Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: automatically acquire WSS certificates from libp2p.direct #10521

Draft
wants to merge 7 commits into
base: master
Choose a base branch
from
Draft

feat: automatically acquire WSS certificates from libp2p.direct #10521

wants to merge 7 commits into from
+271 −58

Conversation

aschmahmann
Copy link
Contributor

@aschmahmann aschmahmann commented Sep 18, 2024
edited
Loading

This PR is WIP but the intention is to allow any publicly reachable node on the network to be reachable via Secure WebSockets and thereby improve reachability from browsers. For anyone who reads this and is unfamiliar with this work, don't worry plenty of documentation to come before we're ready to merge.

TLDR

$ ipfs config --json Swarm.ForgeClient.Enabled true
$ export FORGE_ACCESS_TOKEN="secret" # optional secret, necessary when testing for now 
$ # (TODO) ipfs config --json Swarm.ForgeClient.ForgeAuth "secret"

TODO

Some outstanding items here are:

  • the libp2p.direct service needs to be ready for production use
  • libp2phttp: HTTP Peer ID Authentication libp2p/go-libp2p#2854 lands
  • documentation
  • need to be happy with the config file syntax
  • remove debugging logs associated with acquiring certificates
  • we should probably wait until we have confidence in our external addresses before trying to get a certificate
  • multiplex WSS on the same port as TCP (e.g. by muxing on the ALPN in the TLS cert) so people don't need to open new ports
  • there's currently an issue where the application doesn't realize it's acquired a certificate and that it's ready for use (happens at least on first acquisition)
  • figure out what's going on with excessive logs like "http: TLS handshake error from ip:port: EOF"

lidel
lidel reviewed Sep 18, 2024
View reviewed changes
go.mod
@@ -252,3 +258,5 @@ require (
)

go 1.22

replace github.com/libp2p/go-libp2p => github.com/libp2p/go-libp2p v0.36.3-0.20240909195832-fbc0ac8f743c
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TODO: remove once libp2p/go-libp2p#2854 lands

config/forge.go Show resolved Hide resolved
config/forge.go Show resolved Hide resolved
core/node/libp2p/addrs.go Outdated
Comment on lines 145 to 150
p2pforge.WithModifiedForgeRequest(func(req *http.Request) error {
if foundAuthKey {
req.Header.Set(authForgeHeader, authKey)
}
return nil
}),
Copy link
Member

@lidel lidel Sep 18, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TODO: too low level, we need to move this to p2p-forge/client library, and call specific funcs here:

  • WithForgeAuth(authKey)
  • WithUserAgent(GetUserAgentVersion())

lidel
lidel reviewed Sep 18, 2024
View reviewed changes
config/forge.go Show resolved Hide resolved
config/forge.go Show resolved Hide resolved
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lidel lidel lidel left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@aschmahmann @lidel