Skip to content

AutoTLS implementation #5187

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 58 commits into
base: master
Choose a base branch
from
Open

AutoTLS implementation #5187

wants to merge 58 commits into from

Conversation

@martinconic
Copy link
Contributor

@martinconic martinconic commented Aug 11, 2025
edited
Loading

Checklist

  • I have read the coding guide.
  • My change requires a documentation update, and I have done it.
  • I have added tests to cover my changes.
  • I have filled out the description and linked the related issues.

Description

This pull request introduces an AutoTLS implementation for the Bee node. The primary motivation for this feature is to support the In-Browser project, which requires secure communication channels for clients.

Modern web browsers strictly enforce secure contexts, meaning they can only connect to endpoints using secure protocols like HTTPS or Secure WebSockets (wss://). AutoTLS automates the process of obtaining, managing, and renewing valid TLS certificates from a Certificate Authority (like Let's Encrypt).

By implementing AutoTLS, Bee nodes can now accept wss:// connections directly, enabling browsers to interact with the Bee network securely and seamlessly.

Implementation Details
The implementation is based on the approach outlined in the official libp2p blog post on AutoTLS and follows the patterns from the go-libp2p AutoTLS example.

Testing & Validation
The functionality was manually tested by running a Bee node (built with the flag above) and attempting to connect to it using wscat over a secure websocket.

Test Command:
wscat --no-check -c wss://<node-public-ip>.<peer-id>.libp2p.direct:5500

Result:
A successful connection was established, and the node responded with the multistream header, confirming the wss listener is active and secured with a valid TLS certificate:

Connected (press CTRL+C to quit)
< /multistream/1.0.0

Related Issue (Optional)

#5171

@martinconic martinconic marked this pull request as ready for review August 14, 2025 06:46
@v1rtl v1rtl mentioned this pull request Sep 14, 2025
Closed
4 tasks
gacevicljubisa
gacevicljubisa reviewed Oct 2, 2025
View reviewed changes
@martinconic martinconic mentioned this pull request Oct 6, 2025
Closed
4 tasks
@bcsorvasi bcsorvasi added this to the v2.7.0 milestone Oct 7, 2025
@bcsorvasi bcsorvasi linked an issue Oct 7, 2025 that may be closed by this pull request
AutoTLS support #5171
Open
akrem-chabchoub
akrem-chabchoub reviewed Oct 8, 2025
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 3, 2025
View reviewed changes
janos added 16 commits November 18, 2025 14:53
@janos
fix: pass complete underlays to Resovler in libp2p.Service.Addresses()
b3f89a1
@janos
chore: resolver retuns a complete underlay
7babf50
@janos
Revert "chore: resolver retuns a complete underlay"
4269315 
This reverts commit 7babf50.
@janos
fix: support more complex underlays in static resolver
43a48cb
@janos
fix: do not add wss addresses in libp2p if ws is not enabled
5c1d237
@janos
Revert "Revert "chore: resolver retuns a complete underlay""
a51ef80 
This reverts commit 4269315.
@janos
fix: correclty set the autotls-storage-dir default path
17ba19e
@janos
fix(libp2p): configure cert manager address factory
a49ec58
@janos
feat(libp2p): add newLogAddressFactory
98931e5
@janos
fix: remove address factory
5b98ea2
@janos
fix: disable tcp transport
25c603d
@janos
fix: try using the address factory in Addresses()
b64ebb6
@janos
fix: muild full ma in Addresses()
aee3a80
@janos
feat: add rewriteForgeWebSocketDomain
bda7c78
@janos
fix: address all major issues with cert and addresses handling
fc61c96
@janos
fix(api): multiaddr is now a slice, handle it in parsing as such
2f09f41
@martinconic martinconic requested a review from janos November 24, 2025 19:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gacevicljubisa gacevicljubisa gacevicljubisa approved these changes

@sbackend123 sbackend123 sbackend123 approved these changes

@nugaon nugaon Awaiting requested review from nugaon

@akrem-chabchoub akrem-chabchoub Awaiting requested review from akrem-chabchoub

@janos janos Awaiting requested review from janos

Assignees

@martinconic martinconic

Labels

None yet

Projects

None yet

Milestone

v2.7.0

Development

Successfully merging this pull request may close these issues.

AutoTLS support

7 participants

@martinconic @gacevicljubisa @janos @akrem-chabchoub @sbackend123 @bcsorvasi