config+lnd+server: add unix socket support
This commit is contained in:
parent
b5a228808b
commit
460fa25871
273
config.go
273
config.go
@ -18,6 +18,7 @@ import (
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
"crypto/tls"
|
||||
|
||||
flags "github.com/jessevdk/go-flags"
|
||||
"github.com/lightningnetwork/lnd/brontide"
|
||||
@ -89,6 +90,8 @@ var (
|
||||
defaultBitcoindDir = btcutil.AppDataDir("bitcoin", false)
|
||||
defaultLitecoindDir = btcutil.AppDataDir("litecoin", false)
|
||||
|
||||
loopBackAddrs = []string{"localhost", "127.0.0.1", "[::1]"}
|
||||
|
||||
defaultTorSOCKS = net.JoinHostPort("localhost", strconv.Itoa(defaultTorSOCKSPort))
|
||||
defaultTorDNS = net.JoinHostPort(defaultTorDNSHost, strconv.Itoa(defaultTorDNSPort))
|
||||
defaultTorControl = net.JoinHostPort("localhost", strconv.Itoa(defaultTorControlPort))
|
||||
@ -165,26 +168,35 @@ type torConfig struct {
|
||||
type config struct {
|
||||
ShowVersion bool `short:"V" long:"version" description:"Display version information and exit"`
|
||||
|
||||
LndDir string `long:"lnddir" description:"The base directory that contains lnd's data, logs, configuration file, etc."`
|
||||
ConfigFile string `long:"C" long:"configfile" description:"Path to configuration file"`
|
||||
DataDir string `short:"b" long:"datadir" description:"The directory to store lnd's data within"`
|
||||
TLSCertPath string `long:"tlscertpath" description:"Path to write the TLS certificate for lnd's RPC and REST services"`
|
||||
TLSKeyPath string `long:"tlskeypath" description:"Path to write the TLS private key for lnd's RPC and REST services"`
|
||||
TLSExtraIP string `long:"tlsextraip" description:"Adds an extra ip to the generated certificate"`
|
||||
TLSExtraDomain string `long:"tlsextradomain" description:"Adds an extra domain to the generated certificate"`
|
||||
NoMacaroons bool `long:"no-macaroons" description:"Disable macaroon authentication"`
|
||||
AdminMacPath string `long:"adminmacaroonpath" description:"Path to write the admin macaroon for lnd's RPC and REST services if it doesn't exist"`
|
||||
ReadMacPath string `long:"readonlymacaroonpath" description:"Path to write the read-only macaroon for lnd's RPC and REST services if it doesn't exist"`
|
||||
InvoiceMacPath string `long:"invoicemacaroonpath" description:"Path to the invoice-only macaroon for lnd's RPC and REST services if it doesn't exist"`
|
||||
LogDir string `long:"logdir" description:"Directory to log output."`
|
||||
MaxLogFiles int `long:"maxlogfiles" description:"Maximum logfiles to keep (0 for no rotation)"`
|
||||
MaxLogFileSize int `long:"maxlogfilesize" description:"Maximum logfile size in MB"`
|
||||
RPCListeners []string `long:"rpclisten" description:"Add an interface/port to listen for RPC connections"`
|
||||
RESTListeners []string `long:"restlisten" description:"Add an interface/port to listen for REST connections"`
|
||||
Listeners []string `long:"listen" description:"Add an interface/port to listen for peer connections"`
|
||||
DisableListen bool `long:"nolisten" description:"Disable listening for incoming peer connections"`
|
||||
ExternalIPs []string `long:"externalip" description:"Add an ip:port to the list of local addresses we claim to listen on to peers. If a port is not specified, the default (9735) will be used regardless of other parameters"`
|
||||
NAT bool `long:"nat" description:"Toggle NAT traversal support (using either UPnP or NAT-PMP) to automatically advertise your external IP address to the network -- NOTE this does not support devices behind multiple NATs"`
|
||||
LndDir string `long:"lnddir" description:"The base directory that contains lnd's data, logs, configuration file, etc."`
|
||||
ConfigFile string `long:"C" long:"configfile" description:"Path to configuration file"`
