feat: gateway subdomains + http proxy mode

[Stebalien]

Depends on ipfs/go-ipfs-config#30

• TODO: Needs base32 peer IDs. The IPNS and p2p proxy stuff doesn't currently work due to this.
• Think through the "known gateway" concept.

What does this do?

1. Any HTTP CONNECT (proxy) requests will be looped backed to the gateway. This means a browser can, e.g., proxy http://ipfs.io/ipfs/... to the local gateway without redirecting (or touching the URL bar).
2. IPFS can handle CIDs in subdomains. That is, http://CID.ipfs.localhost:8080.

fixes #5982
fixes #6498
cc ipfs/in-web-browsers#89, ipfs/ipfs-companion#667

[lidel]

I'm trying to look at this by the lens of what potential user wants.
AFAIK simplified Gateway use cases are:

• (A) run go-ipfs on local machine with default settings
• (B) run Path Gateway on some hostname
• (C) run DNSLink Gateway for some|single domain with proper DNS TXT record
• (D) set up Subdomain Gateway on some hostname

I think (A) should be "batteries included" and not require any configuration, (D) requires more advanced setup in DNS anyway, so it is ok for it to be an opt-in, and there is some vagueness about resolution rules when (B) and (C) happen to use the same hostname, which suggests there should be a way to make both configurable or simply do not allow that scenario on a single hostname.

Having that as a starting point, some notes below (apologies, I failed to make this shorter).

Simplify configuration of Gateway features

I like the idea of having explicit list of hostnames that impacts the way requests are handled, but we should not hardcode any known PublicGateways: we want people to run their own. Let's keep the list empty and dogfood entire configuration process on our gateways.

Would it be more versatile and easier to reason about if we tweak ipfs/go-ipfs-config#30 and add three clear options to control gateway behavior?

Something like (names are just placeholders):

• Gateway.DNSLink – optional boolean to control DNSLink support (default: true)
• Gateway.SubdomainHosts – optional array of hostnames whitelisted for use in subdomains and proxy mode (+ implicit localhost)
• Gateway.PathHosts - optional array of hostnames that are known to be path-based Gateways where content paths should take priority over DNSLink (+ implicit 127.0.0.1 and ::1)

Caveats:

• These config options replace UseSubdomains and PublicGateways
• Every hostname on Gateway.SubdomainHosts needs to redirect non-subdomain paths (dweb.link/ipfs/<cid>/foo) to subdomain ones (<cid>.ipfs.dweb.link/foo)
• There needs to be some validation that ensures SubdomainHosts and PathHosts have no overlap or ignore hostnames that are on both
• If we don't allow DNSLink+Path Gateway on the same hostname (and handle ipfs.io via Nginx) the Gateway Heuristic below get MUCH easier, and I think we no longer need PathHosts

Gateway Heuristic

Localhost

IIUC there is a golden path for localhost:

• Support <cid>.<ns>.localhost out of the box
  (localhost as a permanent, implicit entry on Gateway.SubdomainHosts)
• requests to localhost hostname (without subdomain) need to be redirected to 127.0.0.1 (same path, but on raw IP). This will ensure the Origin(s) of Path and Subdomain gateways on a local machine are separate (and users can have both!)

Public Gateways

I feel I am missing some context on gateway symlinks mentioned here – what are use cases for that?

So far I was under impression that mixing namespaces such as DNSLink website with Path Gateway is something we want to move away from. It makes security model unnecessarily hard to reason about and I did not see any use in production apart from ipfs.io (which we want to move to dweb.link anyway).

That being said:

If we allow Paths & DNSLink on the same hostname

We use Gateway.PathHosts to control which hostnames prioritize Path Gateway over DNSLink.
Default use case is hosting websites with DNSLink. DNSLink takes a priority unless gateway hostname is listed in Gateway.PathHosts:

• IF Host is matching <cid>.<ns>.example.com and example.com is listed in Gateway.SubdomainHosts
  THEN process request as Subdomain Gateway
• ELSE
  • IF path is /ipfs/, /ipns/ or /api/
    • IF example.com is listed in Gateway.PathHosts
      THEN process request as Path Gateway
    • ELSE
      • IF Host is not IP and DNSLink is present
        THEN process request as DNSLink
      • ELSE process request as Path Gateway
  • ELSE process request as DNSLink or return 404

If DNSLink always takes a priority

We don't need Gateway.PathHosts and it gets much easier:

• IF Host is matching <cid>.<ns>.example.com and example.com is listed in Gateway.SubdomainHosts
  THEN process request as Subdomain Gateway
• ELSE
  • IF Host is not IP and DNSLink is present
    THEN process request as DNSLink
  • ELSE process request as Path Gateway

Personally I'd like to keep it simple and avoid mixing DNSLink with Path Gateway if possible,
but let me know if I missed any nuance.

