Light

Generate SSL certificates for Myel providers about pop HOT 6 CLOSED

myelnet commented on August 18, 2024

Generate SSL certificates for Myel providers

from pop.

Comments (6)

gallexis commented on August 18, 2024

I don't think we have to deal we the whole Caddy HTTP server.
Since we are using our own Go mux based http server, this link seems more interesting for our case :

from pop.

gallexis commented on August 18, 2024

I've spawn my own vps and used a domain name I own on Cloudflare, and with the basic code below I've been able to run a HTTP server with a ssl certificate, managed by certmagic which handles by itself the ACME challenge :
---> demo

package main

import (
        "fmt"
        "github.com/caddyserver/certmagic"
        "github.com/libdns/cloudflare"
        "net/http"
)

func main(){
        certmagic.DefaultACME.DNS01Solver = &certmagic.DNS01Solver{
                DNSProvider: &cloudflare.Provider{
                        APIToken: "MY_CLOUDFLARE_API_KEY",
                },
        }

        handler := http.HandlerFunc(func(writer http.ResponseWriter, request *http.Request) {
                fmt.Fprintf(writer, "HELLO WORLD :D")
        })


        panic(certmagic.HTTPS([]string{"curt.ly", "*.curt.ly"}, handler))
}

from pop.

gallexis commented on August 18, 2024

I managed to make a proxy that redirects wss://curt.ly to he localhost ws listener of ipfs : "/ip4/0.0.0.0/tcp/41505/ws".
It means that nodes from the browser will have to dial wss://curt.ly to reach the actual ipfs node, doing something like :

h.NewStream(ctx, p, 
		... ,
		"/dns4/curt.ly/tcp/443/wss/p2p/12D3KooWL6iAkTwQzTDQ6vjC7pPXAMKAL1MTpVURTugc6Vip44WG",  //. <-- something like that
	),

from pop.

gallexis commented on August 18, 2024

Good news : when running a basic code in js, it can connect to my vps Pop node on the websocket address:

/dns4/curt.ly/tcp/443/wss/p2p/12D3KooWL6iAkTwQzTDQ6vjC7pPXAMKAL1MTpVURTugc6Vip44WG

const Libp2p = require('libp2p')
const WebSockets = require('libp2p-websockets')
const {NOISE} = require('libp2p-noise')
const MPLEX = require('libp2p-mplex')

    const node = await Libp2p.create({
        modules: {
            transport: [WebSockets],
            connEncryption: [NOISE],
            streamMuxer: [MPLEX]
        },
        addresses: {
            listen: [
                '/ip4/127.0.0.1/tcp/8100/ws',
            ]
        },
    })


    // start libp2p
    await node.start()

    const advertiseAddrs = node.multiaddrs
    console.log('libp2p is advertising the following addresses: ', advertiseAddrs, node.peerId.toB58String())

    
    await node.ping("/dns4/curt.ly/tcp/443/wss/p2p/12D3KooWL6iAkTwQzTDQ6vjC7pPXAMKAL1MTpVURTugc6Vip44WG")

Bad news: I've an error when adding this bootstrap address on pop :
failed to connect to peer error="failed to dial 12D3KooWL6iAkTwQzTDQ6vjC7pPXAMKAL1MTpVURTugc6Vip44WG: no good addresses" peerId=12D3KooWL6iAkTwQzTDQ6vjC7pPXAMKAL1MTpVURTugc6Vip44WG

from pop.

gallexis commented on August 18, 2024

This might be the solution :

Add encryption and multiplexing capabilities to libp2p transport connections

https://github.com/libp2p/go-ws-transport#security-and-multiplexing
https://github.com/libp2p/go-libp2p-transport-upgrader

from pop.

gallexis commented on August 18, 2024

A new provider P1 wants to be part of the Myel network
Because we want to talk to Browsers, we need a way for them to reach pop nodes
We use websockets for that, but only WebSocket Secure (WSS) connections are possible within the browser
It means pop nodes will need a domain name with a valid SSL certificate
Because it’s too annoying for many of our providers to deal with that, we (Myel) will act as a facilitator in this process by providing a domain name, i.e : myel.app
The provider will the only have to send us the IP (public & static) of their node and a subdomain
Thanks to our domain provider’s API, will will automatically create a DNS A record that will point the subdomain “p1” to the IP of their node
Once done and their node started, they will be able to listen for websocket connections on wss://p1.myel.app

Only the facilitators will need to connect to their domain provider with an API to set a special TXT record in the domain’s zone, proving to the Certificate Authority the ownership of the domain name (see: https://letsencrypt.org/fr/docs/challenge-types/#d%C3%A9fi-dns-01).

from pop.

Related Issues (20)

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.