fluencelabs/tendermint
1
0
Fork 0
mirror of https://github.com/fluencelabs/tendermint synced 2025-06-20 08:26:31 +00:00
Code Issues Projects Releases Wiki Activity

rpc: support tls rpc (#3469)

Browse Source 
Refs #3419
This commit is contained in:
zjubfd
2019-03-24 01:08:15 +08:00
committed by Anton Kaliaev
parent 85be2a554e
commit 25a3c8b172
5 changed files with 69 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG_PENDING.md
View File

@ -16,6 +16,7 @@
* P2P Protocol * P2P Protocol
### FEATURES: ### FEATURES:
- [rpc] \#3419 Start HTTPS server if `rpc.tls_cert_file` and `rpc.tls_key_file` are provided in the config (@guagualvcha)
### IMPROVEMENTS: ### IMPROVEMENTS:

29
config/config.go
View File

@ -339,6 +339,20 @@ type RPCConfig struct {
// global HTTP write timeout, which applies to all connections and endpoints. // global HTTP write timeout, which applies to all connections and endpoints.
// See https://github.com/tendermint/tendermint/issues/3435 // See https://github.com/tendermint/tendermint/issues/3435
TimeoutBroadcastTxCommit time.Duration `mapstructure:"timeout_broadcast_tx_commit"` TimeoutBroadcastTxCommit time.Duration `mapstructure:"timeout_broadcast_tx_commit"`
// The name of a file containing certificate that is used to create the HTTPS server.
//
// If the certificate is signed by a certificate authority,
// the certFile should be the concatenation of the server's certificate, any intermediates,
// and the CA's certificate.
//
// NOTE: both tls_cert_file and tls_key_file must be present for Tendermint to create HTTPS server. Otherwise, HTTP server is run.
TLSCertFile string `mapstructure:"tls_cert_file"`
// The name of a file containing matching private key that is used to create the HTTPS server.
//
// NOTE: both tls_cert_file and tls_key_file must be present for Tendermint to create HTTPS server. Otherwise, HTTP server is run.
TLSKeyFile string `mapstructure:"tls_key_file"`
} }
// DefaultRPCConfig returns a default configuration for the RPC server // DefaultRPCConfig returns a default configuration for the RPC server
@ -357,6 +371,9 @@ func DefaultRPCConfig() *RPCConfig {
MaxSubscriptionClients: 100, MaxSubscriptionClients: 100,
MaxSubscriptionsPerClient: 5, MaxSubscriptionsPerClient: 5,
TimeoutBroadcastTxCommit: 10 * time.Second, TimeoutBroadcastTxCommit: 10 * time.Second,
TLSCertFile: "",
TLSKeyFile: "",
} }
} }
@ -395,6 +412,18 @@ func (cfg *RPCConfig) IsCorsEnabled() bool {
return len(cfg.CORSAllowedOrigins) != 0 return len(cfg.CORSAllowedOrigins) != 0
} }
func (cfg RPCConfig) KeyFile() string {
return rootify(filepath.Join(defaultConfigDir, cfg.TLSKeyFile), cfg.RootDir)
}
func (cfg RPCConfig) CertFile() string {
return rootify(filepath.Join(defaultConfigDir, cfg.TLSCertFile), cfg.RootDir)
}
func (cfg RPCConfig) IsTLSEnabled() bool {
return cfg.TLSCertFile != "" && cfg.TLSKeyFile != ""
}
//----------------------------------------------------------------------------- //-----------------------------------------------------------------------------
// P2PConfig // P2PConfig

11
config/toml.go
View File

@ -181,6 +181,17 @@ max_subscriptions_per_client = {{ .RPC.MaxSubscriptionsPerClient }}
# See https://github.com/tendermint/tendermint/issues/3435 # See https://github.com/tendermint/tendermint/issues/3435
timeout_broadcast_tx_commit = "{{ .RPC.TimeoutBroadcastTxCommit }}" timeout_broadcast_tx_commit = "{{ .RPC.TimeoutBroadcastTxCommit }}"
# The name of a file containing certificate that is used to create the HTTPS server.
# If the certificate is signed by a certificate authority,
# the certFile should be the concatenation of the server's certificate, any intermediates,
# and the CA's certificate.
# NOTE: both tls_cert_file and tls_key_file must be present for Tendermint to create HTTPS server. Otherwise, HTTP server is run.
tls_cert_file = "{{ .RPC.TLSCertFile }}"
# The name of a file containing matching private key that is used to create the HTTPS server.
# NOTE: both tls_cert_file and tls_key_file must be present for Tendermint to create HTTPS server. Otherwise, HTTP server is run.
tls_key_file = "{{ .RPC.TLSKeyFile }}"
##### peer to peer configuration options ##### ##### peer to peer configuration options #####
[p2p] [p2p]

11
docs/tendermint-core/configuration.md
View File

@ -127,6 +127,17 @@ max_subscriptions_per_client = 5
# See https://github.com/tendermint/tendermint/issues/3435 # See https://github.com/tendermint/tendermint/issues/3435
timeout_broadcast_tx_commit = "10s" timeout_broadcast_tx_commit = "10s"
# The name of a file containing certificate that is used to create the HTTPS server.
# If the certificate is signed by a certificate authority,
# the certFile should be the concatenation of the server's certificate, any intermediates,
# and the CA's certificate.
# NOTE: both tls_cert_file and tls_key_file must be present for Tendermint to create HTTPS server. Otherwise, HTTP server is run.
tls_cert_file = ""
# The name of a file containing matching private key that is used to create the HTTPS server.
# NOTE: both tls_cert_file and tls_key_file must be present for Tendermint to create HTTPS server. Otherwise, HTTP server is run.
tls_key_file = ""
##### peer to peer configuration options ##### ##### peer to peer configuration options #####
[p2p] [p2p]

13
node/node.go
View File

@ -715,13 +715,24 @@ func (n *Node) startRPC() ([]net.Listener, error) {
}) })
rootHandler = corsMiddleware.Handler(mux) rootHandler = corsMiddleware.Handler(mux)
} }
if n.config.RPC.IsTLSEnabled() {
go rpcserver.StartHTTPAndTLSServer(
listener,
rootHandler,
n.config.RPC.CertFile(),
n.config.RPC.KeyFile(),
rpcLogger,
config,
)
} else {
go rpcserver.StartHTTPServer( go rpcserver.StartHTTPServer(
listener, listener,
rootHandler, rootHandler,
rpcLogger, rpcLogger,
config, config,
) )
}
listeners[i] = listener listeners[i] = listener
} }