Enable SSL
This step requires a signed certificate, (from a CA such as Let’s Encrypt) or a self-signed certificate. Both the private and public keys will be needed in a location that is accessible to Lisk SDK. |
The following code snippet displays the essential parameters required to enable SSL security on your node’s connections:
SSL configuration
{
"modules": {
"http_api": {
"ssl": {
"enabled": false, (1)
"options": {
"port": 443, (2)
"address": "0.0.0.0", (3)
"key": "path_to_key", (4)
"cert": "path_to_cert" (5)
}
}
}
}
}
1 | Change from false to true. |
2 | Default SSL Port. |
3 | Change only if it is required to block web access to the node. |
4 | Replace path_to_key with the actual path to the key file. |
5 | Replace path_to_cert with the actual path to the certificate file. |
If the SSL Port configured above in http_api.ssl.options.port is a privileged port (below 1024), then either the node must be allowed to use the specified port with setcap , or the configuration must be changed in order to to use a port outside of that range.
|
Setcap: This is only required to grant Lisk access to port 443.
sudo setcap cap_net_bind_service=+ep bin/node
To verify your node has been configured correctly, open the web client using this url: https://MY_IP_OR_HOST
.
A secure SSL connection should now be visible.
For more information about the configuration of the Lisk SDK check out the configuration guide.