diff --git a/.gitignore b/.gitignore index 5cc7d1f1..1d342783 100644 --- a/.gitignore +++ b/.gitignore @@ -15,4 +15,5 @@ build/*.deb .bin-image .deb-image \.idea/ -__debug* \ No newline at end of file +__debug* +.gocache/ \ No newline at end of file diff --git a/Makefile b/Makefile index d384f379..0ad263ca 100644 --- a/Makefile +++ b/Makefile @@ -7,34 +7,36 @@ NO_CACHE = false TCMALLOC = PORTABLE = 0 ARGS ?= +# Forward BB_RPC_* overrides into Docker so template generation sees desired endpoints/binds/allow lists. +BB_RPC_ENV := $(shell env | awk -F= '/^BB_RPC_(URL|BIND_HOST|ALLOW_IP)_/ {print "-e " $$1}') TARGETS=$(subst .json,, $(shell ls configs/coins)) .PHONY: build build-debug test deb build: .bin-image - docker run -t --rm -e PACKAGER=$(PACKAGER) -v "$(CURDIR):/src" -v "$(CURDIR)/build:/out" $(BIN_IMAGE) make build ARGS="$(ARGS)" + docker run -t --rm -e PACKAGER=$(PACKAGER) $(BB_RPC_ENV) -v "$(CURDIR):/src" -v "$(CURDIR)/build:/out" $(BIN_IMAGE) make build ARGS="$(ARGS)" build-debug: .bin-image - docker run -t --rm -e PACKAGER=$(PACKAGER) -v "$(CURDIR):/src" -v "$(CURDIR)/build:/out" $(BIN_IMAGE) make build-debug ARGS="$(ARGS)" + docker run -t --rm -e PACKAGER=$(PACKAGER) $(BB_RPC_ENV) -v "$(CURDIR):/src" -v "$(CURDIR)/build:/out" $(BIN_IMAGE) make build-debug ARGS="$(ARGS)" test: .bin-image - docker run -t --rm -e PACKAGER=$(PACKAGER) -v "$(CURDIR):/src" --network="host" $(BIN_IMAGE) make test ARGS="$(ARGS)" + docker run -t --rm -e PACKAGER=$(PACKAGER) $(BB_RPC_ENV) -v "$(CURDIR):/src" --network="host" $(BIN_IMAGE) make test ARGS="$(ARGS)" test-integration: .bin-image - docker run -t --rm -e PACKAGER=$(PACKAGER) -v "$(CURDIR):/src" --network="host" $(BIN_IMAGE) make test-integration ARGS="$(ARGS)" + docker run -t --rm -e PACKAGER=$(PACKAGER) $(BB_RPC_ENV) -v "$(CURDIR):/src" --network="host" $(BIN_IMAGE) make test-integration ARGS="$(ARGS)" test-all: .bin-image - docker run -t --rm -e PACKAGER=$(PACKAGER) -v "$(CURDIR):/src" --network="host" $(BIN_IMAGE) make test-all ARGS="$(ARGS)" + docker run -t --rm -e PACKAGER=$(PACKAGER) $(BB_RPC_ENV) -v "$(CURDIR):/src" --network="host" $(BIN_IMAGE) make test-all ARGS="$(ARGS)" deb-backend-%: .deb-image - docker run -t --rm -e PACKAGER=$(PACKAGER) -v /var/run/docker.sock:/var/run/docker.sock -v "$(CURDIR):/src" -v "$(CURDIR)/build:/out" $(DEB_IMAGE) /build/build-deb.sh backend $* $(ARGS) + docker run -t --rm -e PACKAGER=$(PACKAGER) $(BB_RPC_ENV) -v /var/run/docker.sock:/var/run/docker.sock -v "$(CURDIR):/src" -v "$(CURDIR)/build:/out" $(DEB_IMAGE) /build/build-deb.sh backend $* $(ARGS) deb-blockbook-%: .deb-image - docker run -t --rm -e PACKAGER=$(PACKAGER) -v "$(CURDIR):/src" -v "$(CURDIR)/build:/out" $(DEB_IMAGE) /build/build-deb.sh blockbook $* $(ARGS) + docker run -t --rm -e PACKAGER=$(PACKAGER) $(BB_RPC_ENV) -v "$(CURDIR):/src" -v "$(CURDIR)/build:/out" $(DEB_IMAGE) /build/build-deb.sh blockbook $* $(ARGS) deb-%: .deb-image - docker run -t --rm -e PACKAGER=$(PACKAGER) -v /var/run/docker.sock:/var/run/docker.sock -v "$(CURDIR):/src" -v "$(CURDIR)/build:/out" $(DEB_IMAGE) /build/build-deb.sh all $* $(ARGS) + docker run -t --rm -e PACKAGER=$(PACKAGER) $(BB_RPC_ENV) -v /var/run/docker.sock:/var/run/docker.sock -v "$(CURDIR):/src" -v "$(CURDIR)/build:/out" $(DEB_IMAGE) /build/build-deb.sh all $* $(ARGS) deb-blockbook-all: clean-deb $(addprefix deb-blockbook-, $(TARGETS)) diff --git a/build/templates/backend/config/bcash.conf b/build/templates/backend/config/bcash.conf index 8fb7269c..71e1b09f 100644 --- a/build/templates/backend/config/bcash.conf +++ b/build/templates/backend/config/bcash.conf @@ -6,6 +6,9 @@ nolisten=1 rpcuser={{.IPC.RPCUser}} rpcpassword={{.IPC.RPCPass}} rpcport={{.Ports.BackendRPC}} +# Bind RPC based on BB_RPC_BIND_HOST_* so defaults remain local unless explicitly overridden. +rpcbind={{.Env.RPCBindHost}} +rpcallowip={{.Env.RPCAllowIP}} txindex=1 zmqpubhashtx={{template "IPC.MessageQueueBindingTemplate" .}} diff --git a/build/templates/backend/config/bitcoin.conf b/build/templates/backend/config/bitcoin.conf index 619f6785..7ca679b1 100644 --- a/build/templates/backend/config/bitcoin.conf +++ b/build/templates/backend/config/bitcoin.conf @@ -34,5 +34,8 @@ addnode={{$node}} {{if .Backend.Mainnet}}[main]{{else}}[test]{{end}} {{generateRPCAuth .IPC.RPCUser .IPC.RPCPass -}} rpcport={{.Ports.BackendRPC}} +# Bind RPC based on BB_RPC_BIND_HOST_* so defaults remain local unless explicitly overridden. +rpcbind={{.Env.RPCBindHost}} +rpcallowip={{.Env.RPCAllowIP}} {{end}} diff --git a/build/templates/backend/config/bitcoin_like.conf b/build/templates/backend/config/bitcoin_like.conf index 170b4325..f4785a38 100644 --- a/build/templates/backend/config/bitcoin_like.conf +++ b/build/templates/backend/config/bitcoin_like.conf @@ -5,6 +5,9 @@ server=1 nolisten=1 rpcuser={{.IPC.RPCUser}} rpcpassword={{.IPC.RPCPass}} +# Bind RPC based on BB_RPC_BIND_HOST_* so defaults remain local unless explicitly overridden. +rpcbind={{.Env.RPCBindHost}} +rpcallowip={{.Env.RPCAllowIP}} {{if .Backend.Mainnet}}rpcport={{.Ports.BackendRPC}}{{end}} txindex=1 diff --git a/build/templates/backend/config/bitcoin_regtest.conf b/build/templates/backend/config/bitcoin_regtest.conf index 3bdfc3dc..bfb5a68d 100644 --- a/build/templates/backend/config/bitcoin_regtest.conf +++ b/build/templates/backend/config/bitcoin_regtest.conf @@ -30,8 +30,9 @@ addnode={{$node}} regtest=1 {{if .Backend.Mainnet}}[main]{{else}}[regtest]{{end}} -rpcallowip=0.0.0.0/0 -rpcbind=0.0.0.0 +# Bind RPC based on BB_RPC_BIND_HOST_* so defaults remain local unless explicitly overridden. +rpcallowip={{.Env.RPCAllowIP}} +rpcbind={{.Env.RPCBindHost}} {{generateRPCAuth .IPC.RPCUser .IPC.RPCPass -}} rpcport={{.Ports.BackendRPC}} diff --git a/build/templates/backend/config/bitcoin_signet.conf b/build/templates/backend/config/bitcoin_signet.conf index e88a0fd5..3ac11edf 100644 --- a/build/templates/backend/config/bitcoin_signet.conf +++ b/build/templates/backend/config/bitcoin_signet.conf @@ -31,5 +31,8 @@ addnode={{$node}} {{if .Backend.Mainnet}}[main]{{else}}[signet]{{end}} {{generateRPCAuth .IPC.RPCUser .IPC.RPCPass -}} rpcport={{.Ports.BackendRPC}} +# Bind RPC based on BB_RPC_BIND_HOST_* so defaults remain local unless explicitly overridden. +rpcbind={{.Env.RPCBindHost}} +rpcallowip={{.Env.RPCAllowIP}} {{end}} diff --git a/build/templates/backend/config/bitcoin_testnet4.conf b/build/templates/backend/config/bitcoin_testnet4.conf index 46a5370b..bfa4ce81 100644 --- a/build/templates/backend/config/bitcoin_testnet4.conf +++ b/build/templates/backend/config/bitcoin_testnet4.conf @@ -34,5 +34,8 @@ addnode={{$node}} {{if .Backend.Mainnet}}[main]{{else}}[testnet4]{{end}} {{generateRPCAuth .IPC.RPCUser .IPC.RPCPass -}} rpcport={{.Ports.BackendRPC}} +# Bind RPC based on BB_RPC_BIND_HOST_* so defaults remain local unless explicitly overridden. +rpcbind={{.Env.RPCBindHost}} +rpcallowip={{.Env.RPCAllowIP}} {{end}} diff --git a/build/templates/backend/config/decred.conf b/build/templates/backend/config/decred.conf index aa8584b4..4622664f 100644 --- a/build/templates/backend/config/decred.conf +++ b/build/templates/backend/config/decred.conf @@ -6,5 +6,6 @@ txindex=1 addrindex=1 rpcuser={{.IPC.RPCUser}} rpcpass={{.IPC.RPCPass}} -rpclisten=[127.0.0.1]:{{.Ports.BackendRPC}} +# Bind RPC based on BB_RPC_BIND_HOST_* so defaults remain local unless explicitly overridden. +rpclisten=[{{.Env.RPCBindHost}}]:{{.Ports.BackendRPC}} {{ end }} diff --git a/build/templates/backend/config/deeponion.conf b/build/templates/backend/config/deeponion.conf index ca92d14f..5f300a17 100644 --- a/build/templates/backend/config/deeponion.conf +++ b/build/templates/backend/config/deeponion.conf @@ -5,6 +5,9 @@ server=1 rpcuser={{.IPC.RPCUser}} rpcpassword={{.IPC.RPCPass}} rpcport={{.Ports.BackendRPC}} +# Bind RPC based on BB_RPC_BIND_HOST_* so defaults remain local unless explicitly overridden. +rpcbind={{.Env.RPCBindHost}} +rpcallowip={{.Env.RPCAllowIP}} txindex=1 zmqpubhashtx={{template "IPC.MessageQueueBindingTemplate" .