Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add AutoTLS example #3103

Open
wants to merge 18 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 13 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions examples/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ Let us know if you find any issue or if you want to contribute and add a new tut
## Examples and Tutorials

- [The libp2p 'host'](./libp2p-host)
- [The libp2p 'host' with Secure WebSockets and AutoTLS](./autotls)
- [Building an http proxy with libp2p](./http-proxy)
- [An echo host](./echo)
- [Routed echo host](./routed-echo/)
Expand Down
2 changes: 2 additions & 0 deletions examples/autotls/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
autotls
p2p-forge-certs/
14 changes: 14 additions & 0 deletions examples/autotls/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# libp2p host with Secure WebSockets and AutoTLS

This example builds on the [libp2p host example](../libp2p-host) example and demonstrates how to use [AutoTLS](https://blog.ipfs.tech/2024-shipyard-improving-ipfs-on-the-web/#autotls-with-libp2p-direct) to automatically generate a wildcard Let's Encrypt TLS certificate unique to the libp2p host (`*.<PeerID>.libp2p.direct`), and use it with [libp2p WebSockets transport over TCP](https://github.com/libp2p/specs/blob/master/websockets/README.md) enabling browsers to directly connect to the libp2p host.

For this example to work, you need to have a public IP address and be publicly reachable. AutoTLS is guarded by connectivity check, and will not ask for a certificate unless your libp2p node emits `event.EvtLocalReachabilityChanged` with `network.ReachabilityPublic`.

## Running the example

From the `go-libp2p/examples` directory run the following:

```sh
cd autotls/
go run .
```
148 changes: 148 additions & 0 deletions examples/autotls/main.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,148 @@
package main

import (
"context"
"fmt"
"os"
"os/signal"
"time"

"github.com/caddyserver/certmagic"
"github.com/ipfs/go-log/v2"

p2pforge "github.com/ipshipyard/p2p-forge/client"
"github.com/libp2p/go-libp2p"
dht "github.com/libp2p/go-libp2p-kad-dht"
quic "github.com/libp2p/go-libp2p/p2p/transport/quic"
"github.com/libp2p/go-libp2p/p2p/transport/tcp"
ws "github.com/libp2p/go-libp2p/p2p/transport/websocket"
)

var logger = log.Logger("example")

const userAgent = "go-libp2p/example/autotls"

func main() {
// Create a background context
ctx := context.Background()

log.SetLogLevel("*", "error")
log.SetLogLevel("example", "debug") // Set the log level for the example to debug
log.SetLogLevel("basichost", "info") // Set the log level for the basichost package to info
log.SetLogLevel("autotls", "debug") // Set the log level for the autotls-example package to debug
log.SetLogLevel("p2p-forge", "debug") // Set the log level for the p2pforge package to debug
log.SetLogLevel("nat", "debug") // Set the log level for the libp2p nat package to debug

certLoaded := make(chan bool, 1) // Create a channel to signal when the cert is loaded

// TODO: this should not be necessary once https://github.com/ipshipyard/p2p-forge/issues/8 is resolved
rawLogger := logger.Desugar()
certmagic.Default.Logger = rawLogger.Named("default_fixme")
certmagic.DefaultACME.Logger = rawLogger.Named("default_acme_client_fixme")

// p2pforge is the AutoTLS client library.
// The cert manager handles the creation and management of certificate
certManager, err := p2pforge.NewP2PForgeCertMgr(
// Configure CA ACME endpoint
// NOTE:
// This example uses Let's Encrypt staging CA (p2pforge.DefaultCATestEndpoint)
// which will not work correctly in browser, but is useful for initial testing.
// Production should use Let's Encrypt production CA (p2pforge.DefaultCAEndpoint).
p2pforge.WithCAEndpoint(p2pforge.DefaultCATestEndpoint), // test CA endpoint
// TODO: p2pforge.WithCAEndpoint(p2pforge.DefaultCAEndpoint), // production CA endpoint
2color marked this conversation as resolved.
Show resolved Hide resolved

// Configure where to store certificate
p2pforge.WithCertificateStorage(&certmagic.FileStorage{Path: "p2p-forge-certs"}),
2color marked this conversation as resolved.
Show resolved Hide resolved

// Configure logger to use
p2pforge.WithLogger(rawLogger.Sugar().Named("autotls")),
2color marked this conversation as resolved.
Show resolved Hide resolved

// User-Agent to use during DNS-01 ACME challenge
p2pforge.WithUserAgent(userAgent),

