From 48a69071c05d0570cdb0dc7a9b07a0bd204c0743 Mon Sep 17 00:00:00 2001 From: Henrique Dias Date: Wed, 5 Oct 2022 12:16:47 +0200 Subject: [PATCH 1/8] fix: add UseInlinedDNSLink flag to configuration --- config/gateway.go | 4 ++++ core/corehttp/hostname.go | 10 +++++----- core/corehttp/hostname_test.go | 36 +++++++++++++++++++--------------- 3 files changed, 29 insertions(+), 21 deletions(-) diff --git a/config/gateway.go b/config/gateway.go index 71b57dca679..96db0d69e63 100644 --- a/config/gateway.go +++ b/config/gateway.go @@ -18,6 +18,10 @@ type GatewaySpec struct { // NoDNSLink configures this gateway to _not_ resolve DNSLink for the FQDN // provided in `Host` HTTP header. NoDNSLink bool + + // UseInlinedDNSLink configures this gateway to always inline DNSLink entries + // into a single label in order to be DNS Safe. + UseInlinedDNSLink bool } // Gateway contains options for the HTTP gateway server. diff --git a/core/corehttp/hostname.go b/core/corehttp/hostname.go index 5445740e634..85ccd3a72a1 100644 --- a/core/corehttp/hostname.go +++ b/core/corehttp/hostname.go @@ -84,7 +84,7 @@ func HostnameOption() ServeOption { if gw.UseSubdomains { // Yes, redirect if applicable // Example: dweb.link/ipfs/{cid} → {cid}.ipfs.dweb.link - newURL, err := toSubdomainURL(host, r.URL.Path, r, coreAPI) + newURL, err := toSubdomainURL(host, r.URL.Path, r, gw.UseInlinedDNSLink, coreAPI) if err != nil { http.Error(w, err.Error(), http.StatusBadRequest) return @@ -149,7 +149,7 @@ func HostnameOption() ServeOption { } if !strings.HasPrefix(r.Host, dnsCID) { dnsPrefix := "/" + ns + "/" + dnsCID - newURL, err := toSubdomainURL(gwHostname, dnsPrefix+r.URL.Path, r, coreAPI) + newURL, err := toSubdomainURL(gwHostname, dnsPrefix+r.URL.Path, r, gw.UseInlinedDNSLink, coreAPI) if err != nil { http.Error(w, err.Error(), http.StatusBadRequest) return @@ -165,7 +165,7 @@ func HostnameOption() ServeOption { // Do we need to fix multicodec in PeerID represented as CIDv1? if isPeerIDNamespace(ns) { if rootCID.Type() != cid.Libp2pKey { - newURL, err := toSubdomainURL(gwHostname, pathPrefix+r.URL.Path, r, coreAPI) + newURL, err := toSubdomainURL(gwHostname, pathPrefix+r.URL.Path, r, gw.UseInlinedDNSLink, coreAPI) if err != nil { http.Error(w, err.Error(), http.StatusBadRequest) return @@ -451,7 +451,7 @@ func toDNSLinkFQDN(dnsLabel string) (fqdn string) { } // Converts a hostname/path to a subdomain-based URL, if applicable. -func toSubdomainURL(hostname, path string, r *http.Request, ipfs iface.CoreAPI) (redirURL string, err error) { +func toSubdomainURL(hostname, path string, r *http.Request, inlineDNSLink bool, ipfs iface.CoreAPI) (redirURL string, err error) { var scheme, ns, rootID, rest string query := r.URL.RawQuery @@ -554,7 +554,7 @@ func toSubdomainURL(hostname, path string, r *http.Request, ipfs iface.CoreAPI) // can be loaded from a subdomain gateway with a wildcard TLS cert if // represented as a single DNS label: // https://my-v--long-example-com.ipns.dweb.link - if isHTTPS && ns == "ipns" && strings.Contains(rootID, ".") { + if (inlineDNSLink || isHTTPS) && ns == "ipns" && strings.Contains(rootID, ".") { if isDNSLinkName(r.Context(), ipfs, rootID) { // my.v-long.example.com → my-v--long-example-com dnsLabel, err := toDNSLinkDNSLabel(rootID) diff --git a/core/corehttp/hostname_test.go b/core/corehttp/hostname_test.go index 60b53723994..6f0713528bc 