Acala icon indicating copy to clipboard operation
Acala copied to clipboard

Published 20 hours ago verified publisher icon AcalaNetwork

Unable to change listen-addr for RPC

Open dancamarg0 opened this issue 9 months ago • 3 comments

Describe the bug

I'm able to change all the listen addresses below:

  --listen-addr /ip4/<IP_ADDR>/tcp/9933/ws \
  --listen-addr /ip4/<IP_ADDR>/tcp/9933/http \
  --listen-addr /ip4/0.0.0.0/tcp/30334 \
  --listen-addr /ip4/0.0.0.0/tcp/30333 \
  --listen-addr /ip6/::/tcp/30334 \
  --listen-addr /ip6/::/tcp/30333 \

I can access ws as expected from port 9933 but I cannot access the RPC API

For example the following RPC call doesn't work because I'm unable to connect to the server

curl http://<IP_ADDR>:9933 -X POST -H 'Content-Type: application/json' -d '
{"jsonrpc":"2.0","method":"system_health","params":[],"id":0}'

Expected Behavior

I should be able to open and query the RPC API via private IP + 9933 when provided --listen-addr /ip4/<IP_ADDR>/tcp/9933/http (If I'm passing the wrong protocol string please advise)

If I don't provide any listen-addr argument and just use the defaults from --rpc-port it works otherwise and I can see this message on startup: Running JSON-RPC server: addr=0.0.0.0:9933, allowed origins=["*"]

Current Behavior

Steps to Reproduce

  1. Running acala v2.24.0
  2. Try to bind RPC to a private IP instead of default 0.0.0.0, you can use 127.0.0.1 for example
  3. RPC + WS should work

Additional context

  • Node version:
  • OS:
  • Command line options:
  • Relevant transaction hash:
  • Relevant account address:
  • Logs. Please format it as code blocks

dancamarg0 avatar Apr 30 '24 04:04 dancamarg0

This is a required feature for some RPC providers, because we want to bind the service just to our private network so we can be compliant to our security measures

dancamarg0 avatar Apr 30 '24 04:04 dancamarg0

--listen-addr is for the libp2p protocol

Unfortunately polkadot-sdk doesn't appear to offer such functionality. I have reported this issue https://github.com/paritytech/polkadot-sdk/issues/4331

A workaround is to have --rpc-external=false so that it binds to localhost and use subway to proxy the requests. It is possible to config listen address with subway. https://github.com/AcalaNetwork/subway/blob/7cb7c73ab08d53b8c3b181e52acb5d227a5b23a5/configs/config.yml#L26

xlc avatar Apr 30 '24 04:04 xlc