Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Figure out a TLS solution for the JSON RPC API #1024

Closed
mvines opened this issue Aug 21, 2018 · 3 comments
Closed

Figure out a TLS solution for the JSON RPC API #1024

mvines opened this issue Aug 21, 2018 · 3 comments
Assignees

Comments

@mvines
Copy link
Member

mvines commented Aug 21, 2018

These days browsers complain loudly when https is not used:

  1. A webapp loaded over http is declared insecure
  2. A webapp loaded over https cannot access http-based resources

This spells trouble for our http-only JSON RPC API. Ideally we provide the ability to run the API over https, but we may have to build an RPC proxy if the Rust crates we're using for JSON RPC can't be TLSed.

@mvines mvines added this to the v0.8.0 Windansea milestone Aug 21, 2018
@mvines mvines self-assigned this Aug 21, 2018
@mvines
Copy link
Member Author

mvines commented Aug 21, 2018

Apache's mod_proxy provides a reasonable workaround for now. For now we can configure one of our web servers with TLS (perhaps even solana.com) to proxy JSON RPC traffic to/from the desired network:

Setup

Create the file /etc/apache2/conf-available/solana-json-rpc-https-proxy.conf,
with the following content:

ProxyPass /api/edge http://master.testnet.solana.com:8899
ProxyPassReverse /api/edge http://master.testnet.solana.com:8899

ProxyPass /api/stable http://testnet.solana.com:8899
ProxyPassReverse /api/stable http://testnet.solana.com:8899

Then activate the reverse proxy with:

$ sudo a2enmod headers proxy_http
$ sudo a2enconf solana-json-rpc-https-proxy
$ sudo service apache2 restart

@mvines
Copy link
Member Author

mvines commented Aug 25, 2018

My plan here is to create/publish a docker image that fullnodes wanting to run the RPC service can use to easily setup a TLS reverse proxy

@mvines mvines closed this as completed Aug 25, 2018
vkomenda pushed a commit to vkomenda/solana that referenced this issue Aug 29, 2021
Bumps [thiserror](https://github.com/dtolnay/thiserror) from 1.0.22 to 1.0.23.
- [Release notes](https://github.com/dtolnay/thiserror/releases)
- [Commits](dtolnay/thiserror@1.0.22...1.0.23)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
jeffwashington pushed a commit to jeffwashington/solana that referenced this issue Apr 24, 2024
jeffwashington pushed a commit to jeffwashington/solana that referenced this issue Apr 24, 2024
jeffwashington pushed a commit to jeffwashington/solana that referenced this issue Apr 24, 2024
jeffwashington pushed a commit to jeffwashington/solana that referenced this issue Apr 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant