I created the HTTPS proxy for IPFS node on my Apache server with the following settings:
Apache:
<VirtualHost *:443>
SSLEngine on
SSLProtocol all -SSLv2
SSLHonorCipherOrder on
SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
SSLCompression Off
SSLCertificateFile /etc/letsencrypt/live/ipfs.mydoma.in/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/ipfs.mydoma.in/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
ServerName ipfs.mydoma.in
ServerAdmin admin@ad.min
ProxyRequests On
ProxyPreserveHost On
ProxyPass / http://localhost:48080/
ProxyPassReverse / http://localhost:48080/
</VirtualHost>
IPFS (fragment):
"Addresses": {
"Swarm": [
"/ip4/*.*.*.*/tcp/45001"
],
"Announce": [
"/dns4/ipfs.mydoma.in/tcp/45001"
],
"AppendAnnounce": [],
"NoAnnounce": [
"/ip4/10.0.0.0/ipcidr/8",
"/ip4/100.64.0.0/ipcidr/10",
"/ip4/169.254.0.0/ipcidr/16",
"/ip4/172.16.0.0/ipcidr/12",
"/ip4/192.0.0.0/ipcidr/24",
"/ip4/192.0.2.0/ipcidr/24",
"/ip4/192.168.0.0/ipcidr/16",
"/ip4/198.18.0.0/ipcidr/15",
"/ip4/198.51.100.0/ipcidr/24",
"/ip4/203.0.113.0/ipcidr/24",
"/ip4/240.0.0.0/ipcidr/4",
"/ip6/100::/ipcidr/64",
"/ip6/2001:2::/ipcidr/48",
"/ip6/2001:db8::/ipcidr/32",
"/ip6/fc00::/ipcidr/7",
"/ip6/fe80::/ipcidr/10"
],
"API": "/ip4/127.0.0.1/tcp/65001",
"Gateway": "/ip4/127.0.0.1/tcp/48080"
},
The problem is that running daemon starts immediately to hang up many opened connections on Apache, and to consume a lot of memory spamming the log with the message:
2022-02-13T14:38:45.172+0300 INFO bs:sess session/session.go:459 No peers - broadcasting {"session": 45, "want-count": 1}
This process consumes about 3GiB of memory when session
value reaches ~1000.
The process works normally when proxying is disabled.
I tried to implement a lot of samples of HTTP proxying for IPFS, nothing works. Please help me to clarify the keystone of this situation. What could be a reason for such behaviour? How to set up Apache HTTPS-HTTP proxy for IPFS node properly?