Skip to content

use NGINX tls ports #1518

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 138 commits into from
Closed

use NGINX tls ports #1518

wants to merge 138 commits into from

Conversation

carlomazzaferro
Copy link
Collaborator

@carlomazzaferro carlomazzaferro commented Jul 14, 2025
edited
Loading

  • Keep the same port as usual for own address
  • Use NGINX ports for other node addresses
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -key ca.key -days 3650 \
  -out ca.crt \
  -subj "/CN=MyTestCA"

# 2) Create nginx private key + CSR
openssl genrsa -out nginx.key 2048
openssl req -new -key nginx.key \
  -out nginx.csr \
  -subj "/CN=localhost" \
  -addext "subjectAltName = DNS:localhost, IP:127.0.0.1"

# 3) Sign the nginx CSR with your CA
openssl x509 -req -in nginx.csr \
  -CA ca.crt -CAkey ca.key -CAcreateserial \
  -out nginx.crt -days 365 -sha256 \
  -extensions v3_req \
  -extfile <(printf "[v3_req]\nsubjectAltName=DNS:localhost,IP:127.0.0.1")

Will generate:

  • nginx.crt
  • nginx.key

To be used in nginx.conf like this, place them in /scripts/tools/ngnix/cert

  ssl_certificate /etc/nginx/cert/nginx.crt;
  ssl_certificate_key /etc/nginx/cert/nginx.key;
  • ca.crt, place it in /certs

Locally running (all in different shells):

>>> docker compose -f docker-compose.dev.yaml up
>>> ./scripts/run-server.sh 0 standard --init-servers 
>>> ./scripts/run-server.sh 1 standard 
>>> ./scripts/run-server.sh 2 standard

If everything goes well, then run the client:

>>> ./scripts/run-client.sh

wojciechsromek and others added 15 commits June 6, 2025 15:23
@wojciechsromek
mainchanges
c87de15
@wojciechsromek
work in progress
f1bdd3e
@carlomazzaferro
merge
a33026d
@dkales
Merge branch 'main' into POP-2530/implement-anon-stat-change-in-hnsw-…
5de06fa 
…that-do-not-count-all-rotations
@dkales
rewrite anonymized bucket statistics to only include the minimum FHD …
1a0b05a 
…for HSNW as well
@dkales
remove unused function
3dc156f
@dkales
Merge branch 'main' into POP-2530/implement-anon-stat-change-in-hnsw-…
f8a0c13 
…that-do-not-count-all-rotations
@leonanos8
Merge branch 'main' into POP-2530/implement-anon-stat-change-in-hnsw-…
51c90e2 
…that-do-not-count-all-rotations
@sdwoodbury @dkales
Add TLS capability to the networking stack (#1478)
fe4ca4d
@carlomazzaferro @eaypek-tfh @dkales
pass around batch sha and valid entries (#1496)
f2f9ea8 
* pass around batch sha and valid entries

* Update iris-mpc-common/src/helpers/batch_sync.rs

Co-authored-by: Ertugrul Aypek <ertugrul.aypek@toolsforhumanity.com>

* refactor to pass batch hash and valid entries directly

* use --release flag

* fix sha checking logic

* revert to using single sha / valid entries

* fix tests and clippy

* revert old changes

---------

Co-authored-by: Ertugrul Aypek <ertugrul.aypek@toolsforhumanity.com>
@danielle-tfh @dkales
Add defining serial id when inserting into plaintext HNSW database (#…
38c36d6 
…1459)
@danielle-tfh @dkales
Fix processing time and add logs for genesis batches (#1504)
fad9a76
@danielle-tfh @dkales
Implement table copying for Genesis roll-back (#1495)
69044bc
@dkales
feat: anon stats buffer size config value is now more similar to GPU …
61c2374 
…version in that it describes the size of the total buffer instead of the aggregated one
@carlomazzaferro
use NGINX tls ports
462b493
carlomazzaferro and others added 28 commits August 21, 2025 10:47
@carlomazzaferro
merge
d34230a
@carlomazzaferro
merge
e913538
@carlomazzaferro
clippy
e7e8ed2
@carlomazzaferro
latest sha
549dc72
@carlomazzaferro
update parameters
6586a7a
@carlomazzaferro
update parameters
5306dc4
@carlomazzaferro
update parameters
522ecb8
@carlomazzaferro
update parameters
f069df7
@dkales
bandaid fix for batch sync
8c28d23
@carlomazzaferro
graviton
f7d707d
@carlomazzaferro
graviton
4ac209b
@carlomazzaferro
disable tls
83bb41e
@carlomazzaferro
Revert "bandaid fix for batch sync"
b04a83c 
This reverts commit 8c28d23.
@carlomazzaferro
params
7bd27f5
@wojciechsromek
try building arm64
8f21c1d
@wojciechsromek
Merge branch 'chore/test-tls-in-stage' of github.com:worldcoin/gpu-ir…
3c6b85d 
…is-mpc into chore/test-tls-in-stage
@wojciechsromek
install docker
f91be3c
@carlomazzaferro
params
1dae0cd
@carlomazzaferro
Merge branch 'chore/test-tls-in-stage' of github.com:worldcoin/iris-m…
591df8f 
…pc into chore/test-tls-in-stage
@wojciechsromek
fix
2181060
@wojciechsromek
Merge branch 'chore/test-tls-in-stage' of github.com:worldcoin/gpu-ir…
68741ee 
…is-mpc into chore/test-tls-in-stage
@wojciechsromek
deploy arm64 image
163f27c
@wojciechsromek
adapt limits to x8g.24xl instance
27edf19
@carlomazzaferro
Revert "params"
3a2d88b 
This reverts commit 7bd27f5.
@wojciechsromek
run on x8g.48xl
26446db
@wojciechsromek
also alter the instance type
32baec6
@wojciechsromek
remove qemu from arm64 build pipeline
851ec79
@wojciechsromek
build for graviton
faa2fb8
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sdwoodbury sdwoodbury sdwoodbury left review comments

@eaypek-tfh eaypek-tfh eaypek-tfh approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@carlomazzaferro @sdwoodbury @eaypek-tfh @wojciechsromek @dkales @leonanos8 @danielle-tfh @jazzbee