Skip to content

AutoTLS implementation #5187

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 59 commits into
base: master
Choose a base branch
from
+1,505 −395
Open

AutoTLS implementation #5187

Show file tree
Hide file tree
Changes from 51 commits
Commits
Show all changes
59 commits
Select commit Hold shift + click to select a range
d2a16bb
feat: autotls implementation
martinconic Aug 6, 2025
1a0a274
chore: refactor
martinconic Aug 6, 2025
02e444f
fix: nil pointer
martinconic Aug 6, 2025
e9ad1d4
fix: remove cert load chan
martinconic Aug 6, 2025
2220859
fix: revert and improve
martinconic Aug 6, 2025
3657b00
fix: fix addresses
martinconic Aug 7, 2025
244af3a
fix: addresses
martinconic Aug 7, 2025
3c9f1fd
chore: cleanup
martinconic Aug 7, 2025
836dbb3
fix: add the right parameter
martinconic Aug 8, 2025
076d958
fix: tests
martinconic Aug 11, 2025
88fb362
chore: config options
martinconic Aug 14, 2025
0aaea5d
chore: clean
martinconic Sep 1, 2025
065eb9e
fix: add allow private forge addresses
martinconic Sep 8, 2025
2e54e8a
Merge branch 'master' into autotls-v2
martinconic Nov 3, 2025
710469a
fix: merge master inconsistencies
martinconic Nov 3, 2025
428fcbf
fix: go mod
martinconic Nov 3, 2025
d2b70bb
fix: tests
martinconic Nov 3, 2025
4f0430f
fix: addressing review comments
martinconic Nov 4, 2025
13d4a59
fix: linter
martinconic Nov 4, 2025
b8f66ab
chore: slightly update libp2p
martinconic Nov 4, 2025
b57a806
fix: try to fix failing test and upgrade libp2p to latest version
martinconic Nov 5, 2025
6113752
fix: test with blocklist streams
martinconic Nov 5, 2025
bcd6056
Revert "fix: test with blocklist streams"
martinconic Nov 5, 2025
8a9166f
fix: reviews and adding debug logs
martinconic Nov 7, 2025
cba97f7
fix: linter
martinconic Nov 7, 2025
32976e9
fix: review based changes
martinconic Nov 12, 2025
ffe3684
fix: linter
martinconic Nov 13, 2025
12c70e5
fix: linter
martinconic Nov 13, 2025
c512355
feat: add wss nat address resolver
martinconic Nov 13, 2025
def3347
feat: refactor wss and instead of using wss port use entire wss addr
martinconic Nov 14, 2025
fd40c1b
fix: pass nat-wss-addr value to libp2p.Service and fix composite reso…
janos Nov 18, 2025
ef4fdf0
fix: linter warning
janos Nov 18, 2025
7a59b4c
fix: pass correct error
janos Nov 18, 2025
b3f89a1
fix: pass complete underlays to Resovler in libp2p.Service.Addresses()
janos Nov 18, 2025
7babf50
chore: resolver retuns a complete underlay
janos Nov 18, 2025
4269315
Revert "chore: resolver retuns a complete underlay"
janos Nov 18, 2025
43a48cb
fix: support more complex underlays in static resolver
janos Nov 19, 2025
5c1d237
fix: do not add wss addresses in libp2p if ws is not enabled
janos Nov 19, 2025
a51ef80
Revert "Revert "chore: resolver retuns a complete underlay""
janos Nov 19, 2025
17ba19e
fix: correclty set the autotls-storage-dir default path
janos Nov 20, 2025
a49ec58
fix(libp2p): configure cert manager address factory
janos Nov 20, 2025
98931e5
feat(libp2p): add newLogAddressFactory
janos Nov 20, 2025
5b98ea2
fix: remove address factory
janos Nov 20, 2025
25c603d
fix: disable tcp transport
