search

AcalaNetwork / Acala

Acala - cross-chain DeFi hub and stablecoin based on Substrate for Polkadot and Kusama.
https://acala.network
GNU General Public License v3.0
741 stars 456 forks source link

Unable to change listen-addr for RPC #2743

Open dancamarg0 opened 4 months ago

dancamarg0 commented 4 months ago

Describe the bug

I'm able to change all the listen addresses below:

  --listen-addr /ip4/<IP_ADDR>/tcp/9933/ws \
  --listen-addr /ip4/<IP_ADDR>/tcp/9933/http \
  --listen-addr /ip4/0.0.0.0/tcp/30334 \
  --listen-addr /ip4/0.0.0.0/tcp/30333 \
  --listen-addr /ip6/::/tcp/30334 \
  --listen-addr /ip6/::/tcp/30333 \

I can access ws as expected from port 9933 but I cannot access the RPC API

For example the following RPC call doesn't work because I'm unable to connect to the server

curl http://<IP_ADDR>:9933 -X POST -H 'Content-Type: application/json' -d '
{"jsonrpc":"2.0","method":"system_health","params":[],"id":0}'

Expected Behavior

I should be able to open and query the RPC API via private IP + 9933 when provided --listen-addr /ip4/<IP_ADDR>/tcp/9933/http (If I'm passing the wrong protocol string please advise)

If I don't provide any listen-addr argument and just use the defaults from --rpc-port it works otherwise and I can see this message on startup: Running JSON-RPC server: addr=0.0.0.0:9933, allowed origins=["*"]

Current Behavior

Steps to Reproduce

  1. Running acala v2.24.0
  2. Try to bind RPC to a private IP instead of default 0.0.0.0, you can use 127.0.0.1 for example
  3. RPC + WS should work

Additional context

dancamarg0 commented 4 months ago

This is a required feature for some RPC providers, because we want to bind the service just to our private network so we can be compliant to our security measures

xlc commented 4 months ago

--listen-addr is for the libp2p protocol

Unfortunately polkadot-sdk doesn't appear to offer such functionality. I have reported this issue https://github.com/paritytech/polkadot-sdk/issues/4331

A workaround is to have --rpc-external=false so that it binds to localhost and use subway to proxy the requests. It is possible to config listen address with subway. https://github.com/AcalaNetwork/subway/blob/7cb7c73ab08d53b8c3b181e52acb5d227a5b23a5/configs/config.yml#L26