Configuration Examples

DNSLink

Gateway.DNSLink = true
Gateway.SubdomainHosts = []
Gateway.PathHosts = []

• example.com/foo will load via DNSLink (if present)
• example.com/ipfs/foo will load via DNSLink (if present)
• <cid>.ipfs.example.com/foo will return 404 Not Found

Path Gateway

Gateway.DNSLink = true
Gateway.SubdomainHosts = []
Gateway.PathHosts = ['example.com']

• example.com/foo will load via DNSLink (if we allow mixing with DNSLink)
• example.com/ipfs/<cid> will load via Path Gateway
• <cid>.ipfs.example.com/foo will return a 301 redirect to example.com/ipfs/<cid>/foo

Subdomain Gateway

Gateway.DNSLink = true
Gateway.SubdomainHosts = ['example.com']
Gateway.PathHosts = []

• example.com/foo will load via DNSLink (if we allow mixing with DNSLink)
• example.com/ipfs/<cid>/foo will return a 301 redirect to <cid>.ipfs.example.com/foo
• <cid>.ipfs.example.com/ will load via Subdomain Gateway

Thoughts?

[Stebalien]

Unless I'm mistaken, I believe our proposals are mostly isomorphic. PublicGateways isn't the list of all public gateways that exist, it's the list of public gateways that the go-ipfs proxy will handle.

We might want a better name.

Given:

{
  SubdomainHosts: ["x"],
  PathHosts: ["y"],
}

This would be expressed in the current patch as:

{
  PublicGateways: {
    "x": {
      "UseSubdomains": true,,
      "PathPrefixes": ["/ipfs", "/ipns"],
    },
    "y": {
      "UseSubdomains": false,
      "PathPrefixes": ["/ipfs", "/ipns"],
    },
  }
}

The benefits of doing it this way are:

• No chance of conflicting rules.
• We can add flags as we add optional features to gateways. (not a strong motivation)

There needs to be some validation that ensures SubdomainHosts and PathHosts have no overlap or ignore hostnames that are on both

That's why I had a single list.

If we don't allow DNSLink+Path Gateway on the same hostname (and handle ipfs.io via Nginx) the Gateway Heuristic below get MUCH easier, and I think we no longer need PathHosts

There's still an issue of hosting a DNSLink website and a subdomain gateway on the same hostname. In the original proposal, we'd redirect paths listed in PathPrefixes to the subdomain gateway.

I feel I am missing some context on gateway symlinks mentioned here – what are use cases for that?

With symlink support, any DNSLink website could become a "gateway" by creating a symlink to /ipfs. The go-ipfs gateway would.

1. Lookup the dnslink record for the website.
2. Resolve the website's IPFS directory.
3. Lookup /ipns/my.domain/ipfs/...
4. See that /ipns/my.domain/ipfs is actually a symlink to /ipfs.
5. Serve /ipfs/...

So far I was under impression that mixing namespaces such as DNSLink website with Path Gateway is something we want to move away from. It makes security model unnecessarily hard to reason about and I did not see any use in production apart from ipfs.io (which we want to move to dweb.link anyway).

In general, we do. However, users may still want to have path-based gateways (possibly with javascript disabled via CSP) with a nice homepage.

[Stebalien]

Gateway.DNSLink – optional boolean to control DNSLink support (default: true)

This should definitely be an option.

[Stebalien]

What if we replace the boolean DNSLink with a third, optional list (catch-all if list is empty or missing)?

Good point.

[Stebalien]

Thinking about it a bit, I like the way you've split the gateway lists (path/subdomain). I'm just not entirely sure how to handle subdomain gateways + dnslink + redirects.

[lidel]

dweb.link: all-in-one gateway edge case

I'm just not entirely sure how to handle subdomain gateways + dnslink + redirects.

Our dweb.link makes a good test case for this, so let's look at it as an example.

