this post was submitted on 23 Dec 2024
17 points (100.0% liked)

ActivityPub

760 readers
1 users here now

This is a community dedicated to discussing technical details related to ActivityPub.
We welcome developers familiar with the protocol!

https://activitypub.rocks/
https://www.w3.org/TR/activitypub/

Other ActivityPub communities on Lemmy

founded 5 years ago
MODERATORS
[email protected]
[email protected]
17
Is it possible to use an ip address with ap? (lemm.ee)
submitted 6 months ago by [email protected] to c/[email protected]
14 comments fedilink hide all child comments
 

Reading the spec, I can't see why not, wondering if anyone knew.

top 14 comments
sorted by: hot top controversial new old
[–] [email protected] 4 points 6 months ago (2 children)

Having not read the spec, if there are any requirements for HTTPS, you most certainly will need a domain name for the TLS certificate.

[–] [email protected] 3 points 6 months ago

there is a general "encrypted transport" requirement which in real world use mandates HTTPS (although it's worded broadly to allow for onion services and whatnot which provide their own encryption outside TLS)

[–] [email protected] 3 points 6 months ago (2 children)

SAN does support IPs.

[–] [email protected] 4 points 6 months ago (2 children)

If you can point me to a CA that will allow your to request a cert for an IP address that'd be great

[–] [email protected] 1 points 4 hours ago

Letsencrypt is planning on offering them iirc.

[–] [email protected] 1 points 6 months ago (1 children)

I haven't tried this but searching google shows SSL.com does allow it granted you can demonstrate the requirements:

  • The IP address you wish to secure must be public, and your organization must own it.
    • The IP address ranges 10.x.x.x and 192.168.x.x are prohibited.
    • A WHOIS lookup of the IP address should show your organization’s name, address, phone number, and email contacts (not your web hosting provider’s).
  • Control over the IP address must be demonstrated by the HTTP/HTTPS file lookup method. The email challenge response and DNS CNAME lookup methods may not be used to validate an IP address.
[–] [email protected] 2 points 6 months ago (1 children)

So you need to own and operate your own ASN. I guess that's better than what I thought but it's nowhere near attainable for regular people.

[–] [email protected] 1 points 6 months ago (1 children)

If you are ok with ipv6, you can get a /48, and a 4-byte ASN for a few hundred dollars for the registration fee. The 4-byte ASN isn't even necessary. You can then use AWS/Oracle/AliBaba or some other public cloud to advertise your registered ipv6 address block on your behalf. A whois will show the details you used with the registrar.

[–] [email protected] 1 points 6 months ago (1 children)

I'm pretty sure most browsers will straight up refuse to load content from bare IPv6 adresses regardless of cert status no? I remember having problems with this with an internal CA.

[–] [email protected] 1 points 6 months ago (1 children)

Googleing it, is this relevant? https://superuser.com/a/367788

[–] [email protected] 2 points 6 months ago

Not really. I ça t find an official source for this so maybe this has been fixed but from what I remember this was explicitly disabled for security.

https://support.pelco.com/s/article/You-cannot-access-an-IPV6-address-with-Firefox-through-HTTPS-1538586631284?language=en_US

[–] [email protected] 2 points 6 months ago

Right, it can be done, but would require a CA who supports that, not all do. For example, Let's Encrypt doesn't allow bare IP addresses. I was assuming the question about an IP address was raised due to aversion to purchase a domain name. If so, then TLS certificate is another cost to consider and if not using a domain name, then the main free option becomes unavailable.

[–] [email protected] 0 points 6 months ago (1 children)

@Irelephant @activitypub Yes, IP addresses are often used in development and testing environments. I haven't seen such servers in the global network though

[–] [email protected] 1 points 6 months ago

Okay, thanks!