|
||||
DataDir string `short:"b" long:"datadir" description:"The directory to store lnd's data within"`
|
||||
TLSCertPath string `long:"tlscertpath" description:"Path to write the TLS certificate for lnd's RPC and REST services"`
|
||||
TLSKeyPath string `long:"tlskeypath" description:"Path to write the TLS private key for lnd's RPC and REST services"`
|
||||
TLSExtraIP string `long:"tlsextraip" description:"Adds an extra ip to the generated certificate"`
|
||||
TLSExtraDomain string `long:"tlsextradomain" description:"Adds an extra domain to the generated certificate"`
|
||||
NoMacaroons bool `long:"no-macaroons" description:"Disable macaroon authentication"`
|
||||
AdminMacPath string `long:"adminmacaroonpath" description:"Path to write the admin macaroon for lnd's RPC and REST services if it doesn't exist"`
|
||||
ReadMacPath string `long:"readonlymacaroonpath" description:"Path to write the read-only macaroon for lnd's RPC and REST services if it doesn't exist"`
|
||||
InvoiceMacPath string `long:"invoicemacaroonpath" description:"Path to the invoice-only macaroon for lnd's RPC and REST services if it doesn't exist"`
|
||||
LogDir string `long:"logdir" description:"Directory to log output."`
|
||||
MaxLogFiles int `long:"maxlogfiles" description:"Maximum logfiles to keep (0 for no rotation)"`
|
||||
MaxLogFileSize int `long:"maxlogfilesize" description:"Maximum logfile size in MB"`
|
||||
|
||||
// We'll parse these 'raw' string arguments into real net.Addrs in the
|
||||
// loadConfig function. We need to expose the 'raw' strings so the
|
||||
// command line library can access them.
|
||||
// Only the parsed net.Addrs should be used!
|
||||
RawRPCListeners []string `long:"rpclisten" description:"Add an interface/port/socket to listen for RPC connections"`
|
||||
RawRESTListeners []string `long:"restlisten" description:"Add an interface/port/socket to listen for REST connections"`
|
||||
RawListeners []string `long:"listen" description:"Add an interface/port to listen for peer connections"`
|
||||
RawExternalIPs []string `long:"externalip" description:"Add an ip:port to the list of local addresses we claim to listen on to peers. If a port is not specified, the default (9735) will be used regardless of other parameters"`
|
||||
RPCListeners []net.Addr
|
||||
RESTListeners []net.Addr
|
||||
Listeners []net.Addr
|
||||
ExternalIPs []net.Addr
|
||||
DisableListen bool `long:"nolisten" description:"Disable listening for incoming peer connections"`
|
||||
NAT bool `long:"nat" description:"Toggle NAT traversal support (using either UPnP or NAT-PMP) to automatically advertise your external IP address to the network -- NOTE this does not support devices behind multiple NATs"`
|
||||
|
||||
DebugLevel string `short:"d" long:"debuglevel" description:"Logging level for all subsystems {trace, debug, info, warn, error, critical} -- You may also specify <subsystem>=<level>,<subsystem2>=<level>,... to set the log level for individual subsystems -- Use show to list available subsystems"`
|
||||
|
||||
@ -735,8 +747,8 @@ func loadConfig() (*config, error) {
|
||||
|
||||
// Initialize logging at the default logging level.
|
||||
initLogRotator(
|
||||
filepath.Join(cfg.LogDir, defaultLogFilename), cfg.MaxLogFileSize,
|
||||
cfg.MaxLogFiles,
|
||||
filepath.Join(cfg.LogDir, defaultLogFilename),
|
||||
cfg.MaxLogFileSize, cfg.MaxLogFiles,
|
||||
)
|
||||
|
||||
// Parse, validate, and set debug log level(s).
|
||||
@ -747,33 +759,39 @@ func loadConfig() (*config, error) {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// At least one RPCListener is required.
|
||||
if len(cfg.RPCListeners) == 0 {
|
||||
// At least one RPCListener is required. So listen on localhost per
|
||||
// default.