I believe the setup we want is:

• subdomain gateway at {cid}.ipfs.dweb.link
• path gateway at dweb.link/ipfs/{cid} that redirects to {cid}.ipfs.dweb.link
• DNSLink website at dweb.link with info about what IPFS gateway is etc
• convention over configuration, where possible

If we agree on the above, then we see there is only one way to handle the "fallback order":

• enabling subdomain gateway implicitly enables redirects from dweb.link/ipfs/{cid} to {cid}.ipfs.dweb.link
  • this gives us backward-compatibility with existing tools that accept a URL of "IPFS gateway" without the need for differentiating between subdomain and path based ones
    (examples: IPFS Companion, MetaMask, {a browser vendor})
  • this means "subdomain > path > dnslink"
    • subdomain takes priority over path
    • path-based gateway at dweb.link/ipfs/{cid} takes priority over DNSLink for dweb.link

Different take on the config

I like how your version enables us to add more configuration options per hostname.
It is not a strong motivation today, but makes things much more flexible and could save us a lot of headache in the future. Worth considering.

@Stebalien How does the below convention look like?

"Gateway": {
  "Hostnames": {
    "dweb.link": {
      "ResolveSubdomains": true
    },
    "ipfs.io": {
      "ResolvePaths": true,
    },
    "en.wikipedia-on-ipfs.org": {
      "ResolveDNSLink": true
    }
  }
}

The same as above, but with explicit default values:

"Gateway": {
  "ResolveDNSLink": true, /*implicit*/
  "Hostnames": {
    "127.0.0.1": { /*implicit*/
      "ResolveSubdomains": false,
      "ResolvePaths": true,
      "ResolveDNSLink": false
    },
    "::1": { /*implicit*/
      "ResolveSubdomains": false,
      "ResolvePaths": true,
      "ResolveDNSLink": false
    },
    "localhost": { /*implicit*/
      "ResolveSubdomains": true,
      "ResolvePaths": false,
      "ResolveDNSLink": false
    },
    "dweb.link": {
      "ResolveSubdomains": true,
      "ResolvePaths": false, /*implicit*/
      "ResolveDNSLink": true
    },
    "ipfs.io": {
      "ResolveSubdomains": false, /*implicit*/
      "ResolvePaths": true,
      "ResolveDNSLink": true
    },
    "en.wikipedia-on-ipfs.org": {
      "ResolveSubdomains": false, /*implicit*/
      "ResolvePaths": false, /*implicit*/
      "ResolveDNSLink": true
    }
  }
}

Note:

• localhost gateways are implicit and enabled by default
  • IP ones are path-based
  • localhost domain is used for subdomains
  • we need both types to work: IPFS Companion will detect OS support for localhost subdomains and enable it as the default
• ResolveSubdomains takes priority over ResolvePaths if both are true. Path redirect to Subdomain is always present (even if ResolvePaths: false)

[Stebalien]

@lidel LGTM! Go for it.

[alanshaw]

My only issue with this format is that for most people the default config will be correct and so the host config for each host will just be an empty object.

Maybe we could drop the word "Resolve" from "ResolvePaths", "ResolveDNSLink" etc.?

Otherwise this LGTM!

[lidel]

gateway: localhost subdomains with cid conversion

- "known gateways" can be now defined with or without port.
  if port is missing, a version defined without it will be used
  as a fallback
- subdomain gateway at *.ipfs.localhost is supported out of the box
- subdomain gateway redirects path-gateway requests to subdomain version
  with automatic conversion to CIDv1 in Base32
  (try http://localhost:8080/ipfs/QmbWqxBEKC3P8tqsKc98xmWNzrzDtRLMiMPL8wBuTGsMnR)

Initial success with *.ipfs.localhost working out of the box (regular gateway, not proxied).

