mirror of
https://gitlab.com/pulsechaincom/erigon-pulse.git
synced 2025-01-03 01:27:38 +00:00
Engine API: remove unauth port (#4111)
* Engine API: remove unauth port * Remove reduntant auth from variable names
This commit is contained in:
Andrew Ashikhmin
GitHub
parent
763563ec77
commit
15ddd32e75
@ -20,7 +20,7 @@ RUN chown -R erigon:erigon /home/erigon
|
||||
|
||||
USER erigon
|
||||
|
||||
EXPOSE 8545 8550 8551 8546 30303 30303/udp 42069 42069/udp 8080 9090 6060
|
||||
EXPOSE 8545 8551 8546 30303 30303/udp 42069 42069/udp 8080 9090 6060
|
||||
|
||||
# https://github.com/opencontainers/image-spec/blob/main/annotations.md
|
||||
ARG BUILD_DATE
|
||||
|
||||
@ -323,11 +323,10 @@ internally for rpcdaemon or other connections, (e.g. rpcdaemon -> erigon)
|
||||
| Port | Protocol | Purpose | Expose |
|
||||
|:-----:|:---------:|:------------------:|:-------:|
|
||||
| 8545 | TCP | HTTP & WebSockets | Private |
|
||||
| 8550 | TCP | HTTP | Private |
|
||||
| 8551 | TCP | HTTP with JWS auth | Private |
|
||||
| 8551 | TCP | HTTP with JWT auth | Private |
|
||||
|
||||
Typically 8545 is exposed only internally for JSON-RPC queries. Both HTTP and WebSocket connections are on the same port.
|
||||
Typically 8550 (unauthenticated) and 8551 (authenticated) are exposed only internally for the Engine API JSON-RPC queries.
|
||||
Typically 8551 (JWT authenticated) is exposed only internally for the Engine API JSON-RPC queries.
|
||||
|
||||
#### `sentry` ports
|
||||
|
||||
|
||||
@ -431,7 +431,6 @@ func RemoteServices(ctx context.Context, cfg httpcfg.HttpCfg, logger log.Logger,
|
||||
|
||||
func StartRpcServer(ctx context.Context, cfg httpcfg.HttpCfg, rpcAPI []rpc.API) error {
|
||||
var engineListener *http.Server
|
||||
var engineListenerAuth *http.Server
|
||||
var engineSrv *rpc.Server
|
||||
var engineHttpEndpoint string
|
||||
|
||||
@ -496,7 +495,7 @@ func StartRpcServer(ctx context.Context, cfg httpcfg.HttpCfg, rpcAPI []rpc.API)
|
||||
"ws.compression", cfg.WebsocketCompression, "grpc", cfg.GRPCServerEnabled}
|
||||
|
||||
if len(engineAPI) > 0 {
|
||||
engineListener, engineListenerAuth, engineSrv, engineHttpEndpoint, err = createEngineListener(cfg, engineAPI)
|
||||
engineListener, engineSrv, engineHttpEndpoint, err = createEngineListener(cfg, engineAPI)
|
||||
if err != nil {
|
||||
return fmt.Errorf("could not start RPC api for engine: %w", err)
|
||||
}
|
||||
@ -539,11 +538,6 @@ func StartRpcServer(ctx context.Context, cfg httpcfg.HttpCfg, rpcAPI []rpc.API)
|
||||
log.Info("Engine HTTP endpoint close", "url", engineHttpEndpoint)
|
||||
}
|
||||
|
||||
if engineListenerAuth != nil {
|
||||
_ = engineListenerAuth.Shutdown(shutdownCtx)
|
||||
log.Info("Engine HTTP endpoint close", "url", engineHttpEndpoint)
|
||||
}
|
||||
|
||||
if cfg.GRPCServerEnabled {
|
||||
if cfg.GRPCHealthCheckEnabled {
|
||||
healthServer.Shutdown()
|
||||
@ -614,60 +608,45 @@ func createHandler(cfg httpcfg.HttpCfg, apiList []rpc.API, httpHandler http.Hand
|
||||
return handler, nil
|
||||
}
|
||||
|
||||
func createEngineListener(cfg httpcfg.HttpCfg, engineApi []rpc.API) (*http.Server, *http.Server, *rpc.Server, string, error) {
|
||||
func createEngineListener(cfg httpcfg.HttpCfg, engineApi []rpc.API) (*http.Server, *rpc.Server, string, error) {
|
||||
engineHttpEndpoint := fmt.Sprintf("%s:%d", cfg.EngineHTTPListenAddress, cfg.EnginePort)
|
||||
engineHttpEndpointAuth := fmt.Sprintf("%s:%d", cfg.EngineHTTPListenAddress, cfg.EnginePort+1)
|
||||
|
||||
engineSrv := rpc.NewServer(cfg.RpcBatchConcurrency)
|
||||
|
||||
allowListForRPC, err := parseAllowListForRPC(cfg.RpcAllowListFilePath)
|
||||
if err != nil {
|
||||
return nil, nil, nil, "", err
|
||||
return nil, nil, "", err
|
||||
}
|
||||
engineSrv.SetAllowList(allowListForRPC)
|
||||
|
||||
if err := node.RegisterApisFromWhitelist(engineApi, nil, engineSrv, true); err != nil {
|
||||
return nil, nil, nil, "", fmt.Errorf("could not start register RPC engine api: %w", err)
|
||||
