This feature will not yield the maximum benefit to the swarm unless it is enabled by default, just like /webtransport and /webrtc-direct listeners are.
This issue tracks remaining work towards enabling AutoTLS by default.
[ ] add opt-in flag AutoTLS.EnableTBD that adds catch-all listener /tcp/400X/tls/sni/*.libp2p.direct/ws if Addresses.* (swarm, announce, appendAnnounce) have no /tls/sni or /wss
[ ] /ws listener can share the same port as /tcp (4001)
[ ] some sort of smoke-test E2E test/cli that gets cert from AutoTLS.CAEndpoint=https://acme-staging-v02.api.letsencrypt.org/directory (certmagic.LetsEncryptStagingCA) and confirms it is placed in IPFS_PATH/p2p-forge-certs/certificates/?
Context
In https://github.com/ipfs/kubo/pull/10521 we've introduced opt-in
AutoTLS
feature which uses DNS and p2p-forge infrastructure run by Interplanetary Shipyard to automate TLS setup for libp2p WebSocket transport.This feature will not yield the maximum benefit to the swarm unless it is enabled by default, just like
/webtransport
and/webrtc-direct
listeners are.This issue tracks remaining work towards enabling AutoTLS by default.
TODO
libp2p.direct
public good infra accepts registrationsAutoTLS
intest
profileAutoTLS.EnableTBD
that adds catch-all listener/tcp/400X/tls/sni/*.libp2p.direct/ws
ifAddresses.*
(swarm, announce, appendAnnounce) have no/tls/sni
or/wss
/ws
listener can share the same port as/tcp
(4001)/tcp/4001/tls/sni/*.libp2p.direct/ws
to default listeners created byipfs init
/tls/sni/*.libp2p.direct/ws
listener for existing users/p2p-circuit
addrstest/cli
that gets cert fromAutoTLS.CAEndpoint=https://acme-staging-v02.api.letsencrypt.org/directory
(certmagic.LetsEncryptStagingCA
) and confirms it is placed inIPFS_PATH/p2p-forge-certs/certificates/
?libp2p.direct
productization by Shipyard is finished