Closed markg85 closed 4 years ago
yilunzhang
commented
5 years ago There is a default (official) https seed node in the nkn-wallet-js repo. We didn't do it for the client because the real headache is websocket certificate, which cannot be solved by the team alone. Even if we use the https seed node as the default one, the error will still occur when client try to establish ws connection instead of wss.
markg85
commented
5 years ago You can detect if the user is using http or https, look at https://stackoverflow.com/questions/2855529/detect-https-with-javascript/2855553#2855553 for how to do that.
The client library should, based on that, use ws or wss. All that's needed besides that trick is a whole lot more https seed nodes!
yilunzhang
commented
5 years ago The problem is not detecting, but providing certificate itself.
Basically we have two options here:
Since this is decentralized, we can't really force everyone to have a https certificate, not to mention the certificate itself is depending on centralized authority :joy: There is a NKP trying to solve it by a workaround: https://forum.nkn.org/t/nkp-0003-providing-https-wss-endpoint-for-every-nkn-node/499 but it's still relying on a centralized DNS provider...
markg85
commented
5 years ago Interesting points! For certificates, you could (should? perhaps) use https://letsencrypt.org/ The certificates are free but only live for ~3 months. You need an automated process to update the certificate once every 3 months.
You then just need a couple of domains to seeds from. Sure, it's a hassle, but necessary i'm afraid. There are projects to make decentralized DNS servers like namecoin.org (funny fact, at my company that whole site is blocked).
yilunzhang
commented
5 years ago Yeah there are also discussions about let's encrypt in the NKP link above but it still does not solve the problem because:
markg85
commented
5 years ago Whatever you choose, the fact at the moment (and even more so in the near future) is that everything is going to HTTPS. Browsers will give you an increasingly more hard time if you're on plain old HTTP. So the NKN client - provided that using it on a site should remain possible - must go full on with https to be a true option to choose from for web purposes. In my case, i'm just having a little (only used by me) pet project that tries to use it so i'm very fine with experimenting stuff and going through hoops to make things work. For commercial use not fully supporting HTTPS is a big fat no-go! Opting to go for solutions like namecoin or any other decentralized dns project is again only viable if it's working in todays web stack without the need to install third party plugins. For the moment, i would suggest to make easy to use steps for anyone hosting a node to potentially also host a peer seed. The instructions should also include a way to do this via nginx as reverse proxy as that allows people to just add it to their nginx configuration stach with (wildcard) certificates that they might already be using.
yilunzhang
commented
4 years ago nkn-client-js is deprecated in favor of nkn-sdk-js, which provides a default https seedRpcServerAddr and wss enabled under https context. Everything works smoothly when hosted under https protocol without any configurations.
Hi,
I'm getting this error:
As my site works over https, i can't use the client library currently with the current seed nodes. Is there an https seed node i can use?
I can proxy one of the seed nodes with nginx, but that only adds delays. It would be highly preferred if NKN would provide a couple HTTPS nodes as well.
Cheers, Mark