|
||||
if len(cfg.RawRPCListeners) == 0 {
|
||||
addr := fmt.Sprintf("localhost:%d", defaultRPCPort)
|
||||
cfg.RPCListeners = append(cfg.RPCListeners, addr)
|
||||
cfg.RawRPCListeners = append(cfg.RawRPCListeners, addr)
|
||||
}
|
||||
|
||||
// Listen on the default interface/port if no REST listeners were
|
||||
// specified.
|
||||
if len(cfg.RESTListeners) == 0 {
|
||||
// Listen on localhost if no REST listeners were specified.
|
||||
if len(cfg.RawRESTListeners) == 0 {
|
||||
addr := fmt.Sprintf("localhost:%d", defaultRESTPort)
|
||||
cfg.RESTListeners = append(cfg.RESTListeners, addr)
|
||||
cfg.RawRESTListeners = append(cfg.RawRESTListeners, addr)
|
||||
}
|
||||
|
||||
// Listen on the default interface/port if no listeners were specified.
|
||||
if len(cfg.Listeners) == 0 {
|
||||
// An empty address string means default interface/address, which on
|
||||
// most unix systems is the same as 0.0.0.0.
|
||||
if len(cfg.RawListeners) == 0 {
|
||||
addr := fmt.Sprintf(":%d", defaultPeerPort)
|
||||
cfg.Listeners = append(cfg.Listeners, addr)
|
||||
cfg.RawListeners = append(cfg.RawListeners, addr)
|
||||
}
|
||||
|
||||
// For each of the RPC listeners (REST+gRPC), we'll ensure that users
|
||||
// have specified a safe combo for authentication. If not, we'll bail
|
||||
// out with an error.
|
||||
err := enforceSafeAuthentication(cfg.RPCListeners, !cfg.NoMacaroons)
|
||||
err := enforceSafeAuthentication(
|
||||
cfg.RPCListeners, !cfg.NoMacaroons,
|
||||
)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
err = enforceSafeAuthentication(cfg.RESTListeners, !cfg.NoMacaroons)
|
||||
err = enforceSafeAuthentication(
|
||||
cfg.RESTListeners, !cfg.NoMacaroons,
|
||||
)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -787,27 +805,51 @@ func loadConfig() (*config, error) {
|
||||
|
||||
// Add default port to all RPC listener addresses if needed and remove
|
||||
// duplicate addresses.
|
||||
cfg.RPCListeners = normalizeAddresses(
|
||||
cfg.RPCListeners, strconv.Itoa(defaultRPCPort),
|
||||
cfg.RPCListeners, err = normalizeAddresses(
|
||||
cfg.RawRPCListeners, strconv.Itoa(defaultRPCPort),
|
||||
)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// Add default port to all REST listener addresses if needed and remove
|
||||
// duplicate addresses.
|
||||
cfg.RESTListeners = normalizeAddresses(
|
||||
cfg.RESTListeners, strconv.Itoa(defaultRESTPort),
|
||||
cfg.RESTListeners, err = normalizeAddresses(
|
||||
cfg.RawRESTListeners, strconv.Itoa(defaultRESTPort),
|
||||
)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// Add default port to all listener addresses if needed and remove
|
||||
// duplicate addresses.
|
||||
cfg.Listeners = normalizeAddresses(
|
||||
cfg.Listeners, strconv.Itoa(defaultPeerPort),
|
||||
cfg.Listeners, err = normalizeAddresses(
|
||||
cfg.RawListeners, strconv.Itoa(defaultPeerPort),
|
||||
)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// Add default port to all external IP addresses if needed and remove
|
||||
// duplicate addresses.
|
||||
cfg.ExternalIPs = normalizeAddresses(
|
||||
cfg.ExternalIPs, strconv.Itoa(defaultPeerPort),
|
||||
cfg.ExternalIPs, err = normalizeAddresses(
|
||||
cfg.RawExternalIPs, strconv.Itoa(defaultPeerPort),
|
||||
)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// For the p2p port it makes no sense to listen to an Unix socket.
