Running a Lighthouse

Every group runs their own lighthouse. This is the architectural decision that makes FreedomCore sovereign infrastructure rather than a hosted service.

What You Need

One small server. A Raspberry Pi. A $5/month VPS. An old laptop. One Go binary, one systemd service.

The lighthouse runs five services in a single process:

ServicePortPurpose
Nebula LighthouseUDP 4242Peer discovery
TURN ServerUDP/TCP 3478Relay for NAT failures
WebRTC SignalingWSS 443Session setup
Browser GatewayHTTPS 443Zero-install guest access
OrchestratorInternalCertificate management

What It Costs

ProviderMonthly CostNotes
Raspberry Pi$0Your hardware, your electricity
DigitalOcean droplet$4-6Smallest size works
Hetzner VPS$3-5European hosting
Old laptop$0Runs on anything with a network connection

FreedomCore operates public lighthouses (Toronto, Sydney) for bootstrapping and guest access. But in production, every group runs their own. FreedomCore cannot see, access, or interfere with group traffic.

Why This Matters

BenefitWhy
Zero relay cost for FreedomCoreEach group handles their own traffic
Infinite scaleAdding a group adds zero load to anyone else
Privacy by designFreedomCore has zero visibility into group traffic
No vendor lock-inIf FreedomCore disappears tomorrow, every group keeps working
Trust anchorThe lighthouse operator IS the certificate authority

Revenue comes from directory listings, backup subscriptions, and federation — not from running infrastructure. This is why FreedomCore can scale to millions of groups without millions in server costs.

The Sovereignty Guarantee

Your lighthouse holds the certificate authority for your group. It signs certificates. It manages membership. It relays traffic when direct connections fail.

FreedomCore provides the software. You provide the hardware. Your data never touches a FreedomCore server. If FreedomCore vanishes, your lighthouse keeps running. Your group keeps working. Forever.

This is not a feature. It is the architecture.