ethersphere
AutoTLS implementation
Checklist
- [ ] I have read the coding guide.
- [ ] My change requires a documentation update, and I have done it.
- [ ] I have added tests to cover my changes.
- [ ] I have filled out the description and linked the related issues.
Description
This pull request introduces an AutoTLS implementation for the Bee node. The primary motivation for this feature is to support the In-Browser project, which requires secure communication channels for clients.
Modern web browsers strictly enforce secure contexts, meaning they can only connect to endpoints using secure protocols like HTTPS or Secure WebSockets (wss://). AutoTLS automates the process of obtaining, managing, and renewing valid TLS certificates from a Certificate Authority (like Let's Encrypt).
By implementing AutoTLS, Bee nodes can now accept wss:// connections directly, enabling browsers to interact with the Bee network securely and seamlessly.
Implementation Details The implementation is based on the approach outlined in the official libp2p blog post on AutoTLS and follows the patterns from the go-libp2p AutoTLS example.
Testing & Validation The functionality was manually tested by running a Bee node (built with the flag above) and attempting to connect to it using wscat over a secure websocket.
Test Command:
wscat --no-check -c wss://<node-public-ip>.<peer-id>.libp2p.direct:5500
Result: A successful connection was established, and the node responded with the multistream header, confirming the wss listener is active and secured with a valid TLS certificate:
Connected (press CTRL+C to quit)
< /multistream/1.0.0
Related Issue (Optional)
I would suggest next dir structure for libp2p:
pkg/p2p/libp2p/
├── libp2p.go
├── libp2p_test.go
├── connections_test.go
└── mock/
├── certmagic.go
└── testdata/
├── cert.pem
└── key.pem
This is the way that mocks are used in the rest of the code.
