Home News Contact About

Nginx + CJDNS

Published 2016-12-16 22:36:57

  1. NGINX https://www.nginx.com/
  2. CJDNS https://github.com/cjdelisle/cjdns
  3. ??

http

A basic NGINX site configuration as found in /etc/nginx/sites-available/default. This is a regular unsecured http-server offered on port 80.

server {
    listen 80 default_server;
    server_name example.com;
    root /var/www/html;
    index index.html index.htm;
    .. something ..
    }
}

Offering this site on a CJDNS network is as easy as dropping this line in the config:
listen [< cjdns IPv6 >]:80;

For us this means a configuration like so:

server {
    listen 80 default_server;
    listen [fc4d:fccb:aae8:b12c:8f7c:42ff:3669:af3f]:80;
    server_name example.com;
    root /var/www/html;
    index index.html index.htm;
    .. something ..
    }
}

Restart NGINX with $ sudo service nginx restart and update your firewall to reflect the changes.

If all is well site should be browsable by visiting http://[<CJDNS IPv6>]/

https

Depending on setup, your HTTPS secured site configuration might look something like this. This example recieves request on both port 80 and 443, but redirects HTTP connections to the secure alternative.

server {
    listen 443 ssl default_server;
    server_name example.com;
    root /usr/share/nginx/html;
    index index.html index.htm;
    .. something ..
    }
}
server {
    listen 80;
    server_name example.com;
    .. something more ..
    location / {
        rewrite ^/(.*)$ https://example.com/$1;
    }
}

We want to continue serving the secure site on clearnet as well as serving it on CJDNS.

We don't want to hassle with the SSL/TLS setup and with CJDNS we don't have to. The CJDNS traffic is technically secure and we leave verification of the source to the users. Authenticating a certificate will also fail inside a CJDNS microcosmos leaving the site unavailable. For this configuration we follow the steps from the earlier example adding the line:

listen [< CJDNS IPv6 >]:80;

Notice the port 80.

server {
    listen 443 ssl default_server;
    listen [fc4d:fccb:aae8:b12c:8f7c:42ff:3669:af3f]:80;
    server_name example.com;
    root /usr/share/nginx/html;
    index index.html index.htm;
    .. something ..
    }
}
server {
    listen 80;
    server_name example.com;

    location / {
        rewrite ^/(.*)$ https://example.com/$1;
    }
}

Restart NGINX with $ sudo service nginx restart and update your firewall to reflect the changes.

If all is well site should be browsable by visiting http://[<CJDNS IPv6>]/

Misc

If you want to go dark you only need to remove the listen 80; and/or listen 443 ssl;