diff --git a/Makefile b/Makefile index fe08cb2447..cabf2ab30a 100644 --- a/Makefile +++ b/Makefile @@ -304,10 +304,15 @@ batcher_start: ./batcher/aligned-batcher/.env user_fund_payment_service @echo "Starting Batcher..." @cargo run --manifest-path ./batcher/aligned-batcher/Cargo.toml --release -- --config ./config-files/config-batcher.yaml --env-file ./batcher/aligned-batcher/.env -batcher_start_local: user_fund_payment_service +batcher_create_self_signed_cert: + @echo "Creating TLS certificate for localhost" + @mkcert -install -cert-file rootCA.crt -key-file rootCA.key localhost + @echo "TLS certificate created" + +batcher_start_local: user_fund_payment_service batcher_create_self_signed_cert @echo "Starting Batcher..." @$(MAKE) run_storage & - @cargo run --manifest-path ./batcher/aligned-batcher/Cargo.toml --release -- --config ./config-files/config-batcher.yaml --env-file ./batcher/aligned-batcher/.env.dev + @cargo run --manifest-path ./batcher/aligned-batcher/Cargo.toml --release -- --config ./config-files/config-batcher.yaml --env-file ./batcher/aligned-batcher/.env.dev --cert ./rootCA.crt --key ./rootCA.key batcher_start_local_no_fund: @echo "Starting Batcher..." diff --git a/batcher/Cargo.lock b/batcher/Cargo.lock index f04cb8c63c..d193188238 100644 --- a/batcher/Cargo.lock +++ b/batcher/Cargo.lock @@ -1,6 +1,6 @@ # This file is automatically @generated by Cargo. # It is not intended for manual editing. -version = 3 +version = 4 [[package]] name = "Inflector" @@ -115,12 +115,14 @@ dependencies = [ "prometheus", "reqwest 0.12.9", "risc0-zkvm", + "rustls 0.23.19", "serde", "serde_json", "serde_yaml", "sha3", "sp1-sdk", "tokio", + "tokio-rustls 0.26.1", "tokio-tungstenite 0.21.0", "warp", ] @@ -648,6 +650,31 @@ dependencies = [ "zeroize", ] +[[package]] +name = "aws-lc-rs" +version = "1.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f409eb70b561706bf8abba8ca9c112729c481595893fd06a2dd9af8ed8441148" +dependencies = [ + "aws-lc-sys", + "paste", + "zeroize", +] + +[[package]] +name = "aws-lc-sys" +version = "0.24.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "923ded50f602b3007e5e63e3f094c479d9c8a9b42d7f4034e4afe456aa48bfd2" +dependencies = [ + "bindgen 0.69.5", + "cc", + "cmake", + "dunce", + "fs_extra", + "paste", +] + [[package]] name = "aws-runtime" version = "1.4.3" @@ -1123,6 +1150,29 @@ dependencies = [ "serde", ] +[[package]] +name = "bindgen" +version = "0.69.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "271383c67ccabffb7381723dea0672a673f292304fcb45c01cc648c7a8d58088" +dependencies = [ + "bitflags 2.6.0", + "cexpr", + "clang-sys", + "itertools 0.12.1", + "lazy_static", + "lazycell", + "log", + "prettyplease", + "proc-macro2", + "quote", + "regex", + "rustc-hash 1.1.0", + "shlex", + "syn 2.0.90", + "which", +] + [[package]] name = "bindgen" version = "0.70.1" @@ -1527,6 +1577,15 @@ version = "0.7.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "afb84c814227b90d6895e01398aee0d8033c00e7466aca416fb6a8e0eb19d8a7" +[[package]] +name = "cmake" +version = "0.1.52" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c682c223677e0e5b6b7f63a64b9351844c3f1b1678a68b7ee617e30fb082620e" +dependencies = [ + "cc", +] + [[package]] name = "coins-bip32" version = "0.8.7" @@ -1645,6 +1704,16 @@ dependencies = [ "libc", ] +[[package]] +name = "core-foundation" +version = "0.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b55271e5c8c478ad3f38ad24ef34923091e0548492a266d19b3c0b4d82574c63" +dependencies = [ + "core-foundation-sys", + "libc", +] + [[package]] name = "core-foundation-sys" version = "0.8.7" @@ -1658,7 +1727,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "45390e6114f68f718cc7a830514a96f903cccd70d02a8f6d9f643ac4ba45afaf" dependencies = [ "bitflags 1.3.2", - "core-foundation", + "core-foundation 0.9.4", "libc", ] @@ -2739,6 +2808,12 @@ dependencies = [ "winapi", ] +[[package]] +name = "fs_extra" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c" + [[package]] name = "funty" version = "2.0.0" @@ -3288,7 +3363,7 @@ dependencies = [ "hyper 0.14.31", "log", "rustls 0.21.12", - "rustls-native-certs", + "rustls-native-certs 