From 256a739e3b0e24ae6f3b89ccc47de3bb4df04c3d Mon Sep 17 00:00:00 2001 From: Marcin Rataj Date: Wed, 22 Jan 2025 17:26:15 +0100 Subject: [PATCH] fix(autotls): renewal and AutoTLS.ShortAddrs (#10669) * fix(autotls): renewal and AutoTLS.ShortAddrs updates to p2p-forge/client with fix from https://github.com/ipshipyard/p2p-forge/pull/42 we also add AutoTLS.ShortAddrs flag and enable it by default to benefit from shorter addrs discusses in https://github.com/ipshipyard/p2p-forge/pull/40 * test: fix flaky NewRandPort reducing chance of bind: address already in use --- config/autotls.go | 4 ++++ core/node/libp2p/addrs.go | 8 +++++--- docs/changelogs/v0.33.md | 2 +- docs/config.md | 12 ++++++++++++ docs/examples/kubo-as-a-library/go.mod | 2 +- docs/examples/kubo-as-a-library/go.sum | 4 ++-- go.mod | 2 +- go.sum | 4 ++-- test/cli/harness/peering.go | 8 ++++++++ test/dependencies/go.mod | 2 +- test/dependencies/go.sum | 4 ++-- 11 files changed, 39 insertions(+), 13 deletions(-) diff --git a/config/autotls.go b/config/autotls.go index 638b205d840..7c935fc647f 100644 --- a/config/autotls.go +++ b/config/autotls.go @@ -23,6 +23,9 @@ type AutoTLS struct { // Optional override of CA ACME API used by p2p-forge system CAEndpoint *OptionalString `json:",omitempty"` + + // Optional, controls if features like AutoWSS should generate shorter /dnsX instead of /ipX/../sni/.. + ShortAddrs Flag `json:",omitempty"` } const ( @@ -31,4 +34,5 @@ const ( DefaultRegistrationEndpoint = p2pforge.DefaultForgeEndpoint DefaultCAEndpoint = p2pforge.DefaultCAEndpoint DefaultAutoWSS = true // requires AutoTLS.Enabled + DefaultAutoTLSShortAddrs = true // requires AutoTLS.Enabled ) diff --git a/core/node/libp2p/addrs.go b/core/node/libp2p/addrs.go index b2dc45c5ce6..4eee6a00bc5 100644 --- a/core/node/libp2p/addrs.go +++ b/core/node/libp2p/addrs.go @@ -136,11 +136,12 @@ func ListenOn(addresses []string) interface{} { func P2PForgeCertMgr(repoPath string, cfg config.AutoTLS, atlsLog *logging.ZapEventLogger) interface{} { return func() (*p2pforge.P2PForgeCertMgr, error) { storagePath := filepath.Join(repoPath, "p2p-forge-certs") + rawLogger := atlsLog.Desugar() - // TODO: this should not be necessary, but we do it to help tracking - // down any race conditions causing + // TODO: this should not be necessary after + // https://github.com/ipshipyard/p2p-forge/pull/42 but keep it here for + // now to help tracking down any remaining conditions causing // https://github.com/ipshipyard/p2p-forge/issues/8 - rawLogger := atlsLog.Desugar() certmagic.Default.Logger = rawLogger.Named("default_fixme") certmagic.DefaultACME.Logger = rawLogger.Named("default_acme_client_fixme") @@ -153,6 +154,7 @@ func P2PForgeCertMgr(repoPath string, cfg config.AutoTLS, atlsLog *logging.ZapEv p2pforge.WithForgeAuth(cfg.RegistrationToken.WithDefault(os.Getenv(p2pforge.ForgeAuthEnv))), p2pforge.WithUserAgent(version.GetUserAgentVersion()), p2pforge.WithCertificateStorage(certStorage), + p2pforge.WithShortForgeAddrs(cfg.ShortAddrs.WithDefault(config.DefaultAutoTLSShortAddrs)), ) if