HTTPS is enabled but I don't see any peer-to-peer connection to it

YaCy YaCy Peer-to-Peer
1

Hello,
I have a few day old node and everything seems to work smoothly. I have installed certbot and when I connect in https to my interface, everything works fine. I set up the seed sharing and the network acknoledge my node as Principal. I use the docker version 1.940/3ede322f5.

However, when I look I my web traffic, I don’t see any connection from a peer that is through https. Everything goes through http. If I close the http port, YaCy tells me I’m isolated. That’s congruent with the fact that, in the peer-to-peer table (/Network.html?page=1&maxCount=1000), I don’t have the little lock near the node name.

But I don’t understand why:

  • I checked the box to activate SSL
  • My internet box is forwarding 80, 8090 to the frontend proxy on the http port and 443 and 8443 to ssl port (I use vhosts)
  • YaCy can be reached from outside while adressing 8090 (normal), 443 (SSL), 8443 (SSL). 80 will redirect to 443, most of the time this is for human users.
  • I set up, in the server access page (/Settings_p.html?page=ServerAccess), * as a IP filter, my domain name as a static IP (because I have a stable domain name but a dynamic ip), my public port was set to 8090 and then 8443 but neither change anything. I didn’t change fileHost (localpeerr). My internal port are still 8090 and 8443.

I don’t know what I miss very few nodes have the little lock and I guess many other would like to have it.

Can you please help me to setup encrypted communication correctly?

2

Hi, and thanks for the report, it seems diligent!

how did you connect that with yacy?

both in /ConfigPortal_p.html Remote search encryption and /ConfigNetwork_p.html Protocol operations encryption, right?

In fact, I’m not sure, how does that work in my instance, have to check the ssl traffic. How did you check, whith tcpdump?

3

I meant that, of course, I execute YaCy behind a nginx instance that blocks bad ips and such (it’s also running crowdsec). So YaCy is a backend for nginx. Depending of the port nginx do a http or a https forwarding.

Nginx is the bearer of the let’s encrypt certificate and, when passing to YaCy it will just ignore the fact that the YaCy certificate is self-signed because I told it to ignore that.

So I run certbot for nginx. Pretty standard stuff.

To check for the https traffic, I simply look at my nginx logs that I customized to add scheme and port. The first tells me if https was asked and the second tells me on which port the connection occurs.

From the outside, I can reach the YaCy instance in https. But no peer seems to try. I guess that’s because, in the p2p list I do not have the lock besides the name so the other peers don’t try.

I hope the nodes don’t try to do a IP->name check because I use a dynamic DNS and therfore they would have the name given by my provider instead of the servername.