed under the Apache License 2.0.

Contributing

This repository does not accept external contributions at this time.