Setting up HTTPS for a BrightID Node

There are various ways to set up an SSL reverse proxy in front of a BrightID Node. One way is to use nginx and certbot.

1. Get a domain name (sub-domains work). (This example uses aura-node.brightid.org).
   1. Configure the DNS to point the domain or sub-domain to your node's ip address.
2. Change the port for BrightID node docker to use port 8080 (so our reverse proxy can use port 80 as certbot expects).
   1. Edit ~/BrightID-Node-docker/web/brightid-nginx.conf to replace the existing listen directive with

       listen 127.0.0.1:8080;
   

   2. cd ~/BrightID-Node-docker/
   3. docker-compose restart web to pick up the changes
   4. docker ps -a to ensure that nginx restarted successfully.
3. Install nginx certbot and python3-certbot-nginx

sudo apt-get install nginx certbot python3-certbot-nginx

4. Configure your reverse proxy. Here is an example nginx configuration.

server {
        server_name aura-node.brightid.org;
        location / {
                proxy_pass http://127.0.0.1:8080/;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto https;
                proxy_ignore_headers    X-Accel-Expires Expires Cache-Control;
                proxy_hide_header       Access-Control-Allow-Origin;
                add_header Access-Control-Allow-Origin * always;
        }
}

• Then restart nginx (e.g. systemctl restart nginx)

5. Run certbot

sudo certbot --nginx -d aura-node.brightid.org

See also this guide from nginx and certbot.