Make Let's Encrypt Certbot to listen for requests from a port different than 80

waku-org / nwaku-compose

Deployment docker-compose files to deploy an nwaku node

12 stars 16 forks source link

Make Let's Encrypt Certbot to listen for requests from a port different than 80 #62

Open Ivansete-status opened 6 months ago

Ivansete-status commented 6 months ago

This request came from @jakubgs in a Workshop session

The idea is to avoid listening to upcoming requests from port 80: https://github.com/waku-org/nwaku-compose/blob/a4d77b02dcfe3d69d72226e1c6a71167ea7d77b0/docker-compose.yml#L42

In the following... https://github.com/waku-org/nwaku-compose/blob/a4d77b02dcfe3d69d72226e1c6a71167ea7d77b0/run_node.sh#L20 ... we might need to add the following parameters, f.e.: --standalone --http-01-port 8080 (or a different port number as the user wishes.)

jakubgs commented 6 months ago

There's at least three major issues here:

The majority of normal users will be within a LAN and behind a NAT so the port 80 will not be exposed publicly.
The majority of normal users will not have a public IP, nor a DNS record to set for their non-existent public IP.
Port 80 is often used by default installations of HTTP servers like Nginx so it probably will be taken.

This means that the probability of this working for a normal user that doesn't know about firewalls, NAT, DNS, and has no public IP is essentially 0%.