Error: Allow Access to Geth and Refresh the Page

[stone212]

The server starts and is viewable at port 8000, but there is an error message saying:

Allow Access to Geth and Refresh the Page

I have tried several invocations of geth, including this one:

geth --dev --datadir "<path/to/dir>" --networkid --rpc --rpcaddr localhost --rpcport 8545 --rpcapi "web3,eth" --rpccorsdomain "http://localhost:8000"

I am fairly new to ethereum so this might simply be a silly user error. But regardless, it's still a "bug" in that the error message isn't specific enough to debug. What form of "access" is missing, specifically.

Note that I can see geth at port 8545.

[stone212]

The problem was that I was viewing on a local, text-based browser. And the error message is hard-coded in, so it was appearing even though it was fine. By every best-practices standard for front-end development (ADA compliance, for example; SEO for another), this is a front-end bug.

There are several solutions. I may work to implement one on my end and if so I will share it if you would like.

[metaspartan]

Yea I can fix this when I have some time, feel free to push up a pull request if you do. 👍

[stone212]

@carsenk are you maintaining both projects now?

[chainhead]

@stone212 I am facing the same error. I tried in Firefox and Chrome browsers; same result. @carsenk Is there a final resolution to this?

[stone212]

@chainhead

How are you viewing the page? On localhost or through a reverse proxy?

Usually this seems to happen when access to the RPC port is not available to the browser. That could be a firewall on the node, lack of forwarding port 8545 from the node if you're forwarding via SSH, and it could be that your rpc hosts setting on parity/geth doesn't serve access to the IP address you're viewing from (especially if you're viewing from a public IP as localhost is the default I think). And if you're using a reverse proxy then check how you're proxying port 8545.

[chainhead]

@stone212 I am running geth and explorer on the same AWS instance. And, I am trying to access the explorer from my laptop. The AWS security group has been set-up to allow all traffic for 30333 (peering), 8545 (RPC) and 8000 (explorer application).

The geth command - I overwrote it in my repo - used is as follows:

geth --datadir my-dir --networkid 16 --maxpeers 3 --rpc --rpcaddr "0.0.0.0" --rpccorsdomain "*" --rpcapi "eth,web3"

[stone212]

@chainhead I'll need more information. How are you serving the local server to the public internet? The firewall settings may allow public access to ports 8000 and 8545, but your AWS instance is not serving them to its public network connection unless you tell it to. Usually that means reverse proxy.

Also look at your browser's Developer Tools / Inspect Element console and then click the "Network" tab to see where your browser is trying to make connections to. You're getting the UI but getting that error? then it's possible the /app server is coming through somehow but the browser is looking for 8545 on localhost/127.0.0.1 OR it is looking at the correct IP, but your port 8545 is not being served publicly like I say above.

I don't know what that geth command means since I use Parity, but you want to use the equivalent of Parity's --jsonrpc-hosts="" or "all".

[chainhead]

@stone212

The firewall settings may allow public access to ports 8000 and 8545, but _your AWS instance is not serving them to its public network connection unless you tell it to. Usually that means reverse proxy.

How is reverse proxy set in AWS? Hints?

You're getting the UI but getting that error?

Yes, that is the issue and probably due to reverse proxy setting (as you mentioned)

Just to clarify. I have geth and explorer running on an AWS EC2 instance with rpc exposed. With my browser pointed to the IP address of this EC2 instance, I want to use explorer.

[stone212]

How is reverse proxy set in AWS? Hints?

Is that a serious question? Fine, hints: nginx, apache2.

With my browser pointed to the IP address of this EC2 instance, I want to use explorer.

Then I think you will want to use a reverse proxy.

[chainhead]

@stone212 got it, thanks.

[stone212]

If you decide on apache2 I can give you a copy of my settings.

[chainhead]

If you decide on apache2 I can give you a copy of my settings.

That would be helpful - thanks!