janos Nov 20, 2025
b64ebb6
fix: try using the address factory in Addresses()
janos Nov 20, 2025
aee3a80
fix: muild full ma in Addresses()
janos Nov 20, 2025
bda7c78
feat: add rewriteForgeWebSocketDomain
janos Nov 20, 2025
fc61c96
fix: address all major issues with cert and addresses handling
janos Nov 21, 2025
2f09f41
fix(api): multiaddr is now a slice, handle it in parsing as such
janos Nov 21, 2025
d6ca6d4
test: add mock certmagic tests
martinconic Nov 22, 2025
85b89ae
fix: failing tests
martinconic Nov 22, 2025
e49f261
chore: remove autotls-enabled and autotls-storage-dir for ux simplifi…
janos Nov 24, 2025
e0628a0
Revert "chore: remove autotls-enabled and autotls-storage-dir for ux …
janos Nov 24, 2025
b76fc3d
feat: add p2p-wss-enable cli flag
janos Nov 24, 2025
58b6bf1
chore: refactor latest config changes
martinconic Nov 24, 2025
3fc088d
Merge branch 'master' into autotls-v2
janos Nov 24, 2025
341fa9e
fix: joiner redundancy multilevel
martinconic Nov 24, 2025
966ebc9
Revert "fix: joiner redundancy multilevel"
martinconic Nov 25, 2025
69ff904
Merge remote-tracking branch 'origin/master' into autotls-v2
martinconic Nov 25, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions cmd/bee/cmd/cmd.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ import (
"github.com/ethersphere/bee/v2/pkg/log"
"github.com/ethersphere/bee/v2/pkg/node"
"github.com/ethersphere/bee/v2/pkg/swarm"
p2pforge "github.com/ipshipyard/p2p-forge/client"
"github.com/spf13/cobra"
"github.com/spf13/viper"
)
Expand Down Expand Up @@ -82,6 +83,13 @@ const (
optionReserveCapacityDoubling = "reserve-capacity-doubling"
optionSkipPostageSnapshot = "skip-postage-snapshot"
optionNameMinimumGasTipCap = "minimum-gas-tip-cap"
optionAutoTLSEnabled = "autotls-enabled"
optionP2PWSSAddr = "p2p-wss-addr"
optionNATWSSAddr = "nat-wss-addr"
optionAutoTLSStorageDir = "autotls-storage-dir"
optionAutoTLSDomain = "autotls-domain"
optionAutoTLSRegistrationEndpoint = "autotls-registration-endpoint"
optionAutoTLSCAEndpoint = "autotls-ca-endpoint"
)

// nolint:gochecknoinits
Expand Down Expand Up @@ -292,6 +300,13 @@ func (c *command) setAllFlags(cmd *cobra.Command) {
cmd.Flags().Int(optionReserveCapacityDoubling, 0, "reserve capacity doubling")
cmd.Flags().Bool(optionSkipPostageSnapshot, false, "skip postage snapshot")
cmd.Flags().Uint64(optionNameMinimumGasTipCap, 0, "minimum gas tip cap in wei for transactions, 0 means use suggested gas tip cap")
cmd.Flags().Bool(optionAutoTLSEnabled, false, "Enable AutoTLS for secure WebSocket connections")
cmd.Flags().String(optionP2PWSSAddr, ":1635", "p2p wss address")
cmd.Flags().String(optionNATWSSAddr, "", "WSS NAT exposed address")
cmd.Flags().String(optionAutoTLSStorageDir, "", "Data directory for certificate storage (default in p2p-tls-certs directory in storage dir)")
cmd.Flags().String(optionAutoTLSDomain, p2pforge.DefaultForgeDomain, "autotls domain")
cmd.Flags().String(optionAutoTLSRegistrationEndpoint, p2pforge.DefaultForgeEndpoint, "autotls registration endpoint")
cmd.Flags().String(optionAutoTLSCAEndpoint, p2pforge.DefaultCAEndpoint, "autotls certificate authority endpoint")
