search

aws-solutions-library-samples / guidance-for-secure-blockchain-validation-using-aws-nitro-enclaves

This Guidance shows how to deploy a secure, scalable, and cost-efficient blockchain key management solution for blockchain validation workloads like Ethereum 2.0 proof-of-stake networks.
https://aws.amazon.com/solutions/guidance/secure-blockchain-validation-using-aws-nitro-enclaves/
MIT No Attribution
14 stars 5 forks source link

Cannot connect to web3 signer #8

Open EugeneFinch opened 1 year ago

EugeneFinch commented 1 year ago

Good day.

Step A - testing) We finally managed to connect to web3signer with the help of AWS route53 and load balancer team. When running curl or openSSL with respective certificate we have no issues connecting to load balancer - see screenshot

Screen Shot 2023-10-31 at 8 14 38 AM

Steb B - Consensus client launch) However when running client (example TEKU), we are encountering connection issues. I tried adding logs parameters and here is what we're getting :

Command to launch Teku client:

teku --config-file teku.yaml \ --metrics-enabled=true \ --metrics-categories=BEACON,PROCESS,LIBP2P,JVM,NETWORK,PROCESS \ --validators-external-signer-url=https://signer.prodnitrovalidator.private:443 \ --validators-external-signer-public-keys=0x8c36db6e727bb26a9b8b55832b9033291b2f7d9f1d2d66adf19e58f371a9e76609b0e3797fc06b963cae98a283d94178 \ --validators-external-signer-truststore=certificate.p12 \ --validators-external-signer-truststore-password-file=password.txt \ --validators-proposer-default-fee-recipient=0xxxxxxxxxxx

Note that .pem cert was conveted into .p12 format in order to accomodate to teku requirements. I then used command to convert .p12 back to .pem format in order to connect to web3signer directly (A)

Eroror logs: 23-10-31 01:15:38.513 INFO - Enabling Builder Circuit Breaker 2023-10-31 01:15:38.571 INFO - Eth1 endpoint not provided, using execution engine endpoint for eth1 data 2023-10-31 01:15:39.503 DEBUG - Unable to connect to external signer: Remote host terminated the handshake 2023-10-31 01:15:39.504 ERROR - External signer is currently not reachable at https://dualstack.prodNi-Nitro-OqmzLOGLATsj-f5050238b40422a7.elb.ap-southeast-2.amazonaws.com:443 2023-10-31 01:15:40.134 DEBUG - Unable to connect to external signer: Remote host terminated the handshake 2023-10-31 01:15:40.135 ERROR - External signer is currently not reachable at https://dualstack.prodNi-Nitro-OqmzLOGLATsj-f5050238b40422a7.elb.ap-southeast-2.amazonaws.com:443 2023-10-31 01:15:40.153 INFO - Storing beacon chain data in: /home/ec2-user/lukso/mainnet-data/consensus

Screen Shot 2023-10-31 at 8 16 04 AM
dpdornseifer commented 1 year ago

Hi @EugeneFinch, it seems like Teku is not able to resolve the DNS record you passed. Did you try an https connect attempt from within the VPC similar to how the Lambda function works?

All resources in the solution are restricted to the VPC - this holds true to the Route53 record as well (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/hosted-zones-private.html).

Best, David