RPC server does not bind to all interfaces #8502

The RPC server is supposed to bind to all interfaces when the -rpcbind=<addr> option is not set (https://en.bitcoin.it/wiki/Running_Bitcoin). When running bitcoin-qt.exe -server -rpcuser=u -rpcpassword=p the server binds to 127.0.0.1, though, and not to all interfaces. This causes the server to be unreachable from another machine. Looks like a bug.

The -rpcbind=129.168.0.123:8332 option seems to be ignored when set. I also tried it with bitcoind.exe.

Note, that -rpcallowip=* triggers an assertion failure:

The default, for security reasons, has always been to bind RPC only on localhost.

However, IF you specify -rpcallowip but no specific bind ip (with -rpcbind=<addr>), it should bind to all interfaces by default, see httpserver.cpp line 334:

    } else { // No specific bind address specified, bind to any
        endpoints.push_back(std::make_pair("::", defaultPort));
        endpoints.push_back(std::make_pair("0.0.0.0", defaultPort));
    }

Testing this (on master):

$ src/bitcoind -regtest -rpcallowip='0.0.0.0/0'  -daemon
tcp6       0      0 :::18332                :::*                    LISTEN      1071/bitcoind   
$ src/bitcoind -regtest stop
$ src/bitcoind -regtest -daemon
$ netstat -anp|grep bitcoind
tcp        0      0 127.0.0.1:18332         0.0.0.0:*               LISTEN      1098/bitcoind   
tcp6       0      0 ::1:18332               :::*                    LISTEN      1098/bitcoind   
$ src/bitcoind -regtest stop

If you specify -rpcbind=... you also need to specify -rpcallowip=... for it to work, otherwise the server doesn't know what IPs are allowed and assumed you just want localhost and ignores the bind statement.

You should be able to see a message in the log in that case:

        if (mapArgs.count("-rpcbind")) {
            LogPrintf("WARNING: option -rpcbind was ignored because -rpcallowip was not specified, refusing to allow everyone to connect\n");
        }

Note, that -rpcallowip=* triggers an assertion failure

rpcallowip=* is not a valid specification, as the error message says - though indeed it shouldn't assert out.

This behavior is all as expected, though the documentation could use improvement, so closing the issue.

Thanks for the detailed reply.

As a user I would have found it more useful if server startup failed outright instead of ignoring options. I can confirm the warning message in debug.log, though.

As a user I would have found it more useful if server startup failed outright instead of ignoring options. I can confirm the warning message in debug.log, though.

Yes exiting in that case that is probably a good idea.

However, as this is after daemonizing (when -daemon) it is not possible to print messages to standard output at that point, so you'd have to check the log anyhow for the error. But yes exiting would still be more informative and would prompt people to check the log.

I suggest keeping this open as a way track the documentation changes.

Making a note for myself: So far the easiest way to bind on all IPs was to specify server=1 and rpcallowip=111.222.0.0/16 (or similar). rpcbind was not required.