Using SSL with EOS.IO nodes
This is a guide on how to setup a secure HTTPS API using the built-in EOS http_plugin.
SSL support is available since 2018-04-27 release.
First of all you have to be on the DAWN-2018-04-27-ALPHA tag or newer.
If you run
nodeos --version it should output 2594537369. Otherwise you have to update.
To update please run on your eos repo clone:
$ cd [EOSIO_DIR] $ git pull $ git checkout DAWN-2018-04-27-ALPHA $ git submodule update --recursive $ ./eosio_build.sh $ cd build $ sudo make install
Obtaining a SSL certificate for your domain with Certbot / Let's Encrypt
$ sudo add-apt-repository ppa:certbot/certbot $ sudo apt-get update $ sudo apt-get install certbot
Certbot will need to listen on port 80 for the certificate generation challenge.
If you have any service using it please stop that first. Then run:
$ sudo certbot certonly --standalone --preferred-challenges http -d your-domain
Now copy the generated files to your testnet folder:
$ cd [TESTNET_FOLDER] $ sudo cp /etc/letsencrypt/live/your-domain/fullchain.pem . $ sudo cp /etc/letsencrypt/live/your-domain/privkey.pem . $ sudo chown user:user fullchain.pem privkey.pem
config.ini file and add the following lines:
https-server-address = 0.0.0.0:443 https-certificate-chain-file = /[TESTNET_FOLDER]/fullchain.pem https-private-key-file = /[TESTNET_FOLDER]/privkey.pem
If you want to disable insecure HTTP completely just set (commenting out the line won't work)
Start nodeos and go to
https://your-domain/v1/chain/get_info to check! You should have a green padlock in chrome showing a successful TLS connection.
If something went wrong please take a look on the first lines of your log file