100644 --- a/core/corehttp/hostname_test.go +++ b/core/corehttp/hostname_test.go @@ -36,35 +36,39 @@ func TestToSubdomainURL(t *testing.T) { for _, test := range []struct { // in: - request *http.Request - gwHostname string - path string + request *http.Request + gwHostname string + inlineDNSLink bool + path string // out: url string err error }{ // DNSLink - {httpRequest, "localhost", "/ipns/dnslink.io", "http://dnslink.io.ipns.localhost/", nil}, + {httpRequest, "localhost", false, "/ipns/dnslink.io", "http://dnslink.io.ipns.localhost/", nil}, // Hostname with port - {httpRequest, "localhost:8080", "/ipns/dnslink.io", "http://dnslink.io.ipns.localhost:8080/", nil}, + {httpRequest, "localhost:8080", false, "/ipns/dnslink.io", "http://dnslink.io.ipns.localhost:8080/", nil}, // CIDv0 → CIDv1base32 - {httpRequest, "localhost", "/ipfs/QmbCMUZw6JFeZ7Wp9jkzbye3Fzp2GGcPgC3nmeUjfVF87n", "http://bafybeif7a7gdklt6hodwdrmwmxnhksctcuav6lfxlcyfz4khzl3qfmvcgu.ipfs.localhost/", nil}, + {httpRequest, "localhost", false, "/ipfs/QmbCMUZw6JFeZ7Wp9jkzbye3Fzp2GGcPgC3nmeUjfVF87n", "http://bafybeif7a7gdklt6hodwdrmwmxnhksctcuav6lfxlcyfz4khzl3qfmvcgu.ipfs.localhost/", nil}, // CIDv1 with long sha512 - {httpRequest, "localhost", "/ipfs/bafkrgqe3ohjcjplc6n4f3fwunlj6upltggn7xqujbsvnvyw764srszz4u4rshq6ztos4chl4plgg4ffyyxnayrtdi5oc4xb2332g645433aeg", "", errors.New("CID incompatible with DNS label length limit of 63: kf1siqrebi3vir8sab33hu5vcy008djegvay6atmz91ojesyjs8lx350b7y7i1nvyw2haytfukfyu2f2x4tocdrfa0zgij6p4zpl4u5oj")}, + {httpRequest, "localhost", false, "/ipfs/bafkrgqe3ohjcjplc6n4f3fwunlj6upltggn7xqujbsvnvyw764srszz4u4rshq6ztos4chl4plgg4ffyyxnayrtdi5oc4xb2332g645433aeg", "", errors.New("CID incompatible with DNS label length limit of 63: kf1siqrebi3vir8sab33hu5vcy008djegvay6atmz91ojesyjs8lx350b7y7i1nvyw2haytfukfyu2f2x4tocdrfa0zgij6p4zpl4u5oj")}, // PeerID as CIDv1 needs to have libp2p-key multicodec - {httpRequest, "localhost", "/ipns/QmY3hE8xgFCjGcz6PHgnvJz5HZi1BaKRfPkn1ghZUcYMjD", "http://k2k4r8n0flx3ra0y5dr8fmyvwbzy3eiztmtq6th694k5a3rznayp3e4o.ipns.localhost/", nil}, - {httpRequest, "localhost", "/ipns/bafybeickencdqw37dpz3ha36ewrh4undfjt2do52chtcky4rxkj447qhdm", "http://k2k4r8l9ja7hkzynavdqup76ou46tnvuaqegbd04a4o1mpbsey0meucb.ipns.localhost/", nil}, + {httpRequest, "localhost", false, "/ipns/QmY3hE8xgFCjGcz6PHgnvJz5HZi1BaKRfPkn1ghZUcYMjD", "http://k2k4r8n0flx3ra0y5dr8fmyvwbzy3eiztmtq6th694k5a3rznayp3e4o.ipns.localhost/", nil}, + {httpRequest, "localhost", false, "/ipns/bafybeickencdqw37dpz3ha36ewrh4undfjt2do52chtcky4rxkj447qhdm", "http://k2k4r8l9ja7hkzynavdqup76ou46tnvuaqegbd04a4o1mpbsey0meucb.ipns.localhost/", nil}, // PeerID: ed25519+identity multihash → CIDv1Base36 - {httpRequest, "localhost", "/ipns/12D3KooWFB51PRY9BxcXSH6khFXw1BZeszeLDy7C8GciskqCTZn5", "http://k51qzi5uqu5di608geewp3nqkg0bpujoasmka7ftkyxgcm3fh1aroup0gsdrna.ipns.localhost/", nil}, - {httpRequest, "sub.localhost", "/ipfs/QmbCMUZw6JFeZ7Wp9jkzbye3Fzp2GGcPgC3nmeUjfVF87n", "http://bafybeif7a7gdklt6hodwdrmwmxnhksctcuav6lfxlcyfz4khzl3qfmvcgu.ipfs.sub.localhost/", nil}, + {httpRequest, "localhost", false, "/ipns/12D3KooWFB51PRY9BxcXSH6khFXw1BZeszeLDy7C8GciskqCTZn5", "http://k51qzi5uqu5di608geewp3nqkg0bpujoasmka7ftkyxgcm3fh1aroup0gsdrna.ipns.localhost/", nil}, + {httpRequest, "sub.localhost", false, "/ipfs/QmbCMUZw6JFeZ7Wp9jkzbye3Fzp2GGcPgC3nmeUjfVF87n", "http://bafybeif7a7gdklt6hodwdrmwmxnhksctcuav6lfxlcyfz4khzl3qfmvcgu.ipfs.sub.localhost/", nil}, // HTTPS