rpcserver: forward gRPC proxy requests to localhost when listening on all interfaces

This prevents certificate issues when accessing the gRPC REST proxy externally.
This commit is contained in:
Wilmer Paulino 2018-11-30 13:25:26 -08:00
parent 375be936ce
commit 552b71c620
No known key found for this signature in database
GPG Key ID: 6DF57B9F9514972F

@ -530,14 +530,25 @@ func (r *rpcServer) Start() error {
}()
}
// Finally, start the REST proxy for our gRPC server above.
// Finally, start the REST proxy for our gRPC server above. We'll ensure
// we direct LND to connect to its loopback address rather than a
// wildcard to prevent certificate issues when accessing the proxy
// externally.
//
// TODO(roasbeef): eventually also allow the sub-servers to themselves
// have a REST proxy.
mux := proxy.NewServeMux()
grpcEndpoint := cfg.RPCListeners[0].String()
switch {
case strings.Contains(grpcEndpoint, "0.0.0.0"):
grpcEndpoint = strings.Replace(
grpcEndpoint, "0.0.0.0", "127.0.0.1", 1,
)
case strings.Contains(grpcEndpoint, "[::]"):
grpcEndpoint = strings.Replace(grpcEndpoint, "[::]", "[::1]", 1)
}
err := lnrpc.RegisterLightningHandlerFromEndpoint(
context.Background(), mux, cfg.RPCListeners[0].String(),
r.restServerOpts,
context.Background(), mux, grpcEndpoint, r.restServerOpts,
)
if err != nil {
return err