}} diff --git a/build/templates/backend/scripts/arbitrum.sh b/build/templates/backend/scripts/arbitrum.sh index 0872739c..17d16b0f 100755 --- a/build/templates/backend/scripts/arbitrum.sh +++ b/build/templates/backend/scripts/arbitrum.sh @@ -9,6 +9,7 @@ DATA_DIR={{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend NITRO_BIN=$INSTALL_DIR/nitro +# Bind RPC endpoints based on BB_RPC_BIND_HOST_* so defaults remain local unless explicitly overridden. $NITRO_BIN \ --chain.name arb1 \ --init.latest pruned \ @@ -17,12 +18,12 @@ $NITRO_BIN \ --persistent.chain $DATA_DIR \ --parent-chain.connection.url http://127.0.0.1:8136 \ --parent-chain.blob-client.beacon-url http://127.0.0.1:7536 \ - --http.addr 127.0.0.1 \ + --http.addr {{.Env.RPCBindHost}} \ --http.port {{.Ports.BackendHttp}} \ --http.api eth,net,web3,debug,txpool,arb \ --http.vhosts '*' \ --http.corsdomain '*' \ - --ws.addr 127.0.0.1 \ + --ws.addr {{.Env.RPCBindHost}} \ --ws.api eth,net,web3,debug,txpool,arb \ --ws.port {{.Ports.BackendRPC}} \ --ws.origins '*' \ @@ -31,4 +32,4 @@ $NITRO_BIN \ --execution.tx-lookup-limit 0 \ --validation.wasm.allowed-wasm-module-roots "$INSTALL_DIR/nitro-legacy/machines,$INSTALL_DIR/target/machines" -{{end}} \ No newline at end of file +{{end}} diff --git a/build/templates/backend/scripts/arbitrum_archive.sh b/build/templates/backend/scripts/arbitrum_archive.sh index 27c7d6da..77149183 100755 --- a/build/templates/backend/scripts/arbitrum_archive.sh +++ b/build/templates/backend/scripts/arbitrum_archive.sh @@ -9,6 +9,7 @@ DATA_DIR={{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend NITRO_BIN=$INSTALL_DIR/nitro +# Bind RPC endpoints based on BB_RPC_BIND_HOST_* so defaults remain local unless explicitly overridden. $NITRO_BIN \ --chain.name arb1 \ --init.latest archive \ @@ -17,12 +18,12 @@ $NITRO_BIN \ --persistent.chain $DATA_DIR \ --parent-chain.connection.url http://127.0.0.1:8116 \ --parent-chain.blob-client.beacon-url http://127.0.0.1:7516 \ - --http.addr 127.0.0.1 \ + --http.addr {{.Env.RPCBindHost}} \ --http.port {{.Ports.BackendHttp}} \ --http.api eth,net,web3,debug,txpool,arb \ --http.vhosts '*' \ --http.corsdomain '*' \ - --ws.addr 127.0.0.1 \ + --ws.addr {{.Env.RPCBindHost}} \ --ws.api eth,net,web3,debug,txpool,arb \ --ws.port {{.Ports.BackendRPC}} \ --ws.origins '*' \ @@ -32,4 +33,4 @@ $NITRO_BIN \ --execution.tx-lookup-limit 0 \ --validation.wasm.allowed-wasm-module-roots "$INSTALL_DIR/nitro-legacy/machines,$INSTALL_DIR/target/machines" -{{end}} \ No newline at end of file +{{end}} diff --git a/build/templates/backend/scripts/arbitrum_nova.sh b/build/templates/backend/scripts/arbitrum_nova.sh index 3f15e4ef..c34cc190 100755 --- a/build/templates/backend/scripts/arbitrum_nova.sh +++ b/build/templates/backend/scripts/arbitrum_nova.sh @@ -9,6 +9,7 @@ DATA_DIR={{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend NITRO_BIN=$INSTALL_DIR/nitro +# Bind RPC endpoints based on BB_RPC_BIND_HOST_* so defaults remain local unless explicitly overridden. $NITRO_BIN \ --chain.name nova \ --init.latest pruned \ @@ -17,12 +18,12 @@ $NITRO_BIN \ --persistent.chain $DATA_DIR \ --parent-chain.connection.url http://127.0.0.1:8136 \ --parent-chain.blob-client.beacon-url http://127.0.0.1:7536 \ - --http.addr 127.0.0.1 \ + --http.addr {{.Env.RPCBindHost}} \ --http.port {{.Ports.BackendHttp}} \ --http.api eth,net,web3,debug,txpool,arb \ --http.vhosts '*' \ --http.corsdomain '*' \ - --ws.addr 127.0.0.1 \ + --ws.addr {{.Env.RPCBindHost}} \ --ws.api eth,net,web3,debug,txpool,arb \ --ws.port {{.Ports.BackendRPC}} \ --ws.origins '*' \ @@ -31,4 +32,4 @@ $NITRO_BIN \ --execution.tx-lookup-limit 0 \ --validation.wasm.allowed-wasm-module-roots "$INSTALL_DIR/nitro-legacy/machines,$INSTALL_DIR/target/machines" -{{end}} \ No newline at end of file +{{end}} diff --git a/build/templates/backend/scripts/arbitrum_nova_archive.sh b/build/templates/backend/scripts/arbitrum_nova_archive.sh index eb150f79..e6ccf38f 100755 --- a/build/templates/backend/scripts/arbitrum_nova_archive.sh +++ b/build/templates/backend/scripts/arbitrum_nova_archive.sh @@ -9,6 +9,7 @@ DATA_DIR={{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend NITRO_BIN=$INSTALL_DIR/nitro +# Bind RPC endpoints based on BB_RPC_BIND_HOST_* so defaults remain local unless explicitly overridden. $NITRO_BIN \ --chain.name nova \ --init.latest archive \ @@ -17,12 +18,12 @@ $NITRO_BIN \ --persistent.chain $DATA_DIR \ --parent-chain.connection.url http://127.0.0.1:8116 \ --parent-chain.blob-client.beacon-url http://127.0.0.1:7516 \ - --http.addr 127.0.0.1 \ + --http.addr {{.Env.RPCBindHost}} \ --http.port {{.Ports.BackendHttp}} \ --http.api eth,net,web3,debug,txpool,arb \ --http.vhosts '*' \ --http.corsdomain '*' \ - --ws.addr 127.0.0.1 \ + --ws.addr {{.Env.RPCBindHost}} \ --ws.api eth,net,web3,debug,txpool,arb \ --ws.port {{.Ports.BackendRPC}} \ --ws.origins '*' \ @@ -32,4 +33,4 @@ $NITRO_BIN \ --execution.tx-lookup-limit 0 \ --validation.wasm.allowed-wasm-module-roots "$INSTALL_DIR/nitro-legacy/machines,$INSTALL_DIR/target/machines" -{{end}} \ No newline at end of file +{{end}} diff --git a/build/templates/backend/scripts/base.sh b/build/templates/backend/scripts/base.sh index 1b930564..3d982378 100644 --- a/build/templates/backend/scripts/base.sh +++ b/build/templates/backend/scripts/base.sh @@ -14,6 +14,7 @@ if [ ! -d "$CHAINDATA_DIR" ]; then wget -c $SNAPSHOT -O - | zstd -cd | tar xf - --strip-components=1 -C $DATA_DIR fi +# Bind RPC endpoints based on BB_RPC_BIND_HOST_* so defaults remain local unless explicitly overridden. $GETH_BIN \ --op-network base-mainnet \ --datadir $DATA_DIR \ @@ -24,13 +25,13 @@ $GETH_BIN \ --port {{.Ports.BackendP2P}} \ --http \ --http.port {{.Ports.BackendHttp}} \ - --http.addr 127.0.0.1 \ + --http.addr {{.Env.RPCBindHost}} \ --http.api eth,net,web3,debug,txpool,engine \ --http.vhosts "*" \ --http.corsdomain "*" \ --ws \ --ws.port {{.Ports.BackendRPC}} \ - --ws.addr 127.0.0.1 \ + --ws.addr {{.Env.RPCBindHost}} \ --ws.api eth,net,web3,debug,txpool,engine \ --ws.origins "*" \ --rollup.disabletxpoolgossip=true \ diff --git a/build/templates/backend/scripts/base_archive.sh b/build/templates/backend/scripts/base_archive.sh index 6f344e46..111add77 100644 --- a/build/templates/backend/scripts/base_archive.sh +++ b/build/templates/backend/scripts/base_archive.sh @@ -14,6 +14,7 @@ if [ ! -d "$CHAINDATA_DIR" ]; then wget -c $SNAPSHOT -O - | zstd -cd | tar xf - --strip-components=1 -C $DATA_DIR fi +# Bind RPC endpoints based on BB_RPC_BIND_HOST_* so defaults remain local unless explicitly overridden. $GETH_BIN \ --op-network base-mainnet \ --datadir $DATA_DIR \ @@ -24,13 +25,13 @@ $GETH_BIN \ --port {{.Ports.BackendP2P}} \ --http \ --http.port {{.Ports.BackendHttp}} \ - --http.addr 127.0.0.1 \ + --http.addr {{.Env.RPCBindHost}} \ --http.api eth,net,web3,debug,txpool,engine \ --http.vhosts "*" \ --http.corsdomain "*" \ --ws \ --ws.port {{.Ports.BackendRPC}} \ - --ws.addr 127.0.0.1 \ + --ws.addr {{.Env.RPCBindHost}} \ --ws.api eth,net,web3,debug,txpool,engine \ --ws.origins "*" \ --rollup.disabletxpoolgossip=true \ diff --git a/build/templates/backend/scripts/base_archive_op_node.sh b/build/templates/backend/scripts/base_archive_op_node.sh index 75e122da..1e3c374f 100644 --- a/build/templates/backend/scripts/base_archive_op_node.sh +++ b/build/templates/backend/scripts/base_archive_op_node.sh @@ -6,6 +6,7 @@ set -e BIN={{.Env.BackendInstallPath}}/{{.Coin.Alias}}/op-node +# Bind RPC endpoints based on BB_RPC_BIND_HOST_* so