requires DNSLink name to fit in a single DNS label – see "Option C" from https://github.com/ipfs/in-web-browsers/issues/169 - {httpRequest, "dweb.link", "/ipns/dnslink.long-name.example.com", "http://dnslink.long-name.example.com.ipns.dweb.link/", nil}, - {httpsRequest, "dweb.link", "/ipns/dnslink.long-name.example.com", "https://dnslink-long--name-example-com.ipns.dweb.link/", nil}, - {httpsProxiedRequest, "dweb.link", "/ipns/dnslink.long-name.example.com", "https://dnslink-long--name-example-com.ipns.dweb.link/", nil}, + {httpRequest, "dweb.link", false, "/ipns/dnslink.long-name.example.com", "http://dnslink.long-name.example.com.ipns.dweb.link/", nil}, + {httpsRequest, "dweb.link", false, "/ipns/dnslink.long-name.example.com", "https://dnslink-long--name-example-com.ipns.dweb.link/", nil}, + {httpsProxiedRequest, "dweb.link", false, "/ipns/dnslink.long-name.example.com", "https://dnslink-long--name-example-com.ipns.dweb.link/", nil}, + // HTTP requests can also be converted to fit into a single DNS label - https://github.com/ipfs/kubo/issues/9243 + {httpRequest, "localhost", true, "/ipns/dnslink.long-name.example.com", "http://dnslink-long--name-example-com.ipns.localhost/", nil}, + {httpRequest, "dweb.link", true, "/ipns/dnslink.long-name.example.com", "http://dnslink-long--name-example-com.ipns.dweb.link/", nil}, } { - url, err := toSubdomainURL(test.gwHostname, test.path, test.request, coreAPI) + url, err := toSubdomainURL(test.gwHostname, test.path, test.request, test.inlineDNSLink, coreAPI) if url != test.url || !equalError(err, test.err) { - t.Errorf("(%s, %s) returned (%s, %v), expected (%s, %v)", test.gwHostname, test.path, url, err, test.url, test.err) + t.Errorf("(%s, %v, %s) returned (%s, %v), expected (%s, %v)", test.gwHostname, test.inlineDNSLink, test.path, url, err, test.url, test.err) } } } From 08712ecb9b6ee9fbf7e15f2528c006603435e708 Mon Sep 17 00:00:00 2001 From: Henrique Dias Date: Wed, 5 Oct 2022 13:33:42 +0200 Subject: [PATCH 2/8] test: add sharness tests for dnslink inlining --- test/sharness/t0114-gateway-subdomains.sh | 32 +++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/test/sharness/t0114-gateway-subdomains.sh b/test/sharness/t0114-gateway-subdomains.sh index 0dad1e95c1a..fd1c44bd12f 100755 --- a/test/sharness/t0114-gateway-subdomains.sh +++ b/test/sharness/t0114-gateway-subdomains.sh @@ -323,6 +323,38 @@ test_localhost_gateway_response_should_contain \ "http://api.localhost:$GWAY_PORT/api/v0/refs?arg=$DIR_CID&r=true" \ "Ref" +## ============================================================================ +## Test DNSLink inlining on HTTP gateways +## ============================================================================ + +# set explicit subdomain gateway config for the hostname +ipfs config --json Gateway.PublicGateways '{ + "localhost": { + "UseSubdomains": true, + "UseInlinedDNSLink": true, + "Paths": ["/ipfs", "/ipns", "/api"] + }, + "example.com": { + "UseSubdomains": true, + "UseInlinedDNSLink": true, + "Paths": ["/ipfs", "/ipns", "/api"] + } +}' || exit 1 +# restart daemon to apply config changes +test_kill_ipfs_daemon +test_launch_ipfs_daemon_without_network + +test_localhost_gateway_response_should_contain \ + "request for localhost/ipns/{fqdn} redirects to DNSLink in