mirror of
https://gitlab.com/pulsechaincom/lighthouse-pulse.git
synced 2024-12-24 20:47:17 +00:00
a73d698e30
Currently, the beacon node has no ability to serve the HTTP API over TLS. Adding this functionality would be helpful for certain use cases, such as when you need a validator client to connect to a backup beacon node which is outside your local network, and the use of an SSH tunnel or reverse proxy would be inappropriate. ## Proposed Changes - Add three new CLI flags to the beacon node - `--http-enable-tls`: enables TLS - `--http-tls-cert`: to specify the path to the certificate file - `--http-tls-key`: to specify the path to the key file - Update the HTTP API to optionally use `warp`'s [`TlsServer`](https://docs.rs/warp/0.3.1/warp/struct.TlsServer.html) depending on the presence of the `--http-enable-tls` flag - Update tests and docs - Use a custom branch for `warp` to ensure proper error handling ## Additional Info Serving the API over TLS should currently be considered experimental. The reason for this is that it uses code from an [unmerged PR](https://github.com/seanmonstar/warp/pull/717). This commit provides the `try_bind_with_graceful_shutdown` method to `warp`, which is helpful for controlling error flow when the TLS configuration is invalid (cert/key files don't exist, incorrect permissions, etc). I've implemented the same code in my [branch here](https://github.com/macladson/warp/tree/tls). Once the code has been reviewed and merged upstream into `warp`, we can remove the dependency on my branch and the feature can be considered more stable. Currently, the private key file must not be password-protected in order to be read into Lighthouse.
60 lines
2.0 KiB
TOML
60 lines
2.0 KiB
TOML
[package]
|
|
name = "validator_client"
|
|
version = "0.3.5"
|
|
authors = ["Paul Hauner <paul@paulhauner.com>", "Age Manning <Age@AgeManning.com>", "Luke Anderson <luke@lukeanderson.com.au>"]
|
|
edition = "2018"
|
|
|
|
[lib]
|
|
name = "validator_client"
|
|
path = "src/lib.rs"
|
|
|
|
[dev-dependencies]
|
|
tokio = { version = "1.10.0", features = ["time", "rt-multi-thread", "macros"] }
|
|
|
|
[dependencies]
|
|
tree_hash = "0.4.0"
|
|
clap = "2.33.3"
|
|
slashing_protection = { path = "./slashing_protection" }
|
|
slot_clock = { path = "../common/slot_clock" }
|
|
types = { path = "../consensus/types" }
|
|
safe_arith = { path = "../consensus/safe_arith" }
|
|
serde = "1.0.116"
|
|
serde_derive = "1.0.116"
|
|
bincode = "1.3.1"
|
|
serde_json = "1.0.58"
|
|
slog = { version = "2.5.2", features = ["max_level_trace", "release_max_level_trace"] }
|
|
tokio = { version = "1.10.0", features = ["time"] }
|
|
futures = "0.3.7"
|
|
dirs = "3.0.1"
|
|
directory = { path = "../common/directory" }
|
|
lockfile = { path = "../common/lockfile" }
|
|
environment = { path = "../lighthouse/environment" }
|
|
parking_lot = "0.11.0"
|
|
exit-future = "0.2.0"
|
|
filesystem = { path = "../common/filesystem" }
|
|
hex = "0.4.2"
|
|
deposit_contract = { path = "../common/deposit_contract" }
|
|
bls = { path = "../crypto/bls" }
|
|
eth2 = { path = "../common/eth2" }
|
|
tempfile = "3.1.0"
|
|
validator_dir = { path = "../common/validator_dir" }
|
|
clap_utils = { path = "../common/clap_utils" }
|
|
eth2_keystore = { path = "../crypto/eth2_keystore" }
|
|
account_utils = { path = "../common/account_utils" }
|
|
lighthouse_version = { path = "../common/lighthouse_version" }
|
|
warp_utils = { path = "../common/warp_utils" }
|
|
warp = { git = "https://github.com/macladson/warp", rev ="dfa259e" }
|
|
hyper = "0.14.4"
|
|
eth2_serde_utils = "0.1.0"
|
|
libsecp256k1 = "0.6.0"
|
|
ring = "0.16.19"
|
|
rand = "0.7.3"
|
|
lighthouse_metrics = { path = "../common/lighthouse_metrics" }
|
|
lazy_static = "1.4.0"
|
|
itertools = "0.10.0"
|
|
monitoring_api = { path = "../common/monitoring_api" }
|
|
sensitive_url = { path = "../common/sensitive_url" }
|
|
task_executor = { path = "../common/task_executor" }
|
|
reqwest = { version = "0.11.0", features = ["json","stream"] }
|
|
url = "2.2.2"
|