Geth: Unlocking Sealer Account and HTTP on private PoA network

pwho · September 21, 2020, 7:10am

This may be outside the scope of this forum, but I thought I’d give this a shot.

I’m setting up a private network using Geth. The consensus algorithm is Proof of Authority, and Geth docs indicate that an “unlocked” account is required for sealing blocks.

I also want to communicate with the node via http, and so I get a fatal error that I cannot unlock an account when using HTTP.

I would like some help understanding if there is another way my DApp (front end) can communicate with the private network so I can unlock this sealer account successfully.

Thanks

abcoathup · September 17, 2020, 5:37am

Hi @pwho,

I have mostly only spun up Proof of Authority networks hosted on Microsoft Azure, so this isn’t something I am that familiar with. (which when I last used Azure about two years ago was pretty straight forward).

I assume that the sealer account is unlocked via the command line for each Geth node whilst your dapp interacts with the node just like interacting with a public node, though you would need to fund any accounts used by your dapp (assuming that gas has a non-zero fee), such as funding an account in the genesis block.

From: https://geth.ethereum.org/docs/interface/private-network

Clique: Running A Signer

To set up Geth for signing blocks in proof-of-authority mode, a signer account must be available. The account must be unlocked to mine blocks. The following command will prompt for the account password, then start signing blocks:
geth <other-flags> --unlock 0x7df9a875a174b3bc565e6424a0050ebc1b2d1d82 --mine

There is a Geth Discord so you could try asking there: https://discord.gg/nthXNEv

pwho · September 21, 2020, 7:11am

Thanks for the quick reply. I am on that discord, but unfortunately it isn’t very active, so I am not hopeful for a reply =\

I have read through those docs several times. I also tried using CLEF to sign the blocks, though they neglect to say that the account password is requested each time it has to sign I will be playing around with CLEF more, as I understand geth prefers clef for user management and signing.

Now yesterday I learned that using http defaults to only allowing requests from localhost, so I was able to get things working with the following flags:

geth --networkid 19852 --datadir "./data" --bootnodes "enode://414e12ce636b06aa18aad49fe3a9c646a9a1a8a0c2e0d4eaba39040c4aecef6cd102a2bc734da3d166c57a9202745aa217d529ade49218bd98f514d1b0281d44@127.0.0.1:0?discport=30301" --port 30303 --ipcdisable --syncmode full --http.port 8545 --unlock 87745f244a946062Df8dcA2504969A63C10F9228 --password password.txt --mine console

I didn’t use these flags:
–http --http.corsdomain “*”
So it was important to not start the http server (–http) and certainly not allow requests from any domain. Just stating the port I wanted (–http.port 123) ensured geth was only reachable on my local machine, and thus didn’t pose a security risk.