|
||||
// Also, we would need to refactor the brontide listener to support
|
||||
// that.
|
||||
for _, p2pListener := range cfg.Listeners {
|
||||
if isUnix(p2pListener) {
|
||||
err := fmt.Errorf("unix socket addresses cannot be " +
|
||||
"used for the p2p connection listener: %s",
|
||||
p2pListener)
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
// Finally, ensure that we are only listening on localhost if Tor
|
||||
// inbound support is enabled.
|
||||
@ -815,7 +857,7 @@ func loadConfig() (*config, error) {
|
||||
for _, addr := range cfg.Listeners {
|
||||
// Due to the addresses being normalized above, we can
|
||||
// skip checking the error.
|
||||
host, _, _ := net.SplitHostPort(addr)
|
||||
host, _, _ := net.SplitHostPort(addr.String())
|
||||
if host == "localhost" || host == "127.0.0.1" {
|
||||
continue
|
||||
}
|
||||
@ -1201,73 +1243,138 @@ func extractBitcoindRPCParams(bitcoindConfigPath string) (string, string, string
|
||||
|
||||
// normalizeAddresses returns a new slice with all the passed addresses
|
||||
// normalized with the given default port and all duplicates removed.
|
||||
func normalizeAddresses(addrs []string, defaultPort string) []string {
|
||||
result := make([]string, 0, len(addrs))
|
||||
func normalizeAddresses(addrs []string,
|
||||
defaultPort string) ([]net.Addr, error) {
|
||||
result := make([]net.Addr, 0, len(addrs))
|
||||
seen := map[string]struct{}{}
|
||||
for _, addr := range addrs {
|
||||
addr = normalizeAddress(addr, defaultPort)
|
||||
if _, ok := seen[addr]; !ok {
|
||||
for _, strAddr := range addrs {
|
||||
addr, err := parseAddressString(strAddr, defaultPort)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if _, ok := seen[addr.String()]; !ok {
|
||||
result = append(result, addr)
|
||||
seen[addr] = struct{}{}
|
||||
seen[addr.String()] = struct{}{}
|
||||
}
|
||||
}
|
||||
return result
|
||||
}
|
||||
|
||||
// normalizeAddress normalizes an address by either setting a missing host to
|
||||
// localhost or missing port to the default port.
|
||||
func normalizeAddress(addr, defaultPort string) string {
|
||||
if _, _, err := net.SplitHostPort(addr); err != nil {
|
||||
// If the address is an integer, then we assume it is *only* a
|
||||
// port and default to binding to that port on localhost.
|
||||
if _, err := strconv.Atoi(addr); err == nil {
|
||||
return net.JoinHostPort("localhost", addr)
|
||||
}
|
||||
|
||||
// Otherwise, the address only contains the host so we'll use
|
||||
// the default port.
|
||||
return net.JoinHostPort(addr, defaultPort)
|
||||
}
|
||||
|
||||
return addr
|
||||
return result, nil
|
||||
}
|
||||
|
||||
// enforceSafeAuthentication enforces "safe" authentication taking into account
|
||||
// the interfaces that the RPC servers are listening on, and if macaroons are
|
||||
// activated or not. To project users from using dangerous config combinations,
|
||||
// activated or not. To protect users from using dangerous config combinations,
|
||||
// we'll prevent disabling authentication if the sever is listening on a public
|
||||
// interface.
|
||||
func enforceSafeAuthentication(addrs []string, macaroonsActive bool) error {
|
||||
isLoopback := func(addr string) bool {
|
||||
loopBackAddrs := []string{"localhost", "127.0.0.1", "[::1]"}
|
||||
for _, loopback := range loopBackAddrs {
|
||||
if strings.Contains(addr, loopback) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
func enforceSafeAuthentication(addrs []net.Addr, macaroonsActive bool) error {
|
||||
// We'll now examine all addresses that this RPC server is listening
|
||||
// on. If it's a localhost address, we'll skip it, otherwise, we'll
|
||||
// return an error if macaroons are inactive.
