Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove REST server's secure mode altogether #3938

Merged
merged 2 commits into from
Mar 19, 2019
Merged

Remove REST server's secure mode altogether #3938

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8421008
Remove REST server's secure mode altogether
alessio Mar 19, 2019
236bc23
Add changelog pending entry
alessio Mar 19, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .pending/breaking/gaiacli/Remove-REST-server-s
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
#3938 Remove REST server's SSL support altogether.
8 changes: 0 additions & 8 deletions client/flags.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,10 +40,6 @@ const (
FlagListenAddr = "laddr"
FlagCORS = "cors"
FlagMaxOpenConnections = "max-open"
FlagTLS = "tls"
FlagSSLHosts = "ssl-hosts"
FlagSSLCertFile = "ssl-certfile"
FlagSSLKeyFile = "ssl-keyfile"
FlagOutputDocument = "output-document" // inspired by wget -O
FlagSkipConfirmation = "yes"
)
Expand Down Expand Up @@ -110,10 +106,6 @@ func PostCommands(cmds ...*cobra.Command) []*cobra.Command {
func RegisterRestServerFlags(cmd *cobra.Command) *cobra.Command {
cmd = GetCommands(cmd)[0]
cmd.Flags().String(FlagListenAddr, "tcp://localhost:1317", "The address for the server to listen on")
cmd.Flags().Bool(FlagTLS, false, "Enable SSL/TLS layer")
cmd.Flags().String(FlagSSLHosts, "", "Comma-separated hostnames and IPs to generate a certificate for")
cmd.Flags().String(FlagSSLCertFile, "", "Path to a SSL certificate file. If not supplied, a self-signed certificate will be generated.")
cmd.Flags().String(FlagSSLKeyFile, "", "Path to a key file; ignored if a certificate file is not supplied.")
cmd.Flags().String(FlagCORS, "", "Set the domains that can make CORS requests (* for all)")
cmd.Flags().Int(FlagMaxOpenConnections, 1000, "The number of maximum open connections")

Expand Down
177 changes: 0 additions & 177 deletions client/lcd/certificates.go
View file
Open in desktop

This file was deleted.

93 changes: 0 additions & 93 deletions client/lcd/certificates_test.go
View file
Open in desktop

This file was deleted.

51 changes: 4 additions & 47 deletions client/lcd/root.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,9 +52,7 @@ func NewRestServer(cdc *codec.Codec) *RestServer {
}

// Start starts the rest server
func (rs *RestServer) Start(listenAddr string, sslHosts string,
certFile string, keyFile string, maxOpen int, secure bool) (err error) {

func (rs *RestServer) Start(listenAddr string, maxOpen int) (err error) {
server.TrapSignal(func() {
err := rs.listener.Close()
rs.log.Error("error closing listener", "err", err)
Expand All @@ -70,43 +68,7 @@ func (rs *RestServer) Start(listenAddr string, sslHosts string,
rs.log.Info(fmt.Sprintf("Starting Gaia Lite REST service (chain-id: %q)...",
viper.GetString(client.FlagChainID)))

// launch rest-server in insecure mode
if !secure {
return rpcserver.StartHTTPServer(rs.listener, rs.Mux, rs.log)
}

// handle certificates
if certFile != "" {
// validateCertKeyFiles() is needed to work around tendermint/tendermint#2460
if err := validateCertKeyFiles(certFile, keyFile); err != nil {
return err
}

// cert/key pair is provided, read the fingerprint
rs.fingerprint, err = fingerprintFromFile(certFile)
if err != nil {
return err
}
} else {
// if certificate is not supplied, generate a self-signed one
certFile, keyFile, rs.fingerprint, err = genCertKeyFilesAndReturnFingerprint(sslHosts)
if err != nil {
return err
}

defer func() {
os.Remove(certFile)
os.Remove(keyFile)
}()
}

rs.log.Info(rs.fingerprint)
return rpcserver.StartHTTPAndTLSServer(
rs.listener,
rs.Mux,
certFile, keyFile,
rs.log,
)
return rpcserver.StartHTTPServer(rs.listener, rs.Mux, rs.log)
}

// ServeCommand will start a Gaia Lite REST service as a blocking process. It
Expand All @@ -122,13 +84,8 @@ func ServeCommand(cdc *codec.Codec, registerRoutesFn func(*RestServer)) *cobra.C
registerRoutesFn(rs)

// Start the rest server and return error if one exists
err = rs.Start(
viper.GetString(client.FlagListenAddr),
viper.GetString(client.FlagSSLHosts),
viper.GetString(client.FlagSSLCertFile),
viper.GetString(client.FlagSSLKeyFile),
viper.GetInt(client.FlagMaxOpenConnections),
viper.GetBool(client.FlagTLS))
err = rs.Start(viper.GetString(client.FlagListenAddr),
viper.GetInt(client.FlagMaxOpenConnections))

return err
},
Expand Down
14 changes: 0 additions & 14 deletions docs/clients/lite/getting_started.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,18 +19,4 @@ gaiacli rest-server --chain-id=test \
--trust-node=false
```

The server listens on HTTP by default. You can enable the secure layer by adding the `--tls` flag.
By default a self-signed certificate will be generated and its fingerprint printed out. You can
configure the server to use a SSL certificate by passing the certificate and key files via the
`--ssl-certfile` and `--ssl-keyfile` flags:

```bash
gaiacli rest-server --chain-id=test \
--laddr=tcp://localhost:1317 \
--node tcp://localhost:26657 \
--trust-node=false \
--tls \
--ssl-certfile=mycert.pem --ssl-keyfile=mykey.key
```

For more information about the Gaia-Lite RPC, see the [swagger documentation](https://cosmos.network/rpc/)
Loading