return nil, nil, "", fmt.Errorf("could not start register RPC engine api: %w", err)
|
||||
}
|
||||
|
||||
jwtSecret, err := obtainJWTSecret(cfg)
|
||||
if err != nil {
|
||||
return nil, nil, nil, "", err
|
||||
return nil, nil, "", err
|
||||
}
|
||||
|
||||
var wsHandlerNonAuth http.Handler
|
||||
var wsHandlerAuth http.Handler
|
||||
|
||||
var wsHandler http.Handler
|
||||
if cfg.WebsocketEnabled {
|
||||
wsHandlerNonAuth = engineSrv.WebsocketHandler([]string{"*"}, nil, cfg.WebsocketCompression)
|
||||
wsHandlerAuth = engineSrv.WebsocketHandler([]string{"*"}, jwtSecret, cfg.WebsocketCompression)
|
||||
wsHandler = engineSrv.WebsocketHandler([]string{"*"}, jwtSecret, cfg.WebsocketCompression)
|
||||
}
|
||||
|
||||
engineHttpHandler := node.NewHTTPHandlerStack(engineSrv, cfg.HttpCORSDomain, cfg.HttpVirtualHost, cfg.HttpCompression)
|
||||
engineApiHandler, err := createHandler(cfg, engineApi, engineHttpHandler, wsHandlerNonAuth, nil)
|
||||
if err != nil {
|
||||
return nil, nil, nil, "", err
|
||||
}
|
||||
|
||||
engineApiHandlerAuth, err := createHandler(cfg, engineApi, engineHttpHandler, wsHandlerAuth, jwtSecret)
|
||||
engineApiHandler, err := createHandler(cfg, engineApi, engineHttpHandler, wsHandler, jwtSecret)
|
||||
if err != nil {
|
||||
return nil, nil, nil, "", err
|
||||
return nil, nil, "", err
|
||||
}
|
||||
|
||||
engineListener, _, err := node.StartHTTPEndpoint(engineHttpEndpoint, rpc.DefaultHTTPTimeouts, engineApiHandler)
|
||||
if err != nil {
|
||||
return nil, nil, nil, "", fmt.Errorf("could not start RPC api: %w", err)
|
||||
}
|
||||
|
||||
engineListenerAuth, _, err := node.StartHTTPEndpoint(engineHttpEndpointAuth, rpc.DefaultHTTPTimeouts, engineApiHandlerAuth)
|
||||
if err != nil {
|
||||
return nil, nil, nil, "", fmt.Errorf("could not start RPC api: %w", err)
|
||||
return nil, nil, "", fmt.Errorf("could not start RPC api: %w", err)
|
||||
}
|
||||
|
||||
engineInfo := []interface{}{"url", engineHttpEndpoint, "ws", cfg.WebsocketEnabled}
|
||||
log.Info("HTTP endpoint opened for engine", engineInfo...)
|
||||
engineInfoAuth := []interface{}{"url", engineHttpEndpointAuth, "ws", cfg.WebsocketEnabled}
|
||||
log.Info("HTTP endpoint opened for auth engine", engineInfoAuth...)
|
||||
log.Info("HTTP endpoint opened for Engine API", engineInfo...)
|
||||
|
||||
return engineListener, engineListenerAuth, engineSrv, engineHttpEndpoint, nil
|
||||
return engineListener, engineSrv, engineHttpEndpoint, nil
|
||||
}
|
||||
|
||||
@ -47,20 +47,6 @@ Content-Type: application/json
|
||||
|
||||
###
|
||||
|
||||
POST localhost:8550
|
||||
Content-Type: application/json
|
||||
|
||||
{
|
||||
"jsonrpc": "2.0",
|
||||
"method": "engine_getPayloadV1",
|
||||
"params": [
|
||||
"0x1112131415161718"
|
||||
],
|
||||
"id": 1
|
||||
}
|
||||
|
||||
###
|
||||
|
||||
# curl -X POST -H "Content-Type: application/json" --data '{"jsonrpc":"2.0","method":"eth_getTransactionByHash", "params": ["0x8582cf1230e0b1c191a306e907ee4abe3459607dfa84143ebd496de7e77fa45e", true], "id":1}' localhost:8545
|
||||
POST localhost:8545
|
||||
Content-Type: application/json
|
||||
|
||||
@ -50,7 +50,6 @@ services:
|
||||
- erigon
|
||||
ports:
|
||||
- "8545:8545"
|
||||
- "8550:8550"
|
||||
- "8551:8551"
|
||||
restart: unless-stopped
|
||||
|
||||
|
||||
@ -26,7 +26,7 @@ import (
|
||||
const (
|
||||
DefaultHTTPHost = "localhost" // Default host interface for the HTTP RPC server
|
||||
DefaultHTTPPort = 8545 // Default TCP port for the HTTP RPC server
|
||||
DefaultEngineHTTPPort = 8550 // Default TCP port for the engineApi HTTP RPC server
|
||||
DefaultEngineHTTPPort = 8551 // Default TCP port for the engineApi HTTP RPC server
|
||||
DefaultWSHost = "localhost" // Default host interface for the websocket RPC server
|
||||
DefaultWSPort = 8546 // Default TCP port for the websocket RPC server
|
||||
DefaultGRPCHost = "localhost" // Default host interface for the GRPC server
|
||||
|
||||
Loading…
Reference in New Issue
Block a user