Walking the DWeb walk

How we moved our website to secure IPFS thanks to Cloudflare

Image from Cloudflare’s recent IPFS announcement

We’ve been humming a hawing about moving our website over to IPFS and the #dweb for a while now. We already had all the pieces in place to do this properly, including resolving to an IPNS hash and everything… but we were missing SSL support, which you don’t get when linking to a public gateway. Of course, we considered just registering a certificate for ourselves on our own gateway, but that felt a little bit ‘centralized’. In the mean time, we’ve been using Cloudflare to manage our domain for a while already, and just hosting the website content in an S3 bucket on AWS like pretty much everyone else.

But with this week’s Cloudflare announcement, we couldn’t resist making the switch. After-all, shouldn’t we be dogfooding the #dweb a bit more? So here are the (very easy) steps we took to move our site from the centralized to (pragmatically) decentralized web in about 20 minutes.

Packaging the website

So first things first, we need to have a website to host. As I mentioned, we already had textile.io hosted on AWS in an S3 bucket, so our website structure was pretty simple. With just a little rejigging, we moved some things around and added a build command (see package.json snippet) that would take the necessary pieces, and copy them into a dist folder.

Adding to IPFS

Next step was add this structure to IPFS (you can follow our previous tutorial, or the one published by Cloudflare). The following command does a recursive add on the dist folder, and pipes the returned hashes to tail, displaying only the last hash (which is the dist folder itself, and the one to use in the following steps):

ipfs add -r -q dist/ | tail -n 1

Updating DNS settings

Next, we just updated our DNS settings. We used a dweb sub-domain so that we didn’t have to touch our current ‘web2’ site until we were ready (but we’ve since migrated www over as well). If you’re using Cloudflare’s Distributed Web Gateway, make sure you use that in your CNAME record (if you want to use your own gateway, see DIY gateway security below), or the following step won’t work. So to sum up, you’ll have a CNAME record fordweb (or www) pointing to www.cloudflare-ipfs.com, and a TXT record for _dnslink.dweb (or _dnslink.www) with a value of dnslink=/ipfs/<your_hash_here> (using the hash from the previous step).

Adding security

Now, all of this was already possible before Cloudflare’s IPFS contributions. However, as an awesome contribution to the IPFS community, Cloudflare has made it super easy to add SSL/TLS certificates, so you can access your #dweb site over HTTPS! You can find the form to do that here (seriously, it’s that easy). Just add your domain after you’ve done the above steps… and you’re good to go!

Done!

This whole process took us about 15 minutes if you don’t count the time it took to decide what to call our subdomain and aesthetic things like keeping the whole thing self-contained (you can easily mix in external assets if you want). So thanks to the fine folks at Cloudflare, we now have a ‘mostly completely decentralized’ website stored on IPFS that we can be proud to call our own. Speaking of your own, if you wanted to do this without relying on Cloudflare, that’s possible too. It’s just a bit more work…

DIY gateway security

There are plenty of reasons why using Cloudflare’s IPFS gateway and SSL cert setup might not be right for your website, especially if you aren’t already on Cloudflare for other services. So it is also possible to run your own gateway, and even kit it out with SSL/TLS support. If you are already managing your own site, want to provide specific gateway services, or are just curious, this might be a great option for you. There are a few steps to getting this going:

  1. You’ll need your own public gateway running (with SSL cert support if you want to support HTTPS). We have a few tutorials that will help you set this up pretty easily (one for the basic gateway, and one for adding SSL via a reverse proxy). In our examples, we’ve used AWS, but you can use similar steps to get this running on Digital Ocean, Cloudflare, etc.
  2. You’ll then need to make sure that your SSL certs are good for any subdomain on your primary domain, or generate a new one for your dweb subdomain. In the tutorials linked above, we use a Let’s Encrypt tool to get a free SSL/TLS cert. It’s really easy, fast, and free.
  3. Finally, you’ll need to change the above CNAME entry to point to your own gateway, rather than the Cloudflare one.

That’s it. While obviously a lot more work than filling out a form on Cloudflare, you’ll have more control, and you’ll be contributing your own peer to the growing IPFS network. However, with this increased control, you lose some of the nice features that Cloudflare provides (like all serious care they put into making a more trustworthy internet for all), so make the call on what works best for you.

Let’s celebrate

To celebrate ‘going full #dweb’ Textile is sending out an additional 400 invites to Textile Photos this week. So if you haven’t already, make sure you get your name on the list for a referral code! In the mean time, you can read more about what Textile has been up to, and check out our decentralized website for links to our blog, social media, and more!