How to use Secure Websocket with the swarm

Users and Developers rust
1

Im looking to enable secure websockets (wss) on my libp2p app. The example listed in the docs (WsConfig in libp2p::websocket - Rust) give an example of building a transport, but now how to integrate it with the swarm. Ive tried using the WsConfig with the with_websocket() function but I dont think I can use it there. Next I tried to use .with_other_transport() but could not figure out how to map the connections to what the function wants.

How can I add a wss transport to the swarm so I can listen on /ip/tcp/0/wss/%2Ftest (/ip/tcp/0/wss//test)

2

Hello @DeepBlue ,

Those are great questions. We just published a blog post that has some information about websockets and webtransports in rust-libp2p.

I don’t have the exact answer for you but if you jump on our Slack or Matrix chats and ping @DougAnderson444 he should be able to help you out.

Cheers! :beers:
Dave

1 Like
3

I was looking for the same thing and came up with this example

use anyhow::Result;
use libp2p::core::upgrade::Version;
use libp2p::futures::StreamExt;
use libp2p::swarm::NetworkBehaviour;
use libp2p::{dns, noise, ping, tcp, websocket, yamux, SwarmBuilder, Transport};
use tokio::fs;
use tracing_subscriber::{fmt, prelude::*, EnvFilter};

#[derive(NetworkBehaviour)]
struct Behaviour {
    ping: ping::Behaviour,
}

#[tokio::main]
async fn main() -> Result<()> {
    tracing_subscriber::registry()
        .with(fmt::layer())
        .with(EnvFilter::from_default_env())
        .init();

    let mut wss_transport = websocket::WsConfig::new(dns::tokio::Transport::system(
        tcp::tokio::Transport::new(tcp::Config::default()),
    )?);

    let pk = fs::read("./private.der").await?;
    let cert = fs::read("./fullchain.der").await?;
    let pk = websocket::tls::PrivateKey::new(pk);
    let cert = websocket::tls::Certificate::new(cert);
    wss_transport.set_tls_config(websocket::tls::Config::new(pk, vec![cert])?);

    // create a new libp2p node with gossipsub
    let mut swarm = SwarmBuilder::with_new_identity()
        .with_tokio()
        .with_tcp(
            tcp::Config::default(),
            noise::Config::new,
            yamux::Config::default,
        )?
        .with_other_transport(|local_key| {
            wss_transport
                .upgrade(Version::V1)
                .authenticate(noise::Config::new(local_key).unwrap())
                .multiplex(yamux::Config::default())
        })?
        // .with_websocket(
        //     (tls::Config::new, noise::Config::new),
        //     yamux::Config::default,
        // )
        // .await?
        .with_behaviour(|_| {
            let ping = ping::Behaviour::new(ping::Config::default());

            Ok(Behaviour { ping })
        })?
        .build();

    swarm.listen_on("/ip4/0.0.0.0/tcp/2121/wss".parse()?)?;

    loop {
        let _ = swarm.select_next_some().await;
    }
}
1 Like
4

Does this work to get secure websocket connections? I think typically we use websockets and then do Noise for the confidentiality instead of TLS. The next rust-libp2p meeting is next Tuesday, August 13th: rust-libp2p Open Maintainers Call · Luma I think you should show up and ask about this…you’ll get a better answer.

1 Like