defaults remain local unless explicitly overridden. $BIN \ --network base-mainnet \ --l1 http://127.0.0.1:8116 \ @@ -13,7 +14,7 @@ $BIN \ --l1.trustrpc \ --l1.rpckind=debug_geth \ --l2 http://127.0.0.1:8411 \ - --rpc.addr 127.0.0.1 \ + --rpc.addr {{.Env.RPCBindHost}} \ --rpc.port {{.Ports.BackendRPC}} \ --l2.jwt-secret {{.Env.BackendDataPath}}/base_archive/backend/jwtsecret \ --p2p.bootnodes enr:-J24QNz9lbrKbN4iSmmjtnr7SjUMk4zB7f1krHZcTZx-JRKZd0kA2gjufUROD6T3sOWDVDnFJRvqBBo62zuF-hYCohOGAYiOoEyEgmlkgnY0gmlwhAPniryHb3BzdGFja4OFQgCJc2VjcDI1NmsxoQKNVFlCxh_B-716tTs-h1vMzZkSs1FTu_OYTNjgufplG4N0Y3CCJAaDdWRwgiQG,enr:-J24QH-f1wt99sfpHy4c0QJM-NfmsIfmlLAMMcgZCUEgKG_BBYFc6FwYgaMJMQN5dsRBJApIok0jFn-9CS842lGpLmqGAYiOoDRAgmlkgnY0gmlwhLhIgb2Hb3BzdGFja4OFQgCJc2VjcDI1NmsxoQJ9FTIv8B9myn1MWaC_2lJ-sMoeCDkusCsk4BYHjjCq04N0Y3CCJAaDdWRwgiQG,enr:-J24QDXyyxvQYsd0yfsN0cRr1lZ1N11zGTplMNlW4xNEc7LkPXh0NAJ9iSOVdRO95GPYAIc6xmyoCCG6_0JxdL3a0zaGAYiOoAjFgmlkgnY0gmlwhAPckbGHb3BzdGFja4OFQgCJc2VjcDI1NmsxoQJwoS7tzwxqXSyFL7g0JM-KWVbgvjfB8JA__T7yY_cYboN0Y3CCJAaDdWRwgiQG,enr:-J24QHmGyBwUZXIcsGYMaUqGGSl4CFdx9Tozu-vQCn5bHIQbR7On7dZbU61vYvfrJr30t0iahSqhc64J46MnUO2JvQaGAYiOoCKKgmlkgnY0gmlwhAPnCzSHb3BzdGFja4OFQgCJc2VjcDI1NmsxoQINc4fSijfbNIiGhcgvwjsjxVFJHUstK9L1T8OTKUjgloN0Y3CCJAaDdWRwgiQG,enr:-J24QG3ypT4xSu0gjb5PABCmVxZqBjVw9ca7pvsI8jl4KATYAnxBmfkaIuEqy9sKvDHKuNCsy57WwK9wTt2aQgcaDDyGAYiOoGAXgmlkgnY0gmlwhDbGmZaHb3BzdGFja4OFQgCJc2VjcDI1NmsxoQIeAK_--tcLEiu7HvoUlbV52MspE0uCocsx1f_rYvRenIN0Y3CCJAaDdWRwgiQG \ diff --git a/build/templates/backend/scripts/base_op_node.sh b/build/templates/backend/scripts/base_op_node.sh index 4254b897..ad8cb2f0 100644 --- a/build/templates/backend/scripts/base_op_node.sh +++ b/build/templates/backend/scripts/base_op_node.sh @@ -6,6 +6,7 @@ set -e BIN={{.Env.BackendInstallPath}}/{{.Coin.Alias}}/op-node +# Bind RPC endpoints based on BB_RPC_BIND_HOST_* so defaults remain local unless explicitly overridden. $BIN \ --network base-mainnet \ --l1 http://127.0.0.1:8136 \ @@ -13,7 +14,7 @@ $BIN \ --l1.trustrpc \ --l1.rpckind debug_geth \ --l2 http://127.0.0.1:8409 \ - --rpc.addr 127.0.0.1 \ + --rpc.addr {{.Env.RPCBindHost}} \ --rpc.port {{.Ports.BackendRPC}} \ --l2.jwt-secret {{.Env.BackendDataPath}}/base/backend/jwtsecret \ --p2p.bootnodes enr:-J24QNz9lbrKbN4iSmmjtnr7SjUMk4zB7f1krHZcTZx-JRKZd0kA2gjufUROD6T3sOWDVDnFJRvqBBo62zuF-hYCohOGAYiOoEyEgmlkgnY0gmlwhAPniryHb3BzdGFja4OFQgCJc2VjcDI1NmsxoQKNVFlCxh_B-716tTs-h1vMzZkSs1FTu_OYTNjgufplG4N0Y3CCJAaDdWRwgiQG,enr:-J24QH-f1wt99sfpHy4c0QJM-NfmsIfmlLAMMcgZCUEgKG_BBYFc6FwYgaMJMQN5dsRBJApIok0jFn-9CS842lGpLmqGAYiOoDRAgmlkgnY0gmlwhLhIgb2Hb3BzdGFja4OFQgCJc2VjcDI1NmsxoQJ9FTIv8B9myn1MWaC_2lJ-sMoeCDkusCsk4BYHjjCq04N0Y3CCJAaDdWRwgiQG,enr:-J24QDXyyxvQYsd0yfsN0cRr1lZ1N11zGTplMNlW4xNEc7LkPXh0NAJ9iSOVdRO95GPYAIc6xmyoCCG6_0JxdL3a0zaGAYiOoAjFgmlkgnY0gmlwhAPckbGHb3BzdGFja4OFQgCJc2VjcDI1NmsxoQJwoS7tzwxqXSyFL7g0JM-KWVbgvjfB8JA__T7yY_cYboN0Y3CCJAaDdWRwgiQG,enr:-J24QHmGyBwUZXIcsGYMaUqGGSl4CFdx9Tozu-vQCn5bHIQbR7On7dZbU61vYvfrJr30t0iahSqhc64J46MnUO2JvQaGAYiOoCKKgmlkgnY0gmlwhAPnCzSHb3BzdGFja4OFQgCJc2VjcDI1NmsxoQINc4fSijfbNIiGhcgvwjsjxVFJHUstK9L1T8OTKUjgloN0Y3CCJAaDdWRwgiQG,enr:-J24QG3ypT4xSu0gjb5PABCmVxZqBjVw9ca7pvsI8jl4KATYAnxBmfkaIuEqy9sKvDHKuNCsy57WwK9wTt2aQgcaDDyGAYiOoGAXgmlkgnY0gmlwhDbGmZaHb3BzdGFja4OFQgCJc2VjcDI1NmsxoQIeAK_--tcLEiu7HvoUlbV52MspE0uCocsx1f_rYvRenIN0Y3CCJAaDdWRwgiQG \ diff --git a/build/templates/backend/scripts/bsc.sh b/build/templates/backend/scripts/bsc.sh index fdcfbf80..020be1c9 100644 --- a/build/templates/backend/scripts/bsc.sh +++ b/build/templates/backend/scripts/bsc.sh @@ -14,18 +14,19 @@ if [ ! -d "$CHAINDATA_DIR" ]; then $GETH_BIN init --datadir $DATA_DIR $INSTALL_DIR/genesis.json fi +# Bind RPC endpoints based on BB_RPC_BIND_HOST_* so defaults remain local unless explicitly overridden. $GETH_BIN \ --config $INSTALL_DIR/config.toml \ --datadir $DATA_DIR \ --port {{.Ports.BackendP2P}} \ --http \ - --http.addr 127.0.0.1 \ + --http.addr {{.Env.RPCBindHost}} \ --http.port {{.Ports.BackendHttp}} \ --http.api eth,net,web3,debug,txpool \ --http.vhosts '*' \ --http.corsdomain '*' \ --ws \ - --ws.addr 127.0.0.1 \ + --ws.addr {{.Env.RPCBindHost}} \ --ws.port {{.Ports.BackendRPC}} \ --ws.api eth,net,web3,debug,txpool \ --ws.origins '*' \ @@ -37,4 +38,4 @@ $GETH_BIN \ --ipcdisable \ --nat none -{{end}} \ No newline at end of file +{{end}} diff --git a/build/templates/backend/scripts/bsc_archive.sh b/build/templates/backend/scripts/bsc_archive.sh index 17990d9e..8e1b8f94 100644 --- a/build/templates/backend/scripts/bsc_archive.sh +++ b/build/templates/backend/scripts/bsc_archive.sh @@ -14,18 +14,19 @@ if [ ! -d "$CHAINDATA_DIR" ]; then $GETH_BIN init --datadir $DATA_DIR $INSTALL_DIR/genesis.json fi +# Bind RPC endpoints based on BB_RPC_BIND_HOST_* so defaults remain local unless explicitly overridden. $GETH_BIN \ --config $INSTALL_DIR/config.toml \ --datadir $DATA_DIR \ --port {{.Ports.BackendP2P}} \ --http \ - --http.addr 127.0.0.1 \ + --http.addr {{.Env.RPCBindHost}} \ --http.port {{.Ports.BackendHttp}} \ --http.api eth,net,web3,debug,txpool \ --http.vhosts '*' \ --http.corsdomain '*' \ --ws \ - --ws.addr 127.0.0.1 \ + --ws.addr {{.Env.RPCBindHost}} \ --ws.port {{.Ports.BackendRPC}} \ --ws.api eth,net,web3,debug,txpool \ --ws.origins '*' \ @@ -40,4 +41,4 @@ $GETH_BIN \ --ipcdisable \ --nat none -{{end}} \ No newline at end of file +{{end}} diff --git a/build/templates/backend/scripts/optimism.sh b/build/templates/backend/scripts/optimism.sh index faccfe80..481e7d02 100644 --- a/build/templates/backend/scripts/optimism.sh +++ b/build/templates/backend/scripts/optimism.sh @@ -14,6 +14,7 @@ if [ ! -d "$CHAINDATA_DIR" ]; then wget -c $SNAPSHOT -O - | lz4 -cd | tar xf - -C $DATA_DIR fi +# Bind RPC endpoints based on BB_RPC_BIND_HOST_* so defaults remain local unless explicitly overridden. $GETH_BIN \ --op-network op-mainnet \ --datadir $DATA_DIR \ @@ -24,13 +25,13 @@ $GETH_BIN \ --port {{.Ports.BackendP2P}} \ --http \ --http.port {{.Ports.BackendHttp}} \ - --http.addr 127.0.0.1 \ + --http.addr {{.Env.RPCBindHost}} \ --http.api eth,net,web3,debug,txpool,engine \ --http.vhosts "*" \ --http.corsdomain "*" \ --ws \ --ws.port {{.Ports.BackendRPC}} \ - --ws.addr 127.0.0.1 \ + --ws.addr {{.Env.RPCBindHost}} \ --ws.api eth,net,web3,debug,txpool,engine \ --ws.origins "*" \ --rollup.disabletxpoolgossip=true \ diff --git a/build/templates/backend/scripts/optimism_archive.sh b/build/templates/backend/scripts/optimism_archive.sh index 78025884..beb9d86c 100644 --- a/build/templates/backend/scripts/optimism_archive.sh +++ b/build/templates/backend/scripts/optimism_archive.sh @@ -14,6 +14,7 @@ if [ ! -d "$CHAINDATA_DIR" ]; then wget -c $(curl -sL $SNAPSHOT | grep -oP '(?