Jump to content
Sign in to follow this  
buzzkillb

How to Setup Cloudflare Full Strict and IPNS - IPFS

Recommended Posts

334

500 posts
1223 BF$

If you are playing on IPFS you can use IPNS so your site has a typical domain someone can go to. A user can also go to the hash of the IPNS too, using IPFS gateway, Infura or Cloudflare as well. I was curious how to setup Full Strict on Cloudflare and what that would do with this monstrosity. First setup your domain on cloudflare with a proxy. I am using explorer.denarius.pro for this example.

Install IPFS on your VPS, PI or VM. Setup your website like usual and setup IPNS with that. I might write out how to do this again in a second post.

Setup IPNS on cloudflare with the TXT record.

image.thumb.png.44795a0a6dcd124a716b19a502fed523.png

The nuts and bolts is a gist I forked https://gist.github.com/buzzkillb/aabf6b113154cf4f1601cc34e5488acf

Go to SSL/TLS -> Origin Server -> Create Certificate and either use the default or like I did, specifiy the full subdomain. Here I am showing example.denarius.pro for the example. Click Next.

image.thumb.png.a6d3941186b44e3823c038c01085df92.png

Insert Origin Certificate into a cert.pem

sudo nano /etc/ssl/certs/cert.pem

image.png.f1d2d8942d5eba05c58c62f5d4ffde54.png

Insert Private Key into key.pem

sudo nano /etc/ssl/private/key.pem

image.png.69fdbb456fcee66e02f865c7f6c0a073.png

Download and copy https://support.cloudflare.com/hc/en-us/article_attachments/360044928032/origin-pull-ca.pem into  cloudflare.crt

sudo nano /etc/ssl/certs/cloudflare.crt
-----BEGIN CERTIFICATE-----
MIIGCjCCA/KgAwIBAgIIV5G6lVbCLmEwDQYJKoZIhvcNAQENBQAwgZAxCzAJBgNV
BAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMRQwEgYDVQQLEwtPcmln
aW4gUHVsbDEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZv
cm5pYTEjMCEGA1UEAxMab3JpZ2luLXB1bGwuY2xvdWRmbGFyZS5uZXQwHhcNMTkx
MDEwMTg0NTAwWhcNMjkxMTAxMTcwMDAwWjCBkDELMAkGA1UEBhMCVVMxGTAXBgNV
BAoTEENsb3VkRmxhcmUsIEluYy4xFDASBgNVBAsTC09yaWdpbiBQdWxsMRYwFAYD
VQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMSMwIQYDVQQD
ExpvcmlnaW4tcHVsbC5jbG91ZGZsYXJlLm5ldDCCAiIwDQYJKoZIhvcNAQEBBQAD
ggIPADCCAgoCggIBAN2y2zojYfl0bKfhp0AJBFeV+jQqbCw3sHmvEPwLmqDLqynI
42tZXR5y914ZB9ZrwbL/K5O46exd/LujJnV2b3dzcx5rtiQzso0xzljqbnbQT20e
ihx/WrF4OkZKydZzsdaJsWAPuplDH5P7J82q3re88jQdgE5hqjqFZ3clCG7lxoBw
hLaazm3NJJlUfzdk97ouRvnFGAuXd5cQVx8jYOOeU60sWqmMe4QHdOvpqB91bJoY
QSKVFjUgHeTpN8tNpKJfb9LIn3pun3bC9NKNHtRKMNX3Kl/sAPq7q/AlndvA2Kw3
Dkum2mHQUGdzVHqcOgea9BGjLK2h7SuX93zTWL02u799dr6Xkrad/WShHchfjjRn
aL35niJUDr02YJtPgxWObsrfOU63B8juLUphW/4BOjjJyAG5l9j1//aUGEi/sEe5
lqVv0P78QrxoxR+MMXiJwQab5FB8TG/ac6mRHgF9CmkX90uaRh+OC07XjTdfSKGR
PpM9hB2ZhLol/nf8qmoLdoD5HvODZuKu2+muKeVHXgw2/A6wM7OwrinxZiyBk5Hh
CvaADH7PZpU6z/zv5NU5HSvXiKtCzFuDu4/Zfi34RfHXeCUfHAb4KfNRXJwMsxUa
+4ZpSAX2G6RnGU5meuXpU5/V+DQJp/e69XyyY6RXDoMywaEFlIlXBqjRRA2pAgMB
AAGjZjBkMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1Ud
DgQWBBRDWUsraYuA4REzalfNVzjann3F6zAfBgNVHSMEGDAWgBRDWUsraYuA4REz
alfNVzjann3F6zANBgkqhkiG9w0BAQ0FAAOCAgEAkQ+T9nqcSlAuW/90DeYmQOW1
QhqOor5psBEGvxbNGV2hdLJY8h6QUq48BCevcMChg/L1CkznBNI40i3/6heDn3IS
zVEwXKf34pPFCACWVMZxbQjkNRTiH8iRur9EsaNQ5oXCPJkhwg2+IFyoPAAYURoX
VcI9SCDUa45clmYHJ/XYwV1icGVI8/9b2JUqklnOTa5tugwIUi5sTfipNcJXHhgz
6BKYDl0/UP0lLKbsUETXeTGDiDpxZYIgbcFrRDDkHC6BSvdWVEiH5b9mH2BON60z
0O0j8EEKTwi9jnafVtZQXP/D8yoVowdFDjXcKkOPF/1gIh9qrFR6GdoPVgB3SkLc
5ulBqZaCHm563jsvWb/kXJnlFxW+1bsO9BDD6DweBcGdNurgmH625wBXksSdD7y/
fakk8DagjbjKShYlPEFOAqEcliwjF45eabL0t27MJV61O/jHzHL3dknXeE4BDa2j
bA+JbyJeUMtU7KMsxvx82RmhqBEJJDBCJ3scVptvhDMRrtqDBW5JShxoAOcpFQGm
iYWicn46nPDjgTU0bX1ZPpTpryXbvciVL5RkVBuyX2ntcOLDPlZWgxZCBp96x07F
AnOzKgZk4RzZPNAxCXERVxajn/FLcOhglVAKo5H0ac+AitlQ0ip55D2/mf8o72tM
fVQ6VpyjEXdiIXWUq/o=
-----END CERTIFICATE-----

