Setup Secure WebSockets #293
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
0xLucca
reviewed
Jan 6, 2025
.snippets/code/infrastructure/setup-secure-wss/apache2-config.md
Outdated
Show resolved
Hide resolved
|
|
||
| 1. Install the `nginx` web server: | ||
| ```bash | ||
| apt install nginx |
There was a problem hiding this comment.
Maybe we should add a note somewhere that all the steps presented in this guide are for Ubuntu-like oss
There was a problem hiding this comment.
Added a note for unix based systems
dawnkelly09
requested changes
Jan 6, 2025
| - 'Setup Secure Websocket': setup-secure-wss.md |
There was a problem hiding this comment.
Suggested change
| - 'Setup Secure Websocket': setup-secure-wss.md | |
| - 'Set Up Secure Websocket': setup-secure-wss.md |
For consistency
| wss://example.com:443 | ||
| ``` | ||
|
|
||
|  |
| @@ -0,0 +1,93 @@ | |||
| --- | |||
| title: Setup Secure WebSocket | |||
There was a problem hiding this comment.
Suggested change
| title: Setup Secure WebSocket | |
| title: Set Up Secure WebSocket |
|
|
||
| LetsEncrypt will auto-generate an SSL certificate and include it in your configuration. | ||
|
|
||
| You can generate a self-signed certificate and rely on your node's raw IP address when connecting. However, self-signed certificates aren't optimal because you have to whitelist the certificate to access it from a browser. |
There was a problem hiding this comment.
Suggested change
| You can generate a self-signed certificate and rely on your node's raw IP address when connecting. However, self-signed certificates aren't optimal because you have to whitelist the certificate to access it from a browser. | |
| When connecting, you can generate a self-signed certificate and rely on your node's raw IP address. However, self-signed certificates aren't optimal because you must include the certificate in an allowlist to access it from a browser. |
|
|
||
| You can generate a self-signed certificate and rely on your node's raw IP address when connecting. However, self-signed certificates aren't optimal because you have to whitelist the certificate to access it from a browser. | ||
|
|
||
| Use the following commmand to generate a self-signed certificate using OpenSSL: |
There was a problem hiding this comment.
Suggested change
| Use the following commmand to generate a self-signed certificate using OpenSSL: | |
| Use the following command to generate a self-signed certificate using OpenSSL: |
| ## Connect to the Node | ||
|
|
||
| 1. Open [Polkadot.js Apps interface](https://polkadot.js.org/apps){target=\_blank} and click the logo in the top left to switch the node | ||
| 2. Activate the **Development** toggle and input your node's address - either the domain or the IP address. Remember to prefix with `wss://` and if you're using the 443 port, append `:443` as follows: |
There was a problem hiding this comment.
Suggested change
| 2. Activate the **Development** toggle and input your node's address - either the domain or the IP address. Remember to prefix with `wss://` and if you're using the 443 port, append `:443` as follows: | |
| 2. Activate the **Development** toggle and input either your node's domain or IP address. Remember to prefix with `wss://` and, if you're using the 443 port, append `:443` as follows: |
|
|
||
| ### Obtain an SSL Certificate | ||
|
|
||
| You can follow the [LetsEncrypt](https://letsencrypt.org/){target=\_blank} instructions for your respective web server implementation to get a free SSL certificate: |
There was a problem hiding this comment.
Suggested change
| You can follow the [LetsEncrypt](https://letsencrypt.org/){target=\_blank} instructions for your respective web server implementation to get a free SSL certificate: | |
| LetsEncrypt suggests using the [Certbot ACME client](https://letsencrypt.org/getting-started/#with-shell-access/){target=\_blank} for your respective web server implementation to get a free SSL certificate: |
I found it confusing when these links didn't open to LetsEncrypt, so added some language to clarify where the user can expect to end up
| Apache2 can run in various modes, including `prefork`, `worker`, and `event`. In this example, the [`event`](https://httpd.apache.org/docs/2.4/mod/event.html){target=\_blank} mode is recommended for handling higher traffic loads, as it is optimized for performance in such environments. However, depending on the specific requirements of your setup, other modes like `prefork` or `worker` may also be appropriate. | ||
|
|
||
| 1. Install the `apache2` web server: | ||
| --8<-- 'code/infrastructure/running-a-node/running-a-node/setup-secure-wss/install-apache2.md' |
There was a problem hiding this comment.
Suggested change
| --8<-- 'code/infrastructure/running-a-node/running-a-node/setup-secure-wss/install-apache2.md' | |
| --8<-- 'code/infrastructure/running-a-node/setup-secure-wss/install-apache2.md' |
Code snippet wasn't rendering
| RewriteRule /(.*) http://localhost:9944/$1 [P,L] | ||
| ``` | ||
|
|
||
| 3. Optionally, some form of rate limiting can be introduced: |
There was a problem hiding this comment.
Suggested change
| 3. Optionally, some form of rate limiting can be introduced: | |
| 3. Optionally, some form of rate limiting can be introduced by first running the following command: |
| a2enmod qos | ||
| ``` | ||
|
|
||
| And edit `/etc/apache2/mods-available/qos.conf`: |
There was a problem hiding this comment.
Suggested change
| And edit `/etc/apache2/mods-available/qos.conf`: | |
| Then edit `/etc/apache2/mods-available/qos.conf` as follows: |
kianenigma
reviewed
Jan 8, 2025
eshaben
added
B0 - Needs Review
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Previous PR for reference: #35