Force RtView to listen on public IP?

Staking & Delegation Operate a Stake Pool
1

Does anybody know how to force RtView to listen on the public IP of the machine for HTTP-traffic instead of 127.0.0.1!? (referring to port 8024)

One can force proper opening of the sockets for the ports receiving the trace data using the rt-view.yaml configuration file. Like this:

- remoteAddr:
    tag: RemoteSocket
    contents:
    - XX.XXX.XXX.XX
    - '3100'
  nodeName: nice-node-name

By default XX.XXX.XXX.XX is 0.0.0.0 and I run into the same problem here - but forcing listening the public IP manually works here.

Setting any parameter like rtvHost or rtvIp for setting the public IP is ignored by the program. Any given IP during the guided setup is omitted as well. The result is: I can retrieve the index.html from the machine itself using wget - but not from outside the machine.

This is what opened ports look like:

[user@host]$ netstat -ntlp
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:12788         0.0.0.0:*               LISTEN      -                   
tcp        0      0 127.0.0.1:8024          0.0.0.0:*               LISTEN      1278/./cardano-rt-v 
tcp        0      0 XX.XXX.XXX.XX:3001      0.0.0.0:*               LISTEN      -                   
tcp        0      0 XX.XXX.XXX.XX:3100      0.0.0.0:*               LISTEN      1278/./cardano-rt-v 
tcp        0      0 XX.XXX.XXX.XX:3101      0.0.0.0:*               LISTEN      1278/./cardano-rt-v 
tcp        0      0 XX.XXX.XXX.XX:3102      0.0.0.0:*               LISTEN      1278/./cardano-rt-v 
tcp        0      0 127.0.0.1:12798         0.0.0.0:*               LISTEN      -                   
tcp        0      0 XX.XXX.XXX.XX:3103      0.0.0.0:*               LISTEN      1278/./cardano-rt-v 
tcp        0      0 XX.XXX.XXX.XX:3104      0.0.0.0:*               LISTEN      1278/./cardano-rt-v 
tcp        0      0 0.0.0.0:334             0.0.0.0:*               LISTEN      -                   
tcp6       0      0 :::334                  :::*                    LISTEN      -

Yes, the firewall is set-up :wink:

[user@host]$ sudo firewall-cmd --list-all
FedoraServer (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens3
  sources: 
  services: dhcpv6-client ssh
  ports: 3001/tcp 8024/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
	rule family="ipv4" source address="XX.XXX.XXX.XX" port port="3100" protocol="tcp" accept
	rule family="ipv4" source address="XX.XXX.XXX.XX" port port="3101" protocol="tcp" accept
	rule family="ipv4" source address="XX.XXX.XXX.XX" port port="3102" protocol="tcp" accept
	rule family="ipv4" source address="XX.XXX.XXX.XX" port port="3103" protocol="tcp" accept
	rule family="ipv4" source address="XX.XXX.XXX.XX" port port="3104" protocol="tcp" accept

With cardano-node (port 3001) this setup works fine… OS is Fedora 32.

Any Ideas? :frowning:

2

Replying to my own question :wink:

If someone is interested, there is a closed issue with the same problem. That is exactly what I’m not going to do… I won’t add another layer of software, just because the thing listens on loopback, only…

3

Ok, to make it accessible you’ll need for example nginx to proxy the data to an public IP. Denis says the main reason for this is, that rtview does not offer TLS… (see youtube comments)

Also, to gather data in rtview, rtview should be started first. The restart all nodes on different machines. This works on my experience - even though it should be more robust IMHO.

4

The host was previously hard coded to 127.0.0.1, now it is hard coded to 0.0.0.0. Neither choice is acceptable, this needs to be a configuration option with a reasonable and safe default (127.0.0.1). In fact, the current value of 0.0.0.0 is worse because it exposes the web server to all interfaces.

Dear IOHK, I think you badly need to address quality management.