// Optional hook called once certificate is ready
p2pforge.WithOnCertLoaded(func() {
certLoaded <- true
}),
)

if err != nil {
panic(err)
}

// Start the cert manager
certManager.Start()
defer certManager.Stop()

opts := []libp2p.Option{
libp2p.DisableRelay(), // Disable relay, since we need a public IP address
libp2p.NATPortMap(), // Attempt to open ports using UPnP for NATed hosts.

libp2p.ListenAddrStrings(
// Configure default catch-all listeners for TCP and UDP
"/ip4/0.0.0.0/tcp/5500", // regular TCP IPv4 connections
"/ip4/0.0.0.0/udp/5500/quic-v1", // a UDP endpoint for the QUIC transport
"/ip6/::/tcp/5500", // regular TCP IPv6 connections
"/ip6/::/udp/5500/quic-v1", // a UDP endpoint for the QUIC transport

// Configure Secure WebSockets listeners on the same TCP port
// AutoTLS will automatically generate a certificate for this host
// and use the forge domain (`libp2p.direct`) as the SNI hostname.
fmt.Sprintf("/ip4/0.0.0.0/tcp/5500/tls/sni/*.%s/ws", p2pforge.DefaultForgeDomain),
fmt.Sprintf("/ip6/::/tcp/5500/tls/sni/*.%s/ws", p2pforge.DefaultForgeDomain),
2color marked this conversation as resolved.
Show resolved Hide resolved
),

// Configure the TCP transport
libp2p.Transport(tcp.NewTCPTransport),

// Configure the QUIC transport
libp2p.Transport(quic.NewTransport),
2color marked this conversation as resolved.
Show resolved Hide resolved

// Configure the WS transport with the AutoTLS cert manager
libp2p.Transport(ws.New, ws.WithTLSConfig(certManager.TLSConfig())),

// Configure user agent for libp2p identify protocol (https://github.com/libp2p/specs/blob/master/identify/README.md)
libp2p.UserAgent(userAgent),

// AddrsFactory takes the multiaddrs we're listening on and sets the multiaddrs to advertise to the network.
// We use the AutoTLS address factory so that the `*` in the AutoTLS address string is replaced with the
// actual IP address of the host once detected
libp2p.AddrsFactory(certManager.AddressFactory()),
}
h, err := libp2p.New(opts...)
if err != nil {
panic(err)
}

logger.Info("Host created with PeerID: ", h.ID())

// Bootstrap the DHT to verify our public IPs address with AutoNAT
dhtOpts := []dht.Option{
dht.Mode(dht.ModeClient),
dht.BootstrapPeers(dht.GetDefaultBootstrapPeerAddrInfos()...),
}
dht, err := dht.New(ctx, h, dhtOpts...)
if err != nil {
panic(err)
}

go dht.Bootstrap(ctx)

time.Sleep(5 * time.Second)

logger.Info("Addresses: ", h.Addrs())

certManager.ProvideHost(h)

select {
case <-certLoaded:
logger.Info("TLS certificate loaded ")
logger.Info("Addresses: ", h.Addrs())
case <-ctx.Done():
logger.Info("Context done")
}
// Wait for interrupt signal
c := make(chan os.Signal, 1)
signal.Notify(c, os.Interrupt)
<-c
}
95 changes: 52 additions & 43 deletions examples/go.mod
Original file line number Diff line number Diff line change
@@ -1,27 +1,30 @@
module github.com/libp2p/go-libp2p/examples

go 1.22.0
go 1.23

toolchain go1.22.3
toolchain go1.23.3
lidel marked this conversation as resolved.
Show resolved Hide resolved

require (
github.com/caddyserver/certmagic v0.21.6
github.com/gogo/protobuf v1.3.2
github.com/google/uuid v1.6.0
github.com/ipfs/go-datastore v0.6.0
github.com/ipfs/go-log/v2 v2.5.1
github.com/libp2p/go-libp2p v0.37.0
github.com/libp2p/go-libp2p-kad-dht v0.25.1
github.com/multiformats/go-multiaddr v0.13.0
github.com/ipshipyard/p2p-forge v0.2.1
github.com/libp2p/go-libp2p v0.38.1
github.com/libp2p/go-libp2p-kad-dht v0.28.1
github.com/multiformats/go-multiaddr v0.14.0
github.com/prometheus/client_golang v1.20.5
)