Next steps:

• fix proxy mode for hostnames without port
• understand the behavior of localhost in proxy mode
  • *.ipfs.localhost:8080 works fine in all contexts
  • *.ipfs.localhost (without port) may not work in some user agents
    • curl -x http://127.0.0.1:8080 http://bafybeigdyrzt5sfp7udm7hu76uh7y26nf3efuylqabf3oclgtqy55fbzdi.ipfs.localhost/ -I works as expected
    • chromium --proxy-server="http://127.0.0.1:8080" does not: this is because Chromium hardcoded loopback addresses to be excluded from proxying, for security reasons.
• config for toggling dnslink (NoDNSLink)
• config for toggling public gateway
  (loading arbitrary content-addressed paths)
• ensuring above toggles can be defined globally + overriden per hostname
• figure out if PathPrefixes should be split into two separate options
  • note: yes, confirmed with Steven that PathPrefixes in subdomain context should be something else
• fix directory listing when in subdomain mode
• fix go tests
• write sharness tests
• docs with examples (this PR)
  • document new config keys
  • rebase on top of doc(config): cleanup #6855
  • explain paths defined in PathPrefixes are mounted on top of DNSLink. if PathPrefixes=["/ipfs"] and DNSLink exists for example.com then "example.com/ipfs/*" will be routed to the regular gateway
  • recipe on how to restore old behavior on localhost
• other docs (docs-beta.ipfs.io?)
  • document dnslink support on localhost
  • document dnslink support on FQDNS (describe issue with double wildcard certs)
  • document http proxy mode is supported
    • how to for curl, chromium, firefox
    • document how to set up wildcard *.localhost - http proxy, and what needs to be set up without proxy mode + verify if it works out of the box on windows 10 and latest Mac

Some fun screenshots

Note: Crossed padlock is Firefox-specific waiting for upstream fix, as noted in https://bugzilla.mozilla.org/show_bug.cgi?id=1220810#c23

IPFS CIDv1:

DNSLink websites:

Even ENS looks cool:

[Stebalien]

Looking nice.

[lidel]

Updated Gateway config and Gateway.PublicGateways examples:
https://github.com/ipfs/go-ipfs/blob/feat/gateway-subdomains/docs/config.md#gatewaypublicgateways

The time for 🚲🏚️ is NOW ;-)

[Stebalien]

Review of the config documentation only. From what I can tell, the design looks good. I assume most of my comments are just bugs.

[lidel]

(rebased and updated docs/config to match new style from #6855)

Next: finish writing tests (proxy+dnslink)

[Stebalien]

?

[Stebalien]

We should probably have a test for this case as well.

[lidel]

I don't remember removing this on purpose, we should restore this.

Digression: I'd do it myself but I need to fix my go dev env, go-ipfs requires go 1.14 now, and on my OS that requires kernel > 5.2 due to a known bug (golang/go#37436), so need to upgrade a few things 🙃
(commenting so we don't forget)

[Stebalien]

for i := len(labels) - 1; i >= 2; i-- {
...
}

I've pushed a patch for this.

[Stebalien]

How so? There may not be a port.

[Stebalien]

I've squashed this into reasonable commits.

[Stebalien]

And I've updated go-ipfs-config to the release version.

[lidel]

I don't remember removing this on purpose, we should restore this.

Digression: I'd do it myself but I need to fix my go dev env, go-ipfs requires go 1.14 now, and on my OS that requires kernel > 5.2 due to a known bug (golang/go#37436), so need to upgrade a few things 🙃
(commenting so we don't forget)

[lidel]

Approving because @Stebalien can't approve PR he initially created 🙃

[Stebalien]

[ilyaigpetrov]

I can't wrap my mind around this currently, so I just kindly ask you not to forget the idea of @Stebalien about permanent links if it's appropriate here:

In that light, we may want something like https://<ipns-hash>.ipns-archive.cf-ipfs.com/<signed-ipns-record>/.... Or maybe the query string? https://<ipns-hash>.ipns.cf-ipfs.com/thing/other-thing?backup=<signed-ipns-record>?

Source: ipld/specs#19 (comment)

If it's not appropriate, just ignore me.

[Stebalien]

This change won't conflict with that feature.

[ilyaigpetrov]

This change won't conflict with that feature.

In the screenshots above I see *.ipns.localhost:8030 so if we request <ipns-hash>.ipns.localhost:8030/<signed-ipns-record>/baz/file then there would be a conflict with files served from FS and <signed-ipns-record>.

Could you, please, elaborate why won't there be a conflict: will be this service launched on special port (e.g. 8030) different from permanent mutable links?

[Stebalien]

We'd use one of the proposals in the comment you linked: either (a) use a different subdomain <ipns-hash>.ipns-archive.localhost:8080 or (b) <ipns-hash>.ipns.localhost:8080/some/path?backup=<signed-ipns-record>. Both of those solutions work with with this new feature.

[bmwiedemann]

Seems to break on Linux => #7290