Allow the hosted node to accept secure websocket connections

[dholms]

Summary

Problem

In-browser nodes can only communicate via WebRTC and Websocket connections and therefore can't reach our hosted node.

Impact

If a user does not use an ipfs-enabled browser and falls back to an in-browser js-ipfs node, their node will be siloed from our network.

Solution

• Make the hosted node listen for incoming websocket connections
• go-ipfs only supports ws not wss
  • Allow wss through something like nginx
  • Unsure if js-ipfs supports wss

Detail

Enable websockets
Add an address of the format /ip4/127.0.0.1/tcp/4002/ws to ~/.ipfs/config or ~/.jsipfs/config

Some relevant threads
libp2p/go-libp2p#188
ipfs/kubo#3907
INFURA/infura#101

To test with User settings app

• Add peerID of hosted node to bootstrap list in src/ipfs/preferences.js(8)
• Run app
• Either:
  • Change user settings and the query web-api at hostless.dev to check that it can find CID
  • Log peer list of js-ipfs node after connect and make sure it includes the relevant peerID. Something like:

const getIpfs = async () => {
  const ipfs = await getIpfsWithConfig({
    bootstrap: [
      "/ip4/127.0.0.1/tcp/4002/ws/ipfs/QmY4N8hPzGQUPDJc8tMWuQokJswStUZk9SkBACCHoVZpCS"
    ]
  });
  setTimeout(async () => {
    const peers = await ipfs.swarm.peers()
    console.log("Peerlist: ", peers)
  }, 2000)
  return ipfs
};

(in src/ipfs/preferences)

[expede]

So the good news is that we probably can delay doing this in code for a while, since we have a TLS proxy already 👍

[expede]

No need, cluster is set up with Nginx