Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

rpcserver: forward gRPC proxy requests to localhost when listening on all interfaces #2247

Merged
merged 1 commit into from Jan 23, 2019

Conversation

@wpaulino
Copy link
Collaborator

@wpaulino wpaulino commented Nov 30, 2018

This prevents certificate issues when accessing the gRPC REST proxy externally.

Fixes #1567.

@leshik
Copy link

@leshik leshik commented Dec 16, 2018

@wpaulino Just wanted to drop a note that I've patched my lnd instance with this PR and it works ok for me in Docker with wildcard RPC addresses. Hope that more people (@NicolasDorier @dennisreimann @zwarbo) try it so it could find its way to master.

@NicolasDorier
Copy link
Contributor

@NicolasDorier NicolasDorier commented Dec 17, 2018

I don't understand, this PR seems to transform 0.0.0.0 to 127.0.0.1, this is not what I want.

@leshik
Copy link

@leshik leshik commented Dec 17, 2018

@NicolasDorier It does this internally so the REST-to-gRPC proxy goes to the same host where LND is running (and since it's the same single binary, i.e. proxy and gRPC can't be on different hosts, it always works with 127.0.0.1). It doesn't bind REST endpoint to loopback. So it will fix the issue you were facing.

@NicolasDorier
Copy link
Contributor

@NicolasDorier NicolasDorier commented Dec 17, 2018

Oh I get it! thanks a lot, will test.

@jamaljsr
Copy link

@jamaljsr jamaljsr commented Dec 17, 2018

I also ran into the "authentication handshake failed" error on my remote node, trying to setup the joule extension. I manually patched lnd with these changes, rebuilt and now the REST api works as expected. Thanks @wpaulino 👍

@Roasbeef Roasbeef added this to In progress in High Priority via automation Dec 18, 2018
@Roasbeef Roasbeef moved this from In progress to Needs review in High Priority Dec 18, 2018
@wpaulino wpaulino force-pushed the wpaulino:grpc-proxy-endpoint branch from 72b2f4e to 3f538cb Jan 4, 2019
@joostjager
Copy link
Collaborator

@joostjager joostjager commented Jan 9, 2019

This issue also showed up in related PR #2428.

Copy link
Collaborator

@cfromknecht cfromknecht left a comment

LGTM! 👻

Copy link
Collaborator

@halseth halseth left a comment

LGTM :D

@@ -533,9 +533,17 @@ func (r *rpcServer) Start() error {
// TODO(roasbeef): eventually also allow the sub-servers to themselves
// have a REST proxy.
mux := proxy.NewServeMux()
grpcEndpoint := cfg.RPCListeners[0].String()

This comment has been minimized.

@halseth

halseth Jan 16, 2019
Collaborator

nit: add a comment why this string replacing is needed.

This comment has been minimized.

@wpaulino

wpaulino Jan 22, 2019
Author Collaborator

Done.

High Priority automation moved this from Needs review to Final Testing -- Ready For Merge Jan 16, 2019
… all interfaces

This prevents certificate issues when accessing the gRPC REST proxy externally.
@wpaulino wpaulino dismissed stale reviews from halseth and cfromknecht via 552b71c Jan 22, 2019
@wpaulino wpaulino force-pushed the wpaulino:grpc-proxy-endpoint branch from 3f538cb to 552b71c Jan 22, 2019
High Priority automation moved this from Final Testing -- Ready For Merge to Needs review Jan 22, 2019
High Priority automation moved this from Needs review to Final Testing -- Ready For Merge Jan 23, 2019
Copy link
Collaborator

@cfromknecht cfromknecht left a comment

LGTM! 🦁

@wpaulino wpaulino merged commit 9860df6 into lightningnetwork:master Jan 23, 2019
2 checks passed
2 checks passed
continuous-integration/travis-ci/pr The Travis CI build passed
Details
coverage/coveralls Coverage increased (+0.007%) to 56.316%
Details
High Priority automation moved this from Final Testing -- Ready For Merge to Done Jan 23, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
No open projects
High Priority
  
Done
Linked issues

Successfully merging this pull request may close these issues.

None yet

8 participants