}

func newLogger(cmd *cobra.Command, verbosity string) (log.Logger, error) {
Expand Down
12 changes: 12 additions & 0 deletions cmd/bee/cmd/start.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -277,16 +277,25 @@ func buildBeeNode(ctx context.Context, c *command, cmd *cobra.Command, logger lo
neighborhoodSuggester = c.config.GetString(optionNameNeighborhoodSuggester)
}

autoTLSStorageDir := c.config.GetString(optionAutoTLSStorageDir)
if autoTLSStorageDir == "" {
autoTLSStorageDir = filepath.Join(c.config.GetString(optionNameDataDir), "p2p-tls-certs")
}

b, err := node.NewBee(ctx, c.config.GetString(optionNameP2PAddr), signerConfig.publicKey, signerConfig.signer, networkID, logger, signerConfig.libp2pPrivateKey, signerConfig.pssPrivateKey, signerConfig.session, &node.Options{
Addr: c.config.GetString(optionNameP2PAddr),
AllowPrivateCIDRs: c.config.GetBool(optionNameAllowPrivateCIDRs),
APIAddr: c.config.GetString(optionNameAPIAddr),
AutoTLSEnabled: c.config.GetBool(optionAutoTLSEnabled),
WSSAddr: c.config.GetString(optionP2PWSSAddr),
AutoTLSStorageDir: autoTLSStorageDir,
BlockchainRpcEndpoint: c.config.GetString(optionNameBlockchainRpcEndpoint),
BlockProfile: c.config.GetBool(optionNamePProfBlock),
BlockTime: networkConfig.blockTime,
BootnodeMode: bootNode,
Bootnodes: networkConfig.bootNodes,
CacheCapacity: c.config.GetUint64(optionNameCacheCapacity),
AutoTLSCAEndpoint: c.config.GetString(optionAutoTLSCAEndpoint),
ChainID: networkConfig.chainID,
ChequebookEnable: c.config.GetBool(optionNameChequebookEnable),
CORSAllowedOrigins: c.config.GetStringSlice(optionCORSAllowedOrigins),
Expand All @@ -297,12 +306,15 @@ func buildBeeNode(ctx context.Context, c *command, cmd *cobra.Command, logger lo
DBWriteBufferSize: c.config.GetUint64(optionNameDBWriteBufferSize),
EnableStorageIncentives: c.config.GetBool(optionNameStorageIncentivesEnable),
EnableWS: c.config.GetBool(optionNameP2PWSEnable),
AutoTLSDomain: c.config.GetString(optionAutoTLSDomain),
AutoTLSRegistrationEndpoint: c.config.GetString(optionAutoTLSRegistrationEndpoint),
FullNodeMode: fullNode,
Logger: logger,
MinimumGasTipCap: c.config.GetUint64(optionNameMinimumGasTipCap),
MinimumStorageRadius: c.config.GetUint(optionMinimumStorageRadius),
MutexProfile: c.config.GetBool(optionNamePProfMutex),
NATAddr: c.config.GetString(optionNameNATAddr),
NATWSSAddr: c.config.GetString(optionNATWSSAddr),
NeighborhoodSuggester: neighborhoodSuggester,
PaymentEarly: c.config.GetInt64(optionNamePaymentEarly),
PaymentThreshold: c.config.GetString(optionNamePaymentThreshold),
Expand Down
129 changes: 73 additions & 56 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ require (
contrib.go.opencensus.io/exporter/prometheus v0.4.2
github.com/armon/go-radix v1.0.0
github.com/btcsuite/btcd/btcec/v2 v2.3.2
github.com/caddyserver/certmagic v0.21.6
github.com/coreos/go-semver v0.3.0
github.com/ethereum/go-ethereum v1.15.11
github.com/ethersphere/batch-archive v0.0.4
Expand All @@ -17,24 +18,24 @@ require (
github.com/ethersphere/langos v1.0.0
github.com/go-playground/validator/v10 v10.11.1
github.com/gogo/protobuf v1.3.2
github.com/google/go-cmp v0.6.0
github.com/google/uuid v1.4.0
github.com/google/go-cmp v0.7.0
github.com/google/uuid v1.6.0
github.com/gorilla/handlers v1.4.2
github.com/gorilla/mux v1.8.0
github.com/gorilla/websocket v1.5.1
github.com/gorilla/websocket v1.5.3
github.com/hashicorp/go-multierror v1.1.1
github.com/hashicorp/golang-lru/v2 v2.0.5
github.com/ipfs/go-cid v0.4.1
github.com/hashicorp/golang-lru/v2 v2.0.7
github.com/ipfs/go-cid v0.5.0
github.com/ipshipyard/p2p-forge v0.6.1
github.com/kardianos/service v1.2.2
github.com/klauspost/reedsolomon v1.11.8
github.com/libp2p/go-libp2p v0.33.2
github.com/multiformats/go-multiaddr v0.12.3
github.com/multiformats/go-multiaddr-dns v0.3.1
github.com/libp2p/go-libp2p v0.44.0
github.com/multiformats/go-multiaddr v0.16.0
github.com/multiformats/go-multiaddr-dns v0.4.1
github.com/multiformats/go-multihash v0.2.3
github.com/multiformats/go-multistream v0.5.0
github.com/multiformats/go-varint v0.0.7
github.com/multiformats/go-multistream v0.6.1
github.com/opentracing/opentracing-go v1.2.0
github.com/prometheus/client_golang v1.21.1
github.com/prometheus/client_golang v1.22.0
github.com/spf13/afero v1.6.0
github.com/spf13/cobra v1.8.1
github.com/spf13/viper v1.7.0
Expand All @@ -46,11 +47,11 @@ require (
gitlab.com/nolash/go-mockbytes v0.0.7
go.uber.org/atomic v1.11.0
go.uber.org/goleak v1.3.0
golang.org/x/crypto v0.36.0
golang.org/x/sync v0.12.0
golang.org/x/sys v0.31.0
golang.org/x/term v0.30.0
golang.org/x/time v0.9.0
golang.org/x/crypto v0.41.0
golang.org/x/sync v0.16.0
golang.org/x/sys v0.35.0
golang.org/x/term v0.34.0
golang.org/x/time v0.12.0
gopkg.in/yaml.v2 v2.4.0
resenje.org/feed v0.1.2
resenje.org/multex v0.1.0
Expand All @@ -66,19 +67,16 @@ require (
github.com/beorn7/perks v1.0.1 // indirect
github.com/bits-and-blooms/bitset v1.20.0 // indirect
github.com/btcsuite/btcd/chaincfg/chainhash v1.0.1 // indirect
github.com/caddyserver/zerossl v0.1.3 // indirect
github.com/cespare/xxhash/v2 v2.3.0 // indirect
github.com/codahale/hdrhistogram v0.0.0-00010101000000-000000000000 // indirect
github.com/consensys/gnark-crypto v0.18.1 // indirect
github.com/containerd/cgroups v1.1.0 // indirect
github.com/coreos/go-systemd/v22 v22.5.0 // indirect
github.com/crate-crypto/go-eth-kzg v1.3.0 // indirect
github.com/crate-crypto/go-ipa v0.0.0-20240724233137-53bbb0ceb27a // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/davidlazar/go-crypto v0.0.0-20200604182044-b73af7476f6c // indirect
github.com/deckarep/golang-set/v2 v2.6.0 // indirect
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
github.com/docker/go-units v0.5.0 // indirect
github.com/elastic/gosigar v0.14.2 // indirect
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 // indirect
github.com/ethereum/c-kzg-4844/v2 v2.1.0 // indirect
github.com/ethereum/go-verkle v0.2.2 // indirect
github.com/felixge/fgprof v0.9.5
Expand All @@ -90,37 +88,35 @@ require (
github.com/go-ole/go-ole v1.3.0 // indirect
github.com/go-playground/locales v0.14.0 // indirect
github.com/go-playground/universal-translator v0.18.0 // indirect
