- One or more origin-backed nodes pointing at your S3 / R2 / B2 / NFS / local disk.
- An app server that gates access if you encrypt content (encryption setup).
- Both of the above, which is the typical posture.
What origin operators provide
- The canonical bytes. Your S3 bucket (or equivalent) is the durable source of truth. deCDN does not replace it.
- A hash-to-object-key catalog. The per-node database mapping BLAKE3 hashes to your backend object keys.
- (Optional) key custody and access control. Via an app server, if you encrypt content.
- (Recommended) at least one origin-backed node. First-hop seeding into the mesh. Without one, the first cache miss has nowhere to go.
What origin operators earn
Per-MB revenue on every byte pulled from your origin-backed node — whether pulled by a client directly or by another caching node on cache miss. Pricing is market-driven within governance bounds. See economics (the economic rules are the same as for any node operator).What origin operators pay
- Your backend’s own egress costs (R2 waives inter-Workers egress, B2 is cheapest at ~$0.01/GB, S3 is standard rate). Origin-backed nodes naturally price above their backend egress or they lose money.
- TOKEN stake for each origin-backed node you run (staking).
- Gas for periodic on-chain operations (channel opens/closes, stake, occasional slash challenges).
How this tab is organized
| Page | What it covers |
|---|---|
| When to run origin-backed | Pure-cache vs origin-backed vs both; when a third party can run your origin |
| Backend integration | Configuring S3/R2/B2/NFS, hash-to-object-key catalog, ingest pipeline |
| App server | When to run one, responsibilities, scaling, reference implementation status |
| Encryption setup | Envelope encryption mechanics, epoch keys, key custody, revocation |
| Takedown compliance | On-chain blacklist behavior, compliance window, local denylist |