Chainlink-Contracts/EnableHTTPS at main · MitchellTesla/Chainlink-Contracts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
Enabling HTTPS Connections

This guide will walk you through how to generate your own self-signed certificates for use by the Chainlink node. You can also substitute self-signed certificates with certificates of your own, like those created by Let's Encrypt.

📘
You will need OpenSSL in order to generate your own self-signed certificates.

Create a directory tls/ within your local Chainlink directory:

Rinkeby
Kovan
Mainnet

mkdir ~/.chainlink-rinkeby/tls
Run this command to create a server.crt and server.key file in the previously created directory:

Rinkeby
Kovan
Mainnet

openssl req -x509 -out  ~/.chainlink-rinkeby/tls/server.crt  -keyout ~/.chainlink-rinkeby/tls/server.key \
  -newkey rsa:2048 -nodes -sha256 -days 365 \
  -subj '/CN=localhost' -extensions EXT -config <( \
   printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")
Next, add the TLS_CERT_PATH and TLS_KEY_PATH environment variables to your .env file.

Shell

echo "TLS_CERT_PATH=/chainlink/tls/server.crt
TLS_KEY_PATH=/chainlink/tls/server.key" >> .env
If CHAINLINK_TLS_PORT=0 is present in your .env file, remove it by running:

Shell

sed -i '/CHAINLINK_TLS_PORT=0/d' .env
Also remove the line that disables SECURE_COOKIES by running:

Shell

sed -i '/SECURE_COOKIES=false/d' .env
Finally, update your run command to forward port 6689 to the container instead of 6688:

Rinkeby
Kovan
Mainnet

cd ~/.chainlink-rinkeby && docker run -p 6689:6689 -v ~/.chainlink-rinkeby:/chainlink -it --env-file=.env smartcontract/chainlink local n
Now when running the node, you can access it by navigating to https://localhost:6689 if running on the same machine or with a ssh tunnel.