require (
github.com/benbjohnson/clock v1.3.5 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/caddyserver/zerossl v0.1.3 // indirect
github.com/cespare/xxhash/v2 v2.3.0 // indirect
github.com/containerd/cgroups v1.1.0 // indirect
github.com/coreos/go-systemd/v22 v22.5.0 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/davidlazar/go-crypto v0.0.0-20200604182044-b73af7476f6c // indirect
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 // indirect
github.com/docker/go-units v0.5.0 // indirect
Expand All @@ -32,106 +35,112 @@ require (
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
github.com/godbus/dbus/v5 v5.1.0 // indirect
github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
github.com/google/gopacket v1.1.19 // indirect
github.com/google/pprof v0.0.0-20241017200806-017d972448fc // indirect
github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad // indirect
github.com/gorilla/websocket v1.5.3 // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/hashicorp/go-multierror v1.1.1 // indirect
github.com/hashicorp/golang-lru v0.5.4 // indirect
github.com/hashicorp/golang-lru v1.0.2 // indirect
github.com/huin/goupnp v1.3.0 // indirect
github.com/ipfs/boxo v0.10.0 // indirect
github.com/ipfs/boxo v0.25.0 // indirect
github.com/ipfs/go-cid v0.4.1 // indirect
github.com/ipfs/go-log v1.0.5 // indirect
github.com/ipld/go-ipld-prime v0.20.0 // indirect
github.com/ipld/go-ipld-prime v0.21.0 // indirect
github.com/jackpal/go-nat-pmp v1.0.2 // indirect
github.com/jbenet/go-temp-err-catcher v0.1.0 // indirect
github.com/jbenet/goprocess v0.1.4 // indirect
github.com/klauspost/compress v1.17.11 // indirect
github.com/klauspost/cpuid/v2 v2.2.8 // indirect
github.com/koron/go-ssdp v0.0.4 // indirect
github.com/klauspost/cpuid/v2 v2.2.9 // indirect
github.com/koron/go-ssdp v0.0.5 // indirect
github.com/libdns/libdns v0.2.2 // indirect
github.com/libp2p/go-buffer-pool v0.1.0 // indirect
github.com/libp2p/go-cidranger v1.1.0 // indirect
github.com/libp2p/go-flow-metrics v0.2.0 // indirect
github.com/libp2p/go-libp2p-asn-util v0.4.1 // indirect
github.com/libp2p/go-libp2p-kbucket v0.6.3 // indirect
github.com/libp2p/go-libp2p-kbucket v0.6.4 // indirect
github.com/libp2p/go-libp2p-record v0.2.0 // indirect
github.com/libp2p/go-libp2p-routing-helpers v0.7.2 // indirect
github.com/libp2p/go-libp2p-routing-helpers v0.7.4 // indirect
github.com/libp2p/go-msgio v0.3.0 // indirect
github.com/libp2p/go-nat v0.2.0 // indirect
github.com/libp2p/go-netroute v0.2.1 // indirect
github.com/libp2p/go-netroute v0.2.2 // indirect
github.com/libp2p/go-reuseport v0.4.0 // indirect
github.com/libp2p/go-yamux/v4 v4.0.1 // indirect
github.com/libp2p/zeroconf/v2 v2.2.0 // indirect
github.com/marten-seemann/tcp v0.0.0-20210406111302-dfbc87cc63fd // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
github.com/mholt/acmez/v3 v3.0.0 // indirect
github.com/miekg/dns v1.1.62 // indirect
github.com/mikioh/tcpinfo v0.0.0-20190314235526-30a79bb1804b // indirect
github.com/mikioh/tcpopt v0.0.0-20190314235656-172688c1accc // indirect
github.com/minio/sha256-simd v1.0.1 // indirect
github.com/mr-tron/base58 v1.2.0 // indirect
github.com/multiformats/go-base32 v0.1.0 // indirect
github.com/multiformats/go-base36 v0.2.0 // indirect
github.com/multiformats/go-multiaddr-dns v0.4.0 // indirect
github.com/multiformats/go-multiaddr-dns v0.4.1 // indirect
github.com/multiformats/go-multiaddr-fmt v0.1.0 // indirect
github.com/multiformats/go-multibase v0.2.0 // indirect
github.com/multiformats/go-multicodec v0.9.0 // indirect
github.com/multiformats/go-multihash v0.2.3 // indirect
github.com/multiformats/go-multistream v0.5.0 // indirect
github.com/multiformats/go-multistream v0.6.0 // indirect