|
||||
for _, addr := range addrs {
|
||||
if isLoopback(addr) {
|
||||
if isLoopback(addr) || isUnix(addr) {
|
||||
continue
|
||||
}
|
||||
|
||||
if !macaroonsActive {
|
||||
return fmt.Errorf("Detected RPC server listening on "+
|
||||
"publicly reachable interface %v with "+
|
||||
"authentication disabled! Refusing to start with "+
|
||||
"--no-macaroons specified.", addr)
|
||||
"authentication disabled! Refusing to start "+
|
||||
"with --no-macaroons specified.", addr)
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// listenOnAddress creates a listener that listens on the given
|
||||
// address.
|
||||
func listenOnAddress(addr net.Addr) (net.Listener, error) {
|
||||
return net.Listen(addr.Network(), addr.String())
|
||||
}
|
||||
|
||||
// tlsListenOnAddress creates a TLS listener that listens on the given
|
||||
// address.
|
||||
func tlsListenOnAddress(addr net.Addr,
|
||||
config *tls.Config) (net.Listener, error) {
|
||||
return tls.Listen(addr.Network(), addr.String(), config)
|
||||
}
|
||||
|
||||
// isLoopback returns true if an address describes a loopback interface.
|
||||
func isLoopback(addr net.Addr) bool {
|
||||
for _, loopback := range loopBackAddrs {
|
||||
if strings.Contains(addr.String(), loopback) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
// isUnix returns true if an address describes an Unix socket address.
|
||||
func isUnix(addr net.Addr) bool {
|
||||
return strings.HasPrefix(addr.Network(), "unix")
|
||||
}
|
||||
|
||||
// parseAddressString converts an address in string format to a net.Addr that is
|
||||
// compatible with lnd. UDP is not supported because lnd needs reliable
|
||||
// connections.
|
||||
func parseAddressString(strAddress string,
|
||||
defaultPort string) (net.Addr, error) {
|
||||
var parsedNetwork, parsedAddr string
|
||||
|
||||
// Addresses can either be in network://address:port format or only
|
||||
// address:port. We want to support both.
|
||||
if strings.Contains(strAddress, "://") {
|
||||
parts := strings.Split(strAddress, "://")
|
||||
parsedNetwork, parsedAddr = parts[0], parts[1]
|
||||
} else if strings.Contains(strAddress, ":") {
|
||||
parts := strings.Split(strAddress, ":")
|
||||
parsedNetwork = parts[0]
|
||||
parsedAddr = strings.Join(parts[1:], ":")
|
||||
}
|
||||
|
||||
// Only TCP and Unix socket addresses are valid. We can't use IP or
|
||||
// UDP only connections for anything we do in lnd.
|
||||
switch parsedNetwork {
|
||||
case "unix", "unixpacket":
|
||||
return net.ResolveUnixAddr(parsedNetwork, parsedAddr)
|
||||
case "tcp", "tcp4", "tcp6":
|
||||
return net.ResolveTCPAddr(parsedNetwork,
|
||||
verifyPort(parsedAddr, defaultPort))
|
||||
case "ip", "ip4", "ip6", "udp", "udp4", "udp6", "unixgram":
|
||||
return nil, fmt.Errorf("only TCP or unix socket "+
|
||||
"addresses are supported: %s", parsedAddr)
|
||||
default:
|
||||
// There was no network specified, just try to parse as host
|
||||
// and port.
|
||||
return net.ResolveTCPAddr(
|
||||
"tcp", verifyPort(strAddress, defaultPort),
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
// verifyPort makes sure that an address string has both a host and a port.
|
||||
// If there is no port found, the default port is appended.
|
||||
func verifyPort(strAddress string, defaultPort string) string {
|
||||
host, port, err := net.SplitHostPort(strAddress)
|
||||
if err != nil {
|
||||
// If we already have an IPv6 address with brackets, don't use
|
||||
// the JoinHostPort function, since it will always add a pair
|
||||
// of brackets too.