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
github.com/godbus/dbus/v5 v5.1.0 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/snappy v0.0.5-0.20220116011046-fa5810519dcb // indirect
github.com/google/gopacket v1.1.19 // indirect
github.com/google/pprof v0.0.0-20240227163752-401108e1b7e7 // indirect
github.com/google/pprof v0.0.0-20250607225305-033d6d78b36a // indirect
github.com/gopherjs/gopherjs v0.0.0-20200217142428-fce0ec30dd00 // indirect
github.com/hashicorp/errwrap v1.0.0 // indirect
github.com/hashicorp/hcl v1.0.0 // indirect
github.com/holiman/uint256 v1.3.2 // indirect
github.com/huin/goupnp v1.3.0 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/ipfs/go-log/v2 v2.5.1 // indirect
github.com/ipfs/go-log/v2 v2.6.0 // indirect
github.com/jackpal/go-nat-pmp v1.0.2 // indirect
github.com/jbenet/go-temp-err-catcher v0.1.0 // indirect
github.com/klauspost/compress v1.17.11 // indirect
github.com/klauspost/cpuid/v2 v2.2.7 // indirect
github.com/koron/go-ssdp v0.0.4 // indirect
github.com/klauspost/compress v1.18.0 // indirect
github.com/klauspost/cpuid/v2 v2.2.10 // indirect
github.com/koron/go-ssdp v0.0.6 // indirect
github.com/leodido/go-urn v1.2.1 // indirect
github.com/libdns/libdns v0.2.2 // indirect
github.com/libp2p/go-buffer-pool v0.1.0 // indirect
github.com/libp2p/go-flow-metrics v0.1.0 // indirect
github.com/libp2p/go-flow-metrics v0.2.0 // indirect
github.com/libp2p/go-libp2p-asn-util v0.4.1 // indirect
github.com/libp2p/go-msgio v0.3.0 // indirect
github.com/libp2p/go-nat v0.2.0 // indirect
github.com/libp2p/go-netroute v0.2.1 // indirect
github.com/libp2p/go-netroute v0.3.0 // indirect
github.com/libp2p/go-reuseport v0.4.0 // indirect
github.com/libp2p/go-yamux/v4 v4.0.1 // indirect
github.com/libp2p/go-yamux/v5 v5.0.1 // indirect
github.com/magiconair/properties v1.8.1 // indirect
github.com/marten-seemann/tcp v0.0.0-20210406111302-dfbc87cc63fd // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
github.com/miekg/dns v1.1.58 // indirect
github.com/mholt/acmez/v3 v3.0.0 // indirect
github.com/miekg/dns v1.1.66 // indirect
github.com/mikioh/tcpinfo v0.0.0-20190314235526-30a79bb1804b // indirect
github.com/mikioh/tcpopt v0.0.0-20190314235656-172688c1accc // indirect
github.com/minio/sha256-simd v1.0.1 // indirect
Expand All @@ -130,22 +126,40 @@ require (
github.com/multiformats/go-base36 v0.2.0 // indirect
github.com/multiformats/go-multiaddr-fmt v0.1.0 // indirect
github.com/multiformats/go-multibase v0.2.0 // indirect
github.com/multiformats/go-multicodec v0.9.0 // indirect
github.com/multiformats/go-multicodec v0.9.1 // indirect
github.com/multiformats/go-varint v0.0.7
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/onsi/ginkgo/v2 v2.15.0 // indirect
github.com/opencontainers/runtime-spec v1.2.0 // indirect
github.com/onsi/gomega v1.36.3 // indirect
github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58 // indirect
github.com/pelletier/go-toml v1.8.0 // indirect
github.com/pion/datachannel v1.5.10 // indirect
github.com/pion/dtls/v2 v2.2.12 // indirect
github.com/pion/dtls/v3 v3.0.6 // indirect
