Open alexfornuto opened 2 weeks ago
@Flaxscrip how did you get https://mdip.yourself.dev/ to work?
This is my nginx config exposing :
Note: The nginx server is on mdip-node and points to gatekeeper services on a separate mdip-gatekeeper host. Note 2: Access rights are currently public (allow all). This could be restricted and offered under conditions.
location /api/v1/did {
proxy_pass http://mdip-gatekeeper:4224/api/v1/did;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
allow all;
}
location / {
proxy_pass http://mdip-gatekeeper:4224;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
allow all;
}
We can also create multiple endpoints for multiple wallets. Since the keys are kept browser-side and segregated in the browser storage by URL, a user can use 2 different URLs to manage 2 wallets in the same browser.
Example:
https://wallet1.mdip.yourself.dev https://wallet2.mdip.yourself.dev
server_name mdip.yourself.dev wallet1.mdip.yourself.dev wallet2.mdip.yourself.dev
The best practices will be documented as a work-product of https://github.com/KeychainMDIP/kc/issues/307
Also using nginx, we can create a baseURL for the wallet (https://mdip.yourself.dev/wallet). The Keymaster WebUI seems to handle the baseURL proxy well without any additional variables required.
location /wallet {
proxy_pass http://mdip-gatekeeper:4224;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
allow all;
}
Although it is currently offline, I have a sample nginx configuration and OAuth server that requires the user to pass an OAuth authentication before being allowed to access the Keymaster Wallet. This was used for the "custodial" Keymaster Wallets.
Request: Provide an environment variable like
GATEKEEPER_URL
which would be prepend to all internal resource calls for the Gatekeeper web UI.Reason: The configuration of reverse proxies to manage deployments of Keychain alongside apps using it on a single host could be simplified to a single domain and server block.
As an example: consider a single VM running multiple containers/services, with a single domain associated with its IP address. There's the Gatekeeper, Keymaster, etc, and a 3rd party web service. Access to Keymaster is configured separately for internal access only, but the web service and Gatekeeper are to be exposed publicly on port 443. An nginx server block would include something like this:
Currently, a configuration like this fails, as the Gatekeeper web UI cannot find its resources under that subdirectory.
Prior Art: Docusaurus handles this situation with the
baseUrl
key in its configuration file, as does Hugo