Https and IPFS - Is SSL needed with IPFS?

Help
1

I am testing a new demo and I have an error saying IPFS needs https. Someone I know also testing said they did not need http. I am using nginx and I have two servers. I am also trying to add data.

I cannot seem to find a clear answer from the docs.

Is https needed for IPFS?

2

You do not need to use HTTPS to access your gateway or API, you can use unencrypted HTTP, but the public gateways force HTTPS.

3

I am getting errors using what I think is the API as follows -
App.js:239 ipfs add error DOMException: Only secure origins are allowed (see: https://goo.gl/Y0ZkNV).

My code -
var zstr = ‘hello world from Zillerium2’
this.IpfsAPI.add(new Buffer(zstr), function (err, res){

Is this likely to be a config error in my setup or do I need https? I have tried using https but I am getting a lot of nodejs conflicts.

4

What URL did you provide when creating this.IpfsAPI object?

5

I am using the IP address - this.IpfsAPI = IpfsAPI(‘162.243.237.41’, ‘5001’)

I have two servers - one for IPFS and one for the ReactJS. ReactJS is under jenbil.com and he IPFS has no domain name. I have this running -
root@ubuntu-2gb-nyc2-01:/home/zipfs# ipfs daemon
Initializing daemon…
Adjusting current ulimit to 2048…
Successfully raised file descriptor limit to 2048.
Swarm listening on /ip4/10.13.0.5/tcp/4001
Swarm listening on /ip4/127.0.0.1/tcp/4001
Swarm listening on /ip4/162.243.237.41/tcp/4001
Swarm listening on /ip4/162.243.237.41/tcp/4001
Swarm listening on /ip6/::1/tcp/4001
API server listening on /ip4/0.0.0.0/tcp/5001
Gateway (readonly) server listening on /ip4/0.0.0.0/tcp/8180
Daemon is ready

6

Looks like you are using Service Worker(?) or something similar somewhere in your code.

I may be missing something, but last time i checked similar setup it only accepted HTTP with localhost IP (127.0.0.1). For anything else TLS was required.

So either set up TLS or run IPFS API on the same hostname&port as your app (can be done with reverse proxy such as Nginx).

Keep in mind that exposing API port to the public internet is a huge security risk. Anyone can upload or pin anything to your node. It is generally a better idea to hide API by tying it to localhost and orchestrating it via custom backend code that provides authorization etc.

1 Like
7

I get a lot of conflicting info about this - I had a lot of npm issues with https and someone from the npm group said that https was not needed for API calls. I am not sure myself. But whatever I try seems to fail. I added a new server to reduce the loan on my current one as I have only small servers at digital ocean.

I get X-Stream error (as posted). I have progressed past some of the errors before but this X-Stream error seems especially elusive.