BrightID-Node icon indicating copy to clipboard operation
BrightID-Node copied to clipboard

Published 20 hours ago verified publisher icon BrightID

Nodes API should use HTTPS

Open adamstallard opened this issue 4 years ago • 1 comments

Reason for the change

It's good for nodes to have an https:// url for the api so that a Link ContextId operation doesn't reveal the link between a BrightID and a ContextId. Also so that BrightIDs aren't associated with IP addresses.

Another option is for clients to know a node's public key and encrypt the canonicalized json using it, but I think https:// also covers data that is returned that might also link a user's BrightID to an IP address and also some clients work better with https:// so it's nice for a node to provide it.

How to implement the change

I think for supporting HTTPS, we should consider using nginx that is not in a container. We can write instructions for installing nginx and configuring it with letsencrypt. They will obviously need to have registered domain for the certificate.

Having another nginx in front of the nginx container should be easier for users to understand and configure than bringing the nginx out of its container. It also means fewer container ports need to be published on the host.

adamstallard avatar Mar 14 '20 00:03 adamstallard

Documentation should be added to show node operators how to set up dns and ssl. This would be a separate issue.

adamstallard avatar Apr 07 '20 23:04 adamstallard