<=url=)[^"]*') -O - | zstd -cd | tar xf - -C $DATA_DIR fi +# Bind RPC endpoints based on BB_RPC_BIND_HOST_* so defaults remain local unless explicitly overridden. $GETH_BIN \ --op-network op-mainnet \ --datadir $DATA_DIR \ @@ -24,13 +25,13 @@ $GETH_BIN \ --port {{.Ports.BackendP2P}} \ --http \ --http.port {{.Ports.BackendHttp}} \ - --http.addr 127.0.0.1 \ + --http.addr {{.Env.RPCBindHost}} \ --http.api eth,net,web3,debug,txpool,engine \ --http.vhosts "*" \ --http.corsdomain "*" \ --ws \ --ws.port {{.Ports.BackendRPC}} \ - --ws.addr 127.0.0.1 \ + --ws.addr {{.Env.RPCBindHost}} \ --ws.api eth,net,web3,debug,txpool,engine \ --ws.origins "*" \ --rollup.disabletxpoolgossip=true \ diff --git a/build/templates/backend/scripts/optimism_archive_legacy_geth.sh b/build/templates/backend/scripts/optimism_archive_legacy_geth.sh index 641da1fe..e8601b14 100644 --- a/build/templates/backend/scripts/optimism_archive_legacy_geth.sh +++ b/build/templates/backend/scripts/optimism_archive_legacy_geth.sh @@ -17,19 +17,20 @@ if [ ! -d "$CHAINDATA_DIR" ]; then wget -c $SNAPSHOT -O - | zstd -cd | tar xf - -C $DATA_DIR fi +# Bind RPC endpoints based on BB_RPC_BIND_HOST_* so defaults remain local unless explicitly overridden. $GETH_BIN \ --networkid 10 \ --datadir $DATA_DIR \ --port {{.Ports.BackendP2P}} \ --rpc \ --rpcport {{.Ports.BackendHttp}} \ - --rpcaddr 127.0.0.1 \ + --rpcaddr {{.Env.RPCBindHost}} \ --rpcapi eth,rollup,net,web3,debug \ --rpcvhosts "*" \ --rpccorsdomain "*" \ --ws \ --wsport {{.Ports.BackendRPC}} \ - --wsaddr 0.0.0.0 \ + --wsaddr {{.Env.RPCBindHost}} \ --wsapi eth,rollup,net,web3,debug \ --wsorigins "*" \ --nousb \ @@ -37,4 +38,4 @@ $GETH_BIN \ --nat=none \ --nodiscover -{{end}} \ No newline at end of file +{{end}} diff --git a/build/templates/backend/scripts/optimism_archive_op_node.sh b/build/templates/backend/scripts/optimism_archive_op_node.sh index 46375703..f7169c96 100644 --- a/build/templates/backend/scripts/optimism_archive_op_node.sh +++ b/build/templates/backend/scripts/optimism_archive_op_node.sh @@ -7,6 +7,7 @@ set -e BIN={{.Env.BackendInstallPath}}/{{.Coin.Alias}}/op-node PATH={{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend +# Bind RPC endpoints based on BB_RPC_BIND_HOST_* so defaults remain local unless explicitly overridden. $BIN \ --network op-mainnet \ --l1 http://127.0.0.1:8116 \ @@ -14,7 +15,7 @@ $BIN \ --l1.trustrpc \ --l1.rpckind=debug_geth \ --l2 http://127.0.0.1:8402 \ - --rpc.addr 127.0.0.1 \ + --rpc.addr {{.Env.RPCBindHost}} \ --rpc.port {{.Ports.BackendRPC}} \ --l2.jwt-secret {{.Env.BackendDataPath}}/optimism_archive/backend/jwtsecret \ --p2p.priv.path $PATH/opnode_p2p_priv.txt \ diff --git a/build/templates/backend/scripts/optimism_op_node.sh b/build/templates/backend/scripts/optimism_op_node.sh index 200c04b6..d2982bcd 100644 --- a/build/templates/backend/scripts/optimism_op_node.sh +++ b/build/templates/backend/scripts/optimism_op_node.sh @@ -7,6 +7,7 @@ set -e BIN={{.Env.BackendInstallPath}}/{{.Coin.Alias}}/op-node PATH={{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend +# Bind RPC endpoints based on BB_RPC_BIND_HOST_* so defaults remain local unless explicitly overridden. $BIN \ --network op-mainnet \ --l1 http://127.0.0.1:8136 \ @@ -14,7 +15,7 @@ $BIN \ --l1.trustrpc \ --l1.rpckind=debug_geth \ --l2 http://127.0.0.1:8400 \ - --rpc.addr 127.0.0.1 \ + --rpc.addr {{.Env.RPCBindHost}} \ --rpc.port {{.Ports.BackendRPC}} \ --l2.jwt-secret {{.Env.BackendDataPath}}/optimism/backend/jwtsecret \ --p2p.priv.path $PATH/opnode_p2p_priv.txt \ diff --git a/build/templates/backend/scripts/polygon_archive_bor.sh b/build/templates/backend/scripts/polygon_archive_bor.sh index 340e981c..fd6b3b10 100644 --- a/build/templates/backend/scripts/polygon_archive_bor.sh +++ b/build/templates/backend/scripts/polygon_archive_bor.sh @@ -16,6 +16,7 @@ else fi # --bor.heimdall = backend-polygon-heimdall-archive ports.backend_http +# Bind RPC endpoints based on BB_RPC_BIND_HOST_* so defaults remain local unless explicitly overridden. $BOR_BIN server \ --chain $INSTALL_DIR/genesis.json \ --syncmode full \ @@ -26,16 +27,16 @@ $BOR_BIN server \ --bootnodes enode://76316d1cb93c8ed407d3332d595233401250d48f8fbb1d9c65bd18c0495eca1b43ec38ee0ea1c257c0abb7d1f25d649d359cdfe5a805842159cfe36c5f66b7e8@52.78.36.216:30303,enode://b8f1cc9c5d4403703fbf377116469667d2b1823c0daf16b7250aa576bacf399e42c3930ccfcb02c5df6879565a2b8931335565f0e8d3f8e72385ecf4a4bf160a@3.36.224.80:30303,enode://8729e0c825f3d9cad382555f3e46dcff21af323e89025a0e6312df541f4a9e73abfa562d64906f5e59c51fe6f0501b3e61b07979606c56329c020ed739910759@54.194.245.5:30303,enode://681ebac58d8dd2d8a6eef15329dfbad0ab960561524cf2dfde40ad646736fe5c244020f20b87e7c1520820bc625cfb487dd71d63a3a3bf0baea2dbb8ec7c79f1@34.240.245.39:30303,enode://93faa5d49ba61fa03f43f7e3c76907a9c72953e8628650eef09f5bddc646d9012916824cdd60da989fd954a852205df9a1fd9661379504c92e103a1ada4c2ceb@148.251.142.52:30314,enode://91f6d9873ee2ceee27b4054ec70844e21fa7c525e8d820d6a09989473f4f883951da75a09ef098d544c0c8a71e9ddd2e649e5b455b137260ba8657b2f96cad2c@178.63.148.12:30308,enode://2776f6f0d1c1e4dfddeb9a4b1c3b1a8777fbb3054b92fc55b405d35603667e974e9cad4408f1036cfc17af03dd1a6270c5cb40f854b94760474516b2d8c0f185@88.198.101.172:30308,enode://157321664e79855ee0f914fd05b21cc29ae3a7e805114d1c26efa1d4d2781f5d5bc4e76ed9d00f26d6138f80cc84ea183894c390fcb0e07100a845aed02f6f40@136.243.210.177:30303,enode://6a5e65c6ef3356bc79a780cf0c7534c299fb8cd7b37db80155830478c1e29d35336fe52a888efdf53c0e9bb9b94e20b5349d68798860f1cf36ae96da2b3826cc@178.63.247.234:30304,enode://d6da5ad18e51d492481b29443bd0f588b59d3f72f0da43a722b07fe2a9223a717c976a1cfe00ad86c557756b2bf297ea56c64a1f3d09bebcb9b81290689d8e33@178.63.197.250:30320,enode://51cbc8b750e28d5a4f250d141c032cf282ea873eb1c533c5156cfc51e6a5117d465b7b39b4e0088ee597ee87b89e06cc6c1ed5e6e050b1c3f638765ee584c4f4@178.63.163.68:30310,enode://6484d4394215c222257c97ac74fdcd6f77ecf00e896c38ef35cc41a44add96da64649139b37cc094e88bb985eb84b04d4c6c78f86bf205c9e112c31254cdc443@54.38.217.112:30303?discport=30346,enode://eb3b67d68daef47badfa683c8b04a1cba6a7c431613b8d7619a013aad38bd8d405eb1d0e41279b4f6fe15b264bd388e88282a77a908247b2d1e0198bd4def57b@148.251.224.230:30315,enode://aa228d96217dd91564e13536f3c2808d2040115c7c50509f26f836275e8e65d1bf9400bce3294760be18c9e00a4bf47026e661ba8d8ce1cf2ced30f0a70e5da8@89.187.163.132:30303?discport=30356,enode://c10ab147ba266a80f34dbc423cd12689434cb2cc1f18ced8f4e5828e23d6943a666c2db0f8464983ccc95666b36099b513d1e45d5df94139e42fbecde25832fa@87.249.137.89:30303?discport=30436,enode://e68049c37b182a36c8913fc0780aea5196c1841c917cbd76f83f1a3a8ae99fcfbd2dfa44e36081668120354439008fe4325ffc0d0176771ec2c1863033d4769e@65.108.199.236:30303,enode://a4c74da28447bacd2b3e8443d0917cca7798bca39dbb48b0e210f0fb6685538ba9d1608a2493424086363f04be5e6a99e6eabb70946ed503448d6b282056f87a@198.244.213.85:30303?discport=30315,enode://e28fce95f52cf3368b7b624c6f83379dec858fcebf6a7ff07e97aa9b9445736a165bf1c51cad7bdf6e3167e2b00b11c7911fc330dabb484998d899a1b01d75cf@148.251.194.252:30303?discport=30892,enode://412fdb01125f6868a188f472cf15f07c8f93d606395b909dd5010f2a4a2702739102cea18abb6437fbacd12e695982a77f28edd9bbdd36635b04e9b3c2948f8d@34.203.27.246:30303?discport=30388,enode://9703d9591cb1013b4fa6ea889e8effe7579aa59c324a6e019d690a13e108ef9b4419698347e4305f05291e644a713518a91b0fc32a3442c1394619e2a9b8251e@79.127.216.33:30303?discport=30349 \ --port {{.Ports.BackendP2P}} \ --http \ - --http.addr 0.0.0.0 \ + --http.addr {{.Env.RPCBindHost}} \ --http.port {{.Ports.BackendHttp}} \ --http.api eth,net,web3,debug,txpool,bor \ --http.vhosts '*' \ --http.corsdomain '*' \ --ws \ - --ws.addr 0.0.0.0 \ + --ws.addr {{.Env.RPCBindHost}} \ --ws.port {{.Ports.BackendRPC}} \ --ws.api eth,net,web3,debug,txpool,bor \ --ws.origins '*' \ --txlookuplimit 0 \ --cache 4096 -{{end}} \ No newline at end of file +{{end}} diff --git a/build/templates/backend/scripts/polygon_bor.sh b/build/templates/backend/scripts/polygon_bor.sh index 16c110b7..734f0dd9 100644 --- a/build/templates/backend/scripts/polygon_bor.sh +++ b/build/templates/backend/scripts/polygon_bor.sh @@ -10,6 +10,7 @@ DATA_DIR={{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend BOR_BIN=$INSTALL_DIR/bor # --bor.heimdall = backend-polygon-heimdall ports.backend_http +# Bind RPC endpoints based on BB_RPC_BIND_HOST_* so defaults remain local unless explicitly overridden. $BOR_BIN server \ --chain $INSTALL_DIR/genesis.json \ --syncmode full \ @@ -19,17 +20,17 @@ $BOR_BIN server \ --bootnodes