github.com/pion/ice/v4 v4.0.10 // indirect
github.com/pion/interceptor v0.1.40 // indirect
github.com/pion/logging v0.2.3 // indirect
github.com/pion/mdns/v2 v2.0.7 // indirect
github.com/pion/randutil v0.1.0 // indirect
github.com/pion/rtcp v1.2.15 // indirect
github.com/pion/rtp v1.8.19 // indirect
github.com/pion/sctp v1.8.39 // indirect
github.com/pion/sdp/v3 v3.0.13 // indirect
github.com/pion/srtp/v3 v3.0.6 // indirect
github.com/pion/stun v0.6.1 // indirect
github.com/pion/stun/v3 v3.0.0 // indirect
github.com/pion/transport/v2 v2.2.10 // indirect
github.com/pion/transport/v3 v3.0.7 // indirect
github.com/pion/turn/v4 v4.0.2 // indirect
github.com/pion/webrtc/v4 v4.1.2 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/prometheus/client_model v0.6.1 // indirect
github.com/prometheus/common v0.62.0
github.com/prometheus/procfs v0.15.1 // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
github.com/prometheus/client_model v0.6.2 // indirect
github.com/prometheus/common v0.64.0
github.com/prometheus/procfs v0.16.1 // indirect
github.com/prometheus/statsd_exporter v0.22.7 // indirect
github.com/quic-go/qpack v0.4.0 // indirect
github.com/quic-go/quic-go v0.42.0 // indirect
github.com/quic-go/webtransport-go v0.6.0 // indirect
github.com/raulk/go-watchdog v1.3.0 // indirect
github.com/quic-go/qpack v0.5.1 // indirect
github.com/quic-go/quic-go v0.55.0 // indirect
github.com/quic-go/webtransport-go v0.9.0 // indirect
github.com/shirou/gopsutil v3.21.5+incompatible // indirect
github.com/smartystreets/assertions v1.1.1 // indirect
github.com/spaolacci/murmur3 v1.1.0 // indirect
Expand All @@ -159,21 +173,24 @@ require (
github.com/uber/jaeger-lib v2.2.0+incompatible // indirect
github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
github.com/wealdtech/go-multicodec v1.4.0 // indirect
github.com/wlynxg/anet v0.0.5 // indirect
github.com/zeebo/blake3 v0.2.4 // indirect
go.opencensus.io v0.24.0 // indirect
go.uber.org/dig v1.17.1 // indirect
go.uber.org/fx v1.20.1 // indirect
go.uber.org/mock v0.4.0 // indirect
go.uber.org/dig v1.19.0 // indirect
go.uber.org/fx v1.24.0 // indirect
go.uber.org/mock v0.5.2 // indirect
go.uber.org/multierr v1.11.0 // indirect
go.uber.org/zap v1.27.0 // indirect
golang.org/x/exp v0.0.0-20240213143201-ec583247a57a // indirect
golang.org/x/mod v0.22.0 // indirect
golang.org/x/net v0.38.0 // indirect
golang.org/x/text v0.23.0 // indirect
golang.org/x/tools v0.29.0 // indirect
google.golang.org/protobuf v1.36.1 // indirect
go.uber.org/zap v1.27.0
go.uber.org/zap/exp v0.3.0 // indirect
golang.org/x/exp v0.0.0-20250606033433-dcc06ee1d476 // indirect
golang.org/x/mod v0.27.0 // indirect
golang.org/x/net v0.43.0 // indirect
golang.org/x/text v0.28.0 // indirect
golang.org/x/tools v0.36.0 // indirect
google.golang.org/protobuf v1.36.6 // indirect
gopkg.in/ini.v1 v1.57.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
lukechampine.com/blake3 v1.2.1 // indirect
lukechampine.com/blake3 v1.4.1 // indirect
)

replace github.com/codahale/hdrhistogram => github.com/HdrHistogram/hdrhistogram-go v0.0.0-20200919145931-8dac23c8dac1
Loading
Loading