Comments (5)
Awesome stuff, thanks all for making this work!
from infra.
Hi @eminence,
thanks for the report! I believe this is a known bug, but I can't find the ticket. I suspect if I say @lidel's name three times, he just might appear with some context. :)
The message from Firefox is especially confusing since it certainly looks like ipfs.io.ipns.dweb.link matches the wildcard *.ipns.dweb.link
One of the "fun" quirks of DNS is that wildcards only work for that 1 level and but not multiple levels (sub-subdomains). The wildcard cert we have for *.ipns.ipfs.io
would be valid (but not functional) for just ipns
or io
, but not ipns.io
. Note: browsers do not support a super-wildcard cert like *.*.ipns.ipfs.io
or similar.
So the browser errors are to be expected given the domain we redirect to. That said, we shouldn't be redirecting to such a domain. It should be a <cid>
of the ipns record (or somesuch).
It might make sense to move this to go-ipfs
repo, but I'll hold off on moving for now.
from infra.
Ahh, I see. That is indeed a fun little quirk, though a bit disappointing. I guess in theory the redirection would be OK over http, but since dweb.link has HSTS, that's not relevant here. Turns out getting IPNS, HTTPS, and custom domains is a bit challanging!
Many thanks for the info
from infra.
If you mention me only once, it takes longer, but I will appear anyway! ;)
Indeed, it is unfortunate that DNSLink names trigger TLS error.
As @mburns noted, we can't have a certificate for more than a single wildcard level.
Potential solutions/workarounds are listed in ipfs/in-web-browsers#169:
- Personally I find (C) the most pragmatic
- works with existing infrastructure, we would just add support for single-label-encoding to go-ipfs and that is all
- TL;DR idea behind (C) is something like:
https://dweb.link/ipns/my.v-long.example.com
→https://my-v--long-example-com.ipns.dweb.link
Note:
- This is not a problem on local gateway at
*.ipns.localhost
because there is no TLS.- Sidenote: we don't need TLS because localhost addresses do not hit network and should be marked as Secure Contexts. This is already true in Chromium and will be the same in Firefox 84. We are working with Igalia to ensure that is indeed the behavior in all browsers and part of web platform tests (WPT) – recent updates can be found in ipfs/in-web-browsers#109 (comment)
from infra.
Thanks for appearing with some good info @lidel :) since this is a known issue, I'm happy to close this issue and move the discussion to the two in-web-browsers ticket you linked.
from infra.
Related Issues (20)
- Binary Hosting Causes Intermittent Failure HOT 12
- Create DNSLink for en.wikipedia-on-ipfs.org HOT 2
- Circle CI not deploying blog posts HOT 3
- MetaMask to start using *.ipfs.dweb.link for ENS-IPFS sites? HOT 9
- Missing redirect from https://archives.ipfs.io to https://awesome.ipfs.io/datasets/ HOT 1
- Enable `/api/v0/cid` at ipfs.io HOT 2
- Deprecate the SoLarnet bootstrappers HOT 3
- Install the Ajax panel in our Grafana HOT 2
- node0.preload.ipfs.io NET::ERR_CERT_COMMON_NAME_INVALID HOT 2
- 301 redirect for explorer.ipld.io → explore.ipld.io HOT 1
- *.delegate.ipfs.io NET::ERR_CERT_COMMON_NAME_INVALID
- Update dist.ipfs.io DNS HOT 2
- Update DNS for dist.ipfs.io HOT 3
- http://dweb.link shows 404 while https://dweb.link redirects HOT 3
- ERR_CONNECTION_REFUSED
- Update DNS for dist.ipfs.io
- test post, please ignore.
- test post, please ignore.
- invalid variable name "\$ipfspath" HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from infra.