From 5a21d380dd2712bffa5952ab2c7146cc90ce6012 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=BDiga=20Kokelj?= Date: Wed, 11 Dec 2024 08:38:50 +0100 Subject: [PATCH 1/3] use wss instead of ws if tlcConfig is provided --- lib/gethfork/node/rpcstack.go | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/lib/gethfork/node/rpcstack.go b/lib/gethfork/node/rpcstack.go index 254611ccc..c0b13c8b7 100644 --- a/lib/gethfork/node/rpcstack.go +++ b/lib/gethfork/node/rpcstack.go @@ -175,17 +175,24 @@ func (h *httpServer) start() error { h.listener = listener go h.server.Serve(listener) + // Determine the scheme for WebSockets based on TLS presence if h.wsAllowed() { - url := fmt.Sprintf("ws://%v", listener.Addr()) + scheme := "ws" + if h.tlsConfig != nil { + scheme = "wss" + } + url := fmt.Sprintf("%s://%v", scheme, listener.Addr()) if h.wsConfig.prefix != "" { url += h.wsConfig.prefix } h.log.Info("WebSocket enabled", "url", url) } - // if server is websocket only, return after logging + + // If server is websocket only, return after logging if !h.rpcAllowed() { return nil } + // Log http endpoint. h.log.Info("HTTP server started", "endpoint", listener.Addr(), "auth", (h.httpConfig.jwtSecret != nil), From 613818ce4f8fcf5b6a610b91826c281b3a8154fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=BDiga=20Kokelj?= Date: Wed, 11 Dec 2024 09:56:07 +0100 Subject: [PATCH 2/3] logs and changed port for ws --- .github/workflows/manual-deploy-obscuro-gateway.yml | 2 +- lib/gethfork/node/rpcstack.go | 9 +++++++++ lib/gethfork/rpc/websocket.go | 2 ++ 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/.github/workflows/manual-deploy-obscuro-gateway.yml b/.github/workflows/manual-deploy-obscuro-gateway.yml index 4c5535599..348ed6eb7 100644 --- a/.github/workflows/manual-deploy-obscuro-gateway.yml +++ b/.github/workflows/manual-deploy-obscuro-gateway.yml @@ -366,7 +366,7 @@ jobs: -e OE_SIMULATION=0 \ "${{ env.DOCKER_BUILD_TAG_GATEWAY }}" \ ego run /home/ten/go-ten/tools/walletextension/main/main \ - -host=0.0.0.0 -port=443 -portWS=444 -nodeHost="${{ env.L2_RPC_URL_VALIDATOR }}" -verbose=true \ + -host=0.0.0.0 -port=443 -portWS=443 -nodeHost="${{ env.L2_RPC_URL_VALIDATOR }}" -verbose=true \ -logPath=sys_out -dbType=cosmosDB -dbConnectionURL="${{ secrets.COSMOS_DB_CONNECTION_STRING }}" \ -rateLimitUserComputeTime="${{ env.GATEWAY_RATE_LIMIT_USER_COMPUTE_TIME }}" \ -rateLimitWindow="${{ env.GATEWAY_RATE_LIMIT_WINDOW }}" \ diff --git a/lib/gethfork/node/rpcstack.go b/lib/gethfork/node/rpcstack.go index c0b13c8b7..964fd4db3 100644 --- a/lib/gethfork/node/rpcstack.go +++ b/lib/gethfork/node/rpcstack.go @@ -160,6 +160,7 @@ func (h *httpServer) start() error { if h.tlsConfig != nil { // If TLS is enabled, use tls.Listen to create a TLS listener + fmt.Println("STARTING HTTPS ENDPOINT") listener, err = tls.Listen("tcp", h.endpoint, h.tlsConfig) } else { listener, err = net.Listen("tcp", h.endpoint) @@ -179,12 +180,15 @@ func (h *httpServer) start() error { if h.wsAllowed() { scheme := "ws" if h.tlsConfig != nil { + fmt.Println("h.tlsConfig != nil") scheme = "wss" } + fmt.Println("scheme", scheme) url := fmt.Sprintf("%s://%v", scheme, listener.Addr()) if h.wsConfig.prefix != "" { url += h.wsConfig.prefix } + fmt.Println("WEBSOCKETurl", url) h.log.Info("WebSocket enabled", "url", url) } @@ -201,6 +205,11 @@ func (h *httpServer) start() error { "vhosts", strings.Join(h.httpConfig.Vhosts, ","), ) + fmt.Println("endpoint", listener.Addr()) + fmt.Println("h.httpConfig.prefix", h.httpConfig.prefix) + fmt.Println("h.httpConfig.CorsAllowedOrigins", h.httpConfig.CorsAllowedOrigins) + fmt.Println("h.httpConfig.Vhosts", h.httpConfig.Vhosts) + // Log all handlers mounted on server. var paths []string for path := range h.handlerNames { diff --git a/lib/gethfork/rpc/websocket.go b/lib/gethfork/rpc/websocket.go index 9db7e19e4..e4c014fcd 100644 --- a/lib/gethfork/rpc/websocket.go +++ b/lib/gethfork/rpc/websocket.go @@ -52,6 +52,8 @@ var wsBufferPool = new(sync.Pool) // allowedOrigins should be a comma-separated list of allowed origin URLs. // To allow connections with any origin, pass "*". func (s *Server) WebsocketHandler(allowedOrigins []string) http.Handler { + fmt.Println("WebsocketHandler") + fmt.Println("allowedOrigins", allowedOrigins) upgrader := websocket.Upgrader{ ReadBufferSize: wsReadBuffer, WriteBufferSize: wsWriteBuffer, From 5eb7789d42aa341165226377c93138f6ea903f6c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=BDiga=20Kokelj?= Date: Wed, 11 Dec 2024 10:27:17 +0100 Subject: [PATCH 3/3] remove logs & use the same port for https and wss --- .github/workflows/manual-deploy-obscuro-gateway.yml | 4 ++-- lib/gethfork/node/rpcstack.go | 9 --------- lib/gethfork/rpc/websocket.go | 2 -- 3 files changed, 2 insertions(+), 13 deletions(-) diff --git a/.github/workflows/manual-deploy-obscuro-gateway.yml b/.github/workflows/manual-deploy-obscuro-gateway.yml index 348ed6eb7..96986e1f6 100644 --- a/.github/workflows/manual-deploy-obscuro-gateway.yml +++ b/.github/workflows/manual-deploy-obscuro-gateway.yml @@ -202,7 +202,7 @@ jobs: uses: azure/CLI@v1 with: inlineScript: | - az vm open-port -g Testnet -n "${{ env.VM_NAME }}" --port 80,81,443,444 + az vm open-port -g Testnet -n "${{ env.VM_NAME }}" --port 80,81,443 # To overcome issues with critical VM resources being unavailable, we need to wait for the VM to be ready - name: "Allow time for VM initialization" @@ -359,7 +359,7 @@ jobs: docker volume create "${{ env.VM_NAME }}-data" # Start Ten Gateway Container - docker run -d -p 80:80 -p 81:81 -p 443:443 -p 444:444 --name "${{ env.VM_NAME }}" \ + docker run -d -p 80:80 -p 81:81 -p 443:443 --name "${{ env.VM_NAME }}" \ --device /dev/sgx_enclave --device /dev/sgx_provision \ -v "${{ env.VM_NAME }}-data:/data" \ -e OBSCURO_GATEWAY_VERSION="${{ github.run_number }}-${{ github.sha }}" \ diff --git a/lib/gethfork/node/rpcstack.go b/lib/gethfork/node/rpcstack.go index 964fd4db3..c0b13c8b7 100644 --- a/lib/gethfork/node/rpcstack.go +++ b/lib/gethfork/node/rpcstack.go @@ -160,7 +160,6 @@ func (h *httpServer) start() error { if h.tlsConfig != nil { // If TLS is enabled, use tls.Listen to create a TLS listener - fmt.Println("STARTING HTTPS ENDPOINT") listener, err = tls.Listen("tcp", h.endpoint, h.tlsConfig) } else { listener, err = net.Listen("tcp", h.endpoint) @@ -180,15 +179,12 @@ func (h *httpServer) start() error { if h.wsAllowed() { scheme := "ws" if h.tlsConfig != nil { - fmt.Println("h.tlsConfig != nil") scheme = "wss" } - fmt.Println("scheme", scheme) url := fmt.Sprintf("%s://%v", scheme, listener.Addr()) if h.wsConfig.prefix != "" { url += h.wsConfig.prefix } - fmt.Println("WEBSOCKETurl", url) h.log.Info("WebSocket enabled", "url", url) } @@ -205,11 +201,6 @@ func (h *httpServer) start() error { "vhosts", strings.Join(h.httpConfig.Vhosts, ","), ) - fmt.Println("endpoint", listener.Addr()) - fmt.Println("h.httpConfig.prefix", h.httpConfig.prefix) - fmt.Println("h.httpConfig.CorsAllowedOrigins", h.httpConfig.CorsAllowedOrigins) - fmt.Println("h.httpConfig.Vhosts", h.httpConfig.Vhosts) - // Log all handlers mounted on server. var paths []string for path := range h.handlerNames { diff --git a/lib/gethfork/rpc/websocket.go b/lib/gethfork/rpc/websocket.go index e4c014fcd..9db7e19e4 100644 --- a/lib/gethfork/rpc/websocket.go +++ b/lib/gethfork/rpc/websocket.go @@ -52,8 +52,6 @@ var wsBufferPool = new(sync.Pool) // allowedOrigins should be a comma-separated list of allowed origin URLs. // To allow connections with any origin, pass "*". func (s *Server) WebsocketHandler(allowedOrigins []string) http.Handler { - fmt.Println("WebsocketHandler") - fmt.Println("allowedOrigins", allowedOrigins) upgrader := websocket.Upgrader{ ReadBufferSize: wsReadBuffer, WriteBufferSize: wsWriteBuffer,