subdomain with DNS inlining" \ + "http://localhost:$GWAY_PORT/ipns/en.wikipedia-on-ipfs.org/wiki" \ + "Location: http://en-wikipedia--on--ipfs-org.ipns.localhost:$GWAY_PORT/wiki" + +test_hostname_gateway_response_should_contain \ + "request for example.com/ipns/{fqdn} redirects to DNSLink in subdomain with DNS inlining" \ + "example.com" \ + "http://127.0.0.1:$GWAY_PORT/ipns/en.wikipedia-on-ipfs.org/wiki" \ + "Location: http://en-wikipedia--on--ipfs-org.ipns.example.com/wiki" + ## ============================================================================ ## Test subdomain-based requests with a custom hostname config ## (origin per content root at http://*.example.com) From 6328fcaba9448320f0f7db180bea161347f6d49d Mon Sep 17 00:00:00 2001 From: Henrique Dias Date: Wed, 5 Oct 2022 13:37:32 +0200 Subject: [PATCH 3/8] docs: add UseInlinedDNSLink --- docs/config.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/config.md b/docs/config.md index 80fc0f24343..cb4c19df795 100644 --- a/docs/config.md +++ b/docs/config.md @@ -59,6 +59,7 @@ config file at runtime. - [`Gateway.PublicGateways: Paths`](#gatewaypublicgateways-paths) - [`Gateway.PublicGateways: UseSubdomains`](#gatewaypublicgateways-usesubdomains) - [`Gateway.PublicGateways: NoDNSLink`](#gatewaypublicgateways-nodnslink) + - [`Gateway.PublicGateways: UseInlinedDNSLink`](#gatewaypublicgateways-useinlineddnslink) - [Implicit defaults of `Gateway.PublicGateways`](#implicit-defaults-of-gatewaypublicgateways) - [`Gateway` recipes](#gateway-recipes) - [`Identity`](#identity) @@ -767,6 +768,15 @@ Default: `false` (DNSLink lookup enabled by default for every defined hostname) Type: `bool` +#### `Gateway.PublicGateways: UseInlinedDNSLink` + +A boolean to configure whether the DNSLink subdomain redirects use +inlined DNS Link, such that it fits into a single DNS entry. + +Default: `false` + +Type: `bool` + #### Implicit defaults of `Gateway.PublicGateways` Default entries for `localhost` hostname and loopback IPs are always present. From 2f342529aa0d0d3940c01bd1ed9b05d882b505bf Mon Sep 17 00:00:00 2001 From: Henrique Dias Date: Tue, 11 Oct 2022 10:45:18 +0200 Subject: [PATCH 4/8] refactor: use Flag instead of bool --- config/gateway.go | 4 +++- core/corehttp/hostname.go | 10 +++++++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/config/gateway.go b/config/gateway.go index 96db0d69e63..68b2164c6d5 100644 --- a/config/gateway.go +++ b/config/gateway.go @@ -1,5 +1,7 @@ package config +const DefaultUseInlinedDNSLink = false + type GatewaySpec struct { // Paths is explicit list of path prefixes that should be handled by // this gateway. Example: `["/ipfs", "/ipns", "/api"]` @@ -21,7 +23,7 @@ type GatewaySpec struct { // UseInlinedDNSLink configures this gateway to always inline DNSLink entries // into a single label in order to be DNS Safe. - UseInlinedDNSLink bool + UseInlinedDNSLink Flag } // Gateway contains options for the HTTP gateway server. diff --git a/core/corehttp/hostname.go b/core/corehttp/hostname.go index 85ccd3a72a1..0ef44805407 100644 --- a/core/corehttp/hostname.go +++ b/core/corehttp/hostname.go @@ -84,7 +84,8 @@ func HostnameOption() ServeOption { if gw.UseSubdomains { // Yes, redirect if applicable // Example: dweb.link/ipfs/{cid} → {cid}.ipfs.dweb.link - newURL, err := toSubdomainURL(host, r.URL.Path, r, gw.UseInlinedDNSLink, coreAPI) + useInlinedDNSLink := gw.UseInlinedDNSLink.WithDefault(config.DefaultUseInlinedDNSLink) + newURL, err := toSubdomainURL(host, r.URL.Path, r, useInlinedDNSLink, coreAPI) if err != nil { http.Error(w, err.Error(), http.StatusBadRequest) return @@ -132,6 +133,9 @@ func HostnameOption() ServeOption { // Assemble original path prefix. pathPrefix := "/" + ns + "/" + rootID + // Retrieve whether or not we should inline DNSLink. + useInlinedDNSLink := gw.UseInlinedDNSLink.WithDefault(config.DefaultUseInlinedDNSLink) + // Does this gateway _handle_ subdomains AND this path? if !(gw.UseSubdomains && hasPrefix(pathPrefix, gw.Paths...)) { // If not, resource does not exist, return 404 @@ -149,7 +153,7 @@ func HostnameOption() ServeOption { } if !strings.HasPrefix(r.Host, dnsCID) { dnsPrefix := "/" + ns + "/" + dnsCID - newURL, err := toSubdomainURL(gwHostname, dnsPrefix+r.URL.Path, r, gw.UseInlinedDNSLink, coreAPI) + newURL, err := toSubdomainURL(gwHostname, dnsPrefix+r.URL.Path, r, useInlinedDNSLink, coreAPI) if err != nil { http.Error(w, err.Error(), http.StatusBadRequest) return @@ -165,7 +169,7 @@ func HostnameOption() ServeOption { // Do we need to fix multicodec in PeerID represented as CIDv1? if isPeerIDNamespace(ns) { if rootCID.Type() != cid.Libp2pKey { - newURL, err := toSubdomainURL(gwHostname, pathPrefix+r.URL.Path, r, gw.UseInlinedDNSLink, coreAPI) + newURL, err := toSubdomainURL(gwHostname, pathPrefix+r.URL.Path, r, useInlinedDNSLink, coreAPI) if err != nil { http.Error(w, err.Error(), http.StatusBadRequest) return From 648592f3f0f51d559aee88b885d01f7e8975b0e9 Mon Sep 17 00:00:00 2001 From: Henrique Dias Date: Tue, 11 Oct 2022 10:47:26 +0200 Subject: [PATCH 5/8] docs: update UseInlinedDNSLink option type --- docs/config.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/config.md b/docs/config.md index cb4c19df795..50fe059ef7b 100644 --- a/docs/config.md +++ b/docs/config.md @@ -775,7 +775,7 @@ inlined DNS Link, such that it fits into a single DNS entry. Default: `false` -Type: `bool` +Type: `flag` #### Implicit defaults of `Gateway.PublicGateways` From 362fb398e4395d9bc89bf7b7b596cfc0fe330329 Mon Sep 17 00:00:00 2001 From: Marcin Rataj Date: Tue, 11 Oct 2022 14:10:29 +0200 Subject: [PATCH 6/8] docs: inlining DNSLink on subdomains additional explanations, as this is very low level and nuanced feature --- config/gateway.go | 5 +++-- docs/config.md | 17 ++++++++++++++--- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/config/gateway.go b/config/gateway.go index 68b2164c6d5..edc20ffbfa5 100644 --- a/config/gateway.go +++ b/config/gateway.go @@ -21,8 +21,9 @@ type GatewaySpec struct { // provided in `Host` HTTP header. NoDNSLink bool - // UseInlinedDNSLink configures this gateway to always inline DNSLink entries - // into a single label in order to be DNS Safe. + // UseInlinedDNSLink configures this gateway to always inline DNSLink names + // (FQDN) into a single DNS label in order to interop with wildcard TLS certs + // and Origin per CID isolation provided by rules like https://publicsuffix.org UseInlinedDNSLink Flag } diff --git a/docs/config.md b/docs/config.md index 50fe059ef7b..e0a3e02190e 100644 --- a/docs/config.md +++ b/docs/config.md @@ -150,7 +150,7 @@ config file at runtime. - [`Swarm.Transports.Network.QUIC`](#swarmtransportsnetworkquic) - [`Swarm.Transports.Network.Relay`](#swarmtransportsnetworkrelay) - [`Swarm.Transports.Network.WebTransport`](#swarmtransportsnetworkwebtransport) - - [`How