hush
/
lightwalletd
8
0
Fork 5
Code Issues 8 Pull Requests Projects Releases 4 Wiki Activity
Labels Milestones
New Issue

Feature request: show sysadmin where incoming connections are coming from #32

Open
opened 2 years ago by jahway603 · 7 comments
jahway603 commented 2 years ago
Collaborator

Currently when running lightwalletd behind a nginx frontend, it only spits out YOUR SERVER's IP address at the CLI.

This feature request is to show the connecting client's IP at the CLI as well. This might not be possible when using nginx in front of lightwalletd.

Currently when running lightwalletd behind a nginx frontend, it only spits out YOUR SERVER's IP address at the CLI. This feature request is to show the connecting client's IP at the CLI as well. This might not be possible when using nginx in front of lightwalletd.
duke commented 2 years ago
Owner

@jahway603 you probably want to look in your nginx logs for this data, it's called X-Forwarded-For header: https://stackoverflow.com/questions/61092127/whats-the-purpose-of-setting-x-forwarded-for-header-in-nginx

@jahway603 you probably want to look in your nginx logs for this data, it's called X-Forwarded-For header: https://stackoverflow.com/questions/61092127/whats-the-purpose-of-setting-x-forwarded-for-header-in-nginx
jahway603 commented 1 year ago
Poster
Collaborator

So would the block in the nginx config be this then?

location / {
    grpc_pass grpc://devo.crabdance.com:9067;
    proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
So would the block in the nginx config be this then? ``` location / { grpc_pass grpc://devo.crabdance.com:9067; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } ```
duke commented 1 year ago
Owner

@jahway603 that looks correct for this functionality.

Note, I recommend against using grcp_pass on a public facing port (devo.crabdance.com:9067), you should instead be using localhost:9067. The outside world never needs access to lightwalletd directly, only nginx should be able to access it. This means that when you start lightwalletd you bind to localhost:9067, not devo.crabdance.com:9067.

By not using localhost, you are potentially talking to lightwalled via HTTP over the open internet, which is not secure. Port 9067 should not be open to the internet on your server.

I just updated the readme to talk about this as well.

@jahway603 that looks correct for this functionality. Note, I recommend against using grcp_pass on a public facing port (devo.crabdance.com:9067), you should instead be using localhost:9067. The outside world never needs access to lightwalletd directly, only nginx should be able to access it. This means that when you start lightwalletd you bind to localhost:9067, not devo.crabdance.com:9067. By not using localhost, you are potentially talking to lightwalled via HTTP over the open internet, which is not secure. Port 9067 should not be open to the internet on your server. I just updated the readme to talk about this as well.
jahway603 commented 1 year ago
Poster
Collaborator

I get the dreaded Error during startup:grpc-status: Internal, grpc-message: "Unexpected compression flag: 60" If you repeatedly run into this issue, you might have to restore your wallet from your seed phrase. error if I setup what you've mentioned with the localhost:9067, also tried with 127.0.0.1:9067 and same thing. It's only working with the full hostname, so I'm sure we can all sort out a "standard config".

I get the dreaded `Error during startup:grpc-status: Internal, grpc-message: "Unexpected compression flag: 60" If you repeatedly run into this issue, you might have to restore your wallet from your seed phrase.` error if I setup what you've mentioned with the localhost:9067, also tried with 127.0.0.1:9067 and same thing. It's only working with the full hostname, so I'm sure we can all sort out a "standard config".
jahway603 commented 1 year ago
Poster
Collaborator

Opened Issue #45 because of the issue of lightwalletd not working with localhost...

Opened Issue https://git.hush.is/hush/lightwalletd/issues/45 because of the issue of lightwalletd not working with localhost...
duke commented 1 year ago
Owner

@jahway603 exactly what command are you using to start lightwalletd? Ideally everybody uses start.sh

@jahway603 exactly what command are you using to start lightwalletd? Ideally everybody uses start.sh
duke commented 1 year ago
Owner

@jahway603 you are probably getting the above error because when starting lightwalletd you are binding to something other than localhost:9067 . The value of grpc_pass in nginx config must match the value of --grpc-bind-addr given to lightwalletd

@jahway603 you are probably getting the above error because when starting lightwalletd you are binding to something other than localhost:9067 . The value of grpc_pass in nginx config must match the value of --grpc-bind-addr given to lightwalletd
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
deb-pkg-changes
dev
experiment
jahway
master
mempool
olddev
readme
remove_0mq
service_pr
v2_protobufs
wip_broken_chromebook
Labels
Apply labels
Clear labels
No items
No Label
Milestone
Set milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Assign users
Clear assignees
No Assignees
2 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Write Preview
Loading…
Cancel
Save
There is no content yet.
Delete Branch '%!s(MISSING)'

Deleting a branch is permanent. It CANNOT be undone. Continue?

No
Yes