From 2f156b352317f6d487b913faabb4cff3f2bfa13e Mon Sep 17 00:00:00 2001 From: yperbasis Date: Mon, 1 Aug 2022 17:21:59 +0200 Subject: [PATCH 1/7] Update README re. Engine API --- README.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/README.md b/README.md index 589d2b11016..e7c77bebc3d 100644 --- a/README.md +++ b/README.md @@ -180,10 +180,7 @@ Erigon can be used as an execution-layer for beacon chain consensus clients (Eth relies on availability of receipts - don't prune them: don't add character `r` to `--prune` flag. However, old receipts are not needed for Eth2 and you can safely prune them with `--prune.r.before=11184524` in combination with `--prune htc`. -You must enable JSON-RPC by `--http` and add `engine` to `--http.api` list. (Or run the [JSON-RPC daemon](#json-rpc-daemon) in addition to the Erigon) - -If beacon chain client on a different device: add `--http.addr 0.0.0.0` (JSON-RPC listen on localhost by default) -. +If beacon chain client is on a different device, add `--engine.addr 0.0.0.0`. (JSON-RPC listen on localhost by default.) Once the JSON-RPC is running, all you need to do is point your beacon chain client to `:8545`, where `` is either localhost or the IP address of the device running the JSON-RPC. From 524f681c923942c34deb738d7ef4eee3d83fedbe Mon Sep 17 00:00:00 2001 From: yperbasis Date: Mon, 1 Aug 2022 17:24:26 +0200 Subject: [PATCH 2/7] Remove obsolete code --- cmd/rpcdaemon/cli/config.go | 23 ----------------------- 1 file changed, 23 deletions(-) diff --git a/cmd/rpcdaemon/cli/config.go b/cmd/rpcdaemon/cli/config.go index 56bab98cef8..b6370518426 100644 --- a/cmd/rpcdaemon/cli/config.go +++ b/cmd/rpcdaemon/cli/config.go @@ -320,29 +320,6 @@ func RemoteServices(ctx context.Context, cfg httpcfg.HttpCfg, logger log.Logger, return nil, nil, nil, nil, nil, nil, nil, nil, ff, fmt.Errorf("chain config not found in db. Need start erigon at least once on this db") } cfg.Snap.Enabled = cfg.Snap.Enabled || cfg.Sync.UseSnapshots - - // if chain config has terminal total difficulty then rpc must have eth and engine APIs enableds - if cc.TerminalTotalDifficulty != nil { - hasEthApiEnabled := false - hasEngineApiEnabled := false - - for _, api := range cfg.API { - switch api { - case "eth": - hasEthApiEnabled = true - case "engine": - hasEngineApiEnabled = true - } - } - - if !hasEthApiEnabled { - cfg.API = append(cfg.API, "eth") - } - - if !hasEngineApiEnabled { - cfg.API = append(cfg.API, "engine") - } - } } creds, err := grpcutil.TLS(cfg.TLSCACert, cfg.TLSCertfile, cfg.TLSKeyFile) From dc2e7295a0b0189418ce063a4be0dd9a49d86c0f Mon Sep 17 00:00:00 2001 From: yperbasis Date: Mon, 1 Aug 2022 17:44:12 +0200 Subject: [PATCH 3/7] Don't apply --rpc.accessList to Engine API listener --- cmd/rpcdaemon/cli/config.go | 6 ------ 1 file changed, 6 deletions(-) diff --git a/cmd/rpcdaemon/cli/config.go b/cmd/rpcdaemon/cli/config.go index b6370518426..9e160eb3429 100644 --- a/cmd/rpcdaemon/cli/config.go +++ b/cmd/rpcdaemon/cli/config.go @@ -633,12 +633,6 @@ func createEngineListener(cfg httpcfg.HttpCfg, engineApi []rpc.API) (*http.Serve engineSrv := rpc.NewServer(cfg.RpcBatchConcurrency, cfg.TraceRequests, true) - allowListForRPC, err := parseAllowListForRPC(cfg.RpcAllowListFilePath) - if err != nil { - return nil, nil, "", err - } - engineSrv.SetAllowList(allowListForRPC) - if err := node.RegisterApisFromWhitelist(engineApi, nil, engineSrv, true); err != nil { return nil, nil, "", fmt.Errorf("could not start register RPC engine api: %w", err) } From 1bc1731d97c3d3888b29fffdd8820395dfcff1fb Mon Sep 17 00:00:00 2001 From: yperbasis Date: Mon, 1 Aug 2022 17:46:05 +0200 Subject: [PATCH 4/7] Simplify startAuthenticatedRpcServer --- cmd/rpcdaemon/cli/config.go | 19 +++---------------- 1 file changed, 3 insertions(+), 16 deletions(-) diff --git a/cmd/rpcdaemon/cli/config.go b/cmd/rpcdaemon/cli/config.go index 9e160eb3429..f6419f0b7c5 100644 --- a/cmd/rpcdaemon/cli/config.go +++ b/cmd/rpcdaemon/cli/config.go @@ -531,25 +531,12 @@ type engineInfo struct { } func startAuthenticatedRpcServer(cfg httpcfg.HttpCfg, rpcAPI []rpc.API) (*engineInfo, error) { - var engineListener *http.Server - var engineSrv *rpc.Server - var engineHttpEndpoint string - var err error - log.Trace("TraceRequests = %t\n", cfg.TraceRequests) srv := rpc.NewServer(cfg.RpcBatchConcurrency, cfg.TraceRequests, cfg.RpcStreamingDisable) - var rpcAPIList []rpc.API - - for _, api := range rpcAPI { - rpcAPIList = append(rpcAPIList, api) - } - - if len(rpcAPIList) > 0 { - engineListener, engineSrv, engineHttpEndpoint, err = createEngineListener(cfg, rpcAPIList) - if err != nil { - return nil, fmt.Errorf("could not start RPC api for engine: %w", err) - } + engineListener, engineSrv, engineHttpEndpoint, err := createEngineListener(cfg, rpcAPI) + if err != nil { + return nil, fmt.Errorf("could not start RPC api for engine: %w", err) } return &engineInfo{Srv: srv, EngineSrv: engineSrv, EngineListener: engineListener, EngineHttpEndpoint: engineHttpEndpoint}, nil } From 2058e6dcba111e3631d62dccad4ef3993e8604ad Mon Sep 17 00:00:00 2001 From: yperbasis Date: Mon, 1 Aug 2022 18:07:50 +0200 Subject: [PATCH 5/7] Rename engine.