From 0abff0548fbac49dd3576c4d187cb35efc6d85f9 Mon Sep 17 00:00:00 2001 From: marbar3778 Date: Mon, 7 Nov 2022 11:19:46 +0100 Subject: [PATCH 1/4] set api endpoints to localhost by default --- CHANGELOG.md | 1 + docs/docs/run-node/01-run-node.md | 7 +++++++ server/config/config.go | 6 +++--- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fd68cefd5a2d..71c336124d08 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -181,6 +181,7 @@ Ref: https://keepachangelog.com/en/1.0.0/ * (x/gov) [#13045](https://github.com/cosmos/cosmos-sdk/pull/13045) Fix gov migrations for v3(0.46). * (snapshot) [#13400](https://github.com/cosmos/cosmos-sdk/pull/13400) Fix snapshot checksum issue in golang 1.19. * (x/gov) [#13728](https://github.com/cosmos/cosmos-sdk/pull/13728) Fix propagation of message events to the current context in `EndBlocker`. +* (server) Set Cosmos SDK default endpoints to localhost to avoid unknown exposure of endpoints. ### Deprecated diff --git a/docs/docs/run-node/01-run-node.md b/docs/docs/run-node/01-run-node.md index efdde61552ec..64033c134d09 100644 --- a/docs/docs/run-node/01-run-node.md +++ b/docs/docs/run-node/01-run-node.md @@ -63,6 +63,13 @@ jq '.app_state.gov.voting_params.voting_period = "600s"' genesis.json > temp.jso jq '.app_state.mint.minter.inflation = "0.300000000000000000"' genesis.json > temp.json && mv temp.json genesis.json ``` +### Client Interaction + +When instantiating a node Grpc and REST are deafaulted to localhost to avoid unknown exposure of your node to the public. It is recommended to not expose these endpoints without a proxy that can handle loadbalancing or authentication is setup between your node and the public. + +> A commonly used tool for this is [nginx](https://nginx.org) + + ## Adding Genesis Accounts Before starting the chain, you need to populate the state with at least one account. To do so, first [create a new account in the keyring](./00-keyring.md#adding-keys-to-the-keyring) named `my_validator` under the `test` keyring backend (feel free to choose another name and another backend). diff --git a/server/config/config.go b/server/config/config.go index eff42298c63d..abe2c70713d4 100644 --- a/server/config/config.go +++ b/server/config/config.go @@ -18,13 +18,13 @@ const ( defaultMinGasPrices = "" // DefaultAPIAddress defines the default address to bind the API server to. - DefaultAPIAddress = "tcp://0.0.0.0:1317" + DefaultAPIAddress = "tcp://localhost:1317" // DefaultGRPCAddress defines the default address to bind the gRPC server to. - DefaultGRPCAddress = "0.0.0.0:9090" + DefaultGRPCAddress = "localhost:9090" // DefaultGRPCWebAddress defines the default address to bind the gRPC-web server to. - DefaultGRPCWebAddress = "0.0.0.0:9091" + DefaultGRPCWebAddress = "localhost:9091" // DefaultGRPCMaxRecvMsgSize defines the default gRPC max message size in // bytes the server can receive. From ebe3d0417c4630f004ba4a7f90de90e8a108d657 Mon Sep 17 00:00:00 2001 From: marbar3778 Date: Mon, 7 Nov 2022 11:22:01 +0100 Subject: [PATCH 2/4] add pr number --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 71c336124d08..4ece425deebb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -181,7 +181,7 @@ Ref: https://keepachangelog.com/en/1.0.0/ * (x/gov) [#13045](https://github.com/cosmos/cosmos-sdk/pull/13045) Fix gov migrations for v3(0.46). * (snapshot) [#13400](https://github.com/cosmos/cosmos-sdk/pull/13400) Fix snapshot checksum issue in golang 1.19. * (x/gov) [#13728](https://github.com/cosmos/cosmos-sdk/pull/13728) Fix propagation of message events to the current context in `EndBlocker`. -* (server) Set Cosmos SDK default endpoints to localhost to avoid unknown exposure of endpoints. +* (server) [#13778](https://github.com/cosmos/cosmos-sdk/pull/13778) Set Cosmos SDK default endpoints to localhost to avoid unknown exposure of endpoints. ### Deprecated From 8c19fbc2cc11639e144220184851d2f650d2692e Mon Sep 17 00:00:00 2001 From: Marko Date: Mon, 7 Nov 2022 11:46:29 +0100 Subject: [PATCH 3/4] Update docs/docs/run-node/01-run-node.md Co-authored-by: Julien Robert --- docs/docs/run-node/01-run-node.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/run-node/01-run-node.md b/docs/docs/run-node/01-run-node.md index 64033c134d09..9ffecef89f78 100644 --- a/docs/docs/run-node/01-run-node.md +++ b/docs/docs/run-node/01-run-node.md @@ -65,7 +65,7 @@ jq '.app_state.mint.minter.inflation = "0.300000000000000000"' genesis.json > te ### Client Interaction -When instantiating a node Grpc and REST are deafaulted to localhost to avoid unknown exposure of your node to the public. It is recommended to not expose these endpoints without a proxy that can handle loadbalancing or authentication is setup between your node and the public. +When instantiating a node, GRPC and REST are defaulted to localhost to avoid unknown exposure of your node to the public. It is recommended to not expose these endpoints without a proxy that can handle load balancing or authentication is setup between your node and the public. > A commonly used tool for this is [nginx](https://nginx.org) From 49347603a528ba29587e839d456a5524af66cfa8 Mon Sep 17 00:00:00 2001 From: Marko Date: Mon, 7 Nov 2022 11:46:36 +0100 Subject: [PATCH 4/4] Update docs/docs/run-node/01-run-node.md Co-authored-by: Julien Robert --- docs/docs/run-node/01-run-node.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/docs/run-node/01-run-node.md b/docs/docs/run-node/01-run-node.md index 9ffecef89f78..0661b538dfcc 100644 --- a/docs/docs/run-node/01-run-node.md +++ b/docs/docs/run-node/01-run-node.md @@ -67,7 +67,9 @@ jq '.app_state.mint.minter.inflation = "0.300000000000000000"' genesis.json > te When instantiating a node, GRPC and REST are defaulted to localhost to avoid unknown exposure of your node to the public. It is recommended to not expose these endpoints without a proxy that can handle load balancing or authentication is setup between your node and the public. -> A commonly used tool for this is [nginx](https://nginx.org) +:::tip +A commonly used tool for this is [nginx](https://nginx.org). +::: ## Adding Genesis Accounts