What is the multiaddr syntax for websocket endpoint with location?

I have a Kubo node listening on port 4002.

I have a Nginx reverse proxy that redirects https to it under the /ws location.

  location /ws {
    proxy_pass http://localhost:4002;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;

I want to know the syntax for the multiaddress pointing to it. Intuitively I would do:


But it seems that “ws” is interpreted (by multiformats javascript lib) as a protocol and not a location. Is there a way I should split these? With tls, https, http…?

I believe the format is:


You want either wss or ws, where wss is secure web sockets.

Externally, you expose the /wss path and have nginx do the TLS termination and pass the request to Kubo’s :4002/ws endpoint.

1 Like

To be sure I understood well, it means that if my nginx config is

  location /foo {
    proxy_pass http://localhost:4002;
    # ...

the multiaddress would then be


But how would it know that the path is foo? Like in the URL wss://domain:443/foo

Good point.

According to the spec, it should be possible, but I’m not sure to what degree it’s implemented GitHub - multiformats/multiaddr: Composable and future-proof network addresses

A quick skim of the tests suggests that there’s some support for paths, though there’s no test that checks it for a dns wss multiaddr

1 Like

I don’t know about js, but I don’t think go-libp2p has support for paths in ws addresses. Having http-paths in multiaddresses is a old problem and I don’t think a solution was ever agreed upon, so I doubt js decided to support a way.

I’m afraid you probably need to mount websockets at /.


Good to know.

I can confirm this from looking at how js-libp2p connects to the WSS bootstrap nodes.

The mutliaddrs is /dnsaddr/bootstrap.libp2p.io/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN and it connects on the root path.

1 Like

That’s what I finally did with a websocket subdomain and an additional certificate. I definitely should learn how to get a wildcard cert ><

1 Like