to enable WebTransport`](#how-to-enable-webtransport) + - [How to enable WebTransport](#how-to-enable-webtransport) - [`Swarm.Transports.Security`](#swarmtransportssecurity) - [`Swarm.Transports.Security.TLS`](#swarmtransportssecuritytls) - [`Swarm.Transports.Security.SECIO`](#swarmtransportssecuritysecio) @@ -770,8 +770,19 @@ Type: `bool` #### `Gateway.PublicGateways: UseInlinedDNSLink` -A boolean to configure whether the DNSLink subdomain redirects use -inlined DNS Link, such that it fits into a single DNS entry. +An optional flag to explicitly configure whether subdomain gateway's redirects +(enabled by `UseSubdomains: true`) should always inline a DNSLink name (FQDN) +into a single DNS label: + +``` +example.com/ipns/example.net → example-net.ipns.example.com +``` + +DNSLink name inlining allows for HTTPS on public subdomain gateways with single +label wildcard TLS certs (also enabled when passing `X-Forwarded-Proto: https`), +and provides disjoint Origin per root CID when special rules like +https://publicsuffix.org, or a custom localhost logic in browsers like Brave +has to be applied. Default: `false` From d1fdd765d3f99ccab2640e2cbb803196b594aadf Mon Sep 17 00:00:00 2001 From: Marcin Rataj Date: Tue, 11 Oct 2022 14:15:45 +0200 Subject: [PATCH 7/8] =?UTF-8?q?refactor:=20UseInlinedDNSLink=20=E2=86=92?= =?UTF-8?q?=20InlineDNSLink?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit since this is a Flag and not bool, we can have shorter name --- config/gateway.go | 6 +++--- core/corehttp/hostname.go | 4 ++-- docs/config.md | 6 +++--- test/sharness/t0114-gateway-subdomains.sh | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/config/gateway.go b/config/gateway.go index edc20ffbfa5..8b8c65d1db5 100644 --- a/config/gateway.go +++ b/config/gateway.go @@ -1,6 +1,6 @@ package config -const DefaultUseInlinedDNSLink = false +const DefaultInlineDNSLink = false type GatewaySpec struct { // Paths is explicit list of path prefixes that should be handled by @@ -21,10 +21,10 @@ type GatewaySpec struct { // provided in `Host` HTTP header. NoDNSLink bool - // UseInlinedDNSLink configures this gateway to always inline DNSLink names + // InlineDNSLink configures this gateway to always inline DNSLink names // (FQDN) into a single DNS label in order to interop with wildcard TLS certs // and Origin per CID isolation provided by rules like https://publicsuffix.org - UseInlinedDNSLink Flag + InlineDNSLink Flag } // Gateway contains options for the HTTP gateway server. diff --git a/core/corehttp/hostname.go b/core/corehttp/hostname.go index 0ef44805407..39e857aadfb 100644 --- a/core/corehttp/hostname.go +++ b/core/corehttp/hostname.go @@ -84,7 +84,7 @@ func HostnameOption() ServeOption { if gw.UseSubdomains { // Yes, redirect if applicable // Example: dweb.link/ipfs/{cid} → {cid}.ipfs.dweb.link - useInlinedDNSLink := gw.UseInlinedDNSLink.WithDefault(config.DefaultUseInlinedDNSLink) + useInlinedDNSLink := gw.InlineDNSLink.WithDefault(config.DefaultInlineDNSLink) newURL, err := toSubdomainURL(host, r.URL.Path, r, useInlinedDNSLink, coreAPI) if err != nil { http.Error(w, err.Error(), http.StatusBadRequest) @@ -134,7 +134,7 @@ func HostnameOption() ServeOption { pathPrefix := "/" + ns + "/" + rootID // Retrieve whether or not we should inline DNSLink. - useInlinedDNSLink := gw.UseInlinedDNSLink.WithDefault(config.DefaultUseInlinedDNSLink) + useInlinedDNSLink := gw.InlineDNSLink.WithDefault(config.DefaultInlineDNSLink) // Does this gateway _handle_ subdomains AND this path? if !