waku-org/nwaku
1
0
Fork 0
mirror of https://github.com/waku-org/nwaku.git synced 2025-01-14 17:04:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update websocket documentation to use domain certificates (#848)

Browse Source
This commit is contained in:
Franck R 2022-02-15 17:07:55 +11:00 committed by GitHub
parent 0cbab6c8f7
commit 5a890b5f90
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 26 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
waku/v2/README.md
View File

@ -134,23 +134,40 @@ You can change this to `wakunode2`, the Waku v2 node like this:
make docker-image MAKE_TARGET=wakunode2
docker run --rm -it statusteam/nim-waku:latest --help
```
## Using Websocket and secure Websockets
## Enabling Websocket
Websocket support is hidden under a feature flag and must be explicitly enabled in order to get Websockets support. The default port is 8000.
Websocket is currently the only Waku transport supported by browser nodes that uses [js-waku](https://github.com/status-im/js-waku).
Setting up websocket enables your node to directly serve browser peers.
```
# Run unsecure Websockets (doesn't require a certificate)
./build/wakunode2 --websocket-support=true
A valid certificate is necessary to serve browser nodes,
you can use [`letsencrypt`](https://letsencrypt.org/):
```shell
sudo letsencrypt -d <your.domain.name>
```
Running a secure websocket requires an ssl certificate. We can create a self signed websocket. However, it requires the `openssl` utility. It can be achieved with:
You will need the `privkey.pem` and `fullchain.pem` files.
To enable secure websocket, pass the generated files to `wakunode2`:
Note, the default port for websocket is 8000.
```shell
wakunode2 --websocket-secure-support=true --websocket-secure-key-path="<letsencrypt cert dir>/privkey.pem" --websocket-secure-cert-path="<letsencrypt cert dir>/fullchain.pem"
```
mkdir -p ../ssl_dir/
openssl req -x509 -newkey rsa:4096 -keyout ../ssl_dir/key.pem -out ../ssl_dir/cert.pem -sha256 -nodes
### Self-signed certificates
./build/wakunode2 --websocket-secure-support=true --websocket-secure-key-path="../ssl_dir/key.pem" --websocket-secure-cert-path="../ssl_dir/cert.pem"
Self-signed certificates are not recommended for production setups because:
- Browsers do not accept self-signed certificates
- Browsers do not display an error when rejecting a certificate for websocket.
However, they can be used for local testing purposes:
```shell
mkdir -p ./ssl_dir/
openssl req -x509 -newkey rsa:4096 -keyout ./ssl_dir/key.pem -out ./ssl_dir/cert.pem -sha256 -nodes
wakunode2 --websocket-secure-support=true --websocket-secure-key-path="./ssl_dir/key.pem" --websocket-secure-cert-path="./ssl_dir/cert.pem"
```