|
||||
if strings.HasPrefix(strAddress, "[") {
|
||||
strAddress = strAddress + ":" + defaultPort
|
||||
} else {
|
||||
strAddress = net.JoinHostPort(strAddress, defaultPort)
|
||||
}
|
||||
} else if host == "" && port == "" {
|
||||
// The string ':' is parsed as valid empty host and empty port.
|
||||
// But in that case, we want the default port to be applied too.
|
||||
strAddress = ":" + defaultPort
|
||||
}
|
||||
|
||||
return strAddress
|
||||
}
|
||||
|
||||
// normalizeNetwork returns the common name of a network type used to create
|
||||
// file paths. This allows differently versioned networks to use the same path.
|
||||
func normalizeNetwork(network string) string {
|
||||
|
61
lnd.go
61
lnd.go
@ -522,9 +522,11 @@ func lndMain() error {
|
||||
|
||||
// Next, Start the gRPC server listening for HTTP/2 connections.
|
||||
for _, listener := range cfg.RPCListeners {
|
||||
lis, err := net.Listen("tcp", listener)
|
||||
lis, err := listenOnAddress(listener)
|
||||
if err != nil {
|
||||
ltndLog.Errorf("RPC server unable to listen on %s", listener)
|
||||
ltndLog.Errorf(
|
||||
"RPC server unable to listen on %s", listener,
|
||||
)
|
||||
return err
|
||||
}
|
||||
defer lis.Close()
|
||||
@ -536,21 +538,25 @@ func lndMain() error {
|
||||
|
||||
// Finally, start the REST proxy for our gRPC server above.
|
||||
mux := proxy.NewServeMux()
|
||||
err = lnrpc.RegisterLightningHandlerFromEndpoint(ctx, mux,
|
||||
cfg.RPCListeners[0], proxyOpts)
|
||||
err = lnrpc.RegisterLightningHandlerFromEndpoint(
|
||||
ctx, mux, cfg.RPCListeners[0].String(), proxyOpts,
|
||||
)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for _, restEndpoint := range cfg.RESTListeners {
|
||||
listener, err := tls.Listen("tcp", restEndpoint, tlsConf)
|
||||
lis, err := tlsListenOnAddress(restEndpoint, tlsConf)
|
||||
if err != nil {
|
||||
ltndLog.Errorf("gRPC proxy unable to listen on %s", restEndpoint)
|
||||
ltndLog.Errorf(
|
||||
"gRPC proxy unable to listen on %s",
|
||||
restEndpoint,
|
||||
)
|
||||
return err
|
||||
}
|
||||
defer listener.Close()
|
||||
defer lis.Close()
|
||||
go func() {
|
||||
rpcsLog.Infof("gRPC proxy started at %s", listener.Addr())
|
||||
http.Serve(listener, mux)
|
||||
rpcsLog.Infof("gRPC proxy started at %s", lis.Addr())
|
||||
http.Serve(lis, mux)
|
||||
}()
|
||||
}
|
||||
|
||||
@ -735,6 +741,10 @@ func genCertPair(certFile, keyFile string) error {
|
||||
dnsNames = append(dnsNames, cfg.TLSExtraDomain)
|
||||
}
|
||||
|
||||
// Also add fake hostnames for unix sockets, otherwise hostname
|
||||
// verification will fail in the client.
|
||||
dnsNames = append(dnsNames, "unix", "unixpacket")
|
||||
|
||||
// Generate a private key for the certificate.
|
||||
priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
||||
if err != nil {
|
||||
@ -883,7 +893,7 @@ type WalletUnlockParams struct {
|
||||
// waitForWalletPassword will spin up gRPC and REST endpoints for the
|
||||
// WalletUnlocker server, and block until a password is provided by
|
||||
// the user to this RPC server.
