The in-browser radixdlt-js library requires a valid TLS certificate installed on the Radix nodes to work properly. As there is no way around this requirement, we are offering a simple certificate generation service by leveraging CloudFlare's infrastructure.
For production environments, we strongly advise to acquire a valid DNS and the corresponding TLS certificate. A free service that provides TLS certificates free of charge is Let's Encrypt.
radixnode.net runs a dynamic DNS service similar to ddns. The client application for this dynamic DNS service is bundled into the node-runner docker-compose file (as a side-car container to Radix Core). Upon start, the client application will claim/renew the node's DNS records at
Additionally, CloudFlare provides valid certificates for DDoS protected end-points. This means that the associated DNS record points back to CloudFlares Edge Servers and are reverse-proxied to the Radix nodes.
The conventional protocols for updating DNS records over HTTP/S usually work with a standard username/password authentication, and a reference to the hostname or subdomain selected by the user when registering the service. As these protocols are unsuitable for Radix, we designed a specific challenge/response update protocol.
The Radixnode.net update protocol limits a node to claim its own unique node hostname only (see the next section for details). In order to do it, the client needs to prove to the server that it has access to the
The specific hostname to IP mapping for the Radixnode.net service is defined as follows:
hostname begins with "a"
the rest of the hostname label is the base36 encoded raw IPv4 address.
hostname begins with a "b"
the rest of the hostname label is the base36 encoded raw IPv6 address.
a node with IPv4
127.0.0.1, is entitled to claim the
az8kflt.radixnode.net A record in DNS.
a node with IPv6 address
::1, is entitled to claim the
b1.radixnode.net AAAA record in DNS.