kubo icon indicating copy to clipboard operation
kubo copied to clipboard
verified publisher icon ipfs

feat: automatically acquire WSS certificates from libp2p.direct

Open aschmahmann opened this issue 1 year ago • 2 comments

This PR is WIP but the intention is to allow any publicly reachable node on the network to be reachable via Secure WebSockets and thereby improve reachability from browsers. For anyone who reads this and is unfamiliar with this work, don't worry plenty of documentation to come before we're ready to merge.

TLDR

$ ipfs config --json Swarm.ForgeClient.Enabled true
$ export FORGE_ACCESS_TOKEN="secret" # optional secret, necessary when testing for now 
$ # ipfs config --json Swarm.ForgeClient.ForgeAuth "secret"  # optional, if needed
$ export GOLOG_LOG_LEVEL="error,p2p-forge/client=debug" # to see whats happening
$ ipfs daemon

TODO

Some outstanding items here are:

  • [ ] the libp2p.direct service needs to be ready for production use
  • [x] https://github.com/libp2p/go-libp2p/pull/2854 lands
  • [ ] documentation
  • [x] need to be happy with the config file syntax
  • [x] remove debugging logs associated with acquiring certificates
  • [ ] we should probably wait until we have confidence in our external addresses before trying to get a certificate
  • [ ] multiplex WSS on the same port as TCP (e.g. by muxing on the ALPN in the TLS cert) so people don't need to open new ports
  • [x] there's currently an issue where the application doesn't realize it's acquired a certificate and that it's ready for use (happens at least on first acquisition)
  • [ ] figure out what's going on with excessive logs like "http: TLS handshake error from ip:port: EOF"
  • [ ] remove replace github.com/libp2p/go-libp2p from all three go.mod

aschmahmann avatar Sep 18 '24 19:09 aschmahmann

Updated this PR, aiming at Kubo 0.32. It uses the latest commit from go-libp2p master branch that includes https://github.com/libp2p/go-libp2p/pull/2854.

lidel avatar Oct 11 '24 18:10 lidel

Pushed:

  • Docs
  • Logger cleanup, should be up to release standard.
    • Debug logs can be enabled via export GOLOG_LOG_LEVEL="error,p2p-forge/client=debug" and by default only ERROR level is printed to stdout.

Next steps:

  • My plan is to wait for go-libp2p 0.37 release, bump dependency and resolve issues
  • merge this PR, and start testing docker image from master branch in our collab cluster. this way we don't need to wait for kubo 0.32-rc1, and get real world feedback faster.

lidel avatar Oct 18 '24 22:10 lidel

Switched to go-libp2p 0.37 from master branch and resolved conflicts, I'll check on CI tomorrow.

lidel avatar Oct 23 '24 00:10 lidel