enode://76316d1cb93c8ed407d3332d595233401250d48f8fbb1d9c65bd18c0495eca1b43ec38ee0ea1c257c0abb7d1f25d649d359cdfe5a805842159cfe36c5f66b7e8@52.78.36.216:30303,enode://b8f1cc9c5d4403703fbf377116469667d2b1823c0daf16b7250aa576bacf399e42c3930ccfcb02c5df6879565a2b8931335565f0e8d3f8e72385ecf4a4bf160a@3.36.224.80:30303,enode://8729e0c825f3d9cad382555f3e46dcff21af323e89025a0e6312df541f4a9e73abfa562d64906f5e59c51fe6f0501b3e61b07979606c56329c020ed739910759@54.194.245.5:30303,enode://681ebac58d8dd2d8a6eef15329dfbad0ab960561524cf2dfde40ad646736fe5c244020f20b87e7c1520820bc625cfb487dd71d63a3a3bf0baea2dbb8ec7c79f1@34.240.245.39:30303,enode://93faa5d49ba61fa03f43f7e3c76907a9c72953e8628650eef09f5bddc646d9012916824cdd60da989fd954a852205df9a1fd9661379504c92e103a1ada4c2ceb@148.251.142.52:30314,enode://91f6d9873ee2ceee27b4054ec70844e21fa7c525e8d820d6a09989473f4f883951da75a09ef098d544c0c8a71e9ddd2e649e5b455b137260ba8657b2f96cad2c@178.63.148.12:30308,enode://2776f6f0d1c1e4dfddeb9a4b1c3b1a8777fbb3054b92fc55b405d35603667e974e9cad4408f1036cfc17af03dd1a6270c5cb40f854b94760474516b2d8c0f185@88.198.101.172:30308,enode://157321664e79855ee0f914fd05b21cc29ae3a7e805114d1c26efa1d4d2781f5d5bc4e76ed9d00f26d6138f80cc84ea183894c390fcb0e07100a845aed02f6f40@136.243.210.177:30303,enode://6a5e65c6ef3356bc79a780cf0c7534c299fb8cd7b37db80155830478c1e29d35336fe52a888efdf53c0e9bb9b94e20b5349d68798860f1cf36ae96da2b3826cc@178.63.247.234:30304,enode://d6da5ad18e51d492481b29443bd0f588b59d3f72f0da43a722b07fe2a9223a717c976a1cfe00ad86c557756b2bf297ea56c64a1f3d09bebcb9b81290689d8e33@178.63.197.250:30320,enode://51cbc8b750e28d5a4f250d141c032cf282ea873eb1c533c5156cfc51e6a5117d465b7b39b4e0088ee597ee87b89e06cc6c1ed5e6e050b1c3f638765ee584c4f4@178.63.163.68:30310,enode://6484d4394215c222257c97ac74fdcd6f77ecf00e896c38ef35cc41a44add96da64649139b37cc094e88bb985eb84b04d4c6c78f86bf205c9e112c31254cdc443@54.38.217.112:30303?discport=30346,enode://eb3b67d68daef47badfa683c8b04a1cba6a7c431613b8d7619a013aad38bd8d405eb1d0e41279b4f6fe15b264bd388e88282a77a908247b2d1e0198bd4def57b@148.251.224.230:30315,enode://aa228d96217dd91564e13536f3c2808d2040115c7c50509f26f836275e8e65d1bf9400bce3294760be18c9e00a4bf47026e661ba8d8ce1cf2ced30f0a70e5da8@89.187.163.132:30303?discport=30356,enode://c10ab147ba266a80f34dbc423cd12689434cb2cc1f18ced8f4e5828e23d6943a666c2db0f8464983ccc95666b36099b513d1e45d5df94139e42fbecde25832fa@87.249.137.89:30303?discport=30436,enode://e68049c37b182a36c8913fc0780aea5196c1841c917cbd76f83f1a3a8ae99fcfbd2dfa44e36081668120354439008fe4325ffc0d0176771ec2c1863033d4769e@65.108.199.236:30303,enode://a4c74da28447bacd2b3e8443d0917cca7798bca39dbb48b0e210f0fb6685538ba9d1608a2493424086363f04be5e6a99e6eabb70946ed503448d6b282056f87a@198.244.213.85:30303?discport=30315,enode://e28fce95f52cf3368b7b624c6f83379dec858fcebf6a7ff07e97aa9b9445736a165bf1c51cad7bdf6e3167e2b00b11c7911fc330dabb484998d899a1b01d75cf@148.251.194.252:30303?discport=30892,enode://412fdb01125f6868a188f472cf15f07c8f93d606395b909dd5010f2a4a2702739102cea18abb6437fbacd12e695982a77f28edd9bbdd36635b04e9b3c2948f8d@34.203.27.246:30303?discport=30388,enode://9703d9591cb1013b4fa6ea889e8effe7579aa59c324a6e019d690a13e108ef9b4419698347e4305f05291e644a713518a91b0fc32a3442c1394619e2a9b8251e@79.127.216.33:30303?discport=30349 \ --port {{.Ports.BackendP2P}} \ --http \ - --http.addr 127.0.0.1 \ + --http.addr {{.Env.RPCBindHost}} \ --http.port {{.Ports.BackendHttp}} \ --http.api eth,net,web3,debug,txpool,bor \ --http.vhosts '*' \ --http.corsdomain '*' \ --ws \ - --ws.addr 127.0.0.1 \ + --ws.addr {{.Env.RPCBindHost}} \ --ws.port {{.Ports.BackendRPC}} \ --ws.api eth,net,web3,debug,txpool,bor \ --ws.origins '*' \ --txlookuplimit 0 \ --cache 4096 -{{end}} \ No newline at end of file +{{end}} diff --git a/build/tools/templates.go b/build/tools/templates.go index 03113d2a..5017a92f 100644 --- a/build/tools/templates.go +++ b/build/tools/templates.go @@ -100,6 +100,8 @@ type Config struct { BlockbookInstallPath string `json:"blockbook_install_path"` BlockbookDataPath string `json:"blockbook_data_path"` Architecture string `json:"architecture"` + RPCBindHost string `json:"-"` // Derived from BB_RPC_BIND_HOST_* to keep default RPC exposure local. + RPCAllowIP string `json:"-"` // Derived to align rpcallowip with RPC bind host intent. } `json:"-"` } @@ -186,6 +188,23 @@ func LoadConfig(configsDir, coin string) (*Config, error) { config.Meta.BuildDatetime = time.Now().Format("Mon, 02 Jan 2006 15:04:05 -0700") config.Env.Architecture = runtime.GOARCH + rpcBindKey := "BB_RPC_BIND_HOST_" + config.Coin.Alias // Bind host is per coin alias to match deployment naming. + config.Env.RPCBindHost = "127.0.0.1" // Default to localhost to avoid unintended remote exposure. + if bindHost, ok := os.LookupEnv(rpcBindKey); ok && bindHost != "" { + config.Env.RPCBindHost = bindHost + } + rpcAllowKey := "BB_RPC_ALLOW_IP_" + config.Coin.Alias // Allow list defaults to loopback unless explicitly overridden. + config.Env.RPCAllowIP = "127.0.0.1" + if allowIP, ok := os.LookupEnv(rpcAllowKey); ok && allowIP != "" { + config.Env.RPCAllowIP = allowIP + } + + rpcURLKey := "BB_RPC_URL_" + config.Coin.Alias // Use alias so env naming matches coin config and deployment conventions. + if rpcURL, ok := os.LookupEnv(rpcURLKey); ok && rpcURL != "" { + // Prefer explicit env override so package generation/tests can target hosted RPC endpoints without editing JSON. + config.IPC.RPCURLTemplate = rpcURL + } + if !isEmpty(config, "backend") { // set platform specific fields to config platform, found := config.Backend.Platforms[runtime.GOARCH] diff --git a/configs/coins/avalanche.json b/configs/coins/avalanche.json index 7a1c8b72..02dfbf18 100644 --- a/configs/coins/avalanche.json +++ b/configs/coins/avalanche.json @@ -25,7 +25,7 @@ "verification_source": "https://github.com/ava-labs/avalanchego/releases/download/v1.13.2/avalanchego-linux-amd64-v1.13.2.tar.gz.sig", "extract_command": "tar -C backend --strip 1 -xf", "exclude_files": [], - "exec_command_template": "{{.Env.BackendInstallPath}}/{{.Coin.Alias}}/avalanchego --data-dir {{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend --log-dir {{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend --http-port {{.Ports.BackendRPC}} --staking-port {{.Ports.BackendP2P}} --public-ip 127.0.0.1 --staking-ephemeral-cert-enabled --chain-config-content ewogICJDIjp7CiAgICAiY29uZmlnIjoiZXdvZ0lDSmxkR2d0WVhCcGN5STZXd29nSUNBZ0ltVjBhQ0lzQ2lBZ0lDQWlaWFJvTFdacGJIUmxjaUlzQ2lBZ0lDQWlibVYwSWl3S0lDQWdJQ0prWldKMVp5MTBjbUZqWlhJaUxBb2dJQ0FnSW5kbFlqTWlMQW9nSUNBZ0ltbHVkR1Z5Ym1Gc0xXVjBhQ0lzQ2lBZ0lDQWlhVzUwWlhKdVlXd3RZbXh2WTJ0amFHRnBiaUlzQ2lBZ0lDQWlhVzUwWlhKdVlXd3RkSEpoYm5OaFkzUnBiMjRpTEFvZ0lDQWdJbWx1ZEdWeWJtRnNMWFI0TFhCdmIyd2lMQW9nSUNBZ0ltbHVkR1Z5Ym1Gc0xXUmxZblZuSWdvZ0lGMHNDaUFnSW5OMFlYUmxMWE41Ym1NdFpXNWhZbXhsWkNJNklHWmhiSE5sQ24wPSIKICB9Cn0=", + "exec_command_template": "{{.Env.BackendInstallPath}}/{{.Coin.Alias}}/avalanchego --data-dir {{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend --log-dir {{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend --http-port {{.Ports.BackendRPC}} --http-host {{.Env.RPCBindHost}} --staking-port {{.Ports.BackendP2P}} --public-ip 127.0.0.1 --staking-ephemeral-cert-enabled --chain-config-content ewogICJDIjp7CiAgICAiY29uZmlnIjoiZXdvZ0lDSmxkR2d0WVhCcGN5STZXd29nSUNBZ0ltVjBhQ0lzQ2lBZ0lDQWlaWFJvTFdacGJIUmxjaUlzQ2lBZ0lDQWlibVYwSWl3S0lDQWdJQ0prWldKMVp5MTBjbUZqWlhJaUxBb2dJQ0FnSW5kbFlqTWlMQW9nSUNBZ0ltbHVkR1Z5Ym1Gc0xXVjBhQ0lzQ2lBZ0lDQWlhVzUwWlhKdVlXd3RZbXh2WTJ0amFHRnBiaUlzQ2lBZ0lDQWlhVzUwWlhKdVlXd3RkSEpoYm5OaFkzUnBiMjRpTEFvZ0lDQWdJbWx1ZEdWeWJtRnNMWFI0TFhCdmIyd2lMQW9nSUNBZ0ltbHVkR1Z5Ym1Gc0xXUmxZblZuSWdvZ0lGMHNDaUFnSW5OMFlYUmxMWE41Ym1NdFpXNWhZbXhsWkNJNklHWmhiSE5sQ24wPSIKICB9Cn0=", "logrotate_files_template": "{{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend/{{.Coin.Alias}}.log", "postinst_script_template": "", "service_type": "simple", diff --git a/configs/coins/avalanche_archive.json b/configs/coins/avalanche_archive.json index 7f7b7c5b..ae298d66 100644 --- a/configs/coins/avalanche_archive.json +++ b/configs/coins/avalanche_archive.json @@ -25,7 +25,7 @@ "verification_source": "https://github.com/ava-labs/avalanchego/releases/download/v1.13.2/avalanchego-linux-amd64-v1.13.2.tar.gz.sig", "extract_command": "tar -C backend --strip 1 -xf", "exclude_files": [], - "exec_command_template": "{{.Env.BackendInstallPath}}/{{.Coin.Alias}}/avalanchego --data-dir {{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend --log-dir {{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend --http-port {{.Ports.BackendRPC}} --staking-port {{.Ports.BackendP2P}} --public-ip 127.0.0.1 --staking-ephemeral-cert-enabled --chain-config-content ewogICJDIjp7CiAgICAiY29uZmlnIjoiZXdvZ0lDSmxkR2d0WVhCcGN5STZXd29nSUNBZ0ltVjBhQ0lzQ2lBZ0lDQWlaWFJvTFdacGJIUmxjaUlzQ2lBZ0lDQWlibVYwSWl3S0lDQWdJQ0prWldKMVp5MTBjbUZqWlhJaUxBb2dJQ0FnSW5kbFlqTWlMQW9nSUNBZ0ltbHVkR1Z5Ym1Gc0xXVjBhQ0lzQ2lBZ0lDQWlhVzUwWlhKdVlXd3RZbXh2WTJ0amFHRnBiaUlzQ2lBZ0lDQWlhVzUwWlhKdVlXd3RkSEpoYm5OaFkzUnBiMjRpTEFvZ0lDQWdJbWx1ZEdWeWJtRnNMWFI0TFhCdmIyd2lMQW9nSUNBZ0ltbHVkR1Z5Ym1Gc0xXUmxZblZuSWdvZ0lGMHNDaUFnSW5CeWRXNXBibWN0Wlc1aFlteGxaQ0k2Wm1Gc2MyVXNDaUFnSW5OMFlYUmxMWE41Ym1NdFpXNWhZbXhsWkNJNklHWmhiSE5sQ24wPSIKICB9Cn0=", + "exec_command_template": "{{.Env.BackendInstallPath}}/{{.Coin.Alias}}/avalanchego --data-dir {{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend --log-dir {{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend --http-port {{.Ports.BackendRPC}} --http-host {{.Env.RPCBindHost}} --staking-port {{.Ports.BackendP2P}} --public-ip 127.0.0.1 --staking-ephemeral-cert-enabled --chain-config-content ewogICJDIjp7CiAgICAiY29uZmlnIjoiZXdvZ0lDSmxkR2d0WVhCcGN5STZXd29nSUNBZ0ltVjBhQ0lzQ2lBZ0lDQWlaWFJvTFdacGJIUmxjaUlzQ2lBZ0lDQWlibVYwSWl3S0lDQWdJQ0prWldKMVp5MTBjbUZqWlhJaUxBb2dJQ0FnSW5kbFlqTWlMQW9nSUNBZ0ltbHVkR1Z5Ym1Gc0xXVjBhQ0lzQ2lBZ0lDQWlhVzUwWlhKdVlXd3RZbXh2WTJ0amFHRnBiaUlzQ2lBZ0lDQWlhVzUwWlhKdVlXd3RkSEpoYm5OaFkzUnBiMjRpTEFvZ0lDQWdJbWx1ZEdWeWJtRnNMWFI0TFhCdmIyd2lMQW9nSUNBZ0ltbHVkR1Z5Ym1Gc0xXUmxZblZuSWdvZ0lGMHNDaUFnSW5CeWRXNXBibWN0Wlc1aFlteGxaQ0k2Wm1Gc2MyVXNDaUFnSW5OMFlYUmxMWE41Ym1NdFpXNWhZbXhsWkNJNklHWmhiSE5sQ24wPSIKICB9Cn0=", "logrotate_files_template": "{{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend/{{.Coin.Alias}}.log", "postinst_script_template": "", "service_type": "simple", diff --git a/configs/coins/decred_testnet.json b/configs/coins/decred_testnet.json index f9894b5f..674eec0d 100644 --- a/configs/coins/decred_testnet.json +++ b/configs/coins/decred_testnet.json @@ -28,7 +28,7 @@ "verification_source": "8be1894e6e61e9d0392f158b16055b8cec81d96ec3d0725d3494bc0a306c362b", "extract_command": "tar -C backend --strip 1 -xf", "exclude_files": [], - "exec_command_template": "{{.Env.BackendInstallPath}}/{{.Coin.Alias}}/dcrd --datadir={{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend --rpcuser={{.IPC.RPCUser}} --rpcpass={{.IPC.RPCPass}} -C={{.Env.BackendDataPath}}/{{.Coin.Alias}}/{{.Coin.Alias}}.conf --nofilelogging --appdata={{.Env.BackendDataPath}}/{{.Coin.Alias}} --notls --txindex --addrindex --testnet --rpclisten=[127.0.0.1]:18061", + "exec_command_template": "{{.Env.BackendInstallPath}}/{{.Coin.Alias}}/dcrd --datadir={{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend --rpcuser={{.IPC.RPCUser}} --rpcpass={{.IPC.RPCPass}} -C={{.Env.BackendDataPath}}/{{.Coin.Alias}}/{{.Coin.Alias}}.conf --nofilelogging --appdata={{.Env.BackendDataPath}}/{{.Coin.Alias}} --notls --txindex --addrindex --testnet --rpclisten=[{{.Env.RPCBindHost}}]:{{.Ports.BackendRPC}}", "logrotate_files_template": "{{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend/*.log", "postinst_script_template": "", "service_type": "simple", diff --git a/configs/coins/divi.json b/configs/coins/divi.json index d07c9d97..36d64744 100644 --- a/configs/coins/divi.json +++ b/configs/coins/divi.json @@ -37,10 +37,7 @@ "protect_memory": false, "mainnet": true, "server_config_file": "bitcoin_like.conf", - "client_config_file": "bitcoin_like_client.conf", - "additional_params": { - "rpcallowip": "127.0.0.1" - } + "client_config_file": "bitcoin_like_client.conf" }, "blockbook": { "package_name": "blockbook-divi", diff --git a/configs/coins/ethereum-classic.json b/configs/coins/ethereum-classic.json index dbba500b..0c811152 100644 --- a/configs/coins/ethereum-classic.json +++ b/configs/coins/ethereum-classic.json @@ -27,7 +27,7 @@ "verification_source": "2382a15a53ce364cb41d3985ff3c2941392d8898c6f869666a8d7d7914a5748a", "extract_command": "unzip -d backend", "exclude_files": [], - "exec_command_template": "/bin/sh -c '{{.Env.BackendInstallPath}}/{{.Coin.Alias}}/geth --classic --ipcdisable --txlookuplimit 0 --cache 1024 --nat none --datadir {{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend --port {{.Ports.BackendP2P}} --ws --ws.addr 127.0.0.1 --ws.port {{.Ports.BackendRPC}} --ws.origins \"*\" --http --http.port {{.Ports.BackendHttp}} --http.addr 127.0.0.1 --http.corsdomain \"*\" 2>>{{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend/{{.Coin.Alias}}.log'", + "exec_command_template": "/bin/sh -c '{{.Env.BackendInstallPath}}/{{.Coin.Alias}}/geth --classic --ipcdisable --txlookuplimit 0 --cache 1024 --nat none --datadir {{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend --port {{.Ports.BackendP2P}} --ws --ws.addr {{.Env.RPCBindHost}} --ws.port {{.Ports.BackendRPC}} --ws.origins \"*\" --http --http.port {{.Ports.BackendHttp}} --http.addr {{.Env.RPCBindHost}} --http.corsdomain \"*\" 2>>{{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend/{{.Coin.Alias}}.log'", "logrotate_files_template": "{{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend/{{.Coin.Alias}}.log", "postinst_script_template": "", "service_type": "simple", diff --git a/configs/coins/ethereum.json b/configs/coins/ethereum.json index ef0f93d2..8dfd83c8 100644 --- a/configs/coins/ethereum.json +++ b/configs/coins/ethereum.json @@ -28,7 +28,7 @@ "verification_source": "8b5444988667721f2b2ef1ab3098139c31f722492992939c110813408c39dc7c", "extract_command": "tar -C backend --strip-components=1 -xf", "exclude_files": [], - "exec_command_template": "/bin/sh -c '{{.Env.BackendInstallPath}}/{{.Coin.Alias}}/erigon --chain mainnet --snap.keepblocks --db.size.limit 15TB --db.pagesize 16KB --prune.mode full --externalcl --nat none --datadir {{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend/erigon --port {{.Ports.BackendP2P}} --ws --ws.port {{.Ports.BackendRPC}} --http --http.port {{.Ports.BackendRPC}} --http.addr 127.0.0.1 --http.corsdomain \"*\" --http.vhosts \"*\" --http.api \"eth,net,web3,debug,txpool\" --authrpc.port {{.Ports.BackendAuthRpc}} --private.api.addr \"\" --torrent.port {{.Ports.BackendHttp}} --log.dir.path {{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend --log.dir.prefix {{.Coin.Alias}}'", + "exec_command_template": "/bin/sh -c '{{.Env.BackendInstallPath}}/{{.Coin.Alias}}/erigon --chain mainnet --snap.keepblocks --db.size.limit 15TB --db.pagesize 16KB --prune.mode full --externalcl --nat none --datadir {{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend/erigon --port {{.Ports.BackendP2P}} --ws --ws.addr {{.Env.RPCBindHost}} --ws.port {{.Ports.BackendRPC}} --http --http.port {{.Ports.BackendRPC}} --http.addr {{.Env.RPCBindHost}} --http.corsdomain \"*\" --http.vhosts \"*\" --http.api \"eth,net,web3,debug,txpool\" --authrpc.port {{.Ports.BackendAuthRpc}} --private.api.addr \"\" --torrent.port {{.Ports.BackendHttp}} --log.dir.path {{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend --log.dir.prefix {{.Coin.Alias}}'", "logrotate_files_template": "{{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend/{{.Coin.Alias}}.log", "postinst_script_template": "", "service_type": "simple", @@ -73,4 +73,4 @@ "package_maintainer": "IT", "package_maintainer_email": "it@satoshilabs.com" } -} \ No newline at end of file +} diff --git