From cfbbd3e524b40585e7e47a22b2c851873c98697d Mon Sep 17 00:00:00 2001
From: Felix Lange <fjl@twurst.com>
Date: Wed, 9 Mar 2022 14:45:39 +0100
Subject: [PATCH] cmd/geth: make authrpc listening address settable from
 command line (#24522)

The default listening address "localhost" is not sufficient when running
geth in Docker.
---
 cmd/geth/main.go   |  1 +
 cmd/geth/usage.go  |  4 +++-
 cmd/utils/flags.go | 12 ++++++++++--
 node/config.go     |  9 ++++++---
 node/defaults.go   |  1 +
 node/node.go       |  6 ++++--
 6 files changed, 25 insertions(+), 8 deletions(-)

diff --git a/cmd/geth/main.go b/cmd/geth/main.go
index 8162608629b12..f08e9a25206ed 100644
--- a/cmd/geth/main.go
+++ b/cmd/geth/main.go
@@ -165,6 +165,7 @@ var (
 		utils.HTTPListenAddrFlag,
 		utils.HTTPPortFlag,
 		utils.HTTPCORSDomainFlag,
+		utils.AuthHostFlag,
 		utils.AuthPortFlag,
 		utils.JWTSecretFlag,
 		utils.HTTPVirtualHostsFlag,
diff --git a/cmd/geth/usage.go b/cmd/geth/usage.go
index a2d278118c668..9da36dcf0f81f 100644
--- a/cmd/geth/usage.go
+++ b/cmd/geth/usage.go
@@ -136,7 +136,6 @@ var AppHelpFlagGroups = []flags.FlagGroup{
 		Flags: []cli.Flag{
 			utils.IPCDisabledFlag,
 			utils.IPCPathFlag,
-			utils.JWTSecretFlag,
 			utils.HTTPEnabledFlag,
 			utils.HTTPListenAddrFlag,
 			utils.HTTPPortFlag,
@@ -150,6 +149,9 @@ var AppHelpFlagGroups = []flags.FlagGroup{
 			utils.WSApiFlag,
 			utils.WSPathPrefixFlag,
 			utils.WSAllowedOriginsFlag,
+			utils.JWTSecretFlag,
+			utils.AuthHostFlag,
+			utils.AuthPortFlag,
 			utils.GraphQLEnabledFlag,
 			utils.GraphQLCORSDomainFlag,
 			utils.GraphQLVirtualHostsFlag,
diff --git a/cmd/utils/flags.go b/cmd/utils/flags.go
index 7880bee21cfc2..527a6c26f026e 100644
--- a/cmd/utils/flags.go
+++ b/cmd/utils/flags.go
@@ -522,11 +522,16 @@ var (
 		Usage: "Sets a cap on transaction fee (in ether) that can be sent via the RPC APIs (0 = no cap)",
 		Value: ethconfig.Defaults.RPCTxFeeCap,
 	}
-	// Authenticated port settings
+	// Authenticated RPC HTTP settings
+	AuthHostFlag = cli.StringFlag{
+		Name:  "authrpc.host",
+		Usage: "Listening address for authenticated APIs",
+		Value: node.DefaultConfig.AuthHost,
+	}
 	AuthPortFlag = cli.IntFlag{
 		Name:  "authrpc.port",
 		Usage: "Listening port for authenticated APIs",
-		Value: node.DefaultAuthPort,
+		Value: node.DefaultConfig.AuthPort,
 	}
 	JWTSecretFlag = cli.StringFlag{
 		Name:  "authrpc.jwtsecret",
@@ -965,6 +970,9 @@ func setHTTP(ctx *cli.Context, cfg *node.Config) {
 		cfg.HTTPPort = ctx.GlobalInt(HTTPPortFlag.Name)
 	}
 
+	if ctx.GlobalIsSet(AuthHostFlag.Name) {
+		cfg.AuthHost = ctx.GlobalString(AuthHostFlag.Name)
+	}
 	if ctx.GlobalIsSet(AuthPortFlag.Name) {
 		cfg.AuthPort = ctx.GlobalInt(AuthPortFlag.Name)
 	}
diff --git a/node/config.go b/node/config.go
index 97853530a664f..54c55dfa015a5 100644
--- a/node/config.go
+++ b/node/config.go
@@ -113,9 +113,6 @@ type Config struct {
 	// for ephemeral nodes).
 	HTTPPort int `toml:",omitempty"`
 
-	// Authport is the port number on which the authenticated API is provided.
-	AuthPort int `toml:",omitempty"`
-
 	// HTTPCors is the Cross-Origin Resource Sharing header to send to requesting
 	// clients. Please be aware that CORS is a browser enforced security, it's fully
 	// useless for custom HTTP clients.
@@ -142,6 +139,12 @@ type Config struct {
 	// HTTPPathPrefix specifies a path prefix on which http-rpc is to be served.
 	HTTPPathPrefix string `toml:",omitempty"`
 
+	// AuthHost is the listening address on which authenticated APIs are provided.
+	AuthHost string `toml:",omitempty"`
+
+	// AuthPort is the port number on which authenticated APIs are provided.
+	AuthPort int `toml:",omitempty"`
+
 	// WSHost is the host interface on which to start the websocket RPC server. If
 	// this field is empty, no websocket API endpoint will be started.
 	WSHost string
diff --git a/node/defaults.go b/node/defaults.go
index 318d907fcc8e8..ca23f07611320 100644
--- a/node/defaults.go
+++ b/node/defaults.go
@@ -50,6 +50,7 @@ var (
 var DefaultConfig = Config{
 	DataDir:             DefaultDataDir(),
 	HTTPPort:            DefaultHTTPPort,
+	AuthHost:            DefaultAuthHost,
 	AuthPort:            DefaultAuthPort,
 	HTTPModules:         []string{"net", "web3"},
 	HTTPVirtualHosts:    []string{"localhost"},
diff --git a/node/node.go b/node/node.go
index 135fae79421ce..9368b3b8257f6 100644
--- a/node/node.go
+++ b/node/node.go
@@ -419,6 +419,7 @@ func (n *Node) startRPC() error {
 		servers = append(servers, server)
 		return nil
 	}
+
 	initWS := func(apis []rpc.API, port int) error {
 		server := n.wsServerForPort(port, false)
 		if err := server.setListenAddr(n.config.WSHost, port); err != nil {
@@ -438,7 +439,7 @@ func (n *Node) startRPC() error {
 	initAuth := func(apis []rpc.API, port int, secret []byte) error {
 		// Enable auth via HTTP
 		server := n.httpAuth
-		if err := server.setListenAddr(DefaultAuthHost, port); err != nil {
+		if err := server.setListenAddr(n.config.AuthHost, port); err != nil {
 			return err
 		}
 		if err := server.enableRPC(apis, httpConfig{
@@ -453,7 +454,7 @@ func (n *Node) startRPC() error {
 		servers = append(servers, server)
 		// Enable auth via WS
 		server = n.wsServerForPort(port, true)
-		if err := server.setListenAddr(DefaultAuthHost, port); err != nil {
+		if err := server.setListenAddr(n.config.AuthHost, port); err != nil {
 			return err
 		}
 		if err := server.enableWS(apis, wsConfig{
@@ -467,6 +468,7 @@ func (n *Node) startRPC() error {
 		servers = append(servers, server)
 		return nil
 	}
+
 	// Set up HTTP.
 	if n.config.HTTPHost != "" {
 		// Configure legacy unauthenticated HTTP.