Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

rpcserver: forward gRPC proxy requests to localhost when listening on all interfaces #2247

Merged
merged 1 commit into from Jan 23, 2019

Conversation

8 participants
@wpaulino
Copy link
Collaborator

wpaulino commented Nov 30, 2018

This prevents certificate issues when accessing the gRPC REST proxy externally.

Fixes #1567.

@wpaulino wpaulino force-pushed the wpaulino:grpc-proxy-endpoint branch from 318ebf2 to 72b2f4e Nov 30, 2018

@Roasbeef Roasbeef requested a review from cfromknecht Dec 4, 2018

@leshik

This comment has been minimized.

Copy link

leshik commented Dec 16, 2018

@wpaulino Just wanted to drop a note that I've patched my lnd instance with this PR and it works ok for me in Docker with wildcard RPC addresses. Hope that more people (@NicolasDorier @dennisreimann @zwarbo) try it so it could find its way to master.

@NicolasDorier

This comment has been minimized.

Copy link

NicolasDorier commented Dec 17, 2018

I don't understand, this PR seems to transform 0.0.0.0 to 127.0.0.1, this is not what I want.

@leshik

This comment has been minimized.

Copy link

leshik commented Dec 17, 2018

@NicolasDorier It does this internally so the REST-to-gRPC proxy goes to the same host where LND is running (and since it's the same single binary, i.e. proxy and gRPC can't be on different hosts, it always works with 127.0.0.1). It doesn't bind REST endpoint to loopback. So it will fix the issue you were facing.

@NicolasDorier

This comment has been minimized.

Copy link

NicolasDorier commented Dec 17, 2018

Oh I get it! thanks a lot, will test.

@jamaljsr

This comment has been minimized.

Copy link

jamaljsr commented Dec 17, 2018

I also ran into the "authentication handshake failed" error on my remote node, trying to setup the joule extension. I manually patched lnd with these changes, rebuilt and now the REST api works as expected. Thanks @wpaulino 👍

@Roasbeef Roasbeef added this to In progress in High Priority via automation Dec 18, 2018

@Roasbeef Roasbeef moved this from In progress to Needs review in High Priority Dec 18, 2018

@wpaulino wpaulino force-pushed the wpaulino:grpc-proxy-endpoint branch from 72b2f4e to 3f538cb Jan 4, 2019

@joostjager

This comment has been minimized.

Copy link
Collaborator

joostjager commented Jan 9, 2019

This issue also showed up in related PR #2428.

@cfromknecht
Copy link
Collaborator

cfromknecht left a comment

LGTM! 👻

@halseth
Copy link
Collaborator

halseth left a comment

LGTM :D

@@ -533,9 +533,17 @@ func (r *rpcServer) Start() error {
// TODO(roasbeef): eventually also allow the sub-servers to themselves
// have a REST proxy.
mux := proxy.NewServeMux()
grpcEndpoint := cfg.RPCListeners[0].String()

This comment has been minimized.

Copy link
@halseth

halseth Jan 16, 2019

Collaborator

nit: add a comment why this string replacing is needed.

This comment has been minimized.

Copy link
@wpaulino

wpaulino Jan 22, 2019

Author Collaborator

Done.

High Priority automation moved this from Needs review to Final Testing -- Ready For Merge Jan 16, 2019

rpcserver: forward gRPC proxy requests to localhost when listening on…
… all interfaces

This prevents certificate issues when accessing the gRPC REST proxy externally.

@wpaulino wpaulino dismissed stale reviews from halseth and cfromknecht via 552b71c Jan 22, 2019

@wpaulino wpaulino force-pushed the wpaulino:grpc-proxy-endpoint branch from 3f538cb to 552b71c Jan 22, 2019

High Priority automation moved this from Final Testing -- Ready For Merge to Needs review Jan 22, 2019

High Priority automation moved this from Needs review to Final Testing -- Ready For Merge Jan 23, 2019

@cfromknecht
Copy link
Collaborator

cfromknecht left a comment

LGTM! 🦁

@wpaulino wpaulino merged commit 9860df6 into lightningnetwork:master Jan 23, 2019

2 checks passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
coverage/coveralls Coverage increased (+0.007%) to 56.316%
Details

High Priority automation moved this from Final Testing -- Ready For Merge to Done Jan 23, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.