I know the team is probably quite busy working on #6776, but I think we should consider changing the currently used default ports. I know this might lead to kind of a mess because a lot of stuff build around ipfs might have hardcoded ports, but hear me out.
IPFS uses 3 ports:
Swarm - currently port 4001
We're using TLS and QUIC (soon by default), so it makes sense to use the default port 443 for incoming connections. This circumvents simple censorship approaches.
Starting with TLS1.3 it's impossible to detect what server-name the user requested, so it's going to be easy to hide an IPFS-instance behind a regular HTTPS server - OpenVPN offers such a feature for example.
Additionally, the ongoing efforts to include DNS encryption in all operating systems by default will allow to fully hide the real hostname of the IPFS-Server (bootstrap servers use DNS).
This is obviously just limited to the server profile, and not for the desktop client/desktop profile (#4989). Non-server-nodes should ideally just use a random port for incoming connections, to avoid that it's obvious what application is running. IPFS already supports this, by setting the port definition in the config file to 0.
API - currently port 5001
The default port for the API is currently 5001 on localhost. This isn't ideal because it's also used by Iperf. It's also a registered port by IANA. I think we should use a non-registered port, to be able to add it maybe in the future to /etc/services.
Web gateway - currently port 8080
The default port for the web gateway is currently 8080 on localhost. This is an extremely bad choice since it's used heavily by other services as default.
I think we should just use a different localhost IP (like 127.0.0.80) to circumvent this issue as systemd-resolved does. We can then add a hostname (like gateway.ipfs.local) via host file to the IP and give IPFS the capability to bind to port 80.
This would make a much prettier URL than the current "127.0.0.1:8080".
I know the team is probably quite busy working on #6776, but I think we should consider changing the currently used default ports. I know this might lead to kind of a mess because a lot of stuff build around ipfs might have hardcoded ports, but hear me out.
IPFS uses 3 ports:
Swarm - currently port 4001
We're using TLS and QUIC (soon by default), so it makes sense to use the default port 443 for incoming connections. This circumvents simple censorship approaches.
Starting with TLS1.3 it's impossible to detect what server-name the user requested, so it's going to be easy to hide an IPFS-instance behind a regular HTTPS server - OpenVPN offers such a feature for example.
Additionally, the ongoing efforts to include DNS encryption in all operating systems by default will allow to fully hide the real hostname of the IPFS-Server (bootstrap servers use DNS).
This is obviously just limited to the server profile, and not for the desktop client/desktop profile (#4989). Non-server-nodes should ideally just use a random port for incoming connections, to avoid that it's obvious what application is running. IPFS already supports this, by setting the port definition in the config file to
0.API - currently port 5001
The default port for the API is currently 5001 on localhost. This isn't ideal because it's also used by Iperf. It's also a registered port by IANA. I think we should use a non-registered port, to be able to add it maybe in the future to /etc/services.
Web gateway - currently port 8080
The default port for the web gateway is currently 8080 on localhost. This is an extremely bad choice since it's used heavily by other services as default.
I think we should just use a different localhost IP (like 127.0.0.80) to circumvent this issue as systemd-resolved does. We can then add a hostname (like gateway.ipfs.local) via host file to the IP and give IPFS the capability to bind to port 80.
This would make a much prettier URL than the current "127.0.0.1:8080".