-
Notifications
You must be signed in to change notification settings - Fork 492
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Expose the RPC Server as an onion service #11714
Conversation
This PR solves #9794 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
tACK, ty for the detailed testing instructions.
Awesome PR.
Why? If I run in a Daemon mode, there is high possibility I will be already running Tor as a system service, so Wasabi could just reuse that one. |
No, that's not possible. Things like this PR are only possible because Wasabi have access to the Tor control port, this is, the tor control port is opened and listening. The tor control port is closed by default however we make sure to have that available by starting a Tor instance with the correct parameters. Wasabi worked many years with an already running Tor instance and it could still do it but features like this one wouldn't be available. |
I can have control port configured and open with local system Tor instance too. In fact, that's how I run JoinMarket, bundled Tor there is optional off by default option. It would be cool to not require running another Tor instance, but instead I could just specify SOCKS5 port and control port (or socket). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
tACK ded3d9d
it works like a charm! Latency seems totaly alright, but it's noticably slower than the local rpc calls.
There is a new onion address after each restart. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Partial review
This first version should be ephemeral. A static one requires key management, I mean, to create a key with a library that we don't have, then save it somewhere (currently there is not place to save that except a config file?), keep it encrypted with some password, etc. The technical complexity goes up very quickly and the UX goes down too because you would need to ask the user to introduce the password to decrypt the key for the onion service at start time for example. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
tACK 398437d
This PR exposes the RPC server as an onion service.
How to test
Run wasabi daemon with:
It is important to know that:
UseTor
is necessary because that switch controls whether the Tor process must be launched or not. We need the Tor process running in order to create the ephemeral onion service.JsonRpcServerEnabled
must be true because otherwise the rpc server is not started.JsonRpcUser
andJsonRpcPassword
.RpcOnionEnabled
indicates whether or not to create the ephemeral onion service. This switch is only available as a command line switch and environment variable. By default it isfalse
.Once the daemon is running take a look at the log output and find the onion address:
Run a Tor instance on the client machine
Here this example assumes you are running a Tor instance in the default port (9050). Use Tor as a socks proxy for your client (in this case we use
curl
)