|
||||
func waitForWalletPassword(grpcEndpoints, restEndpoints []string,
|
||||
func waitForWalletPassword(grpcEndpoints, restEndpoints []net.Addr,
|
||||
serverOpts []grpc.ServerOption, proxyOpts []grpc.DialOption,
|
||||
tlsConf *tls.Config) (*WalletUnlockParams, error) {
|
||||
|
||||
@ -916,17 +926,22 @@ func waitForWalletPassword(grpcEndpoints, restEndpoints []string,
|
||||
for _, grpcEndpoint := range grpcEndpoints {
|
||||
// Start a gRPC server listening for HTTP/2 connections, solely
|
||||
// used for getting the encryption password from the client.
|
||||
lis, err := net.Listen("tcp", grpcEndpoint)
|
||||
lis, err := listenOnAddress(grpcEndpoint)
|
||||
if err != nil {
|
||||
ltndLog.Errorf("password RPC server unable to listen on %s",
|
||||
grpcEndpoint)
|
||||
ltndLog.Errorf(
|
||||
"password RPC server unable to listen on %s",
|
||||
grpcEndpoint,
|
||||
)
|
||||
return nil, err
|
||||
}
|
||||
defer lis.Close()
|
||||
|
||||
wg.Add(1)
|
||||
go func() {
|
||||
rpcsLog.Infof("password RPC server listening on %s", lis.Addr())
|
||||
rpcsLog.Infof(
|
||||
"password RPC server listening on %s",
|
||||
lis.Addr(),
|
||||
)
|
||||
wg.Done()
|
||||
grpcServer.Serve(lis)
|
||||
}()
|
||||
@ -939,8 +954,9 @@ func waitForWalletPassword(grpcEndpoints, restEndpoints []string,
|
||||
|
||||
mux := proxy.NewServeMux()
|
||||
|
||||
err := lnrpc.RegisterWalletUnlockerHandlerFromEndpoint(ctx, mux,
|
||||
grpcEndpoints[0], proxyOpts)
|
||||
err := lnrpc.RegisterWalletUnlockerHandlerFromEndpoint(
|
||||
ctx, mux, grpcEndpoints[0].String(), proxyOpts,
|
||||
)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -948,17 +964,22 @@ func waitForWalletPassword(grpcEndpoints, restEndpoints []string,
|
||||
srv := &http.Server{Handler: mux}
|
||||
|
||||
for _, restEndpoint := range restEndpoints {
|
||||
lis, err := tls.Listen("tcp", restEndpoint, tlsConf)
|
||||
lis, err := tlsListenOnAddress(restEndpoint, tlsConf)
|
||||
if err != nil {
|
||||
ltndLog.Errorf("password gRPC proxy unable to listen on %s",
|
||||
restEndpoint)
|
||||
ltndLog.Errorf(
|
||||
"password gRPC proxy unable to listen on %s",
|
||||
restEndpoint,
|
||||
)
|
||||
return nil, err
|
||||
}
|
||||
defer lis.Close()
|
||||
|
||||
wg.Add(1)
|
||||
go func() {
|
||||
rpcsLog.Infof("password gRPC proxy started at %s", lis.Addr())
|
||||
rpcsLog.Infof(
|
||||
"password gRPC proxy started at %s",
|
||||
lis.Addr(),
|
||||
)
|
||||
wg.Done()
|
||||
srv.Serve(lis)
|
||||
}()
|
||||
|
37
server.go
37
server.go
@ -85,7 +85,7 @@ type server struct {
|
||||
|
||||
// listenAddrs is the list of addresses the server is currently
|
||||
// listening on.
|
||||
listenAddrs []string
|
||||
listenAddrs []net.Addr
|
||||
|
||||
// torController is a client that will communicate with a locally
|
||||
// running Tor server. This client will handle initiating and
|
||||
@ -207,17 +207,19 @@ func parseAddr(address string) (net.Addr, error) {
|
||||
|
||||
// newServer creates a new instance of the server which is to listen using the
|
||||
// passed listener address.
