1. Home
  2. Docs
  3. Chainlink Node Setup
  4. Chainlink Node Security
  5. Enabling HTTPS Connections (SSL Cert.)

Enabling HTTPS Connections (SSL Cert.)

Self Signed SSL Chainlink Guide

This guide will walk you through how to generate your own self-signed certificates for use by the Chainlink node. You can also substitute self-signed certificates with certificates of your own, like those created by Let’s Encrypt.

You will need OpenSSL in order to generate your own self-signed certificates.

Create a directory tls/ within your local Chainlink directory:

mkdir ~/.chainlink-ropsten/tls

mkdir ~/.chainlink-ropsten/tls

Run this command to create a server.crt and server.key file in the previously created directory:

openssl req -x509 -out ~/.chainlink-ropsten/tls/server.crt -keyout ~/.chainlink-ropsten/tls/server.key \ -newkey rsa:2048 -nodes -sha256 -days 365 \ -subj ‘/CN=localhost’ -extensions EXT -config <( \ printf “[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth”)

openssl req -x509 -out  ~/.chainlink-ropsten/tls/server.crt  -keyout ~/.chainlink-ropsten/tls/server.key \
  -newkey rsa:2048 -nodes -sha256 -days 365 \
  -subj '/CN=localhost' -extensions EXT -config <( \
   printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")

Next, add the TLS_CERT_PATH and TLS_KEY_PATH environment variables to your .env file.

echo “TLS_CERT_PATH=/chainlink/tls/server.crt TLS_KEY_PATH=/chainlink/tls/server.key” >> .env

echo "TLS_CERT_PATH=/chainlink/tls/server.crt
TLS_KEY_PATH=/chainlink/tls/server.key" >> .env

If CHAINLINK_TLS_PORT=0 is present in your .env file, remove it by running:

sed -i ‘/CHAINLINK_TLS_PORT=0/d’ .env

sed -i '/CHAINLINK_TLS_PORT=0/d' .env

And enable SECURE_COOKIES by running:

sed -i ‘/SECURE_COOKIES=false/d’ .env

sed -i '/SECURE_COOKIES=false/d' .env

Finally, update your run command to forward port 6689 to the container instead of 6688:

cd ~/.chainlink-ropsten && docker run -p 6689:6689 -v ~/.chainlink-ropsten:/chainlink -it –env-file=.env smartcontract/chainlink local n

cd ~/.chainlink-ropsten && docker run -p 6689:6689 -v ~/.chainlink-ropsten:/chainlink -it --env-file=.env smartcontract/chainlink local n

Now when running the node, you can access it by navigating to https://localhost:6689 if running on the same machine or with a ssh tunnel.

Articles

Was this article helpful to you? Yes No

How can we help?

Leave a Reply

Your email address will not be published. Required fields are marked *