err != nil { return nil, err diff --git a/docs/changelogs/v0.33.md b/docs/changelogs/v0.33.md index 50e31f9467e..88674950588 100644 --- a/docs/changelogs/v0.33.md +++ b/docs/changelogs/v0.33.md @@ -104,7 +104,7 @@ We have fixed a number of issues that were triggered by writing or copying many - update `boxo` to [v0.27.0](https://github.com/ipfs/boxo/releases/tag/v0.27.0) (incl. [v0.25.0](https://github.com/ipfs/boxo/releases/tag/v0.25.0) + [v0.26.0](https://github.com/ipfs/boxo/releases/tag/v0.26.0) ) - update `go-libp2p` to [v0.38.2](https://github.com/libp2p/go-libp2p/releases/tag/v0.38.2) (incl. [v0.37.1](https://github.com/libp2p/go-libp2p/releases/tag/v0.37.1) + [v0.37.2](https://github.com/libp2p/go-libp2p/releases/tag/v0.37.2) + [v0.38.0](https://github.com/libp2p/go-libp2p/releases/tag/v0.38.0) + [v0.38.1](https://github.com/libp2p/go-libp2p/releases/tag/v0.38.1)) - update `go-libp2p-kad-dht` to [v0.28.2](https://github.com/libp2p/go-libp2p-kad-dht/releases/tag/v0.28.2) -- update `p2p-forge/client` to [v0.2.2](https://github.com/ipshipyard/p2p-forge/releases/tag/v0.2.2) (incl. [v0.1.0](https://github.com/ipshipyard/p2p-forge/releases/tag/v0.1.0), [v0.2.0](https://github.com/ipshipyard/p2p-forge/releases/tag/v0.2.0), [v0.2.1](https://github.com/ipshipyard/p2p-forge/releases/tag/v0.2.1)) +- update `p2p-forge/client` to [v0.3.0](https://github.com/ipshipyard/p2p-forge/releases/tag/v0.3.0) (incl. [v0.1.0](https://github.com/ipshipyard/p2p-forge/releases/tag/v0.1.0), [v0.2.0](https://github.com/ipshipyard/p2p-forge/releases/tag/v0.2.0), [v0.2.1](https://github.com/ipshipyard/p2p-forge/releases/tag/v0.2.1), [v0.2.2](https://github.com/ipshipyard/p2p-forge/releases/tag/v0.2.2)) - update `ipfs-webui` to [v4.4.2](https://github.com/ipfs/ipfs-webui/releases/tag/v4.4.2) (incl. [v4.4.1](https://github.com/ipfs/ipfs-webui/releases/tag/v4.4.1)) #### Escape Redirect URL for Directory diff --git a/docs/config.md b/docs/config.md index 2f656b82ab1..1776d3626a8 100644 --- a/docs/config.md +++ b/docs/config.md @@ -30,6 +30,7 @@ config file at runtime. - [`AutoTLS`](#autotls) - [`AutoTLS.Enabled`](#autotlsenabled) - [`AutoTLS.AutoWSS`](#autotlsautowss) + - [`AutoTLS.ShortAddrs`](#autotlsshortaddrs) - [`AutoTLS.DomainSuffix`](#autotlsdomainsuffix) - [`AutoTLS.RegistrationEndpoint`](#autotlsregistrationendpoint) - [`AutoTLS.RegistrationToken`](#autotlsregistrationtoken) @@ -530,6 +531,17 @@ Default: `true` (active only if `AutoTLS.Enabled` is `true` as well) Type: `flag` +### `AutoTLS.ShortAddrs` + +Optional. Controls if final AutoTLS listeners are announced under shorter `/dnsX/A.B.C.D.peerid.libp2p.direct/tcp/4001/tls/ws` addresses instead of fully resolved `/ip4/A.B.C.D/tcp/4001/tls/sni/A-B-C-D.peerid.libp2p.direct/tls/ws`. + +> [!TIP] +> The main use for AutoTLS is allowing connectivity from Secure Context in a web browser, and DNS lookup needs to happen there anyway, making `/dnsX` a more compact, more interoperable option without obvious downside. + +Default: `true` + +Type: `flag` + ### `AutoTLS.DomainSuffix` Optional override of the parent domain suffix that will be used in DNS+TLS+WebSockets multiaddrs generated by [p2p-forge] client. diff --git a/docs/examples/kubo-as-a-library/go.mod b/docs/examples/kubo-as-a-library/go.mod index 762bbcc2398..556d3fc63c2 100644 --- a/docs/examples/kubo-as-a-library/go.mod +++ b/docs/examples/kubo-as-a-library/go.mod @@ -112,7 +112,7 @@ require ( github.com/ipld/go-car/v2 v2.14.2 // indirect github.com/ipld/go-codec-dagpb v1.6.0 // indirect github.com/ipld/go-ipld-prime v0.21.0 // indirect - github.com/ipshipyard/p2p-forge v0.2.2 // indirect + github.com/ipshipyard/p2p-forge v0.3.0 // indirect github.com/jackpal/go-nat-pmp v1.0.2 // indirect github.com/jbenet/go-temp-err-catcher v0.1.0 // indirect github.com/jbenet/goprocess v0.1.4 // indirect diff --git a/docs/examples/kubo-as-a-library/go.sum b/docs/examples/kubo-as-a-library/go.sum index 49cbb62b01e..c6c6c5a5131 100644 --- a/docs/examples/kubo-as-a-library/go.sum +++ b/docs/examples/kubo-as-a-library/go.sum @@ -407,8 +407,8 @@ github.com/ipld/go-ipld-prime v0.21.0 h1:n4JmcpOlPDIxBcY037SVfpd1G+Sj1nKZah0m6QH github.com/ipld/go-ipld-prime v0.21.0/go.mod h1:3RLqy//ERg/y5oShXXdx5YIp50cFGOanyMctpPjsvxQ= github.com/ipld/go-ipld-prime/storage/bsadapter v0.0.0-20230102063945-1a409dc236dd h1:gMlw/MhNr2Wtp5RwGdsW23cs+yCuj9k2ON7i9MiJlRo= github.com/ipld/go-ipld-prime/storage/bsadapter v0.0.0-20230102063945-1a409dc236dd/go.mod h1:wZ8hH8UxeryOs4kJEJaiui/s00hDSbE37OKsL47g+Sw= -github.com/ipshipyard/p2p-forge v0.2.2 h1:S8NlZ++AMIiXpOPjRGXg6Ob3Bb1K8wuBxRm2f9eRQWE= -github.com/ipshipyard/p2p-forge v0.2.2/go.mod h1:L0TJMzniMEDjX8G+RB201U2woHvASwbsujNVDNVivDo= +github.com/ipshipyard/p2p-forge v0.3.0 h1:mdeFqiq8ljX149OCQvveV0vOlKeIt4PWkJjXVfux/GE= +github.com/ipshipyard/p2p-forge v0.3.0/go.mod h1:L0TJMzniMEDjX8G+RB201U2woHvASwbsujNVDNVivDo= github.com/jackpal/go-nat-pmp v1.0.2 h1:KzKSgb7qkJvOUTqYl9/Hg/me3pWgBmERKrTGD7BdWus= github.com/jackpal/go-nat-pmp v1.0.2/go.mod h1:QPH045xvCAeXUZOxsnwmrtiCoxIr9eob+4orBN1SBKc= github.com/jbenet/go-cienv v0.1.0/go.mod h1:TqNnHUmJgXau0nCzC7kXWeotg3J9W34CUv5Djy1+FlA= diff --git a/go.mod b/go.mod index ee8b847aa64..d73f754542d 100644 --- a/go.mod +++ b/go.mod @@ -49,7 +49,7 @@ require ( github.com/ipld/go-car/v2 v2.14.2 github.com/ipld/go-codec-dagpb v1.6.0 github.com/ipld/go-ipld-prime v0.21.0 - github.com/ipshipyard/p2p-forge v0.2.2 + github.com/ipshipyard/p2p-forge v0.3.0 github.com/jbenet/go-temp-err-catcher v0.1.0 github.com/jbenet/goprocess v0.1.4 github.com/julienschmidt/httprouter v1.3.0 diff --git a/go.sum b/go.sum index e2287b5e26d..8f9bedb3a1c 100644 --- a/go.sum +++ b/go.sum @@ -475,8 +475,8 @@ github.com/ipld/go-ipld-prime v0.21.0 h1:n4JmcpOlPDIxBcY037SVfpd1G+Sj1nKZah0m6QH github.com/ipld/go-ipld-prime v0.21.0/go.mod h1:3RLqy//ERg/y5oShXXdx5YIp50cFGOanyMctpPjsvxQ= github.com/ipld/go-ipld-prime/storage/bsadapter v0.0.0-20230102063945-1a409dc236dd h1:gMlw/MhNr2Wtp5RwGdsW23cs+yCuj9k2ON7i9MiJlRo= github.com/ipld/go-ipld-prime/storage/bsadapter v0.0.0-20230102063945-1a409dc236dd/go.mod