[Ethereum] How to expose Geth’s RPC server to external connections


I want to set up a private network of applications which can connect to a single Geth node. What options do I have for exposing the RPC server?

I'm running this: geth --rpc --testnet (sometimes I use --dev)

How can I achieve the following:

  • Permit specific public/private keys to access the node
  • Permit anyone to access the node
  • Permit IP range to access the node

Possible solution?

Would this just require running a reverse proxy with a server like Nginx?

Best Answer

You can easily and securely create an SSH tunnel to your ETH Node from the application server. This way, the ETH node is fooled into believing that the connection is from localhost and you can ensure that only the holder of a private key can access.

This is a link to instructions on how to setup certificate based authentication

It is important to setup certificate authentication because else you can not automate the process.

Once you have set that up you can create a tunnel by running a command like:

ssh -f -N -L 9545:localhost:8545 remoteUser@remotehost.remotedomain.tld

The port numbers are different in my example, in order for the reader to be able to tell them apart. There is absolutely no other reason to make them different.

Once this command has been issued all traffic to port 9545 on localhost will be forwarded to remotehost.remotedomain.tld:8545 which will consider it to have originated from localhost and be targeted at localhost:8545

This way, you can keep your ETH node behind a firewall and not open it up to the world but still centralize the functionality.

In order to use this in production, you will have to solve the issue of disconnecting SSH sessions.

Related Topic