a/configs/coins/ethereum_archive.json b/configs/coins/ethereum_archive.json index abe1fc47..cedd62e1 100644 --- a/configs/coins/ethereum_archive.json +++ b/configs/coins/ethereum_archive.json @@ -28,7 +28,7 @@ "verification_source": "8b5444988667721f2b2ef1ab3098139c31f722492992939c110813408c39dc7c", "extract_command": "tar -C backend --strip-components=1 -xf", "exclude_files": [], - "exec_command_template": "/bin/sh -c '{{.Env.BackendInstallPath}}/{{.Coin.Alias}}/erigon --chain mainnet --snap.keepblocks --db.size.limit 15TB --db.pagesize 16KB --prune.mode archive --externalcl --nat none --datadir {{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend/erigon --port {{.Ports.BackendP2P}} --ws --ws.port {{.Ports.BackendRPC}} --http --http.port {{.Ports.BackendRPC}} --http.addr 127.0.0.1 --http.corsdomain \"*\" --http.vhosts \"*\" --http.api \"eth,net,web3,debug,txpool\" --authrpc.port {{.Ports.BackendAuthRpc}} --private.api.addr \"\" --torrent.port {{.Ports.BackendHttp}} --log.dir.path {{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend --log.dir.prefix {{.Coin.Alias}}'", + "exec_command_template": "/bin/sh -c '{{.Env.BackendInstallPath}}/{{.Coin.Alias}}/erigon --chain mainnet --snap.keepblocks --db.size.limit 15TB --db.pagesize 16KB --prune.mode archive --externalcl --nat none --datadir {{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend/erigon --port {{.Ports.BackendP2P}} --ws --ws.addr {{.Env.RPCBindHost}} --ws.port {{.Ports.BackendRPC}} --http --http.port {{.Ports.BackendRPC}} --http.addr {{.Env.RPCBindHost}} --http.corsdomain \"*\" --http.vhosts \"*\" --http.api \"eth,net,web3,debug,txpool\" --authrpc.port {{.Ports.BackendAuthRpc}} --private.api.addr \"\" --torrent.port {{.Ports.BackendHttp}} --log.dir.path {{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend --log.dir.prefix {{.Coin.Alias}}'", "logrotate_files_template": "{{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend/{{.Coin.Alias}}.log", "postinst_script_template": "", "service_type": "simple", @@ -76,4 +76,4 @@ "package_maintainer": "IT", "package_maintainer_email": "it@satoshilabs.com" } -} \ No newline at end of file +} diff --git a/configs/coins/ethereum_testnet_hoodi.json b/configs/coins/ethereum_testnet_hoodi.json index 21bbee5a..94517fbc 100644 --- a/configs/coins/ethereum_testnet_hoodi.json +++ b/configs/coins/ethereum_testnet_hoodi.json @@ -28,7 +28,7 @@ "verification_source": "8b5444988667721f2b2ef1ab3098139c31f722492992939c110813408c39dc7c", "extract_command": "tar -C backend --strip-components=1 -xf", "exclude_files": [], - "exec_command_template": "/bin/sh -c '{{.Env.BackendInstallPath}}/{{.Coin.Alias}}/erigon --chain hoodi --snap.keepblocks --db.size.limit 15TB --db.pagesize 16KB --prune.mode full --externalcl --nat none --datadir {{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend/erigon --port {{.Ports.BackendP2P}} --ws --ws.port {{.Ports.BackendRPC}} --http --http.port {{.Ports.BackendRPC}} --http.addr 127.0.0.1 --http.corsdomain \"*\" --http.vhosts \"*\" --http.api \"eth,net,web3,debug,txpool\" --authrpc.port {{.Ports.BackendAuthRpc}} --private.api.addr \"\" --torrent.port {{.Ports.BackendHttp}} --log.dir.path {{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend --log.dir.prefix {{.Coin.Alias}}'", + "exec_command_template": "/bin/sh -c '{{.Env.BackendInstallPath}}/{{.Coin.Alias}}/erigon --chain hoodi --snap.keepblocks --db.size.limit 15TB --db.pagesize 16KB --prune.mode full --externalcl --nat none --datadir {{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend/erigon --port {{.Ports.BackendP2P}} --ws --ws.addr {{.Env.RPCBindHost}} --ws.port {{.Ports.BackendRPC}} --http --http.port {{.Ports.BackendRPC}} --http.addr {{.Env.RPCBindHost}} --http.corsdomain \"*\" --http.vhosts \"*\" --http.api \"eth,net,web3,debug,txpool\" --authrpc.port {{.Ports.BackendAuthRpc}} --private.api.addr \"\" --torrent.port {{.Ports.BackendHttp}} --log.dir.path {{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend --log.dir.prefix {{.Coin.Alias}}'", "logrotate_files_template": "{{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend/{{.Coin.Alias}}.log", "postinst_script_template": "", "service_type": "simple", @@ -68,4 +68,4 @@ "package_maintainer": "IT", "package_maintainer_email": "it@satoshilabs.com" } -} \ No newline at end of file +} diff --git a/configs/coins/ethereum_testnet_hoodi_archive.json b/configs/coins/ethereum_testnet_hoodi_archive.json index b6c0f5a2..f95801e6 100644 --- a/configs/coins/ethereum_testnet_hoodi_archive.json +++ b/configs/coins/ethereum_testnet_hoodi_archive.json @@ -29,7 +29,7 @@ "verification_source": "8b5444988667721f2b2ef1ab3098139c31f722492992939c110813408c39dc7c", "extract_command": "tar -C backend --strip-components=1 -xf", "exclude_files": [], - "exec_command_template": "/bin/sh -c '{{.Env.BackendInstallPath}}/{{.Coin.Alias}}/erigon --chain hoodi --snap.keepblocks --db.size.limit 15TB --db.pagesize 16KB --prune.mode archive --externalcl --nat none --datadir {{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend/erigon --port {{.Ports.BackendP2P}} --ws --ws.port {{.Ports.BackendRPC}} --http --http.port {{.Ports.BackendRPC}} --http.addr 127.0.0.1 --http.corsdomain \"*\" --http.vhosts \"*\" --http.api \"eth,net,web3,debug,txpool\" --authrpc.port {{.Ports.BackendAuthRpc}} --private.api.addr \"\" --torrent.port {{.Ports.BackendHttp}} --log.dir.path {{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend --log.dir.prefix {{.Coin.Alias}}'", + "exec_command_template": "/bin/sh -c '{{.Env.BackendInstallPath}}/{{.Coin.Alias}}/erigon --chain hoodi --snap.keepblocks --db.size.limit 15TB --db.pagesize 16KB --prune.mode archive --externalcl --nat none --datadir {{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend/erigon --port {{.Ports.BackendP2P}} --ws --ws.addr {{.Env.RPCBindHost}} --ws.port {{.Ports.BackendRPC}} --http --http.port {{.Ports.BackendRPC}} --http.addr {{.Env.RPCBindHost}} --http.corsdomain \"*\" --http.vhosts \"*\" --http.api \"eth,net,web3,debug,txpool\" --authrpc.port {{.Ports.BackendAuthRpc}} --private.api.addr \"\" --torrent.port {{.Ports.BackendHttp}} --log.dir.path {{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend --log.dir.prefix {{.Coin.Alias}}'", "logrotate_files_template": "{{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend/{{.Coin.Alias}}.log", "postinst_script_template": "", "service_type": "simple", @@ -74,4 +74,4 @@ "package_maintainer": "IT", "package_maintainer_email": "it@satoshilabs.com" } -} \ No newline at end of file +} diff --git a/configs/coins/ethereum_testnet_sepolia.json b/configs/coins/ethereum_testnet_sepolia.json index 18511edb..4493ed60 100644 --- a/configs/coins/ethereum_testnet_sepolia.json +++ b/configs/coins/ethereum_testnet_sepolia.json @@ -28,7 +28,7 @@ "verification_source": "8b5444988667721f2b2ef1ab3098139c31f722492992939c110813408c39dc7c", "extract_command": "tar -C backend --strip-components=1 -xf", "exclude_files": [], - "exec_command_template": "/bin/sh -c '{{.Env.BackendInstallPath}}/{{.Coin.Alias}}/erigon --chain sepolia --snap.keepblocks --db.size.limit 15TB --db.pagesize 16KB --prune.mode full --externalcl --nat none --datadir {{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend/erigon --port {{.Ports.BackendP2P}} --ws --ws.port {{.Ports.BackendRPC}} --http --http.port {{.Ports.BackendRPC}} --http.addr 127.0.0.1 --http.corsdomain \"*\" --http.vhosts \"*\" --http.api \"eth,net,web3,debug,txpool\" --authrpc.port {{.Ports.BackendAuthRpc}} --private.api.addr \"\" --torrent.port {{.Ports.BackendHttp}} --log.dir.path {{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend --log.dir.prefix {{.Coin.Alias}}'", + "exec_command_template": "/bin/sh -c '{{.Env.BackendInstallPath}}/{{.Coin.Alias}}/erigon --chain