New flags to listen to all interfaces

[chevdor]

The current version listens only on 127.0.0.1.

This change is required for containerised versions to run properly.

Adds:

• --ws-external
• --rpc-external

USAGE:
    polkadot [FLAGS] [OPTIONS] [SUBCOMMAND]

FLAGS:
        --dev             Run in development mode; implies --chain=dev --validator --key Alice
    -h, --help            Prints help information
        --light           Run in light client mode
        --no-telemetry    Should not connect to the Polkadot telemetry server (telemetry is on by default on global
                          chains)
⥤    --rpc-external    Listen to all rpc interfaces (Default is local)
    -t, --telemetry       Should connect to the Polkadot telemetry server (telemetry is off by default on local chains)
        --validator       Enable validator mode
    -V, --version         Prints version information
⥤    --ws-external     Listen to all web socket interfaces (Default is local)

<...>

[gavofyork]

opening the RPC to external hosts by default is a little too promiscuous for my liking. i think this will have to be fixed properly.

[chevdor]

Yes, I can understand.
If we go safety first, we will have less nodes (missing out all those docker nodes).
If we take this fix without #494 we increase the risks. I think this is however acceptable for a PoC stage with only a testnet. I would gladly take a look at #494 but I have no idea how long it would take me, I have no clue how this was done in parity.

[chevdor]

--dev already carries a meaning. Would a generic --unsafe mode be an acceptable way to pack tweaks like this one?

So secure by default, only the local interface but open with --unsafe.

[gavofyork]

Should just be:

• add a couple of value-taking options in cli.yml (--ws-interface, --rpc-interface);
• in cli/src/lib.rs, use .unwrap_or("127.0.0.1:9933") to give them the current default, then pass on into the config as before.

[chevdor]

Ok I will take care of that.

[tomusdrw]

Maybe we can try to avoid too many configuration flags for RPC servers for now? Can live with --expose or --external-rpc flag that sets the interfaces to 0.0.0.0? I'd be in favor of something more clever for the future (either the proxy or configuration files). I don't think that selecting a specific interface to listen on is super useful anyway - usually it's just localhost or "external/all"

[gavofyork]

fair enough - should make it even easier :)

[chevdor]

I went with the naming suggested by @tomusdrw but flipped it. That allows having all the rpc related option as --rpc-foobar

[tomusdrw]

I believe there is no point in running RPC externally but not WS, would merge the two flags to avoid clutter in CLI help.
In the future we will most likely run HTTP & WS transport on the same port anyway, so maybe it will be a good opportunity to merge the two options as well.

So I guees it's all right :)

[chevdor]

I did not want to be too pushy here and let for now the users decide. That allows at the moment a user to 'open up' WS while keeping RPC only local only. It may be better security-wise for now.

[tomusdrw]

Why this was changed? I think network should always listen externally.

[chevdor]

Wuuhooo, sorry, this is a big mistake on my hand, good catch and sorry about that. Will fix.