etherparty / explorer

A lightweight ethereum block explorer
GNU General Public License v2.0
632 stars 400 forks source link

Error: Allow Access to Geth and Refresh the Page #26

Closed stone212 closed 7 years ago

stone212 commented 7 years ago

The server starts and is viewable at port 8000, but there is an error message saying:

Allow Access to Geth and Refresh the Page

I have tried several invocations of geth, including this one:

geth --dev --datadir "<path/to/dir>" --networkid --rpc --rpcaddr localhost --rpcport 8545 --rpcapi "web3,eth" --rpccorsdomain "http://localhost:8000"

I am fairly new to ethereum so this might simply be a silly user error. But regardless, it's still a "bug" in that the error message isn't specific enough to debug. What form of "access" is missing, specifically.

Note that I can see geth at port 8545.

stone212 commented 7 years ago

The problem was that I was viewing on a local, text-based browser. And the error message is hard-coded in, so it was appearing even though it was fine. By every best-practices standard for front-end development (ADA compliance, for example; SEO for another), this is a front-end bug.

There are several solutions. I may work to implement one on my end and if so I will share it if you would like.

metaspartan commented 7 years ago

Yea I can fix this when I have some time, feel free to push up a pull request if you do. 👍

stone212 commented 7 years ago

@carsenk are you maintaining both projects now?

chainhead commented 7 years ago

@stone212 I am facing the same error. I tried in Firefox and Chrome browsers; same result. @carsenk Is there a final resolution to this?

stone212 commented 7 years ago

@chainhead

How are you viewing the page? On localhost or through a reverse proxy?

Usually this seems to happen when access to the RPC port is not available to the browser. That could be a firewall on the node, lack of forwarding port 8545 from the node if you're forwarding via SSH, and it could be that your rpc hosts setting on parity/geth doesn't serve access to the IP address you're viewing from (especially if you're viewing from a public IP as localhost is the default I think). And if you're using a reverse proxy then check how you're proxying port 8545.

chainhead commented 7 years ago

@stone212 I am running geth and explorer on the same AWS instance. And, I am trying to access the explorer from my laptop. The AWS security group has been set-up to allow all traffic for 30333 (peering), 8545 (RPC) and 8000 (explorer application).

The geth command - I overwrote it in my repo - used is as follows:

geth --datadir my-dir --networkid 16 --maxpeers 3 --rpc --rpcaddr "0.0.0.0" --rpccorsdomain "*" --rpcapi "eth,web3"
stone212 commented 7 years ago

@chainhead I'll need more information. How are you serving the local server to the public internet? The firewall settings may allow public access to ports 8000 and 8545, but your AWS instance is not serving them to its public network connection unless you tell it to. Usually that means reverse proxy.

Also look at your browser's Developer Tools / Inspect Element console and then click the "Network" tab to see where your browser is trying to make connections to. You're getting the UI but getting that error? then it's possible the /app server is coming through somehow but the browser is looking for 8545 on localhost/127.0.0.1 OR it is looking at the correct IP, but your port 8545 is not being served publicly like I say above.

I don't know what that geth command means since I use Parity, but you want to use the equivalent of Parity's --jsonrpc-hosts="" or "all".

chainhead commented 7 years ago

@stone212

The firewall settings may allow public access to ports 8000 and 8545, but _your AWS instance is not serving them to its public network connection unless you tell it to. Usually that means reverse proxy.

How is reverse proxy set in AWS? Hints?

You're getting the UI but getting that error?

Yes, that is the issue and probably due to reverse proxy setting (as you mentioned)

Just to clarify. I have geth and explorer running on an AWS EC2 instance with rpc exposed. With my browser pointed to the IP address of this EC2 instance, I want to use explorer.

stone212 commented 7 years ago

How is reverse proxy set in AWS? Hints?

Is that a serious question? Fine, hints: nginx, apache2.

With my browser pointed to the IP address of this EC2 instance, I want to use explorer.

Then I think you will want to use a reverse proxy.

chainhead commented 7 years ago

@stone212 got it, thanks.

stone212 commented 7 years ago

If you decide on apache2 I can give you a copy of my settings.

chainhead commented 7 years ago

If you decide on apache2 I can give you a copy of my settings.