(gw.UseSubdomains && hasPrefix(pathPrefix, gw.Paths...)) { diff --git a/docs/config.md b/docs/config.md index e0a3e02190e..ab6f12a2718 100644 --- a/docs/config.md +++ b/docs/config.md @@ -59,7 +59,7 @@ config file at runtime. - [`Gateway.PublicGateways: Paths`](#gatewaypublicgateways-paths) - [`Gateway.PublicGateways: UseSubdomains`](#gatewaypublicgateways-usesubdomains) - [`Gateway.PublicGateways: NoDNSLink`](#gatewaypublicgateways-nodnslink) - - [`Gateway.PublicGateways: UseInlinedDNSLink`](#gatewaypublicgateways-useinlineddnslink) + - [`Gateway.PublicGateways: InlineDNSLink`](#gatewaypublicgateways-inlinednslink) - [Implicit defaults of `Gateway.PublicGateways`](#implicit-defaults-of-gatewaypublicgateways) - [`Gateway` recipes](#gateway-recipes) - [`Identity`](#identity) @@ -768,14 +768,14 @@ Default: `false` (DNSLink lookup enabled by default for every defined hostname) Type: `bool` -#### `Gateway.PublicGateways: UseInlinedDNSLink` +#### `Gateway.PublicGateways: InlineDNSLink` An optional flag to explicitly configure whether subdomain gateway's redirects (enabled by `UseSubdomains: true`) should always inline a DNSLink name (FQDN) into a single DNS label: ``` -example.com/ipns/example.net → example-net.ipns.example.com +//example.com/ipns/example.net → HTTP 301 → //example-net.ipns.example.com ``` DNSLink name inlining allows for HTTPS on public subdomain gateways with single diff --git a/test/sharness/t0114-gateway-subdomains.sh b/test/sharness/t0114-gateway-subdomains.sh index fd1c44bd12f..a7e5a59c938 100755 --- a/test/sharness/t0114-gateway-subdomains.sh +++ b/test/sharness/t0114-gateway-subdomains.sh @@ -331,12 +331,12 @@ test_localhost_gateway_response_should_contain \ ipfs config --json Gateway.PublicGateways '{ "localhost": { "UseSubdomains": true, - "UseInlinedDNSLink": true, + "InlineDNSLink": true, "Paths": ["/ipfs", "/ipns", "/api"] }, "example.com": { "UseSubdomains": true, - "UseInlinedDNSLink": true, + "InlineDNSLink": true, "Paths": ["/ipfs", "/ipns", "/api"] } }' || exit 1 From 6dbb9505d3f679709ad88278b63a68c98a9e240f Mon Sep 17 00:00:00 2001 From: Marcin Rataj Date: Tue, 11 Oct 2022 15:44:31 +0200 Subject: [PATCH 8/8] docs: cleanup headings --- docs/config.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/config.md b/docs/config.md index ab6f12a2718..844109a799b 100644 --- a/docs/config.md +++ b/docs/config.md @@ -150,7 +150,7 @@ config file at runtime. - [`Swarm.Transports.Network.QUIC`](#swarmtransportsnetworkquic) - [`Swarm.Transports.Network.Relay`](#swarmtransportsnetworkrelay) - [`Swarm.Transports.Network.WebTransport`](#swarmtransportsnetworkwebtransport) - - [How to enable WebTransport](#how-to-enable-webtransport) + - [How to enable WebTransport](#how-to-enable-webtransport) - [`Swarm.Transports.Security`](#swarmtransportssecurity) - [`Swarm.Transports.Security.TLS`](#swarmtransportssecuritytls) - [`Swarm.Transports.Security.SECIO`](#swarmtransportssecuritysecio) @@ -1985,7 +1985,7 @@ Default: Disabled Type: `flag` -#### How to enable WebTransport +##### How to enable WebTransport Thoses steps are temporary and wont be needed once we make it enabled by default.