Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add auto-tls service #2798

Merged
merged 15 commits into from
Nov 19, 2024
Merged

feat: add auto-tls service #2798

merged 15 commits into from
Nov 19, 2024

Conversation

achingbrain
Copy link
Member

Adds an optional service that requests a Let's Encrypt-style TLS certificate when publicly dialable addresses are detected.

This will allow transports such as WebSockets to upgrade themselves to be the secure version.

Change checklist

  • I have performed a self-review of my own code
  • I have made corresponding changes to the documentation if necessary (this includes comments as well)
  • I have added tests that prove my fix is effective or that my feature works

Adds an optional service that requests a Let's Encrypt-style TLS
certificate when publicly dialable addresses are detected.

This will allow transports such as WebSockets to upgrade themselves
to be the secure version.
@achingbrain achingbrain mentioned this pull request Nov 3, 2024
3 tasks
Copy link
Member

@SgtPooki SgtPooki left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just looking through the initial impl

packages/auto-tls/package.json Show resolved Hide resolved
packages/auto-tls/src/auto-tls.ts Outdated Show resolved Hide resolved
packages/auto-tls/src/auto-tls.ts Outdated Show resolved Hide resolved
packages/auto-tls/src/auto-tls.ts Outdated Show resolved Hide resolved
packages/auto-tls/src/auto-tls.ts Outdated Show resolved Hide resolved
Comment on lines 112 to 117
/**
* How long before the expiry of the certificate to renew it in ms
*
* @default 60000
*/
renewThreshold?: number
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This situation is a little different than domain cert renewal, but cert renewal should allow for resolving any errors that pop up when a renewal is attempted. Should we set the renewal time to a full day or week before expiry instead of only one minute?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've increased the default to one day but I'm not sure what we can do here other than retry?

packages/interface/src/index.ts Show resolved Hide resolved
packages/interface/src/index.ts Outdated Show resolved Hide resolved
packages/auto-tls/src/auto-tls.ts Show resolved Hide resolved
packages/auto-tls/test/index.spec.ts Show resolved Hide resolved
@achingbrain achingbrain marked this pull request as ready for review November 18, 2024 15:02
@achingbrain achingbrain requested a review from a team as a code owner November 18, 2024 15:02
@SgtPooki SgtPooki self-requested a review November 18, 2024 22:40
@achingbrain
Copy link
Member Author

Merging to make landing #2800 easier

@achingbrain achingbrain merged commit d866eb5 into main Nov 19, 2024
33 of 34 checks passed
@achingbrain achingbrain deleted the feat/add-auto-tls branch November 19, 2024 16:52
Copy link
Member

@SgtPooki SgtPooki left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

posting review that was in progress

Comment on lines +88 to +94
## Browser `<script>` tag

Loading this module through a script tag will make it's exports available as `Libp2pPlaintext` in the global namespace.

```html
<script src="https://unpkg.com/@libp2p/plaintext/dist/index.min.js"></script>
```
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
## Browser `<script>` tag
Loading this module through a script tag will make it's exports available as `Libp2pPlaintext` in the global namespace.
```html
<script src="https://unpkg.com/@libp2p/plaintext/dist/index.min.js"></script>
```

Remove browser script tag in docs because it throws in browser?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't be Libp2pPlaintext anyway..

acul71 pushed a commit to acul71/js-libp2p-fork that referenced this pull request Dec 1, 2024
Adds an optional service that requests a Let's Encrypt-style TLS certificate when publicly dialable addresses are detected.

This will allow transports such as WebSockets to upgrade themselves to be the secure version.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants