Using SPARKL in the cloud

To use SPARKL in the cloud, you should secure communication with the SPARKLĀ® Developer Console through TLS/SSL.

Before you begin

  1. Stop the SPARKL node you want to edit.
  2. Create a machine key with OpenSSL.
  3. Obtain a certificate for your machine(s), signed by an SSL provider, such as GoDaddy.
Tip: The SSL provider may use an intermediate certificate chain, in which case you get a chain certificate as well.

About this task

To provide a secure layer for communication, you have to upload a number of files to your node and reference them in the configuration of the node. The files needed are:

  • The machine key
  • One or more signed certificates, depending on the SSL provider's policies
Note: If you run SPARKL in a cluster, you have to edit the contact node.

Procedure

  1. Place the files listed above in the ssl directory of the node.
    The ssl directory is created at auto-configuration, just like the configuration file of the node.

    By default, ssl contains the localhost.key machine key and the localhost.crt certificate.

    Tip: You may delete the default key and certificate if not needed anymore.
  2. Open the sys.config of the node in a text editor.
  3. Edit the sse_yaws entries, as listed:
    sse_yaws is a SPARKL extension responsible for handling the REST setup.
    1. Reference the machine key you have uploaded to the ssl directory. 
      {yaws_ssl_key_file, "ssl/mymachine.key"}
    2. Reference the SSL certificate you have uploaded to the ssl directory. 
      {yaws_ssl_cert_file, "ssl/mydomain.crt"}
    3. Optional: Reference the chain certificate you have uploaded to the ssl directory. 
      {yaws_ssl_cacert_file, "ssl/mydomain.com.intermediate.crt"}
    4. Specify the number of intermediate certificates between you and the root certificate authority. 
      {yaws_ssl_depth,5}

Results

You can use the secured port, which by default is port 9000, to run the SPARKLĀ® Developer Console.

For example, based on the sample configuration below, https://mydomain.com:9000.

Example

{sse_yaws,[
    {register_extensions,[
        svc_blockchain,
        sse,
        sse_cfg,
        sse_log,
        sse_svc,
        svc_sequencer,
        svc_subr]},
    {yaws_cache_refresh_secs,0},
    {yaws_listen,{0,0,0,0}},
    {yaws_log_dir,"log/yaws"},
    {yaws_log_wrap_size,500000},
    {yaws_max_connections,nolimit},
    {yaws_port,8000},
    {yaws_port_ssl,9000},
    {yaws_ssl_cert_file,"ssl/mydomain.com.crt"},
    {yaws_ssl_cacert_file,"ssl/mydomain.com.intermediate.crt"},
    {yaws_ssl_depth,5},
    {yaws_ssl_key_file,"ssl/mymachine.key"}]}
Tip: If you want to disable either the plain or the secured port, just omit the related entry, or set the port of either to `undefined`.

What to do next

Save the changes and restart the node.