|
||||
func newServer(listenAddrs []string, chanDB *channeldb.DB, cc *chainControl,
|
||||
func newServer(listenAddrs []net.Addr, chanDB *channeldb.DB, cc *chainControl,
|
||||
privKey *btcec.PrivateKey) (*server, error) {
|
||||
|
||||
var err error
|
||||
|
||||
listeners := make([]net.Listener, len(listenAddrs))
|
||||
for i, addr := range listenAddrs {
|
||||
for i, listenAddr := range listenAddrs {
|
||||
// Note: though brontide.NewListener uses ResolveTCPAddr, it
|
||||
// doesn't need to call the general lndResolveTCP function
|
||||
// since we are resolving a local address.
|
||||
listeners[i], err = brontide.NewListener(privKey, addr)
|
||||
listeners[i], err = brontide.NewListener(
|
||||
privKey, listenAddr.String(),
|
||||
)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -363,14 +365,17 @@ func newServer(listenAddrs []string, chanDB *channeldb.DB, cc *chainControl,
|
||||
|
||||
// If we were requested to automatically configure port forwarding,
|
||||
// we'll use the ports that the server will be listening on.
|
||||
externalIPs := cfg.ExternalIPs
|
||||
externalIpStrings := make([]string, len(cfg.ExternalIPs))
|
||||
for idx, ip := range cfg.ExternalIPs {
|
||||
externalIpStrings[idx] = ip.String()
|
||||
}
|
||||
if s.natTraversal != nil {
|
||||
listenPorts := make([]uint16, 0, len(listenAddrs))
|
||||
for _, listenAddr := range listenAddrs {
|
||||
// At this point, the listen addresses should have
|
||||
// already been normalized, so it's safe to ignore the
|
||||
// errors.
|
||||
_, portStr, _ := net.SplitHostPort(listenAddr)
|
||||
_, portStr, _ := net.SplitHostPort(listenAddr.String())
|
||||
port, _ := strconv.Atoi(portStr)
|
||||
|
||||
listenPorts = append(listenPorts, uint16(port))
|
||||
@ -385,23 +390,21 @@ func newServer(listenAddrs []string, chanDB *channeldb.DB, cc *chainControl,
|
||||
srvrLog.Infof("Automatically set up port forwarding "+
|
||||
"using %s to advertise external IP",
|
||||
s.natTraversal.Name())
|
||||
externalIPs = append(externalIPs, ips...)
|
||||
externalIpStrings = append(externalIpStrings, ips...)
|
||||
}
|
||||
}
|
||||
|
||||
// If external IP addresses have been specified, add those to the list
|
||||
// of this server's addresses.
|
||||
externalIPs = normalizeAddresses(
|
||||
externalIPs, strconv.Itoa(defaultPeerPort),
|
||||
externalIPs, err := normalizeAddresses(
|
||||
externalIpStrings, strconv.Itoa(defaultPeerPort),
|
||||
)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
selfAddrs := make([]net.Addr, 0, len(externalIPs))
|
||||
for _, ip := range cfg.ExternalIPs {
|
||||
addr, err := parseAddr(ip)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
selfAddrs = append(selfAddrs, addr)
|
||||
selfAddrs = append(selfAddrs, ip)
|
||||
}
|
||||
|
||||
// If we were requested to route connections through Tor and to
|
||||
@ -881,7 +884,7 @@ func (s *server) watchExternalIP() {
|
||||
// them when detecting a new IP.
|
||||
ipsSetByUser := make(map[string]struct{})
|
||||
for _, ip := range cfg.ExternalIPs {
|
||||
ipsSetByUser[ip] = struct{}{}
|
||||
ipsSetByUser[ip.String()] = struct{}{}
|
||||
}
|
||||
|
||||
forwardedPorts := s.natTraversal.ForwardedPorts()
|
||||
@ -1246,7 +1249,7 @@ func (s *server) initTorController() error {
|
||||
for _, listenAddr := range s.listenAddrs {
|
||||
// At this point, the listen addresses should have already been
|
||||
// normalized, so it's safe to ignore the errors.
|
||||
_, portStr, _ := net.SplitHostPort(listenAddr)
|
||||
_, portStr, _ := net.SplitHostPort(listenAddr.String())
|
||||
port, _ := strconv.Atoi(portStr)
|
||||
listenPorts[port] = struct{}{}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user