I want to be able to connect to any available node on my private Ethereum network.
I think the requirement is similar to the service offered by Infura. I want to be able to replicate similar behavior on a private, locally hosted Ethereum network.
I currently use the following code to connect to a node on my Ethereum network:
client, err := ethclient.Dial("http://localhost:8545")
// do stuff
The end result expected is to basically improve the availability of the network. So, for arguments sake, if the node at 8545 isn't available, it will use the node at 8546 and so on...
I hope the question is clear enough. Thanks!
Related
I need to access a postgres database from my java code which resides in openshift cluster. I need a way to do so. without initiating port forwarding manually through oc port forward command.
I have tried using openshift java client class openshift connection factory to get the connection by passing server url and username password through which I log in to the console but it dint help.
(This is mostly just a more detailed version of Will Gordon's comment, so credit to him.)
It sounds like you are trying to expose a service (specifically Postgres) outside of your cluster. This is very common.
However the best method to do so does depend a bit on your physical infrastructure because we are by definition trying to integrate with your networking. Look at the docs for Getting Traffic into your Cluster. Routes are probably not what you want, because Postgres is a TCP protocol. But one of the other options in that chapter (Load Balancer, External IP, or NodePort) is probably your best option depending on your networking infrastructure and needs.
I understand both methods are used for running dapps. What I don't understand is the clear cut difference between the two or how one is more advantageous over the other? I'm new to blockchain, so please explain with a simple terminology.
The difference is:
Infura has geth installation running for you, exposing most used, most low-CPU-consuming methods for you via Web.
You can install geth yourself but you will need a server with about 500GB of SSD disk, and wait 1 month to download the entire State.
If you are not going to do any serious monetary transfers I recommend using Etherscan, it is more complete than Infura.
To execute transactions and/or queries against blockchains, you need connections.
Infura is an API gateway to main network and some test networks. It supports a subset of web3 interface. When you like to execute a transaction against the Ethereum blockchain, you may use infura as connection to the blockchain. So in this case, you are not directly connected to Ethereum, but infura has a connection. The Metamask Browser Plugin works with infura.
The alternative approach is to have an Ethereum client like geth or parity running on your machine. In this case, the Ethereum Client connects to several public nodes of the blockchain and forwards your transactions to the blockchain.
Depending on your architecture and requirements, both approaches could be the best solution.
Im implementing a ethereum PoA network using go-ethereum
I have deployed a ERC20 Token on the network, and the idea is that the network must be accessed from any wallet on the internet (i.e metamask, myetherwallet, etc)
The idea for this network is:
Having N full nodes that are able to seal blocks (the nodes has the unlocked accounts)
Deploy a smart contract that is a ERC20 Token
Having one node that expose the network in order to be accessed from any origin, for example, Metamask, MyEtherWallet, a mobile app with a wallet, etc. The idea is that anybody can hit the ERC20 Token if they have the appropiate client.
In order to achive that, i create 2 full nodes that are in charge of sealing the blocks.
I run those nodes like this:
geth --datadir sealer1/ --syncmode 'full' --port 30351 --rpc --rpcaddr 'localhost' --rpcport 8502 --rpcapi='admin,personal,db,eth,net,web3,txpool,miner' --networkid 20 --gasprice '1' -unlock 'someaccount' --password s2/password.txt --mine
As you can see, there are some important things about those nodes:
Unlocks the accounts
Are only accessed from localhost (note the rpcaddres)
Those nodes are miners
If i expose a node like that to the internet (enabling RPC access from any origin) any hacker could send the ether to another account, so, i create a third node, a standard node, that doesnt expose rpc apis but allows connections on port 8545 (in order to be hitted from metamask, myetherwallet, etc)
I run the node with this command:
geth --datadir standard1/ --syncmode 'full' --port 30352 --rpc --rpcport 8545--rpccorsdomain '*' --rpcaddr 'SERVER_PUBLIC_IP' --networkid 20 --gasprice '1'
as you can see this node:
Doesnt unlock account
Allow rpc accesing from any origin
Doesnt expose rpc apis like personal, admin, etc
My questions are:
is this aproach secure?
Is there another way to allow anyone in the world to use Metamask to hit my smartcontract without open the RPC access on the standard node?
Why i have those questions?
