From 6ae56412330005bba0d8d6b4ebeb91f44f5c54fb Mon Sep 17 00:00:00 2001 From: Marko Date: Mon, 7 Nov 2022 12:06:06 +0100 Subject: [PATCH] docs: set api endpoints to localhost by default (#13778) * Default GRPC and REST endpoints to localhost. Add documentation on recommended ways to expose it. Co-authored-by: Julien Robert Co-authored-by: Julien Robert --- CHANGELOG.md | 1 + docs/docs/run-node/01-run-node.md | 9 +++++++++ server/config/config.go | 6 +++--- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fd68cefd5a..4ece425dee 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -181,6 +181,7 @@ Ref: https://keepachangelog.com/en/1.0.0/ * (x/gov) [#13045](https://github.com/cosmos/cosmos-sdk/pull/13045) Fix gov migrations for v3(0.46). * (snapshot) [#13400](https://github.com/cosmos/cosmos-sdk/pull/13400) Fix snapshot checksum issue in golang 1.19. * (x/gov) [#13728](https://github.com/cosmos/cosmos-sdk/pull/13728) Fix propagation of message events to the current context in `EndBlocker`. +* (server) [#13778](https://github.com/cosmos/cosmos-sdk/pull/13778) Set Cosmos SDK default endpoints to localhost to avoid unknown exposure of endpoints. ### Deprecated diff --git a/docs/docs/run-node/01-run-node.md b/docs/docs/run-node/01-run-node.md index efdde61552..0661b538df 100644 --- a/docs/docs/run-node/01-run-node.md +++ b/docs/docs/run-node/01-run-node.md @@ -63,6 +63,15 @@ jq '.app_state.gov.voting_params.voting_period = "600s"' genesis.json > temp.jso jq '.app_state.mint.minter.inflation = "0.300000000000000000"' genesis.json > temp.json && mv temp.json genesis.json ``` +### Client Interaction + +When instantiating a node, GRPC and REST are defaulted to localhost to avoid unknown exposure of your node to the public. It is recommended to not expose these endpoints without a proxy that can handle load balancing or authentication is setup between your node and the public. + +:::tip +A commonly used tool for this is [nginx](https://nginx.org). +::: + + ## Adding Genesis Accounts Before starting the chain, you need to populate the state with at least one account. To do so, first [create a new account in the keyring](./00-keyring.md#adding-keys-to-the-keyring) named `my_validator` under the `test` keyring backend (feel free to choose another name and another backend). diff --git a/server/config/config.go b/server/config/config.go index eff42298c6..abe2c70713 100644 --- a/server/config/config.go +++ b/server/config/config.go @@ -18,13 +18,13 @@ const ( defaultMinGasPrices = "" // DefaultAPIAddress defines the default address to bind the API server to. - DefaultAPIAddress = "tcp://0.0.0.0:1317" + DefaultAPIAddress = "tcp://localhost:1317" // DefaultGRPCAddress defines the default address to bind the gRPC server to. - DefaultGRPCAddress = "0.0.0.0:9090" + DefaultGRPCAddress = "localhost:9090" // DefaultGRPCWebAddress defines the default address to bind the gRPC-web server to. - DefaultGRPCWebAddress = "0.0.0.0:9091" + DefaultGRPCWebAddress = "localhost:9091" // DefaultGRPCMaxRecvMsgSize defines the default gRPC max message size in // bytes the server can receive.