That would be helpful - thanks!

stone212 commented 7 years ago

Okay, I can give you a copy of my settings. What settings are you using currently? I only find you have to change ports.conf and sites-enabled/defaultxxx

This might be helpful to start with: https://www.digitalocean.com/community/tutorials/how-to-use-apache-http-server-as-reverse-proxy-using-mod_proxy-extension

chainhead commented 6 years ago

@stone212 I know, this is very, very late. Nevertheless, here goes.

The geth command is run as shown here.

geth --rpc --rpcaddr localhost --rpcport 8545 --rpcapi "web3,eth" --rpccorsdomain "http://localhost:8000"

In /etc/apache2/apache2.conf, I added an entry for ServerName with value as the public IP address of the AWS EC2 instance. In /etc/apache2/sites-available/000-default.conf, I have the following entry

<VirtualHost *:80>
    ProxyPass / http://localhost:8000/
    ProxyPassReverse / http://localhost:8000/
</VirtualHost>

And yet, when I enter http://public-ip-address, I get the error as geth --rpc --rpcaddr localhost --rpcport 8545 --rpcapi "web3,eth" --rpccorsdomain "http://public-ip-address"

stone212 commented 6 years ago

@chainhead Have you installed mod_proxy for apache2?

Maybe try this:

<VirtualHost <your-actual-public-ip>:80>
    ProxyPreserveHost On
    ProxyPass / http://127.0.0.1:8000/
    ProxyPassReverse / http://127.0.0.1:8000
    ServerName localhost
</VirtualHost>
stone212 commented 6 years ago

And I don't know anything about geth (I use parity) but should --rpcaddr take your public IP and not localhost?

I don't think you had to modify apache2.conf. You usually don't.

chainhead commented 6 years ago

@stone212 Finally, got it working! I didn't have an entry in ports.conf - 🤦‍♂️

Many thanks for your persistence! And, a Happy New Year in advance!

bmatthewshea commented 6 years ago

Been reading through a number of these (granted I do not know everything to know about jsonrpc), but I am not understanding why this app needs the rpc port to be open to the public/web client side? Why can't the rpc/json be queried via local host (only) from within your app and data collected then presented over port 80 (or 8000). Why expose the rpc port to end user at all? What is the benefit? This seems like a huge security risk and is never mentioned..(?) from what I've read. Thanks.

chainhead commented 6 years ago

@bmatthewshea The idea is to avoid exposing the RPC port by using reverse proxy. I have it working now.

bmatthewshea commented 6 years ago

Thanks for reply @chainhead - Yes, the website proxy itself works fine (80 <> 8000). Maybe its because I'm using Apache (not nginx) and have a bad statement for proxy on RPC? But the only way I have gotten the app to run is by exposing the rpc port to public. The reason I figured this is because I was seeing it being queried under the the browser inspector (network tab). It would timeout on entry showing geth machine:port before I opened the port to public (or to the ip I am testing webpage on). Before this point I was seeing the 'allow access to geth' page (rpc timeout - browser has no access to rpc port). So the web page itself isn't the problem. It's the rpc connection trying to populate the page that is the problem..

( I am running geth client on non-standard port. The app.js has been adjusted. The geth client is hosted on separate box on port 9999. The web server does has access to this port, so why isn't this enough? When I inspect page I see it trying to directly connect to geth/port defined in app.js under the network tab )

Typical header (timeout) calling geth client on 9999 - Why is this called inside browser at all? I do not want it advertised or worse: having to open to public just to get page to load.

...
Cache-Control | no-cache
Connection | keep-alive
Host | myremote.geth.tld:9999
Origin | http://someblkexplorer.somedomain.tld
Pragma | no-cache
...

My Apache config

<VirtualHost *:80>
    ServerName someblkexplorer.somedomain.tld

    ProxyPreserveHost On
    #web site pass/reverse to 8000 to 80
    ProxyPass        / http://127.0.0.1:8000/
    ProxyPassReverse / http://127.0.0.1:8000/
    #rpc reverse
    ProxyPass        / http://myremote.geth.tld:9999/
    ProxyPassReverse / http://myremote.geth.tld:9999/
</VirtualHost>

('myremote.geth.tld' and port is used in app.js geth entry at top of file)

bmatthewshea commented 6 years ago

Doh. Realized I posted this on wrong issues page? Should have posted to "carsenk/explorer". Sorry about that. I think I search for 'apache' and came up with this thread.