Closed PidgeyBE closed 1 year ago
Ahh, k. I'm fairly sure there's a reason for this one. All the other start commands are designed for PiNodeXMR to operate as your own private node and the flag "--rpc-login=$RPCu:$RPCp" blankets the requirement across the RPC ports for your RPC username:password. When stats are produced for the Web-UI in these modes, the script also passes in your RPC username:password to get permission/acess to these stats. They would otherwise be blocked.
The reason for the 'omission' you've spotted is because the flag"--rpc-restricted-bind-port=$MONERO_PUBLIC_PORT" is used instead and it behaves a little differently. By specifying a restricted RPC port, wallet functions can be served publicly, however it disables the ability for someone public sending in commands like "exit" which would stop your node. Apart from being an inconvenience access to your RPC is fairly limited anyway, but restricted RPC stops this misbehaviour.
Where this causes conflict is that this also block access to PiNodeXMR scripts from generating it's Web-UI stats. The restricted port also doesn't allow "status" or "get_info" and so you'll notice that there is also an open port purely for the purpose of generating stats internally, (or your own LAN wallet connection if you wish).
So in public mode, 18081 should be protected behind your firewall and is open for local services. 18089 (default - but customisable) can safely be forwarded to the outside world to use as a free RPC wallet/node.
I'm still learning with this project as I go, and this bit was configured some time ago. It's a little ugly in setup and there is probably a better way.
I expect that you've added your new settings and it gives great wallet functionality, but I expect the Web-UI stats have stopped working?
With that info if you think of a more elegant way or something I haven't thought of to improve this I'm all up for changing it.
Hi @shermand100 Thanks for the verbose answer! First of all, indeed I'm trying to run a public node as I saw a call-up on reddit that the Monero network needs more public (p2p) nodes. I'm not an expert myself, so I was just trial-n-erroring towards a working setup.
In the monerod-start-public-free.sh
script I have, the --rpc-login=$RPCu:$RPCp
flag is not used.
The reason I've added the --rpc-restricted-bind-ip=$DEVICE_IP
argument was because I could not connect to the node on port 18089, while I saw (via netstat -tulpen
) that the port was open and my node was listening on it.
With the default config I get:
tcp 0 0 127.0.0.1:18089 0.0.0.0:* LISTEN 1001 3524422 26892/./monerod
When I try to connect my monero-gui from another pc in the same LAN network to 192.168.0.101:18089
, it cannot connect.
Also from public/WAN side I cannot connect.
With --rpc-restricted-bind-ip=$DEVICE_IP
I get:
tcp 0 0 192.168.0.101:18089 0.0.0.0:* LISTEN 1001 2430096 18821/./monerod
And in the monero-gui I can connect to 192.168.0.101:18089
and also from public/wan side (after port forwarding) I can connect.
It seems everything in the web-UI is working as expected:
Monero Version: 0.17.1.8-d3e582e51
Node Status: OK
Current Sync Height: 2264182
Target Block Height: 2264083
Outgoing Connections: 12
Incoming Connections: 72
Network Type: mainnet
TX Pool Size: 45
White Peerlist Size: 1000
Grey Peerlist Size: 5000
Update Available: false
I think this is expected behaviour, as the web-UI connects to the unrestricted RPC server on 18081.
I think security-wise everything is fine too:
pinodexmr@PiNodeXMR:~/monero/build/release/bin $ ./monerod status --rpc-bind-ip=192.168.0.101 --rpc-bind-port=18081
2020-12-31 10:46:26.845 I Monero 'Oxygen Orion' (v0.17.1.8-d3e582e51)
Height: 2264196/2264196 (100.0%) on mainnet, not mining, net hash 1.83 GH/s, v14, 12(out)+7(in) connections, uptime 0d 0h 4m 23s
pinodexmr@PiNodeXMR:~/monero/build/release/bin $ ./monerod status --rpc-bind-ip=192.168.0.101 --rpc-bind-port=18089
2020-12-31 10:47:07.172 I Monero 'Oxygen Orion' (v0.17.1.8-d3e582e51)
Error: Problem fetching info-- rpc_request:
Height: 2264196/2264196 (100.0%) on mainnet, mining info unavailable, net hash 1.83 GH/s, v14, 0(out)+0(in) connections
pinodexmr@PiNodeXMR:~/monero/build/release/bin $ ./monerod sync_info --rpc-bind-ip=192.168.0.101 --rpc-bind-port=18089 2020-12-31 10:49:55.503 I Monero 'Oxygen Orion' (v0.17.1.8-d3e582e51) Error: Unsuccessful -- json_rpc_request:
-> On 18089, the publicly exposed port, only limited information is available...
Revisiting issues and feel this one is resolved on all public facing node modes with the Ubuntu 22.0X LTS branch of PiNodeXMR. Any remaining nodes on v4 PiNodeXMR encouraged to upgrade to v5 by end of the year before branch deletion.
I've checked all node modes, and all have either --restricted-rpc, --restricted-bind-IP, or --restricted-bind-port specified to apply suitable restrictions to node functions and data to outside users.
Hey! Thanks for previous fix. I've found another issue. It seems the
--rpc-restricted-bind-ip
argument is missing for public nodes, making them unreachable from the outside, even withing the same LAN network. I've added it myself like this:./monerod --rpc-restricted-bind-ip=$DEVICE_IP --rpc-bind-ip=$DEVICE_IP ...
and this seems to work.Best regards, Pj