SSL

It is recommended to use a webserver such as NGINX or Apache to set up the SSL for the Lisk Core. If that opportunity is not available then it is also possible to configure the Lisk Core to handle SSL connections as described below:

This step requires a signed certificate, (from a CA, such as Let’s Encrypt) or a self-signed certificate. Both the private and public keys will be needed in a location that is accessible to Lisk Core.

The following code snippet listed below displays the essential parameters required to enable SSL security on your node’s connections:

SSL Configuration

{
  "modules": {
      "http_api": {
          "ssl": {
              "enabled": false,           (1)
              "options": {
                  "port": 443,            (2)
                  "address": "0.0.0.0",   (3)
                  "key": "path_to_key",   (4)
                  "cert": "path_to_cert"  (5)
              }
          }
      }
  }
}
1 Change from false to true.
2 Default SSL Port.
3 Change only if it is required to block web access to the node.
4 Replace path_to_key with the actual path to the key file.
5 Replace path_to_cert with the actual path to the certificate file.
If the SSL Port configured above in http_api.ssl.options.port is a privileged port, (below 1024), then either the node must be allowed to use the specified port with setcap, or the configuration must be changed in order to to use a port outside of that range.

Setcap: This is only required to grant Lisk access to port 443.

 sudo setcap cap_net_bind_service=+ep bin/node

To verify your node has been configured correctly, open the web client using this url: https://MY_IP_OR_HOST. A secure SSL connection should now be visible.