rpcserver: forward gRPC proxy requests to localhost when listening on…

… all interfaces This prevents certificate issues when accessing the gRPC REST proxy externally.
lightningnetwork · Jan 22, 2019 · 552b71c · 552b71c
1 parent 375be93
commit 552b71c
Showing 1 changed file with 14 additions and 3 deletions.
diff --git a/rpcserver.go b/rpcserver.go
@@ -530,14 +530,25 @@ func (r *rpcServer) Start() error {
 		}()
 	}
 
-	// Finally, start the REST proxy for our gRPC server above.
+	// Finally, start the REST proxy for our gRPC server above. We'll ensure
+	// we direct LND to connect to its loopback address rather than a
+	// wildcard to prevent certificate issues when accessing the proxy
+	// externally.
 	//
 	// TODO(roasbeef): eventually also allow the sub-servers to themselves
 	// have a REST proxy.
 	mux := proxy.NewServeMux()
+	grpcEndpoint := cfg.RPCListeners[0].String()
+	switch {
+	case strings.Contains(grpcEndpoint, "0.0.0.0"):
+		grpcEndpoint = strings.Replace(
+			grpcEndpoint, "0.0.0.0", "127.0.0.1", 1,
+		)
+	case strings.Contains(grpcEndpoint, "[::]"):
+		grpcEndpoint = strings.Replace(grpcEndpoint, "[::]", "[::1]", 1)
+	}
 	err := lnrpc.RegisterLightningHandlerFromEndpoint(
-		context.Background(), mux, cfg.RPCListeners[0].String(),
-		r.restServerOpts,
+		context.Background(), mux, grpcEndpoint, r.restServerOpts,
 	)
 	if err != nil {
 		return err