Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Want to run a gateway for loading web apps? Make sure it provides origin isolation. #150

Closed
lidel opened this issue Jun 8, 2021 · 12 comments
Labels
kind/maintenance Work required to avoid breaking changes or harm to project's status quo need/community-input Needs input from the wider community

Comments

@lidel
Copy link
Member

lidel commented Jun 8, 2021

We've made the Origin check more prominent in #148:

@lidel lidel added kind/maintenance Work required to avoid breaking changes or harm to project's status quo need/community-input Needs input from the wider community labels Jun 8, 2021
@lidel
Copy link
Member Author

lidel commented Jun 8, 2021

Pinging folks who added a gateway to the list in the past, for additional visibility:
@ntninja @go69 @HamedSepehr @aphelionz @joshfraser @obo20 @arhuman @Kcchouette @albertorositani @Jorropo @fooock @cwchristerw @jonaharagon @swedneck @herronjo @meehow @sixcorners @cofeein @SaltyLeo @didnt1able @SIUU @k1ic @weaming @ahmaks @lizelive @FireMasterK @carsenk @plibither8 @xmaysonnave @zikunfan @hybla0 @noormohammedb @CryptoZifter @Mas7erMind @ipfsgate @itargowoosung @gavfu @ivoputzer @Jeroen52

This is a PSA. If you have questions regarding subdomain gateway configuration:

@lidel lidel pinned this issue Jun 8, 2021
@Kcchouette

This comment has been minimized.

@Jorropo
Copy link
Contributor

Jorropo commented Jun 8, 2021

Thx for the ping, I'm in the process to enable it (I recently moved my dns to self hosted for simpler ACME challenges).

I want still to point out that there are legit and safe use case for non origin isolated gateways.
I get about 1 request per second. Most of them are from webtorrent webseeds, or other use cases where my gateway just serve files.
So the website is on an other isolated gateway and it embeds ressources from mine (hopefully using webtorrent or integrity atributes). (Origin isolated gateways could also do the same just fine)

@aphelionz
Copy link
Contributor

Thanks @lidel

Anybody know a good domain registrar that will allow me to have a wildcard domain? I'll start the transfer process ASAP if somebody can recommend a good one.

@lidel
Copy link
Member Author

lidel commented Jun 8, 2021

@aphelionz every DNS registrar should support wildcard domain names, but if you are looking for a cheap one https://www.cloudflare.com/products/registrar/ usually has the lowest renewal rates.

@Jorropo
Copy link
Contributor

Jorropo commented Jun 11, 2021

@aphelionz every DNS registrar should support wildcard domain names, but if you are looking for a cheap one cloudflare.com/products/registrar usually has the lowest renewal rates.

At worst if it doesn't you can just setup your own BIND9 servers and just point the NS domains onto them.

@cwchristerw
Copy link
Contributor

I have hosted IPFS in specific subdomain before using Path Gateway. I'm not sure if I'm going to start using Subdomain gateway because previously it caused my servers to run out of memory.

@weaming
Copy link
Contributor

weaming commented Jun 23, 2021

image

Implemented Origin isolation for IPFS!

Use Cloudflare + Let's Encryption (acme.sh) + nginx.

@lidel
Copy link
Member Author

lidel commented Jun 23, 2021

@cwchristerw There should be no meaningful difference in memory use between path and subdomain gateways – the cause of your issues is most likely elsewhere. if you want to find the cause, go-ipfs/docs/debug-guide.md will be useful, then fill issue against https://github.com/ipfs/go-ipfs

@cwchristerw
Copy link
Contributor

@lidel Yeah it was typo 😄 I was meant to say that currently my gateway is offline because IPFS used too much memory 😄

@SgtPooki
Copy link
Member

I think we could link to this from the README and then close. open to PR for that from anyone. (or I will get to it)

@SgtPooki SgtPooki removed their assignment Jul 13, 2022
@lidel
Copy link
Member Author

lidel commented Jul 19, 2022

iirc I kept it open only as a PSA, we can just close this:

@lidel lidel closed this as completed Jul 19, 2022
Repository owner moved this from To do to Done in IPFS-GUI (PL EngRes) Jul 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/maintenance Work required to avoid breaking changes or harm to project's status quo need/community-input Needs input from the wider community
Projects
No open projects
Archived in project
Development

No branches or pull requests

7 participants