sepolia --snap.keepblocks --db.size.limit 15TB --db.pagesize 16KB --prune.mode full --externalcl --nat none --datadir {{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend/erigon --port {{.Ports.BackendP2P}} --ws --ws.addr {{.Env.RPCBindHost}} --ws.port {{.Ports.BackendRPC}} --http --http.port {{.Ports.BackendRPC}} --http.addr {{.Env.RPCBindHost}} --http.corsdomain \"*\" --http.vhosts \"*\" --http.api \"eth,net,web3,debug,txpool\" --authrpc.port {{.Ports.BackendAuthRpc}} --private.api.addr \"\" --torrent.port {{.Ports.BackendHttp}} --log.dir.path {{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend --log.dir.prefix {{.Coin.Alias}}'", "logrotate_files_template": "{{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend/{{.Coin.Alias}}.log", "postinst_script_template": "", "service_type": "simple", @@ -68,4 +68,4 @@ "package_maintainer": "IT", "package_maintainer_email": "it@satoshilabs.com" } -} \ No newline at end of file +} diff --git a/configs/coins/ethereum_testnet_sepolia_archive.json b/configs/coins/ethereum_testnet_sepolia_archive.json index 809f3f6c..eccdf6dc 100644 --- a/configs/coins/ethereum_testnet_sepolia_archive.json +++ b/configs/coins/ethereum_testnet_sepolia_archive.json @@ -29,7 +29,7 @@ "verification_source": "8b5444988667721f2b2ef1ab3098139c31f722492992939c110813408c39dc7c", "extract_command": "tar -C backend --strip-components=1 -xf", "exclude_files": [], - "exec_command_template": "/bin/sh -c '{{.Env.BackendInstallPath}}/{{.Coin.Alias}}/erigon --chain sepolia --snap.keepblocks --db.size.limit 15TB --db.pagesize 16KB --prune.mode archive --externalcl --nat none --datadir {{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend/erigon --port {{.Ports.BackendP2P}} --ws --ws.port {{.Ports.BackendRPC}} --http --http.port {{.Ports.BackendRPC}} --http.addr 127.0.0.1 --http.corsdomain \"*\" --http.vhosts \"*\" --http.api \"eth,net,web3,debug,txpool\" --authrpc.port {{.Ports.BackendAuthRpc}} --private.api.addr \"\" --torrent.port {{.Ports.BackendHttp}} --log.dir.path {{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend --log.dir.prefix {{.Coin.Alias}}'", + "exec_command_template": "/bin/sh -c '{{.Env.BackendInstallPath}}/{{.Coin.Alias}}/erigon --chain sepolia --snap.keepblocks --db.size.limit 15TB --db.pagesize 16KB --prune.mode archive --externalcl --nat none --datadir {{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend/erigon --port {{.Ports.BackendP2P}} --ws --ws.addr {{.Env.RPCBindHost}} --ws.port {{.Ports.BackendRPC}} --http --http.port {{.Ports.BackendRPC}} --http.addr {{.Env.RPCBindHost}} --http.corsdomain \"*\" --http.vhosts \"*\" --http.api \"eth,net,web3,debug,txpool\" --authrpc.port {{.Ports.BackendAuthRpc}} --private.api.addr \"\" --torrent.port {{.Ports.BackendHttp}} --log.dir.path {{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend --log.dir.prefix {{.Coin.Alias}}'", "logrotate_files_template": "{{.Env.BackendDataPath}}/{{.Coin.Alias}}/backend/{{.Coin.Alias}}.log", "postinst_script_template": "", "service_type": "simple", @@ -74,4 +74,4 @@ "package_maintainer": "IT", "package_maintainer_email": "it@satoshilabs.com" } -} \ No newline at end of file +} diff --git a/docs/build.md b/docs/build.md index 9d39d3f1..28219e84 100644 --- a/docs/build.md +++ b/docs/build.md @@ -88,6 +88,18 @@ command: `make NO_CACHE=true all-bitcoin`. `PORTABLE`: By default, the RocksDB binaries shipped with Blockbook are optimized for the platform you're compiling on (-march=native or the equivalent). If you want to build a portable binary, use `make PORTABLE=1 all-bitcoin`. +`BB_RPC_URL_`: Overrides `ipc.rpc_url_template` while generating package definitions so you can target +hosted RPC endpoints without editing coin JSON. The root `Makefile` forwards any `BB_RPC_URL_*` variables into the +Docker build/test containers. Example: +`BB_RPC_URL_ethereum_archive=ws://backend_hostname:1234 make deb-ethereum_archive`. + +`BB_RPC_BIND_HOST_`: Overrides backend RPC bind host during package generation. Defaults to `127.0.0.1` +to avoid unintended exposure. Example: `BB_RPC_BIND_HOST_ethereum=0.0.0.0 make deb-ethereum`. + +`BB_RPC_ALLOW_IP_`: Overrides backend RPC allow list for UTXO configs (e.g. `rpcallowip`). Defaults to +`127.0.0.1` so binding to `0.0.0.0` does not implicitly open access. Example: +`BB_RPC_ALLOW_IP_bitcoin=10.0.0.0/24 make deb-bitcoin`. + ### Naming conventions and versioning All configuration keys described below are in coin definition file in *configs/coins*. diff --git a/docs/config.md b/docs/config.md index 5e413e38..c4fd1cd2 100644 --- a/docs/config.md +++ b/docs/config.md @@ -35,7 +35,9 @@ Good examples of coin configuration are * `blockbook_public` – Blockbook's public port that is used to communicate with Trezor wallet (via Socket.IO). * `ipc` – Defines how Blockbook connects its back-end service. - * `rpc_url_template` – Template that defines URL of back-end RPC service. See note on templates below. + * `rpc_url_template` – Template that defines URL of back-end RPC service. See note on templates below. You can + override it at build time by setting `BB_RPC_URL_` (for example, + `BB_RPC_URL_ethereum_archive=ws://backend_hostname:1234`), which is used as-is during template generation. * `rpc_user` – User name of back-end RPC service, used by both Blockbook and back-end configuration templates. * `rpc_pass` – Password of back-end RPC service, used by both Blockbook and back-end configuration templates. * `rpc_timeout` – RPC timeout used by Blockbook. @@ -103,6 +105,9 @@ where *.path* can be for example *.Blockbook.BlockChain.Parse*. Go uses CamelCas as well. Note that dot at the beginning is mandatory. Go template syntax is fully documented [here](https://godoc.org/text/template). +Backend templates may also reference `.Env.RPCBindHost` and `.Env.RPCAllowIP`, which are derived at build time from +`BB_RPC_BIND_HOST_` and `BB_RPC_ALLOW_IP_` to keep RPC exposure explicit and controlled. + ## Built-in text Since Blockbook is an open-source project and we don't prevent anybody from running independent instances, it is possible diff --git a/docs/env.md b/docs/env.md index 8d95dc98..cb7c4bdc 100644 --- a/docs/env.md +++ b/docs/env.md @@ -9,3 +9,12 @@ Some behavior of Blockbook can be modified by environment variables. The variabl - `COINGECKO_API_KEY` or `_COINGECKO_API_KEY` - API key for making requests to CoinGecko in the paid tier. - `_ALLOWED_RPC_CALL_TO` - Addresses to which `rpcCall` websocket requests can be made, as a comma-separated list. If omitted, `rpcCall` is enabled for all addresses. + +## Build-time variables + +- `BB_RPC_URL_` - Overrides `ipc.rpc_url_template` during package/config generation so build and + integration-test tooling can target hosted RPC endpoints without editing coin JSON. +- `BB_RPC_BIND_HOST_` - Overrides backend RPC bind host during package/config generation; when set to + `0.0.0.0`, RPC stays restricted unless `BB_RPC_ALLOW_IP_` is set. +- `BB_RPC_ALLOW_IP_` - Overrides backend RPC allow list for UTXO configs (e.g. `rpcallowip`), defaulting + to `127.0.0.1`. diff --git a/docs/testing.md b/docs/testing.md index 639bd3a8..6f6ff4df 100644 --- a/docs/testing.md +++ b/docs/testing.md @@ -52,6 +52,7 @@ For simplicity, URLs and credentials of back-end services, where are tests going from *blockbook/configs/coins*, the same place from where are production configuration files generated. There are general URLs that link to *localhost*. If you need run tests against remote servers, there are few options how to do it: +* set `BB_RPC_URL_` to override `rpc_url_template` during template generation (forwarded into Docker by the root `Makefile`) * temporarily change config * SSH tunneling – `ssh -nNT -L 8030:localhost:8030 remote-server` * HTTP proxy