Guide to Interledger: Connecting Connectors Using HTTPS
In this blog post we will show you how to configure your ILP connector (interledger.js) to use https for connector to connector communication. Using https comes with some advantages, like a completely stateless relationship between connectors and the possibility of using a load balancer in front of the connector cluster.
This guide assumes you have a running connector and are looking to run another one in order to test peering. For help getting a connector up and running, check out this guide: https://medium.com/interledger-blog/running-your-own-ilp-connector-c296a6dcf39a.
If you successfully followed the instructions you should have your connector(s) running. If you are not already, ssh to your digitalocean droplet or whichever cloud service you are using.
First move to ilp-connector directory and Check the status of your connector deployment:
$ cd ilp-connector
$ pm2 list
You should see that status of your connector as online:
If the connector runs without errors you should be able to finish this tutorial successfully.
Getting XRP Testnet Credentials
We are going to use XRP ledger testnet in this tutorial, so we get account address and secret from test net faucet from here: https://xrpl.org/xrp-test-net-faucet.html. Keep those close as we need them shortly.
Install Plugin HTTP
Then we want to install plugin HTTP. It allows for a stateless bilateral or multilateral Interledger relationship, unlike connection using websockets like Plugin BTP.
Make sure you are in ilp-connector directory and run this command:
$ npm i ilp-plugin-http
Connector Config File
Next we will modify the config file in ilp-connector directory. If you used pm2 to create the config file, then it’s named ecosystem.config.js.
Open config file in a text editor, we use nano for this.
$ sudo nano ecosystem.config.js
Tips! To cut/delete blocks in nano text editor with CTRL+ SHIFT+ 6 to mark beginning of the block. Then use arrow keys up/down to choose the size of the block. Then CTRL+ K to cut/delete and CTRL+U to paste the cropped block.
Connector config:
'use strict'
const path = require('path')
const address = '<YOUR XRP ADDRESS>'
const secret = '<YOUR XRP SECRET>'
const peer1 = {
relation: 'peer',
plugin: 'ilp-plugin-xrp-paychan',
assetCode: 'XRP',
assetScale: 9,
balance: {
maximum: '1000000000',
settleThreshold: '-5000000000',
settleTo: '0'
},
options: {
server:'<PEER BTP ADDRESS>',
rippledServer: 'wss://s.altnet.rippletest.net:51233',
peerAddress: '<PEER XRP ADDRESS>',
address,
secret
}
}
const ilspServer = {
relation: 'child',
plugin: 'ilp-plugin-xrp-asym-server',
assetCode: 'XRP',
assetScale: 9,
options:{
port: 7003,
xrpServer: 'wss://s.altnet.rippletest.net:51233',
address,
secret
}
}
const peerServer= {
relation: 'peer',
plugin: 'ilp-plugin-http',
assetCode: 'XRP',
assetScale: 9,
options: {
sendRoutes: true,
receiveRoutes: true,
incoming: {
port: 7002,
secretToken: '<SECRET TOKEN>'
},
outgoing: {
url: 'https://ilp.example.com/peers/<NAME OF PEER>',
secretToken: 'SECRET TOKEN',
http2: false
}
}
}
const connectorApp = {
name: 'connector',
env: {
DEBUG: 'ilp*,connector*',
CONNECTOR_ENV: 'production',
CONNECTOR_ADMIN_API: true,
CONNECTOR_ADMIN_API_PORT: 7700,
CONNECTOR_ILP_ADDRESS: '<YOUR ILP ADDRESS>',
CONNECTOR_BACKEND: 'one-to-one',
CONNECTOR_SPREAD: '0',
CONNECTOR_STORE: 'ilp-store-redis',
CONNECTOR_STORE_CONFIG: JSON.stringify({
prefix: 'connector',
port: 6379
}),CONNECTOR_ACCOUNTS: JSON.stringify({
<NAME OF PEER>:peerServer,
ilsp:ilspServer
})
},
script: path.resolve(__dirname, 'src/index.js')
}
module.exports = { apps: [ connectorApp ] }
Copy this config for both of your connectors and fill up the blanks. Then press CTRL + X and Y to save all changes. Now you should be back in ilp-connector directory.
Nginx Config File
Next we are going to change Nginx configuration. We need to redirect traffic from port 443 to internal ports in order to identify different users.
$ sudo nano /etc/nginx/sites-available/ilp.example.com
Once again copy this config for both of your connectors and fill up the blanks. remember to replace ilp.example.com with your own URL.
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}server {
location /peers/<NAME OF PEER>/ {
proxy_pass http://127.0.0.1:7002;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
location /peers/ilsp/ {
proxy_pass http://127.0.0.1:7003;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}location ~ /.well-known {
allow all;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/ilp.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ilp.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
We are using location directive so Nginx can decide what configuration it should apply based on prefix or the pattern in the incoming URL.
Now we test our new config.
$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Then reload Nginx to use our new config settings.
$ sudo systemctl reload nginx
You can check the status of Nginx with this command:
$ systemctl status nginx
And now we can finally restart our connector:
$ pm2 restart ecosystem.config.js
To see if connector is giving any errors type command:
$ pm2 logs connector
If there is no errors connection should be established between your connectors. You can monitor activities with pm2 monitor.
$ pm 2 monit connector
Next Steps
Our next post will cover how to connect moneyd to your connector. So we can start to send ILP packets between end users. Let us know in the comments, or if you run into any problems or if this guide did not work for you so we can update accordingly.