NEW

The Chainlink Hackathon kicks off April 28th! Register today to compete for $350K+ in prizes.

Enabling HTTPS Connections

This guide will walk you through how to generate your own self-signed certificates for use by the Chainlink node. You can also substitute self-signed certificates with certificates of your own, like those created by Let’s Encrypt.

You will need OpenSSL in order to generate your own self-signed certificates.

Create a directory tls/ within your local Chainlink directory:

Sepolia Goerli Mainnet ```text Sepolia mkdir ~/.chainlink-sepolia/tls ``` ```text Goerli mkdir ~/.chainlink-goerli/tls ``` ```text Mainnet mkdir ~/.chainlink/tls ```

Run this command to create a server.crt and server.key file in the previously created directory:

Sepolia Goerli Mainnet ```shell Sepolia openssl req -x509 -out ~/.chainlink-sepolia/tls/server.crt -keyout ~/.chainlink-sepolia/tls/server.key \ -newkey rsa:2048 -nodes -sha256 -days 365 \ -subj '/CN=localhost' -extensions EXT -config <( \ printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth") ``` ```shell Goerli openssl req -x509 -out ~/.chainlink-goerli/tls/server.crt -keyout ~/.chainlink-goerli/tls/server.key \ -newkey rsa:2048 -nodes -sha256 -days 365 \ -subj '/CN=localhost' -extensions EXT -config <( \ printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth") ``` ```shell Mainnet openssl req -x509 -out ~/.chainlink/tls/server.crt -keyout ~/.chainlink/tls/server.key \ -newkey rsa:2048 -nodes -sha256 -days 365 \ -subj '/CN=localhost' -extensions EXT -config <( \ printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth") ```

Next, add the TLS_CERT_PATH and TLS_KEY_PATH environment variables to your .env file.

echo "TLS_CERT_PATH=/chainlink/tls/server.crt
TLS_KEY_PATH=/chainlink/tls/server.key" >> .env

If CHAINLINK_TLS_PORT=0 is present in your .env file, remove it by running:

sed -i '/CHAINLINK_TLS_PORT=0/d' .env

Also remove the line that disables SECURE_COOKIES by running:

code": "sed -i '/SECURE_COOKIES=false/d' .env

Finally, update your run command to forward port 6689 to the container instead of 6688:

Sepolia Goerli Mainnet ```shell Sepolia cd ~/.chainlink-sepolia && docker run -p 6689:6689 -v ~/.chainlink-sepolia:/chainlink -it --env-file=.env smartcontract/chainlink local n ``` ```shell Goerli cd ~/.chainlink-goerli && docker run -p 6689:6689 -v ~/.chainlink-goerli:/chainlink -it --env-file=.env smartcontract/chainlink local n ``` ```shell Mainnet cd ~/.chainlink && docker run -p 6689:6689 -v ~/.chainlink:/chainlink -it --env-file=.env smartcontract/chainlink local n ```

Now when running the node, you can access it by navigating to https://localhost:6689 if running on the same machine or with a ssh tunnel.

What's next

Stay updated on the latest Chainlink news