* cmd flags to authrpc.* for consistency with geth --- README.md | 2 +- cmd/rpcdaemon/cli/config.go | 10 +++++----- cmd/rpcdaemon22/cli/config.go | 4 ++-- cmd/utils/flags.go | 8 ++++---- turbo/cli/default_flags.go | 4 ++-- turbo/cli/flags.go | 12 ++++++------ 6 files changed, 20 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index e7c77bebc3d..9bba9ec4409 100644 --- a/README.md +++ b/README.md @@ -180,7 +180,7 @@ Erigon can be used as an execution-layer for beacon chain consensus clients (Eth relies on availability of receipts - don't prune them: don't add character `r` to `--prune` flag. However, old receipts are not needed for Eth2 and you can safely prune them with `--prune.r.before=11184524` in combination with `--prune htc`. -If beacon chain client is on a different device, add `--engine.addr 0.0.0.0`. (JSON-RPC listen on localhost by default.) +If beacon chain client is on a different device, add `--authrpc.addr 0.0.0.0`. (Engine API listens on localhost by default.) Once the JSON-RPC is running, all you need to do is point your beacon chain client to `:8545`, where `` is either localhost or the IP address of the device running the JSON-RPC. diff --git a/cmd/rpcdaemon/cli/config.go b/cmd/rpcdaemon/cli/config.go index f6419f0b7c5..90037bfa3d1 100644 --- a/cmd/rpcdaemon/cli/config.go +++ b/cmd/rpcdaemon/cli/config.go @@ -66,12 +66,12 @@ func RootCommand() (*cobra.Command, *httpcfg.HttpCfg) { rootCmd.PersistentFlags().StringVar(&cfg.PrivateApiAddr, "private.api.addr", "127.0.0.1:9090", "private api network address, for example: 127.0.0.1:9090") rootCmd.PersistentFlags().StringVar(&cfg.DataDir, "datadir", "", "path to Erigon working directory") rootCmd.PersistentFlags().StringVar(&cfg.HttpListenAddress, "http.addr", nodecfg.DefaultHTTPHost, "HTTP-RPC server listening interface") - rootCmd.PersistentFlags().StringVar(&cfg.EngineHTTPListenAddress, "engine.addr", nodecfg.DefaultHTTPHost, "HTTP-RPC server listening interface for engineAPI") + rootCmd.PersistentFlags().StringVar(&cfg.EngineHTTPListenAddress, "authrpc.addr", nodecfg.DefaultHTTPHost, "HTTP-RPC server listening interface for engineAPI") rootCmd.PersistentFlags().StringVar(&cfg.TLSCertfile, "tls.cert", "", "certificate for client side TLS handshake") rootCmd.PersistentFlags().StringVar(&cfg.TLSKeyFile, "tls.key", "", "key file for client side TLS handshake") rootCmd.PersistentFlags().StringVar(&cfg.TLSCACert, "tls.cacert", "", "CA certificate for client side TLS handshake") rootCmd.PersistentFlags().IntVar(&cfg.HttpPort, "http.port", nodecfg.DefaultHTTPPort, "HTTP-RPC server listening port") - rootCmd.PersistentFlags().IntVar(&cfg.EnginePort, "engine.port", nodecfg.DefaultEngineHTTPPort, "HTTP-RPC server listening port for the engineAPI") + rootCmd.PersistentFlags().IntVar(&cfg.EnginePort, "authrpc.port", nodecfg.DefaultEngineHTTPPort, "HTTP-RPC server listening port for the engineAPI") rootCmd.PersistentFlags().StringSliceVar(&cfg.HttpCORSDomain, "http.corsdomain", []string{}, "Comma separated list of domains from which to accept cross origin requests (browser enforced)") rootCmd.PersistentFlags().StringSliceVar(&cfg.HttpVirtualHost, "http.vhosts", nodecfg.DefaultConfig.HTTPVirtualHosts, "Comma separated list of virtual hostnames from which to accept requests (server enforced). Accepts '*' wildcard.") rootCmd.PersistentFlags().BoolVar(&cfg.HttpCompression, "http.compression", true, "Disable http compression") @@ -99,9 +99,9 @@ func RootCommand() (*cobra.Command, *httpcfg.HttpCfg) { rootCmd.PersistentFlags().DurationVar(&cfg.HTTPTimeouts.ReadTimeout, "http.timeouts.read", rpccfg.DefaultHTTPTimeouts.ReadTimeout, "Maximum duration for reading the entire request, including the body.") rootCmd.PersistentFlags().DurationVar(&cfg.HTTPTimeouts.WriteTimeout, "http.timeouts.write", rpccfg.DefaultHTTPTimeouts.WriteTimeout, "Maximum duration before timing out writes of the response. It is reset whenever a new request's header is read") rootCmd.PersistentFlags().DurationVar(&cfg.HTTPTimeouts.IdleTimeout, "http.timeouts.idle", rpccfg.DefaultHTTPTimeouts.IdleTimeout, "Maximum amount of time to wait for the next request when keep-alives are enabled. If http.timeouts.idle is zero, the value of http.timeouts.read is used") - rootCmd.PersistentFlags().DurationVar(&cfg.EngineTimeouts.ReadTimeout, "engine.timeouts.read", rpccfg.DefaultHTTPTimeouts.ReadTimeout, "Maximum duration for reading the entire request, including the body.") - rootCmd.PersistentFlags().DurationVar(&cfg.EngineTimeouts.WriteTimeout, "engine.timeouts.write", rpccfg.DefaultHTTPTimeouts.WriteTimeout, "Maximum duration before timing out writes of the response. It is reset whenever a new request's header is read.") - rootCmd.PersistentFlags().DurationVar(&cfg.EngineTimeouts.IdleTimeout, "engine.timeouts.idle", rpccfg.DefaultHTTPTimeouts.IdleTimeout, "Maximum amount of time to wait for the next request when keep-alives are enabled. If engine.timeouts.idle is zero, the value of engine.timeouts.read is used.") + rootCmd.PersistentFlags().DurationVar(&cfg.EngineTimeouts.ReadTimeout, "authrpc.timeouts.read", rpccfg.DefaultHTTPTimeouts.ReadTimeout, "Maximum duration for reading the entire request, including the body.") + rootCmd.PersistentFlags().DurationVar(&cfg.EngineTimeouts.WriteTimeout, "authrpc.timeouts.write", rpccfg.DefaultHTTPTimeouts.WriteTimeout, "Maximum duration before timing out writes of the response. It is reset whenever a new request's header is read.") + rootCmd.PersistentFlags().DurationVar(&cfg.EngineTimeouts.IdleTimeout, "authrpc.timeouts.idle", rpccfg.DefaultHTTPTimeouts.IdleTimeout, "Maximum amount of time to wait for the next request when keep-alives are enabled. If authrpc.timeouts.idle is zero, the value of authrpc.timeouts.read is used.") if err := rootCmd.MarkPersistentFlagFilename("rpc.accessList", "json"); err != nil { panic(err) diff --git a/cmd/rpcdaemon22/cli/config.go b/cmd/rpcdaemon22/cli/config.go index f4444ded653..6b6acd66081 100644 --- a/cmd/rpcdaemon22/cli/config.go +++ b/cmd/rpcdaemon22/cli/config.go @@ -67,12 +67,12 @@ func RootCommand() (*cobra.Command, *httpcfg.HttpCfg) { rootCmd.PersistentFlags().StringVar(&cfg.PrivateApiAddr, "private.api.addr", "127.0.0.1:9090", "private api network address, for example: 127.0.0.1:9090") rootCmd.PersistentFlags().StringVar(&cfg.DataDir, "datadir", "", "path to Erigon working directory") rootCmd.PersistentFlags().StringVar(&cfg.HttpListenAddress, "http.addr", nodecfg.DefaultHTTPHost, "HTTP-RPC server listening interface") - rootCmd.PersistentFlags().StringVar(&cfg.EngineHTTPListenAddress, "engine.addr", nodecfg.DefaultHTTPHost, "HTTP-RPC server listening interface for engineAPI") + rootCmd.PersistentFlags().StringVar(&cfg.EngineHTTPListenAddress, "authrpc.addr", nodecfg.DefaultHTTPHost, "HTTP-RPC server listening interface for engineAPI") rootCmd.PersistentFlags().StringVar(&cfg.TLSCertfile, "tls.cert", "", "certificate for client side TLS handshake") rootCmd.PersistentFlags().StringVar(&cfg.TLSKeyFile, "tls.key", "", "key file for client side TLS handshake") rootCmd.PersistentFlags().StringVar(&cfg.TLSCACert, "tls.cacert", "", "CA certificate for client side TLS handshake") rootCmd.PersistentFlags().IntVar(&cfg.HttpPort, "http.port", nodecfg.DefaultHTTPPort, "HTTP-RPC server listening port") - rootCmd.PersistentFlags().IntVar(&cfg.EnginePort, "engine.port", nodecfg.DefaultEngineHTTPPort, "HTTP-RPC server listening port for the engineAPI") + rootCmd.PersistentFlags().IntVar(&cfg.EnginePort, "authrpc.port", nodecfg.DefaultEngineHTTPPort, "HTTP-RPC server listening port for the engineAPI") rootCmd.PersistentFlags().StringSliceVar(&cfg.HttpCORSDomain, "http.corsdomain", []string{}, "Comma separated list of domains from which to accept cross origin requests (browser enforced)") rootCmd.PersistentFlags().StringSliceVar(&cfg.HttpVirtualHost, "http.vhosts", nodecfg.DefaultConfig.HTTPVirtualHosts, "Comma separated list of virtual hostnames from which to accept requests (server enforced). Accepts '*' wildcard.") rootCmd.PersistentFlags().BoolVar(&cfg.HttpCompression, "http.compression", true, "Disable http compression") diff --git a/cmd/utils/flags.go b/cmd/utils/flags.go index f77e52ffa6c..f96a1b102cd 100644 --- a/cmd/utils/flags.go +++ b/cmd/utils/flags.go @@ -322,13 +322,13 @@ var ( Usage: "HTTP-RPC server listening port", Value: nodecfg.DefaultHTTPPort, } - EngineAddr = cli.StringFlag{ - Name: "engine.addr", + AuthRpcAddr = cli.StringFlag{ + Name: "authrpc.addr", Usage: "HTTP-RPC server listening interface for engineAPI", Value: nodecfg.DefaultHTTPHost, } - EnginePort = cli.UintFlag{ - Name: "engine.port", + AuthRpcPort = cli.UintFlag{ + Name: "authrpc.port", Usage: "HTTP-RPC server listening port for the engineAPI", Value: nodecfg.DefaultEngineHTTPPort, } diff --git a/turbo/cli/default_flags.go b/turbo/cli/default_flags.go index 5ae5df09ed5..4d3e4d64306 100644 --- a/turbo/cli/default_flags.go +++ b/turbo/cli/default_flags.go @@ -49,8 +49,8 @@ var DefaultFlags = []cli.Flag{ utils.HTTPEnabledFlag, utils.HTTPListenAddrFlag, utils.HTTPPortFlag, - utils.EngineAddr, - utils.EnginePort, + utils.AuthRpcAddr, + utils.AuthRpcPort, utils.JWTSecretPath, utils.HttpCompressionFlag, utils.HTTPCORSDomainFlag, diff --git a/turbo/cli/flags.go b/turbo/cli/flags.go index 851c5e8802d..f5b357dc34d 100644 --- a/turbo/cli/flags.go +++ b/turbo/cli/flags.go @@ -170,18 +170,18 @@ var ( } EngineReadTimeoutFlag = cli.DurationFlag{ - Name: "engine.timeouts.read", + Name: "authrpc.timeouts.read", Usage: "Maximum duration for reading the entire request, including the body.", Value: rpccfg.DefaultHTTPTimeouts.ReadTimeout, } EngineWriteTimeoutFlag = cli.DurationFlag{ - Name: "engine.timeouts.write", + Name: "authrpc.timeouts.write", Usage: "Maximum duration before timing out writes of the response. It is reset whenever a new request's header is read.", Value: rpccfg.DefaultHTTPTimeouts.WriteTimeout, } EngineIdleTimeoutFlag = cli.DurationFlag{ - Name: "engine.timeouts.idle", - Usage: "Maximum amount of time to wait for the next request when keep-alives are enabled. If engine.timeouts.idle is zero, the value of engine.timeouts.read is used.", + Name: "authrpc.timeouts.idle", + Usage: "Maximum amount of time to wait for the next request when keep-alives are enabled. If authrpc.timeouts.idle is zero, the value of authrpc.timeouts.read is used.", Value: rpccfg.DefaultHTTPTimeouts.IdleTimeout, } ) @@ -329,8 +329,8 @@ func setEmbeddedRpcDaemon(ctx *cli.Context, cfg *nodecfg.Config) { HttpListenAddress: ctx.GlobalString(utils.HTTPListenAddrFlag.Name), HttpPort: ctx.GlobalInt(utils.HTTPPortFlag.Name), - EngineHTTPListenAddress: ctx.GlobalString(utils.EngineAddr.Name), - EnginePort: ctx.GlobalInt(utils.EnginePort.Name), + EngineHTTPListenAddress: ctx.GlobalString(utils.AuthRpcAddr.Name), + EnginePort: ctx.GlobalInt(utils.AuthRpcPort.Name), JWTSecretPath: jwtSecretPath, TraceRequests: ctx.GlobalBool(utils.HTTPTraceFlag.Name), HttpCORSDomain: strings.Split(ctx.GlobalString(utils.HTTPCORSDomainFlag.Name), ","), From 075a9cffb5545f1ccc35db9f339acd228fdb1f4b Mon Sep 17 00:00:00 2001 From: yperbasis Date: Mon, 1 Aug 2022 18:16:11 +0200 Subject: [PATCH 6/7] More renamings --- cmd/rpcdaemon/cli/config.go | 14 ++--- cmd/rpcdaemon/cli/httpcfg/http_cfg.go | 78 +++++++++++++-------------- cmd/rpcdaemon22/cli/config.go | 2 +- cmd/utils/flags.go | 6 +-- node/nodecfg/defaults.go | 14 ++--- turbo/cli/flags.go | 20 +++---- 6 files changed, 67 insertions(+), 67 deletions(-) diff --git a/cmd/rpcdaemon/cli/config.go b/cmd/rpcdaemon/cli/config.go index 90037bfa3d1..0808def9c60 100644 --- a/cmd/rpcdaemon/cli/config.go +++ b/cmd/rpcdaemon/cli/config.go @@ -66,12 +66,12 @@ func RootCommand() (*cobra.Command, *httpcfg.HttpCfg) { rootCmd.PersistentFlags().StringVar(&cfg.PrivateApiAddr, "private.api.addr", "127.0.0.1:9090", "private api network address, for example: 127.0.0.1:9090") rootCmd.PersistentFlags().StringVar(&cfg.DataDir, "datadir", "", "path to Erigon working directory") rootCmd.PersistentFlags().StringVar(&cfg.HttpListenAddress, "http.addr", nodecfg.DefaultHTTPHost, "HTTP-RPC server listening interface") - rootCmd.PersistentFlags().StringVar(&cfg.EngineHTTPListenAddress, "authrpc.addr", nodecfg.DefaultHTTPHost, "HTTP-RPC server listening interface for engineAPI") + rootCmd.PersistentFlags().StringVar(&cfg.AuthRpcHTTPListenAddress, "authrpc.addr", nodecfg.DefaultHTTPHost, "HTTP-RPC server listening interface for the Engine API") rootCmd.PersistentFlags().StringVar(&cfg.TLSCertfile, "tls.cert", "", "certificate for client side TLS handshake") rootCmd.PersistentFlags().StringVar(&cfg.TLSKeyFile, "tls.key", "", "key file for client side TLS handshake") rootCmd.PersistentFlags().StringVar(&cfg.TLSCACert, "tls.cacert", "", "CA certificate for client side TLS handshake") rootCmd.PersistentFlags().IntVar(&cfg.HttpPort, "http.port", nodecfg.DefaultHTTPPort, "HTTP-RPC server listening port") - rootCmd.PersistentFlags().IntVar(&cfg.EnginePort, "authrpc.port", nodecfg.DefaultEngineHTTPPort, "HTTP-RPC server listening port for the engineAPI") + rootCmd.PersistentFlags().IntVar(&cfg.AuthRpcPort, "authrpc.port", nodecfg.DefaultAuthRpcPort, "HTTP-RPC server listening port for the Engine API") rootCmd.PersistentFlags().StringSliceVar(&cfg.HttpCORSDomain, "http.corsdomain", []string{}, "Comma separated list of domains from which to accept cross origin requests (browser enforced)") rootCmd.PersistentFlags().StringSliceVar(&cfg.HttpVirtualHost, "http.vhosts", nodecfg.DefaultConfig.HTTPVirtualHosts, "Comma separated list of virtual hostnames from which to accept requests (server enforced). Accepts '*' wildcard.") rootCmd.PersistentFlags().BoolVar(&cfg.HttpCompression, "http.compression", true, "Disable http compression") @@ -99,9 +99,9 @@ func RootCommand() (*cobra.Command, *httpcfg.HttpCfg) { rootCmd.PersistentFlags().DurationVar(&cfg.HTTPTimeouts.ReadTimeout, "http.timeouts.read", rpccfg.DefaultHTTPTimeouts.ReadTimeout, "Maximum duration for reading the entire request, including the body.") rootCmd.PersistentFlags().DurationVar(&cfg.HTTPTimeouts.WriteTimeout, "http.timeouts.write", rpccfg.DefaultHTTPTimeouts.WriteTimeout, "Maximum