github.com/multiformats/go-varint v0.0.7 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/onsi/ginkgo/v2 v2.20.2 // indirect
github.com/onsi/ginkgo/v2 v2.22.2 // indirect
github.com/opencontainers/runtime-spec v1.2.0 // indirect
github.com/opentracing/opentracing-go v1.2.0 // indirect
github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58 // indirect
github.com/pion/datachannel v1.5.9 // indirect
github.com/pion/datachannel v1.5.10 // indirect
github.com/pion/dtls/v2 v2.2.12 // indirect
github.com/pion/ice/v2 v2.3.36 // indirect
github.com/pion/ice/v2 v2.3.37 // indirect
github.com/pion/interceptor v0.1.37 // indirect
github.com/pion/logging v0.2.2 // indirect
github.com/pion/mdns v0.0.12 // indirect
github.com/pion/randutil v0.1.0 // indirect
github.com/pion/rtcp v1.2.14 // indirect
github.com/pion/rtp v1.8.9 // indirect
github.com/pion/sctp v1.8.33 // indirect
github.com/pion/rtcp v1.2.15 // indirect
github.com/pion/rtp v1.8.10 // indirect
github.com/pion/sctp v1.8.35 // indirect
github.com/pion/sdp/v3 v3.0.9 // indirect
github.com/pion/srtp/v2 v2.0.20 // indirect
github.com/pion/stun v0.6.1 // indirect
github.com/pion/transport/v2 v2.2.10 // indirect
github.com/pion/transport/v3 v3.0.7 // indirect
github.com/pion/turn/v2 v2.1.6 // indirect
github.com/pion/webrtc/v3 v3.3.4 // indirect
github.com/pion/webrtc/v3 v3.3.5 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
github.com/polydawn/refmt v0.89.0 // indirect
github.com/prometheus/client_model v0.6.1 // indirect
github.com/prometheus/common v0.60.0 // indirect
github.com/prometheus/common v0.61.0 // indirect
github.com/prometheus/procfs v0.15.1 // indirect
github.com/quic-go/qpack v0.5.1 // indirect
github.com/quic-go/quic-go v0.48.1 // indirect
github.com/quic-go/quic-go v0.48.2 // indirect
github.com/quic-go/webtransport-go v0.8.1-0.20241018022711-4ac2c9250e66 // indirect
github.com/raulk/go-watchdog v1.3.0 // indirect
github.com/spaolacci/murmur3 v1.1.0 // indirect
github.com/stretchr/testify v1.9.0 // indirect
github.com/stretchr/testify v1.10.0 // indirect
github.com/whyrusleeping/go-keyspace v0.0.0-20160322163242-5b898ac5add1 // indirect
github.com/wlynxg/anet v0.0.5 // indirect
github.com/zeebo/blake3 v0.2.4 // indirect
go.opencensus.io v0.24.0 // indirect
go.opentelemetry.io/otel v1.16.0 // indirect
go.opentelemetry.io/otel/metric v1.16.0 // indirect
go.opentelemetry.io/otel/trace v1.16.0 // indirect
go.opentelemetry.io/auto/sdk v1.1.0 // indirect
go.opentelemetry.io/otel v1.33.0 // indirect
go.opentelemetry.io/otel/metric v1.33.0 // indirect
go.opentelemetry.io/otel/trace v1.33.0 // indirect
go.uber.org/dig v1.18.0 // indirect
go.uber.org/fx v1.23.0 // indirect
go.uber.org/mock v0.5.0 // indirect
go.uber.org/multierr v1.11.0 // indirect
go.uber.org/zap v1.27.0 // indirect
golang.org/x/crypto v0.28.0 // indirect
golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c // indirect
golang.org/x/mod v0.21.0 // indirect
golang.org/x/net v0.30.0 // indirect
golang.org/x/sync v0.8.0 // indirect
golang.org/x/sys v0.26.0 // indirect
golang.org/x/text v0.19.0 // indirect
golang.org/x/tools v0.26.0 // indirect
gonum.org/v1/gonum v0.13.0 // indirect
google.golang.org/protobuf v1.35.1 // indirect
go.uber.org/zap/exp v0.3.0 // indirect
golang.org/x/crypto v0.32.0 // indirect
golang.org/x/exp v0.0.0-20250106191152-7588d65b2ba8 // indirect
golang.org/x/mod v0.22.0 // indirect
golang.org/x/net v0.34.0 // indirect
golang.org/x/sync v0.10.0 // indirect
golang.org/x/sys v0.29.0 // indirect
golang.org/x/text v0.21.0 // indirect
golang.org/x/time v0.8.0 // indirect
golang.org/x/tools v0.29.0 // indirect
gonum.org/v1/gonum v0.15.1 // indirect
google.golang.org/protobuf v1.36.2 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
lukechampine.com/blake3 v1.3.0 // indirect
)
Loading
Loading