[stone212]

Okay, I can give you a copy of my settings. What settings are you using currently? I only find you have to change ports.conf and sites-enabled/defaultxxx

This might be helpful to start with: https://www.digitalocean.com/community/tutorials/how-to-use-apache-http-server-as-reverse-proxy-using-mod_proxy-extension

[chainhead]

@stone212 I know, this is very, very late. Nevertheless, here goes.

The geth command is run as shown here.

geth --rpc --rpcaddr localhost --rpcport 8545 --rpcapi "web3,eth" --rpccorsdomain "http://localhost:8000"

In /etc/apache2/apache2.conf, I added an entry for ServerName with value as the public IP address of the AWS EC2 instance. In /etc/apache2/sites-available/000-default.conf, I have the following entry

<VirtualHost *:80>
    ProxyPass / http://localhost:8000/
    ProxyPassReverse / http://localhost:8000/
</VirtualHost>

And yet, when I enter http://public-ip-address, I get the error as geth --rpc --rpcaddr localhost --rpcport 8545 --rpcapi "web3,eth" --rpccorsdomain "http://public-ip-address"

[stone212]

@chainhead Have you installed mod_proxy for apache2?

Maybe try this:

<VirtualHost <your-actual-public-ip>:80>
    ProxyPreserveHost On
    ProxyPass / http://127.0.0.1:8000/
    ProxyPassReverse / http://127.0.0.1:8000
    ServerName localhost
</VirtualHost>

[stone212]

And I don't know anything about geth (I use parity) but should --rpcaddr take your public IP and not localhost?

I don't think you had to modify apache2.conf. You usually don't.

[chainhead]

@stone212 Finally, got it working! I didn't have an entry in ports.conf - 🤦‍♂️

Many thanks for your persistence! And, a Happy New Year in advance!

[bmatthewshea]

Been reading through a number of these (granted I do not know everything to know about jsonrpc), but I am not understanding why this app needs the rpc port to be open to the public/web client side? Why can't the rpc/json be queried via local host (only) from within your app and data collected then presented over port 80 (or 8000). Why expose the rpc port to end user at all? What is the benefit? This seems like a huge security risk and is never mentioned..(?) from what I've read. Thanks.

[chainhead]

@bmatthewshea The idea is to avoid exposing the RPC port by using reverse proxy. I have it working now.

[bmatthewshea]

Thanks for reply @chainhead - Yes, the website proxy itself works fine (80 <> 8000). Maybe its because I'm using Apache (not nginx) and have a bad statement for proxy on RPC? But the only way I have gotten the app to run is by exposing the rpc port to public. The reason I figured this is because I was seeing it being queried under the the browser inspector (network tab). It would timeout on entry showing geth machine:port before I opened the port to public (or to the ip I am testing webpage on). Before this point I was seeing the 'allow access to geth' page (rpc timeout - browser has no access to rpc port). So the web page itself isn't the problem. It's the rpc connection trying to populate the page that is the problem..

( I am running geth client on non-standard port. The app.js has been adjusted. The geth client is hosted on separate box on port 9999. The web server does has access to this port, so why isn't this enough? When I inspect page I see it trying to directly connect to geth/port defined in app.js under the network tab )

Typical header (timeout) calling geth client on 9999 - Why is this called inside browser at all? I do not want it advertised or worse: having to open to public just to get page to load.

...
Cache-Control | no-cache
Connection | keep-alive
Host | myremote.geth.tld:9999
Origin | http://someblkexplorer.somedomain.tld
Pragma | no-cache
...

My Apache config

<VirtualHost *:80>
    ServerName someblkexplorer.somedomain.tld

    ProxyPreserveHost On
    #web site pass/reverse to 8000 to 80
    ProxyPass        / http://127.0.0.1:8000/
    ProxyPassReverse / http://127.0.0.1:8000/
    #rpc reverse
    ProxyPass        / http://myremote.geth.tld:9999/
    ProxyPassReverse / http://myremote.geth.tld:9999/
</VirtualHost>

('myremote.geth.tld' and port is used in app.js geth entry at top of file)

[bmatthewshea]

Doh. Realized I posted this on wrong issues page? Should have posted to "carsenk/explorer". Sorry about that. I think I search for 'apache' and came up with this thread.