Because there are a lot of places that doesnt recommend open RPC ports, so im not secure if:
Dont have a node exposed with unlocked accounts
Dont expose critical rpc apis like admin and personal
is enough to expose securely my node.
Here are some issues related with opening RPC access:
https://blog.blockdaemon.com/ethereum-geth-configuration-made-in-ireland-7ba2e876c6e3
https://www.reddit.com/r/ethereum/comments/4z0mvi/ethereum_nodes_with_insecure_rpc_settings_are/
https://www.reddit.com/r/ethereum/comments/3ird55/holy_shit_my_eth_accounts_been_hacked/
https://www.reddit.com/r/ethereum/comments/4jav5u/mist_wallet_has_2_sec_vulnerability_for_rpc/
https://blog.3or.de/internet-wide-ethereum-json-rpc-scans.html
https://www.bokconsulting.com.au/blog/7218-ethers-stolen-from-miner-with-rpc-port-open/
https://blog.ethereum.org/2015/08/29/security-alert-insecurely-configured-geth-can-make-funds-remotely-accessible/
Here the team lead of ethereum recomendation:
Ok, your setup seems insanely dangerous. --rpcaddr=external_address
essentially opens up the node to anyone in the world to access it.
Forthermore, --rpcapi 'admin,personal,db,eth,net,web3,txpool,miner'
permits anyone with access to do absolutely anything. I can imagine
someone from the internet is brute forcing the passwords.
https://github.com/ethereum/go-ethereum/issues/17417#issuecomment-413877558
is this approach secure?
You get the general idea, yes, but there is room for improvement.
First of all, I would never run a node that enables the personal API at the same time using -unlock which permanently makes the account accessible by anyone with access to your node. So imagine, someone has gained access to your node through some other doors, they would be able to immediately spend your funds from that account spawning transactions from localhost. Please, consider either only exposing safe APIs on that node or completely removing the unlock statement.
If you insist having the sealing nodes configurated as stated above, add some hardening. There are multiple options, you can use strong firewall rule sets to block basically everything from the outside network except for the node communications on port 30351. Or, what I would do, is hiding disconnecting this node completely from the public Internet and only wire through the p2p traffic from this node to some other proxy node which is connected to both, your node and the other nodes on the Internet. This could come with drawbacks in network stability though.
Is there another way to allow anyone in the world to use Metamask to hit my smartcontract without open the RPC access on the standard node?
Have you considered looking into public PoA networks such as poa.net? This basically allows your users to connect metamask or mycrypto to the already existing infrastructure of POA.
I'm writing a web application using Ethereum at the moment and realize only now that I have to specific a web3.provider's IP address to tap into the blockchain.
If I have to specify an IP address, how are web apps. (dApps) considered decentralized?
I recognize the data may be ... but the utility of the dApp itself is null if the user doesn't have a frontend tap.
So my question is, from a technical perspective, how do I dynamically grab an IP address to an Ethereum node w/o using some sort of centralized DNS platform?
ENS (the Ethereum Name Service) appears to work similarly to centralized DNS platforms as you need a resolver to get the resource.
What you need to know is that you should not connect your dapp to an IP. You and ever other user will are supposed to connect to a different node. So, it is the user who will connect to a node. The user will be connect to a local or remote node of his/here choice. For you as a developer, when you will be sure that any user connected to a healthy node, he will be using the same version of the dapp.
Note: local nodes can be Geth and Parity nodes connected to main-net. And remote nodes can be the nodes that MetaMask connects to (MetaMask uses infura.io).
Note: If you will force your users to connect to a specific IP, you cannot call your app 'decentralized'.
After my first approach deploying an Ethereum network with testrpc, I´m wondering if I can deploy several nodes using docker containers, so I can deploy a real network with several machines/nodes, and I have some questions:
¿Can I use testrpc for this this task or I need to use Geth instead? Because reading the docs I think testrpc is too basic for it
¿Does Truffle or another framework help you to do all this stuff?
Any information related with all this is welcomed because, as I said, I´m in a very initial stage.
TestRPC is just a tool that will simulate an Ethereum network. Nothing else.
If you want to create an ethereum network you'll have to use an ethereum client like Geth, deploy it on various machines in order to makes those machines nodes.
If you want to be a separate network you'll have to change some parameters before launching your client.
I'll leave here some documentation that explains it : See the doc