duration before timing out writes of the response. It is reset whenever a new request's header is read") rootCmd.PersistentFlags().DurationVar(&cfg.HTTPTimeouts.IdleTimeout, "http.timeouts.idle", rpccfg.DefaultHTTPTimeouts.IdleTimeout, "Maximum amount of time to wait for the next request when keep-alives are enabled. If http.timeouts.idle is zero, the value of http.timeouts.read is used") - rootCmd.PersistentFlags().DurationVar(&cfg.EngineTimeouts.ReadTimeout, "authrpc.timeouts.read", rpccfg.DefaultHTTPTimeouts.ReadTimeout, "Maximum duration for reading the entire request, including the body.") - rootCmd.PersistentFlags().DurationVar(&cfg.EngineTimeouts.WriteTimeout, "authrpc.timeouts.write", rpccfg.DefaultHTTPTimeouts.WriteTimeout, "Maximum duration before timing out writes of the response. It is reset whenever a new request's header is read.") - rootCmd.PersistentFlags().DurationVar(&cfg.EngineTimeouts.IdleTimeout, "authrpc.timeouts.idle", rpccfg.DefaultHTTPTimeouts.IdleTimeout, "Maximum amount of time to wait for the next request when keep-alives are enabled. If authrpc.timeouts.idle is zero, the value of authrpc.timeouts.read is used.") + rootCmd.PersistentFlags().DurationVar(&cfg.AuthRpcTimeouts.ReadTimeout, "authrpc.timeouts.read", rpccfg.DefaultHTTPTimeouts.ReadTimeout, "Maximum duration for reading the entire request, including the body.") + rootCmd.PersistentFlags().DurationVar(&cfg.AuthRpcTimeouts.WriteTimeout, "authrpc.timeouts.write", rpccfg.DefaultHTTPTimeouts.WriteTimeout, "Maximum duration before timing out writes of the response. It is reset whenever a new request's header is read.") + rootCmd.PersistentFlags().DurationVar(&cfg.AuthRpcTimeouts.IdleTimeout, "authrpc.timeouts.idle", rpccfg.DefaultHTTPTimeouts.IdleTimeout, "Maximum amount of time to wait for the next request when keep-alives are enabled. If authrpc.timeouts.idle is zero, the value of authrpc.timeouts.read is used.") if err := rootCmd.MarkPersistentFlagFilename("rpc.accessList", "json"); err != nil { panic(err) @@ -616,7 +616,7 @@ func createHandler(cfg httpcfg.HttpCfg, apiList []rpc.API, httpHandler http.Hand } func createEngineListener(cfg httpcfg.HttpCfg, engineApi []rpc.API) (*http.Server, *rpc.Server, string, error) { - engineHttpEndpoint := fmt.Sprintf("%s:%d", cfg.EngineHTTPListenAddress, cfg.EnginePort) + engineHttpEndpoint := fmt.Sprintf("%s:%d", cfg.AuthRpcHTTPListenAddress, cfg.AuthRpcPort) engineSrv := rpc.NewServer(cfg.RpcBatchConcurrency, cfg.TraceRequests, true) @@ -641,7 +641,7 @@ func createEngineListener(cfg httpcfg.HttpCfg, engineApi []rpc.API) (*http.Serve return nil, nil, "", err } - engineListener, _, err := node.StartHTTPEndpoint(engineHttpEndpoint, cfg.EngineTimeouts, engineApiHandler) + engineListener, _, err := node.StartHTTPEndpoint(engineHttpEndpoint, cfg.AuthRpcTimeouts, engineApiHandler) if err != nil { return nil, nil, "", fmt.Errorf("could not start RPC api: %w", err) } diff --git a/cmd/rpcdaemon/cli/httpcfg/http_cfg.go b/cmd/rpcdaemon/cli/httpcfg/http_cfg.go index db6cfd2004a..1977de15986 100644 --- a/cmd/rpcdaemon/cli/httpcfg/http_cfg.go +++ b/cmd/rpcdaemon/cli/httpcfg/http_cfg.go @@ -8,43 +8,43 @@ import ( ) type HttpCfg struct { - Enabled bool - PrivateApiAddr string - WithDatadir bool // Erigon's database can be read by separated processes on same machine - in read-only mode - with full support of transactions. It will share same "OS PageCache" with Erigon process. - DataDir string - Dirs datadir.Dirs - HttpListenAddress string - EngineHTTPListenAddress string - TLSCertfile string - TLSCACert string - TLSKeyFile string - HttpPort int - EnginePort int - HttpCORSDomain []string - HttpVirtualHost []string - HttpCompression bool - API []string - Gascap uint64 - MaxTraces uint64 - WebsocketEnabled bool - WebsocketCompression bool - RpcAllowListFilePath string - RpcBatchConcurrency uint - RpcStreamingDisable bool - DBReadConcurrency int - TraceCompatibility bool // Bug for bug compatibility for trace_ routines with OpenEthereum - TxPoolApiAddr string - TevmEnabled bool - StateCache kvcache.CoherentConfig - Snap ethconfig.Snapshot - Sync ethconfig.Sync - GRPCServerEnabled bool - GRPCListenAddress string - GRPCPort int - GRPCHealthCheckEnabled bool - StarknetGRPCAddress string - JWTSecretPath string // Engine API Authentication - TraceRequests bool // Always trace requests in INFO level - HTTPTimeouts rpccfg.HTTPTimeouts - EngineTimeouts rpccfg.HTTPTimeouts + Enabled bool + PrivateApiAddr string + WithDatadir bool // Erigon's database can be read by separated processes on same machine - in read-only mode - with full support of transactions. It will share same "OS PageCache" with Erigon process. + DataDir string + Dirs datadir.Dirs + HttpListenAddress string + AuthRpcHTTPListenAddress string + TLSCertfile string + TLSCACert string + TLSKeyFile string + HttpPort int + AuthRpcPort int + HttpCORSDomain []string + HttpVirtualHost []string + HttpCompression bool + API []string + Gascap uint64 + MaxTraces uint64 + WebsocketEnabled bool + WebsocketCompression bool + RpcAllowListFilePath string + RpcBatchConcurrency uint + RpcStreamingDisable bool + DBReadConcurrency int + TraceCompatibility bool // Bug for bug compatibility for trace_ routines with OpenEthereum + TxPoolApiAddr string + TevmEnabled bool + StateCache kvcache.CoherentConfig + Snap ethconfig.Snapshot + Sync ethconfig.Sync + GRPCServerEnabled bool + GRPCListenAddress string + GRPCPort int + GRPCHealthCheckEnabled bool + StarknetGRPCAddress string + JWTSecretPath string // Engine API Authentication + TraceRequests bool // Always trace requests in INFO level + HTTPTimeouts rpccfg.HTTPTimeouts + AuthRpcTimeouts rpccfg.HTTPTimeouts } diff --git a/cmd/rpcdaemon22/cli/config.go b/cmd/rpcdaemon22/cli/config.go index 6b6acd66081..2ae8a004e90 100644 --- a/cmd/rpcdaemon22/cli/config.go +++ b/cmd/rpcdaemon22/cli/config.go @@ -72,7 +72,7 @@ func RootCommand() (*cobra.Command, *httpcfg.HttpCfg) { rootCmd.PersistentFlags().StringVar(&cfg.TLSKeyFile, "tls.key", "", "key file for client side TLS handshake") rootCmd.PersistentFlags().StringVar(&cfg.TLSCACert, "tls.cacert", "", "CA certificate for client side TLS handshake") rootCmd.PersistentFlags().IntVar(&cfg.HttpPort, "http.port", nodecfg.DefaultHTTPPort, "HTTP-RPC server listening port") - rootCmd.PersistentFlags().IntVar(&cfg.EnginePort, "authrpc.port", nodecfg.DefaultEngineHTTPPort, "HTTP-RPC server listening port for the engineAPI") + rootCmd.PersistentFlags().IntVar(&cfg.EnginePort, "authrpc.port", nodecfg.DefaultAuthRpcPort, "HTTP-RPC server listening port for the engineAPI") rootCmd.PersistentFlags().StringSliceVar(&cfg.HttpCORSDomain, "http.corsdomain", []string{}, "Comma separated list of domains from which to accept cross origin requests (browser enforced)") rootCmd.PersistentFlags().StringSliceVar(&cfg.HttpVirtualHost, "http.vhosts", nodecfg.DefaultConfig.HTTPVirtualHosts, "Comma separated list of virtual hostnames from which to accept requests (server enforced). Accepts '*' wildcard.") rootCmd.PersistentFlags().BoolVar(&cfg.HttpCompression, "http.compression", true, "Disable http compression") diff --git a/cmd/utils/flags.go b/cmd/utils/flags.go index f96a1b102cd..96f37b4a82b 100644 --- a/cmd/utils/flags.go +++ b/cmd/utils/flags.go @@ -324,13 +324,13 @@ var ( } AuthRpcAddr = cli.StringFlag{ Name: "authrpc.addr", - Usage: "HTTP-RPC server listening interface for engineAPI", + Usage: "HTTP-RPC server listening interface for the Engine API", Value: nodecfg.DefaultHTTPHost, } AuthRpcPort = cli.UintFlag{ Name: "authrpc.port", - Usage: "HTTP-RPC server listening port for the engineAPI", - Value: nodecfg.DefaultEngineHTTPPort, + Usage: "HTTP-RPC server listening port for the Engine API", + Value: nodecfg.DefaultAuthRpcPort, } JWTSecretPath = cli.StringFlag{ diff --git a/node/nodecfg/defaults.go b/node/nodecfg/defaults.go index a421c79f235..6bac6dee33c 100644 --- a/node/nodecfg/defaults.go +++ b/node/nodecfg/defaults.go @@ -25,13 +25,13 @@ import ( ) const ( - DefaultHTTPHost = "localhost" // Default host interface for the HTTP RPC server - DefaultHTTPPort = 8545 // Default TCP port for the HTTP RPC server - DefaultEngineHTTPPort = 8551 // Default TCP port for the engineApi HTTP RPC server - DefaultWSHost = "localhost" // Default host interface for the websocket RPC server - DefaultWSPort = 8546 // Default TCP port for the websocket RPC server - DefaultGRPCHost = "localhost" // Default host interface for the GRPC server - DefaultGRPCPort = 8547 // Default TCP port for the GRPC server + DefaultHTTPHost = "localhost" // Default host interface for the HTTP RPC server + DefaultHTTPPort = 8545 // Default TCP port for the HTTP RPC server + DefaultAuthRpcPort = 8551 // Default TCP port for the Engine API HTTP RPC server + DefaultWSHost = "localhost" // Default host interface for the websocket RPC server + DefaultWSPort = 8546 // Default TCP port for the websocket RPC server + DefaultGRPCHost = "localhost" // Default host interface for the GRPC server + DefaultGRPCPort = 8547 // Default TCP port for the GRPC server ) // DefaultConfig contains reasonable default settings. diff --git a/turbo/cli/flags.go b/turbo/cli/flags.go index f5b357dc34d..3ec6aac4034 100644 --- a/turbo/cli/flags.go +++ b/turbo/cli/flags.go @@ -327,21 +327,21 @@ func setEmbeddedRpcDaemon(ctx *cli.Context, cfg *nodecfg.Config) { TLSCACert: cfg.TLSCACert, TLSCertfile: cfg.TLSCertFile, - HttpListenAddress: ctx.GlobalString(utils.HTTPListenAddrFlag.Name), - HttpPort: ctx.GlobalInt(utils.HTTPPortFlag.Name), - EngineHTTPListenAddress: ctx.GlobalString(utils.AuthRpcAddr.Name), - EnginePort: ctx.GlobalInt(utils.AuthRpcPort.Name), - JWTSecretPath: jwtSecretPath, - TraceRequests: ctx.GlobalBool(utils.HTTPTraceFlag.Name), - HttpCORSDomain: strings.Split(ctx.GlobalString(utils.HTTPCORSDomainFlag.Name), ","), - HttpVirtualHost: strings.Split(ctx.GlobalString(utils.HTTPVirtualHostsFlag.Name), ","), - API: strings.Split(apis, ","), + HttpListenAddress: ctx.GlobalString(utils.HTTPListenAddrFlag.Name), + HttpPort: ctx.GlobalInt(utils.HTTPPortFlag.Name), + AuthRpcHTTPListenAddress: ctx.GlobalString(utils.AuthRpcAddr.Name), + AuthRpcPort: ctx.GlobalInt(utils.AuthRpcPort.Name), + JWTSecretPath: jwtSecretPath, + TraceRequests: ctx.GlobalBool(utils.HTTPTraceFlag.Name), + HttpCORSDomain: strings.Split(ctx.GlobalString(utils.HTTPCORSDomainFlag.Name), ","), + HttpVirtualHost: strings.Split(ctx.GlobalString(utils.HTTPVirtualHostsFlag.Name), ","), + API: strings.Split(apis, ","), HTTPTimeouts: rpccfg.HTTPTimeouts{ ReadTimeout: ctx.GlobalDuration(HTTPReadTimeoutFlag.Name), WriteTimeout: ctx.GlobalDuration(HTTPWriteTimeoutFlag.Name), IdleTimeout: ctx.GlobalDuration(HTTPIdleTimeoutFlag.Name), }, - EngineTimeouts: rpccfg.HTTPTimeouts{ + AuthRpcTimeouts: rpccfg.HTTPTimeouts{ ReadTimeout: ctx.GlobalDuration(EngineReadTimeoutFlag.Name), WriteTimeout: ctx.GlobalDuration(EngineWriteTimeoutFlag.Name), IdleTimeout: ctx.GlobalDuration(HTTPIdleTimeoutFlag.Name), From f3a13b8e15a3845c99c27955dba7fa591127a28e Mon Sep 17 00:00:00 2001 From: yperbasis Date: Mon, 1 Aug 2022 19:22:55 +0200 Subject: [PATCH 7/7] Introduce --authrpc.vhosts flag --- README.md | 25 ++++++++++++------------- cmd/rpcdaemon/cli/config.go | 8 +++----- cmd/rpcdaemon/cli/httpcfg/http_cfg.go | 1 + cmd/utils/flags.go | 5 +++++ turbo/cli/default_flags.go | 1 + turbo/cli/flags.go | 1 + 6 files changed, 23 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 9bba9ec4409..ec33145ec9d 100644 --- a/README.md +++ b/README.md @@ -174,26 +174,25 @@ Windows users may run erigon in 3 possible ways: **Please also note the default WSL2 environment has its own IP address which does not match the one of the network interface of Windows host: take this into account when configuring NAT for port 30303 on your router.** -### Beacon Chain +### Beacon Chain (Consensus Layer) -Erigon can be used as an execution-layer for beacon chain consensus clients (Eth2). Default configuration is ok. Eth2 -relies on availability of receipts - don't prune them: don't add character `r` to `--prune` flag. However, old receipts - are not needed for Eth2 and you can safely prune them with `--prune.r.before=11184524` in combination with `--prune htc`. +Erigon can be used as an Execution Layer (EL) for Consensus Layer clients (CL). Default configuration is OK. CL +relies on availability of receipts – don't prune them: don't add character `r` to `--prune` flag. However, old receipts + are not needed for CL and you can safely prune them with `--prune.r.before=` in combination with `--prune htc`. -If beacon chain client is on a different device, add `--authrpc.addr 0.0.0.0`. (Engine API listens on localhost by default.) +If your CL client is on a different device, add `--authrpc.addr 0.0.0.0` ([Engine API] listens on localhost by default) +as well as `--authrpc.vhosts `. -Once the JSON-RPC is running, all you need to do is point your beacon chain client to `:8545`, -where `` is either localhost or the IP address of the device running the JSON-RPC. - -Erigon has been tested with Lighthouse however all other clients that support JSON-RPC should also work. - -### Authentication API +[Engine API]: https://github.com/ethereum/execution-apis/blob/main/src/engine/specification.md In order to establish a secure connection between the Consensus Layer and the Execution Layer, a JWT secret key is automatically generated. The JWT secret key will be present in the datadir by default under the name of `jwt.hex` and its path can be specified with the flag `--authrpc.jwtsecret`. -This piece of info needs to be specified in the Consensus Layer as well in order to establish connection successfully. More information can be found [here](https://github.com/ethereum/execution-apis/blob/main/src/engine/authentication.md) +This piece of info needs to be specified in the Consensus Layer as well in order to establish connection successfully. More information can be found [here](https://github.com/ethereum/execution-apis/blob/main/src/engine/authentication.md). + +Once Erigon is running, you need to point your CL client to `:8551`, +where `` is either `localhost` or the IP address of the device running Erigon, and also point to the JWT secret path created by Erigon. ### Multiple Instances / One Machine @@ -423,7 +422,7 @@ internally for rpcdaemon or other connections, (e.g. rpcdaemon -> erigon). | 8551 | TCP | HTTP with JWT auth | Private | Typically, 8545 is exposed only internally for