Enable SSL

It is recommended to use a webserver such as NGINX or Apache to set up the SSL for the Lisk SDK. If that opportunity is not available then it is also possible to configure the Lisk SDK to handle SSL connections as described below:

This step requires a signed certificate, (from a CA, such as Let’s Encrypt) or a self-signed certificate. Both the private and public keys will be needed in a location that is accessible to Lisk SDK.

The following code snippet displays the essential parameters required to enable SSL security on your node’s connections:

SSL configuration

{
  "modules": {
      "http_api": {
          "ssl": {
              "enabled": false,           (1)
              "options": {
                  "port": 443,            (2)
                  "address": "0.0.0.0",   (3)
                  "key": "path_to_key",   (4)
                  "cert": "path_to_cert"  (5)
              }
          }
      }
  }
}
1 Change from false to true.
2 Default SSL Port.
3 Change only if it is required to block web access to the node.
4 Replace path_to_key with the actual path to the key file.
5 Replace path_to_cert with the actual path to the certificate file.
If the SSL Port configured above in http_api.ssl.options.port is a privileged port (below 1024), then either the node must be allowed to use the specified port with setcap, or the configuration must be changed in order to to use a port outside of that range.

Setcap: This is only required to grant Lisk access to port 443.

 sudo setcap cap_net_bind_service=+ep bin/node

To verify your node has been configured correctly, open the web client using this url: https://MY_IP_OR_HOST. A secure SSL connection should now be visible.

For more information about the configuration of the Lisk SDK check out the configuration guide.