Edit the default nginx sites-available file

sudo nano /etc/nginx/sites-available/default

and throw this in. Take note of the domain as you would change that to whatever you are using.

server {
    listen 80;
    listen [::]:80;
    server_name explorer.denarius.pro;
    return 302 https://$server_name$request_uri;

}

server {
        listen 443 ssl;
        listen [::]:443 ssl http2;
        ssl on;

        ssl_certificate /etc/ssl/certs/cert.pem;
        ssl_certificate_key /etc/ssl/private/key.pem;

        location / {
                proxy_pass    http://127.0.0.1:8080;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;
        }
}

Test nginx that there are no errors from the copy/pasta.

nginx -t

And reload the nginx service.

nginx -s reload

Now that you have full strict cloudflare on your IPFS / IPNS website. Turn this on.

image.png.3b1d0d3a32afb9fdd7d9c8a23a88172e.png

Denarius Wiki is a Hugo built site.

https://denarius.wiki/
https://gateway.ipfs.io/ipns/denarius.wiki/

Simple Explorer is a test site using IPFS for a block explorer.

https://explorer.denarius.pro/
https://gateway.ipfs.io/ipns/explorer.denarius.pro/

image.png.5aa71c66b0c8947ac93a3247477500d4.png

  • Moon 1

If you enjoy my content please consider donating to the Denarius creator - https://www.patreon.com/carsenk
Join Denarius Discord - https://discord.gg/JQEmXwb

Share this post


Link to post
Share on other sites
334

500 posts
1223 BF$

To setup IPNS, install IPFS daemon.

https://docs.ipfs.io/guides/guides/install/

Latest binary.

https://dist.ipfs.io/#go-ipfs

Throw the site into somewhere like ~/website and then run

TMP=`ipfs add -r /home/USERNAME/website/ | awk 'END{printf $2}'` && ipfs name publish $TMP

This will show something like

Published to QmdKLWPao7d5NZQC92s6TRMVBuBrHfCyNZhVXTKAU42kuN: /ipfs/QmXzYAPHsNLucHFUS1tg1FW9P1PiDyq16ar1tGAhmfW13H

You want your TXT record on Cloudflare to use the PEERID hash  QmdKLWPao7d5NZQC92s6TRMVBuBrHfCyNZhVXTKAU42kuN

dnslink=/ipns/QmdKLWPao7d5NZQC92s6TRMVBuBrHfCyNZhVXTKAU42kuN

Example simple script, ipfs.sh, I use for denarius.wiki

#!/bin/bash
TMP=`/usr/local/bin/ipfs add -r /home/username/denarius-wiki/public/ | awk 'END{printf $2}'` && /usr/local/bin/ipfs name publish $TMP
NAME=$(/usr/local/bin/ipfs name resolve QmY8ED7bPoxQqrbFBbsY3KVpz2GqNmDRtDG8JDTA8kV1H2)

Which you can go to these variations, notice the PEERID for denarius.wiki in the cloudflare TXT record and below IPFS gateway link.

image.png.361994af230105075fd66ef55963cc61.png

https://denarius.wiki/
https://gateway.ipfs.io/ipns/denarius.wiki/
https://gateway.ipfs.io/ipns/QmY8ED7bPoxQqrbFBbsY3KVpz2GqNmDRtDG8JDTA8kV1H2/
 

  • Like 1

If you enjoy my content please consider donating to the Denarius creator - https://www.patreon.com/carsenk
Join Denarius Discord - https://discord.gg/JQEmXwb

Share this post


Link to post
Share on other sites
334

500 posts
1223 BF$

Install IPFS daemon, get latest from here https://dist.ipfs.io/#go-ipfs

wget https://dist.ipfs.io/go-ipfs/v0.7.0/go-ipfs_v0.7.0_linux-amd64.tar.gz
tar xzvf go-ipfs_v0.7.0_linux-amd64.tar.gz
cd go-ipfs/
sudo ./install.sh
ipfs init --profile server

Setup IPFS to run in systemD

sudo nano  /etc/systemd/system/ipfs.service

pasta this in

[Unit]
Description=IPFS daemon
After=network.target

[Service]
### Uncomment the following line for custom ipfs datastore location
# Environment=IPFS_PATH=/path/to/your/ipfs/datastore
ExecStart=/usr/local/bin/ipfs daemon --enable-namesys-pubsub
Restart=on-failure

[Install]
WantedBy=default.target

Get it going

sudo systemctl start ipfs
sudo systemctl enable ipfs

IPFS daemon now running in the background

  • Like 1

If you enjoy my content please consider donating to the Denarius creator - https://www.patreon.com/carsenk
Join Denarius Discord - https://discord.gg/JQEmXwb

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...