JSON-RPC queries. Both HTTP and WebSocket connections are on the same port. -Typically, 8551 (JWT authenticated) is exposed only internally for the Engine API JSON-RPC queries. +Typically, 8551 (JWT authenticated) is exposed only internally for the [Engine API] JSON-RPC queries. #### `sentry` ports diff --git a/cmd/rpcdaemon/cli/config.go b/cmd/rpcdaemon/cli/config.go index 0808def9c60..63b80b34336 100644 --- a/cmd/rpcdaemon/cli/config.go +++ b/cmd/rpcdaemon/cli/config.go @@ -74,6 +74,7 @@ func RootCommand() (*cobra.Command, *httpcfg.HttpCfg) { rootCmd.PersistentFlags().IntVar(&cfg.AuthRpcPort, "authrpc.port", nodecfg.DefaultAuthRpcPort, "HTTP-RPC server listening port for the Engine API") rootCmd.PersistentFlags().StringSliceVar(&cfg.HttpCORSDomain, "http.corsdomain", []string{}, "Comma separated list of domains from which to accept cross origin requests (browser enforced)") rootCmd.PersistentFlags().StringSliceVar(&cfg.HttpVirtualHost, "http.vhosts", nodecfg.DefaultConfig.HTTPVirtualHosts, "Comma separated list of virtual hostnames from which to accept requests (server enforced). Accepts '*' wildcard.") + rootCmd.PersistentFlags().StringSliceVar(&cfg.AuthRpcVirtualHost, "authrpc.vhosts", nodecfg.DefaultConfig.HTTPVirtualHosts, "Comma separated list of virtual hostnames from which to accept Engine API requests (server enforced). Accepts '*' wildcard.") rootCmd.PersistentFlags().BoolVar(&cfg.HttpCompression, "http.compression", true, "Disable http compression") rootCmd.PersistentFlags().StringSliceVar(&cfg.API, "http.api", []string{"eth", "erigon"}, "API's offered over the HTTP-RPC interface: eth,erigon,web3,net,debug,trace,txpool,db,starknet. Supported methods: https://github.com/ledgerwatch/erigon/tree/devel/cmd/rpcdaemon") rootCmd.PersistentFlags().Uint64Var(&cfg.Gascap, "rpc.gascap", 50000000, "Sets a cap on gas that can be used in eth_call/estimateGas") @@ -629,12 +630,9 @@ func createEngineListener(cfg httpcfg.HttpCfg, engineApi []rpc.API) (*http.Serve return nil, nil, "", err } - var wsHandler http.Handler - if cfg.WebsocketEnabled { - wsHandler = engineSrv.WebsocketHandler([]string{"*"}, jwtSecret, cfg.WebsocketCompression) - } + wsHandler := engineSrv.WebsocketHandler([]string{"*"}, jwtSecret, cfg.WebsocketCompression) - engineHttpHandler := node.NewHTTPHandlerStack(engineSrv, cfg.HttpCORSDomain, cfg.HttpVirtualHost, cfg.HttpCompression) + engineHttpHandler := node.NewHTTPHandlerStack(engineSrv, nil /* authCors */, cfg.AuthRpcVirtualHost, cfg.HttpCompression) engineApiHandler, err := createHandler(cfg, engineApi, engineHttpHandler, wsHandler, jwtSecret) if err != nil { diff --git a/cmd/rpcdaemon/cli/httpcfg/http_cfg.go b/cmd/rpcdaemon/cli/httpcfg/http_cfg.go index 1977de15986..a81b3460ea1 100644 --- a/cmd/rpcdaemon/cli/httpcfg/http_cfg.go +++ b/cmd/rpcdaemon/cli/httpcfg/http_cfg.go @@ -22,6 +22,7 @@ type HttpCfg struct { AuthRpcPort int HttpCORSDomain []string HttpVirtualHost []string + AuthRpcVirtualHost []string HttpCompression bool API []string Gascap uint64 diff --git a/cmd/utils/flags.go b/cmd/utils/flags.go index 96f37b4a82b..16c17440c26 100644 --- a/cmd/utils/flags.go +++ b/cmd/utils/flags.go @@ -357,6 +357,11 @@ var ( Usage: "Comma separated list of virtual hostnames from which to accept requests (server enforced). Accepts '*' wildcard.", Value: strings.Join(nodecfg.DefaultConfig.HTTPVirtualHosts, ","), } + AuthRpcVirtualHostsFlag = cli.StringFlag{ + Name: "authrpc.vhosts", + Usage: "Comma separated list of virtual hostnames from which to accept Engine API requests (server enforced). Accepts '*' wildcard.", + Value: strings.Join(nodecfg.DefaultConfig.HTTPVirtualHosts, ","), + } HTTPApiFlag = cli.StringFlag{ Name: "http.api", Usage: "API's offered over the HTTP-RPC interface", diff --git a/turbo/cli/default_flags.go b/turbo/cli/default_flags.go index 4d3e4d64306..00235fe881d 100644 --- a/turbo/cli/default_flags.go +++ b/turbo/cli/default_flags.go @@ -55,6 +55,7 @@ var DefaultFlags = []cli.Flag{ utils.HttpCompressionFlag, utils.HTTPCORSDomainFlag, utils.HTTPVirtualHostsFlag, + utils.AuthRpcVirtualHostsFlag, utils.HTTPApiFlag, utils.WSEnabledFlag, utils.WsCompressionFlag, diff --git a/turbo/cli/flags.go b/turbo/cli/flags.go index 3ec6aac4034..1c7d130c8d4 100644 --- a/turbo/cli/flags.go +++ b/turbo/cli/flags.go @@ -335,6 +335,7 @@ func setEmbeddedRpcDaemon(ctx *cli.Context, cfg *nodecfg.Config) { TraceRequests: ctx.GlobalBool(utils.HTTPTraceFlag.Name), HttpCORSDomain: strings.Split(ctx.GlobalString(utils.HTTPCORSDomainFlag.Name), ","), HttpVirtualHost: strings.Split(ctx.GlobalString(utils.HTTPVirtualHostsFlag.Name), ","), + AuthRpcVirtualHost: strings.Split(ctx.GlobalString(utils.AuthRpcVirtualHostsFlag.Name), ","), API: strings.Split(apis, ","), HTTPTimeouts: rpccfg.HTTPTimeouts{ ReadTimeout: ctx.GlobalDuration(HTTPReadTimeoutFlag.Name),