-
Notifications
You must be signed in to change notification settings - Fork 953
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(feat): Allow binding RPC to only specific addresses #2824
Labels
Comments
we support
But the flag description is incorrect, we actually default to 0.0.0.0 vs localhost/127.0.0.1 the behavior of which is (as your say correctly) to bind the listen address to anywhere. |
ramin
changed the title
[Feature Request]: Allow binding RPC to only specific addresses
(feat): Allow binding RPC to only specific addresses
Oct 9, 2023
ramin
added a commit
that referenced
this issue
Nov 13, 2023
…efault bind address refs #2824 and add some tests
ramin
added a commit
that referenced
this issue
Dec 18, 2023
fixes #2824 which requests we bind to localhost by default (previously was world accessible) - sets defaults to bind to localhost properly (previously flags SAID the defaults were localhost but were actually 0.0.0.0) - removes an unused `DefaultConfig` defined in `api/gateway/package` - moves defaults (bind address and port) to vars so we can use them to set in flag usage messages so they don't drift out of sync with reality - adds tests for the defaults - adds test cases for flag definitions - adds test cases for flag parsing Other skips suggestion of binding vhosts, we don't do any kind of middleware checking in rpc (i believe in geth this would be a way to bind to 0.0.0.0 then limit to allowed remote IPs making requests). I'd suggest this is a more advanced configuration use case and belongs outside of the node itself to be managed by the infra operator where it'd be handled by a ingress gateway or routing rule to the machine/instance/orchestrator where the node software is running
renaynay
pushed a commit
to renaynay/celestia-node
that referenced
this issue
Jan 15, 2024
…estiaorg#2955) fixes celestiaorg#2824 which requests we bind to localhost by default (previously was world accessible) - sets defaults to bind to localhost properly (previously flags SAID the defaults were localhost but were actually 0.0.0.0) - removes an unused `DefaultConfig` defined in `api/gateway/package` - moves defaults (bind address and port) to vars so we can use them to set in flag usage messages so they don't drift out of sync with reality - adds tests for the defaults - adds test cases for flag definitions - adds test cases for flag parsing Other skips suggestion of binding vhosts, we don't do any kind of middleware checking in rpc (i believe in geth this would be a way to bind to 0.0.0.0 then limit to allowed remote IPs making requests). I'd suggest this is a more advanced configuration use case and belongs outside of the node itself to be managed by the infra operator where it'd be handled by a ingress gateway or routing rule to the machine/instance/orchestrator where the node software is running
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Implementation ideas
Currently the node will accept RPC requests from any IP (modulo authentication). Add the ability for the node to restrict which IPs it will listen to for requests, allowing
localhost
only by default.From https://geth.ethereum.org/docs/fundamentals/command-line-options#commands:
The text was updated successfully, but these errors were encountered: