${?DOMAIN} substitution caused rskj to crash with 'Can't read config'.
Hardcoding the host-specific domain for now (rootstock only runs on
de-31). For multi-host deployment later, would need a per-host
templated node.conf or a proxy that rewrites Host header.
rskj's hosts whitelist is exact-match (no wildcards). Use HOCON env-var
substitution ${?DOMAIN} to inject the per-host public domain into the
allowed list. Pass DOMAIN env var into the container via the rskj
template.
Allowed hosts list: [localhost, 127.0.0.1, ::1, ${?DOMAIN}]
- localhost variants for direct/internal access
- DOMAIN for traefik-forwarded requests (Host header = public domain)
VETIVER-9.0.1 enforces rpc.providers.web.http.hosts as a whitelist;
empty list / default rejects everything except 'Host: localhost'.
The traefik route uses 'customrequestheaders.Host=localhost' middleware
to rewrite the Host header, but that middleware appears not to be
applied for the rootstock route - real requests still arrive at rskj
with Host: rpc-de-XX.stakesquid.eu and rskj returns 400 Bad Request,
which traefik translates to 502 Bad Gateway.
Wildcard whitelist is fine here because traefik (with ipallowlist
middleware) is the actual gatekeeper.
Confirmed empirically: 'wget --header=Host:localhost' returns valid
JSON-RPC, anything else returns 400.
VETIVER-9.0.1 silently ignores rpc.modules when configured as a list of
{name,version,enabled} objects. Switch to canonical OBJECT format from
rskj's expected.conf:
modules = { eth { version = "1.0", enabled = "true" } ... }
Without this, the RPC server starts but no modules are registered, so
eth_blockNumber returns method-not-found and show-status flags as 'error'
even though the chain itself imports blocks fine.
Also added 'hosts = []' under rpc.providers.web.http (LIST per
expected.conf, was missing). Same fix applied to bamboo testnet config.
Note: this only resolves mainnet. Bamboo still needs DB recreate due to
unrelated 'Invalid block header size: 22' corruption.
