You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What: When installing a data node you should be prompted to set up an SSL Certificate. Better still this is automated using something like Let's Encrypt so that SSL Certificates are issued with little extra effort.
Why: GraphQL subscriptions require an SSL certificate to work. Without subscriptions clients will have to poll to receive new data(refactoring Console to do this will take signfiicant effort and negatively effect its performance), or the user will have to refresh the page to see new data 🤢.
Having an SSL certificate is an essential part of running a data node, if you don't have ssl the node probably isn't providing much value.
As someone who is setting up a data node
I want to ensure I set up an SSL certificate
So that the node I run can be used for graphQL subscriptions (as well as enhanced security)
Closing as wont do. I have raised a comment in the protocol-design ticket to take this into consideration when creating the incentivised data-node spec: vegaprotocol/specs#685 (comment)
We have just discussed this on a call re: Console for mainnet and we need to ensure HTTPS is running on data nodes before incentivised data node. It is a requirement for Console for mainnet trading.
We should discuss this further before agreeing it is a #wontfix. The MVP / implementation of this we have in mind would be that the default config looks something like this:
[SSL]
# Set your data node domain name and email address below to enable auto https
# data_node_root_domain = datanode.mynode.com
# ssl_certificate_email = me@mynode.com
And the data node uses something like autocert to acquire an SSL certificate and enable HTTPS if you provided everything needed in the config. (We could also provide a log message on startup if you haven't done so, explaining that some features (GraphQL) won't work unless you enable it or run an HTTPS reverse proxy like Caddy.)
The alternative would be to try and ensure validators are using something lijke Caddy but we might end up with a low and variable hit rate and a large support job.
Feature Overview
What: When installing a data node you should be prompted to set up an SSL Certificate. Better still this is automated using something like Let's Encrypt so that SSL Certificates are issued with little extra effort.
Why: GraphQL subscriptions require an SSL certificate to work. Without subscriptions clients will have to poll to receive new data(refactoring Console to do this will take signfiicant effort and negatively effect its performance), or the user will have to refresh the page to see new data 🤢.
Having an SSL certificate is an essential part of running a data node, if you don't have ssl the node probably isn't providing much value.
As someone who is setting up a data node
I want to ensure I set up an SSL certificate
So that the node I run can be used for graphQL subscriptions (as well as enhanced security)
Specs
No spec to link to although...
vegaprotocol/specs#763 and
vegaprotocol/specs#684
are relevant.
Tasks
Product Owner
Suggest: @fkondej due to its devops like topic
Acceptance Criteria
Test Scenarios
Impacted Systems / Engines
I don't know
API Calls
none required
Dependencies
No dependencies at time of writing
The text was updated successfully, but these errors were encountered: