Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support SSL for connecting to consensus node API with --core.ip #2439

Closed
musalbas opened this issue Jul 6, 2023 · 5 comments
Closed

Support SSL for connecting to consensus node API with --core.ip #2439

musalbas opened this issue Jul 6, 2023 · 5 comments
Labels
external Issues created by non node team members needs:triage

Comments

@musalbas
Copy link
Member

musalbas commented Jul 6, 2023

No description provided.

@github-actions github-actions bot added needs:triage external Issues created by non node team members labels Jul 6, 2023
@JB273
Copy link

JB273 commented Jul 7, 2023

What we know works already:
For celestia-appd version 0.11.1 (mocha):
celestia-appd query bank balances celestia1g486scr5t24jywkql8ld2uuw6clws2fckclhlj --node https://rpc-mocha.pops.one:443

@JB273
Copy link

JB273 commented Jul 7, 2023

It looks like the node client expects to be able to connect to both RPC and gRPC on the same hostname.
To add SSL with a proxy many are now using different hostnames and forward to the correct port, eg:

  • https://rpc-mocha.pops.one:443 forwards to local port 26657
  • https://grpc-mocha.pops.one forwards to local port 9090

Currently we can only give one hostname through the --core-ip flag, this looks like to be a part of the issue

@malise800
Copy link

From I could figure, I think the celestia-node CoreAccessor client doesn't support SSL.

https://github.com/celestiaorg/celestia-node/blob/main/state/core_access.go#L85-L112

@malise800
Copy link

now it also seems the RPC node provider will need to update their infrastructure to also support proxied grpc connection : https://www.nginx.com/blog/deploying-nginx-plus-as-an-api-gateway-part-3-publishing-grpc-services/

@ramin
Copy link
Contributor

ramin commented Dec 12, 2023

closing in favor of #2931

@ramin ramin closed this as completed Dec 12, 2023
@liamsi liamsi mentioned this issue May 7, 2024
Open
@Wondertan Wondertan mentioned this issue May 7, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
external Issues created by non node team members needs:triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ramin @musalbas @JB273 @malise800