mirror of https://github.com/poanetwork/gecko.git
api: add --http-host to restrict RPC bind address
± ./build/ava --http-host localhost --public-ip <redacted> ___ ________ __ ___ / _ \_/\ / _____/ ____ ____ | | ______ / _ \_/\ \/ \___/ / \ ____/ __ \_/ ___\| |/ / _ \ \/ \___/ \ \_\ \ ___/\ \___| < <_> ) \______ /\___ >\___ >__|_ \____/ \/ \/ \/ \/ ... INFO [05-14|21:09:54] /api/server.go#53: API server listening on "localhost:9650" INFO [05-14|21:09:54] /api/server.go#106: adding route /ext/vm/jvYyfQTxGMJLuGWa55kdP2p2zSUYsQ5Raupu4TW34ZAUBAbtq ... The node continues to partcipate in consensus, but RPC calls are restricted to the localhost interface $ ss -lnt | grep 965 LISTEN 0 4096 127.0.0.1:9650 0.0.0.0:* LISTEN 0 10 0.0.0.0:9651 0.0.0.0:* $ curl -X POST --data '{ > "id": '$(date +%s)', > "jsonrpc": "2.0", > "method": "admin.getNodeID", > "params":{} > }' -H 'content-type:application/json;' 127.0.0.1:9650/ext/admin {"jsonrpc":"2.0","result":{"nodeID":"2iEwniZihec5S2anxDpKGenZB7Cs112Ap"},"id":1589486853} $ curl -X POST --data '{ > "id": '$(date +%s)', > "jsonrpc": "2.0", > "method": "admin.getNodeID", > "params":{} > }' -H 'content-type:application/json;' 192.168.43.60:9650/ext/admin curl: (7) Failed to connect to 192.168.43.60 port 9650: Connection refused
This commit is contained in:
parent
f290f7377e
commit
b9ceddd052
|
@ -7,6 +7,7 @@ import (
|
|||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
"net"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"sync"
|
||||
|
@ -31,27 +32,37 @@ type Server struct {
|
|||
log logging.Logger
|
||||
factory logging.Factory
|
||||
router *router
|
||||
portURL string
|
||||
listenAddress string
|
||||
}
|
||||
|
||||
// Initialize creates the API server at the provided port
|
||||
func (s *Server) Initialize(log logging.Logger, factory logging.Factory, port uint16) {
|
||||
// Initialize creates the API server at the provided host and port
|
||||
func (s *Server) Initialize(log logging.Logger, factory logging.Factory, host string, port uint16) {
|
||||
s.log = log
|
||||
s.factory = factory
|
||||
s.portURL = fmt.Sprintf(":%d", port)
|
||||
s.listenAddress = fmt.Sprintf("%s:%d", host, port)
|
||||
s.router = newRouter()
|
||||
}
|
||||
|
||||
// Dispatch starts the API server
|
||||
func (s *Server) Dispatch() error {
|
||||
handler := cors.Default().Handler(s.router)
|
||||
return http.ListenAndServe(s.portURL, handler)
|
||||
listener, err := net.Listen("tcp", s.listenAddress)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
s.log.Info("API server listening on %q", s.listenAddress)
|
||||
return http.Serve(listener, handler)
|
||||
}
|
||||
|
||||
// DispatchTLS starts the API server with the provided TLS certificate
|
||||
func (s *Server) DispatchTLS(certFile, keyFile string) error {
|
||||
handler := cors.Default().Handler(s.router)
|
||||
return http.ListenAndServeTLS(s.portURL, certFile, keyFile, handler)
|
||||
listener, err := net.Listen("tcp", s.listenAddress)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
s.log.Info("API server listening on %q", s.listenAddress)
|
||||
return http.ServeTLS(listener, handler, certFile, keyFile)
|
||||
}
|
||||
|
||||
// RegisterChain registers the API endpoints associated with this chain That
|
||||
|
|
|
@ -30,7 +30,7 @@ func (s *Service) Call(_ *http.Request, args *Args, reply *Reply) error {
|
|||
|
||||
func TestCall(t *testing.T) {
|
||||
s := Server{}
|
||||
s.Initialize(logging.NoLog{}, logging.NoFactory{}, 8080)
|
||||
s.Initialize(logging.NoLog{}, logging.NoFactory{}, "localhost", 8080)
|
||||
|
||||
serv := &Service{}
|
||||
newServer := rpc.NewServer()
|
||||
|
|
|
@ -93,6 +93,7 @@ func init() {
|
|||
consensusIP := fs.String("public-ip", "", "Public IP of this node")
|
||||
|
||||
// HTTP Server:
|
||||
httpHost := fs.String("http-host", "", "Address of the HTTP server")
|
||||
httpPort := fs.Uint("http-port", 9650, "Port of the HTTP server")
|
||||
fs.BoolVar(&Config.EnableHTTPS, "http-tls-enabled", false, "Upgrade the HTTP server to HTTPs")
|
||||
fs.StringVar(&Config.HTTPSKeyFile, "http-tls-key-file", "", "TLS private key file for the HTTPs server")
|
||||
|
@ -269,6 +270,7 @@ func init() {
|
|||
}
|
||||
|
||||
// HTTP:
|
||||
Config.HTTPHost = *httpHost
|
||||
Config.HTTPPort = uint16(*httpPort)
|
||||
|
||||
// Logging:
|
||||
|
|
|
@ -42,6 +42,7 @@ type Config struct {
|
|||
BootstrapPeers []*Peer
|
||||
|
||||
// HTTP configuration
|
||||
HTTPHost string
|
||||
HTTPPort uint16
|
||||
EnableHTTPS bool
|
||||
HTTPSKeyFile string
|
||||
|
|
|
@ -477,7 +477,7 @@ func (n *Node) initChains() error {
|
|||
func (n *Node) initAPIServer() {
|
||||
n.Log.Info("Initializing API server")
|
||||
|
||||
n.APIServer.Initialize(n.Log, n.LogFactory, n.Config.HTTPPort)
|
||||
n.APIServer.Initialize(n.Log, n.LogFactory, n.Config.HTTPHost, n.Config.HTTPPort)
|
||||
|
||||
go n.Log.RecoverAndPanic(func() {
|
||||
if n.Config.EnableHTTPS {
|
||||
|
|
Loading…
Reference in New Issue