search

EOSIO / eos

An open source smart contract platform
https://developers.eos.io/manuals/eos
MIT License
11.27k stars 3.6k forks source link

[Docker] curl on keosd returns Empty reply from server #5162

Closed lucca65 closed 6 years ago

lucca65 commented 6 years ago

I'm using the following docker-compose.yml:

version: "3"

services:
  builder:
    build:
      context: builder
    image: eosio/builder

  nodeosd:
    container_name: nodeosd
    build:
      context: .
    image: eosio/eos-dev
    command: /opt/eosio/bin/nodeosd.sh --data-dir /opt/eosio/bin/data-dir -e --replay-blockchain --hard-replay-blockchain
    hostname: nodeosd
    ports:
      - 8888:8888
      - 9876:9876
    expose:
      - "8888"
    volumes:
      - nodeos-data-volume:/opt/eosio/bin/data-dir
      - ../contracts:/contracts

  keosd:
    container_name: keosd
    image: eosio/eos:latest
    hostname: keosd
    command: /opt/eosio/bin/keosd --wallet-dir /opt/eosio/bin/data-dir --http-server-address=localhost:8900 --access-control-allow-origin=*
    ports:
      - 8900:8900
    expose:
      - "8900"
    links:
      - nodeosd
    volumes:
      - keosd-data-volume:/opt/eosio/bin/data-dir
      - ../contracts:/contracts
    stop_grace_period: 10m

volumes:
  nodeos-data-volume:
    external: true
  keosd-data-volume:
    external: true
  contracts:
    external: true

All commands to nodeos work just fine. calling keos from inside the nodeos container also works.

curl for nodeos works as intended:

→ curl http://127.0.0.1:8888/v1/chain/get_info
{"server_version":"90fefdd1","chain_id":"cf057bbfb72640471fd910bcb67639c22df9f92470936cddc1
ade0e2f2e7dc4f","head_block_num":279998,"last_irreversible_block_num":279997,"last_irrevers
ible_block_id":"000445bd1c1665de97674f20d624918ff727bbd4d338363bc4b3dfd56dab1854","head_blo
ck_id":"000445be56392992d30981772b164a8e3a1c203c79cd9ecef480c90f6c2d1285","head_block_time"
:"2018-08-10T22:06:18.500","head_block_producer":"eosio","virtual_block_cpu_limit":20000000
0,"virtual_block_net_limit":1048576000,"block_cpu_limit":199900,"block_net_limit":1048576}

but calls for keos fail:

→ curl http://127.0.0.1:8900
curl: (52) Empty reply from server

No logs can be seem on Docker console when the requests are made from the host machine. Tried to open another port on the docker-compose file and run a simple web server and it works with no problems.

Have been trying to figure this out for two days with no avail

Please help!

taokayan commented 6 years ago

Please use cleos to communicate with keosd.

lucca65 commented 6 years ago

I need to communicate via http because i’m building a server that signs transactions. that’s why i’m using curl instead of cleos

lucca65 commented 6 years ago

So turns out that cleos requires you to use 0.0.0.0 instead of localhost if you want keos to be able to respond to internet http calls not just local network calls. This info is nowhere to be found.

I do understand the security implications to this, as keos is designed as a isolated server to just handle your keys, and I completely agree with this behaviour. Nonetheless this options should be documented.

In my particular case my Dapp have a server that acts as a "admin" and signs some transactions. We use docker, so I need to access keos through the http option, not cleos.

I can fix this by myself through a Pull request but I'm not familiar with your policies regarding to that.

Please let me know, I've spent a lot of time in this simple issue and I think others might as well as EOS grows.

jgiszczak commented 6 years ago

This was documented in Issue #5114. No more explicit documentation will be provided. Off-host keosd exposure is so dangerous that the ability to do it at all needs to be obscured, as well as denigrated. Very very few people should ever do it. Even though keosd no longer exposes private keys without a password, if a wallet is unlocked it will still sign transactions, including transfer transactions, without prompting.