h1:wZ8hH8UxeryOs4kJEJaiui/s00hDSbE37OKsL47g+Sw= -github.com/ipshipyard/p2p-forge v0.2.2 h1:S8NlZ++AMIiXpOPjRGXg6Ob3Bb1K8wuBxRm2f9eRQWE= -github.com/ipshipyard/p2p-forge v0.2.2/go.mod h1:L0TJMzniMEDjX8G+RB201U2woHvASwbsujNVDNVivDo= +github.com/ipshipyard/p2p-forge v0.3.0 h1:mdeFqiq8ljX149OCQvveV0vOlKeIt4PWkJjXVfux/GE= +github.com/ipshipyard/p2p-forge v0.3.0/go.mod h1:L0TJMzniMEDjX8G+RB201U2woHvASwbsujNVDNVivDo= github.com/jackpal/go-nat-pmp v1.0.2 h1:KzKSgb7qkJvOUTqYl9/Hg/me3pWgBmERKrTGD7BdWus= github.com/jackpal/go-nat-pmp v1.0.2/go.mod h1:QPH045xvCAeXUZOxsnwmrtiCoxIr9eob+4orBN1SBKc= github.com/jbenet/go-cienv v0.1.0 h1:Vc/s0QbQtoxX8MwwSLWWh+xNNZvM3Lw7NsTcHrvvhMc= diff --git a/test/cli/harness/peering.go b/test/cli/harness/peering.go index 7680eaf575f..8488c822d6f 100644 --- a/test/cli/harness/peering.go +++ b/test/cli/harness/peering.go @@ -3,6 +3,7 @@ package harness import ( "fmt" "math/rand" + "net" "testing" "github.com/ipfs/kubo/config" @@ -14,6 +15,13 @@ type Peering struct { } func NewRandPort() int { + if a, err := net.ResolveTCPAddr("tcp", "localhost:0"); err == nil { + var l *net.TCPListener + if l, err = net.ListenTCP("tcp", a); err == nil { + defer l.Close() + return l.Addr().(*net.TCPAddr).Port + } + } n := rand.Int() return 3000 + (n % 1000) } diff --git a/test/dependencies/go.mod b/test/dependencies/go.mod index 1b1142f4c48..e0be122ee7b 100644 --- a/test/dependencies/go.mod +++ b/test/dependencies/go.mod @@ -131,7 +131,7 @@ require ( github.com/ipfs/kubo v0.31.0 // indirect github.com/ipld/go-codec-dagpb v1.6.0 // indirect github.com/ipld/go-ipld-prime v0.21.0 // indirect - github.com/ipshipyard/p2p-forge v0.2.2 // indirect + github.com/ipshipyard/p2p-forge v0.3.0 // indirect github.com/jackpal/go-nat-pmp v1.0.2 // indirect github.com/jbenet/go-temp-err-catcher v0.1.0 // indirect github.com/jbenet/goprocess v0.1.4 // indirect diff --git a/test/dependencies/go.sum b/test/dependencies/go.sum index 4f91619d0c8..9e6e5407a82 100644 --- a/test/dependencies/go.sum +++ b/test/dependencies/go.sum @@ -364,8 +364,8 @@ github.com/ipld/go-codec-dagpb v1.6.0 h1:9nYazfyu9B1p3NAgfVdpRco3Fs2nFC72DqVsMj6 github.com/ipld/go-codec-dagpb v1.6.0/go.mod h1:ANzFhfP2uMJxRBr8CE+WQWs5UsNa0pYtmKZ+agnUw9s= github.com/ipld/go-ipld-prime v0.21.0 h1:n4JmcpOlPDIxBcY037SVfpd1G+Sj1nKZah0m6QH9C2E= github.com/ipld/go-ipld-prime v0.21.0/go.mod h1:3RLqy//ERg/y5oShXXdx5YIp50cFGOanyMctpPjsvxQ= -github.com/ipshipyard/p2p-forge v0.2.2 h1:S8NlZ++AMIiXpOPjRGXg6Ob3Bb1K8wuBxRm2f9eRQWE= -github.com/ipshipyard/p2p-forge v0.2.2/go.mod h1:L0TJMzniMEDjX8G+RB201U2woHvASwbsujNVDNVivDo= +github.com/ipshipyard/p2p-forge v0.3.0 h1:mdeFqiq8ljX149OCQvveV0vOlKeIt4PWkJjXVfux/GE= +github.com/ipshipyard/p2p-forge v0.3.0/go.mod h1:L0TJMzniMEDjX8G+RB201U2woHvASwbsujNVDNVivDo= github.com/jackpal/go-nat-pmp v1.0.2 h1:KzKSgb7qkJvOUTqYl9/Hg/me3pWgBmERKrTGD7BdWus= github.com/jackpal/go-nat-pmp v1.0.2/go.mod h1:QPH045xvCAeXUZOxsnwmrtiCoxIr9eob+4orBN1SBKc= github.com/jbenet/go-cienv v0.1.0/go.mod h1:TqNnHUmJgXau0nCzC7kXWeotg3J9W34CUv5Djy1+FlA=