ipfs How to Setup Cloudflare Full Strict and IPNS - IPFS

buzzkillb · September 30, 2020

If you are playing on IPFS you can use IPNS so your site has a typical domain someone can go to. A user can also go to the hash of the IPNS too, using IPFS gateway, Infura or Cloudflare as well. I was curious how to setup Full Strict on Cloudflare and what that would do with this monstrosity. First setup your domain on cloudflare with a proxy. I am using explorer.denarius.pro for this example.

Install IPFS on your VPS, PI or VM. Setup your website like usual and setup IPNS with that. I might write out how to do this again in a second post.

Setup IPNS on cloudflare with the TXT record.

The nuts and bolts is a gist I forked https://gist.github.com/buzzkillb/aabf6b113154cf4f1601cc34e5488acf

Go to SSL/TLS -> Origin Server -> Create Certificate and either use the default or like I did, specifiy the full subdomain. Here I am showing example.denarius.pro for the example. Click Next.

Insert Origin Certificate into a cert.pem

sudo nano /etc/ssl/certs/cert.pem

Insert Private Key into key.pem

sudo nano /etc/ssl/private/key.pem

Download and copy https://support.cloudflare.com/hc/en-us/article_attachments/360044928032/origin-pull-ca.pem into cloudflare.crt

sudo nano /etc/ssl/certs/cloudflare.crt

Edit the default nginx sites-available file

sudo nano /etc/nginx/sites-available/default

and throw this in. Take note of the domain as you would change that to whatever you are using.

server {
    listen 80;
    listen [::]:80;
    server_name explorer.denarius.pro;
    return 302 https://$server_name$request_uri;

}

server {
        listen 443 ssl;
        listen [::]:443 ssl http2;
        ssl on;

        ssl_certificate /etc/ssl/certs/cert.pem;
        ssl_certificate_key /etc/ssl/private/key.pem;

        location / {
                proxy_pass    http://127.0.0.1:8080;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;
        }
}

Test nginx that there are no errors from the copy/pasta.

nginx -t

And reload the nginx service.

nginx -s reload

Now that you have full strict cloudflare on your IPFS / IPNS website. Turn this on.

Denarius Wiki is a Hugo built site.

https://denarius.wiki/
https://gateway.ipfs.io/ipns/denarius.wiki/

Simple Explorer is a test site using IPFS for a block explorer.

https://explorer.denarius.pro/
https://gateway.ipfs.io/ipns/explorer.denarius.pro/

buzzkillb · October 1, 2020

To setup IPNS, install IPFS daemon.

https://docs.ipfs.io/guides/guides/install/

Latest binary.

https://dist.ipfs.io/#go-ipfs

Throw the site into somewhere like ~/website and then run

TMP=`ipfs add -r /home/USERNAME/website/ | awk 'END{printf $2}'` && ipfs name publish $TMP

This will show something like

Published to k51qzi5uqu5dg7fkiet37k5jvb81ou2u01k2wvl4namtby5lrp8lvro8wp9oi9: /ipfs/QmU9EdAfNYFNojbzcRxo3in6sD7TxDVFZL1tM7D53nnCfn

You want your TXT record on Cloudflare to use the PEERID hash k51qzi5uqu5dg7fkiet37k5jvb81ou2u01k2wvl4namtby5lrp8lvro8wp9oi9

dnslink=/ipns/k51qzi5uqu5dg7fkiet37k5jvb81ou2u01k2wvl4namtby5lrp8lvro8wp9oi9

Example simple script, addipfs.sh, I use for pos.watch

#!/bin/bash
TMP=`/usr/local/bin/ipfs add -r /home/denarius/website/ | awk 'END{printf $2}'` && /usr/local/bin/ipfs name publish $TMP
NAME=$(/usr/local/bin/ipfs name resolve k51qzi5uqu5dg7fkiet37k5jvb81ou2u01k2wvl4namtby5lrp8lvro8wp9oi9)

Which you can go to these variations, notice the PEERID for pos.watch in the cloudflare TXT record and below IPFS gateway link.

https://pos.watch/
https://gateway.ipfs.io/ipns/pos.watch/
https://gateway.ipfs.io/ipns/k51qzi5uqu5dg7fkiet37k5jvb81ou2u01k2wvl4namtby5lrp8lvro8wp9oi9
http://tiljhkmti5r6mpfjq4zlruizzgbb6rhdplcllhzyh4caff7xjyerphyd.onion/

https://denarius.wiki/
https://gateway.ipfs.io/ipns/denarius.wiki/
https://gateway.ipfs.io/ipns/QmY8ED7bPoxQqrbFBbsY3KVpz2GqNmDRtDG8JDTA8kV1H2/

buzzkillb · October 3, 2020

Install IPFS daemon, get latest from here https://dist.ipfs.io/#go-ipfs

wget https://dist.ipfs.io/go-ipfs/v0.7.0/go-ipfs_v0.7.0_linux-amd64.tar.gz
tar xzvf go-ipfs_v0.7.0_linux-amd64.tar.gz
cd go-ipfs/
sudo ./install.sh
ipfs init --profile server

Setup IPFS to run in systemD

sudo nano  /etc/systemd/system/ipfs.service

pasta this in, note the username, if not denarius edit the user to root or whatever

[Unit]
Description=IPFS daemon
After=network.target

[Service]
### Uncomment the following line for custom ipfs datastore location
# Environment=IPFS_PATH=/path/to/your/ipfs/datastore
User=denarius
ExecStart=/usr/local/bin/ipfs daemon --enable-namesys-pubsub
Restart=on-failure

[Install]
WantedBy=default.target

Get it going

sudo systemctl start ipfs
sudo systemctl enable ipfs

IPFS daemon now running in the background

buzzkillb · November 16, 2020

Setup a new domain and needed to enable this under SSL/TLS -> Edge Certificates -> Disable Universal SSL

reference: https://support.cloudflare.com/hc/en-us/articles/200170566-Why-am-I-getting-a-SSL-mismatch-error-#h_122b94f3-ff14-4544-b5fa-8875e08ff5f0

buzzkillb · November 16, 2020

I can't get the service to run on some vps's for some reason, so testing out a reboot cronjob.

@reboot /usr/bin/screen -dmS ipfs /usr/local/bin/ipfs daemon --enable-namesys-pubsub

Sign In

ipfs How to Setup Cloudflare Full Strict and IPNS - IPFS

Recommended Posts

buzzkillb

Link to comment

Share on other sites

buzzkillb

Link to comment

Share on other sites

buzzkillb

Link to comment

Share on other sites

buzzkillb

Link to comment

Share on other sites

buzzkillb

Link to comment

Share on other sites

Join the conversation

Resources

Browse

Activity