Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Self-signed certificate: All fallback endpoints are unreachable #79

Closed
paulhauner opened this issue Mar 23, 2023 · 3 comments
Closed

Self-signed certificate: All fallback endpoints are unreachable #79

paulhauner opened this issue Mar 23, 2023 · 3 comments

Comments

@paulhauner
Copy link

paulhauner commented Mar 23, 2023
edited
Loading

Heyo 👋

I'm getting the following error:

Mar 23 06:49:59 docker-compose[209744]: keys_api_1     | [Nest] 28  - 03/23/2023, 5:49:59 AM   ERROR [ExceptionHandler] All fallback endpoints are unreachable or all fallback networks differ between each other
Mar 23 06:49:59 docker-compose[209744]: keys_api_1     | Error: All fallback endpoints are unreachable or all fallback networks differ between each other
Mar 23 06:49:59 docker-compose[209744]: keys_api_1     |     at SimpleFallbackJsonRpcBatchProvider.detectNetwork (/app/node_modules/@lido-nestjs/execution/dist/provider/simple-fallback-json-rpc-batch-provider.js:188:19)
Mar 23 06:49:59 docker-compose[209744]: keys_api_1     |     at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
Mar 23 06:50:03 docker-compose[209744]: keys_api_1     | error Command failed with exit code 1.
Mar 23 06:50:03 docker-compose[209744]: keys_api_1     | info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
Mar 23 06:50:04 docker-compose[209744]: lido-kapi-prater_keys_api_1 exited with code `1`

I understand this error means my PROVIDERS_URLS are unreachable. I know that if I swap out my provider to Infura then this message goes away. However, I would to understand why my URL does not work. My setup is as follows:

  • There is only one entry in PROVIDERS_URLS
  • It is a Geth Goerli node and reports 0x5 as the chain ID.
  • My KAPI CHAIN_ID is 5.
  • The Geth node is behind a reverse-proxy using a self-signed SSL certificate.
  • I have concatenated the certificate to /etc/ssl/certs/ca-certificates.crt inside the KAPI docker image (Alpine Linux).
  • I am able to curl the endpoint from inside the KAPI Docker image (without -k or --insecure).

I suspect the self-signed certificate is the issue here, however it's challenging to tell because KAPI does not tell me why the endpoint failed.

So, I have two questions please:

  1. Are you aware of any issues with self-signed certificates?
  2. Is it possible to expose logs about why the connection failed, please?

Thanks 🙏
@infloop
Copy link
Contributor

infloop commented Mar 29, 2023
edited
Loading

@paulhauner
To use self-signed certificates you should:

  • add docker bind mount with self-signed certificate
  • add NODE_EXTRA_CA_CERTS=<absolute-path-to-cert>.cert environment variable for Docker container

Example docker-compose.yml:

...
volumes:
 - ./custom.cert:/ca/custom.cert
environment:
 - NODE_EXTRA_CA_CERTS=/ca/custom.cert
 - NODE_ENV=production
...

@infloop
Copy link
Contributor

infloop commented Apr 25, 2023
edited
Loading

Created improvement lidofinance/lido-nestjs-modules#92 for more logging

@infloop
Copy link
Contributor

infloop commented Apr 25, 2023

Closing this issue.

@infloop infloop closed this as completed Apr 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@infloop @paulhauner