0.6.3", "tokio", "tokio-rustls 0.24.1", ] @@ -3304,9 +3379,10 @@ dependencies = [ "hyper 1.5.1", "hyper-util", "rustls 0.23.19", + "rustls-native-certs 0.8.1", "rustls-pki-types", "tokio", - "tokio-rustls 0.26.0", + "tokio-rustls 0.26.1", "tower-service", "webpki-roots 0.26.7", ] @@ -3799,6 +3875,12 @@ dependencies = [ "spin 0.9.8", ] +[[package]] +name = "lazycell" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" + [[package]] name = "libc" version = "0.2.167" @@ -4036,7 +4118,7 @@ dependencies = [ "openssl-probe", "openssl-sys", "schannel", - "security-framework", + "security-framework 2.11.1", "security-framework-sys", "tempfile", ] @@ -5412,6 +5494,7 @@ dependencies = [ "pin-project-lite", "quinn", "rustls 0.23.19", + "rustls-native-certs 0.8.1", "rustls-pemfile 2.2.0", "rustls-pki-types", "serde", @@ -5421,7 +5504,7 @@ dependencies = [ "system-configuration 0.6.1", "tokio", "tokio-native-tls", - "tokio-rustls 0.26.0", + "tokio-rustls 0.26.1", "tokio-util", "tower-service", "url", @@ -5830,6 +5913,8 @@ version = "0.23.19" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "934b404430bb06b3fae2cba809eb45a1ab1aecd64491213d7c3301b88393f8d1" dependencies = [ + "aws-lc-rs", + "log", "once_cell", "ring 0.17.8", "rustls-pki-types", @@ -5847,7 +5932,19 @@ dependencies = [ "openssl-probe", "rustls-pemfile 1.0.4", "schannel", - "security-framework", + "security-framework 2.11.1", +] + +[[package]] +name = "rustls-native-certs" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7fcff2dd52b58a8d98a70243663a0d234c4e2b79235637849d15913394a247d3" +dependencies = [ + "openssl-probe", + "rustls-pki-types", + "schannel", + "security-framework 3.2.0", ] [[package]] @@ -5893,6 +5990,7 @@ version = "0.102.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "64ca1bc8749bd4cf37b5ce386cc146580777b4e8572c7b97baf22c83f444bee9" dependencies = [ + "aws-lc-rs", "ring 0.17.8", "rustls-pki-types", "untrusted 0.9.0", @@ -6057,7 +6155,20 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "897b2245f0b511c87893af39b033e5ca9cce68824c4d7e7630b5a1d339658d02" dependencies = [ "bitflags 2.6.0", - "core-foundation", + "core-foundation 0.9.4", + "core-foundation-sys", + "libc", + "security-framework-sys", +] + +[[package]] +name = "security-framework" +version = "3.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "271720403f46ca04f7ba6f55d438f8bd878d6b8ca0a1046e8228c4145bcbb316" +dependencies = [ + "bitflags 2.6.0", + "core-foundation 0.10.0", "core-foundation-sys", "libc", "security-framework-sys", @@ -6065,9 +6176,9 @@ dependencies = [ [[package]] name = "security-framework-sys" -version = "2.12.1" +version = "2.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fa39c7303dc58b5543c94d22c1766b0d31f2ee58306363ea622b10bbc075eaa2" +checksum = "49db231d56a190491cb4aeda9527f1ad45345af50b0851622a7adb8c03b01c32" dependencies = [ "core-foundation-sys", "libc", @@ -6662,7 +6773,7 @@ source = "git+https://github.com/succinctlabs/sp1.git?rev=v3.0.0#ff8f482c3e135f1 dependencies = [ "anyhow", "bincode", - "bindgen", + "bindgen 0.70.1", "cc", "cfg-if", "hex", @@ -6967,7 +7078,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ba3a3adc5c275d719af8cb4272ea1c4a6d668a777f37e115f6d11ddbc1c8e0e7" dependencies = [ "bitflags 1.3.2", - "core-foundation", + "core-foundation 0.9.4", "system-configuration-sys 0.5.0", ] @@ -6978,7 +7089,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3c879d448e9d986b661742763247d3693ed13609438cf3d006f51f5368a5ba6b" dependencies = [ "bitflags 2.6.0", - "core-foundation", + "core-foundation 0.9.4", "system-configuration-sys 0.6.0", ] @@ -7219,12 +7330,11 @@ dependencies = [ [[package]] name = "tokio-rustls" -version = "0.26.0" +version = "0.26.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c7bc40d0e5a97695bb96e27995cd3a08538541b0a846f65bba7a359f36700d4" +checksum = "5f6d0975eaace0cf0fcadee4e4aaa5da15b5c079146f2cffb67c113be122bf37" dependencies = [ "rustls 0.23.19", - "rustls-pki-types", "tokio", ] @@ -7268,7 +7378,7 @@ dependencies = [ "rustls-pki-types", "tokio", "tokio-native-tls", - "tokio-rustls 0.26.0", + "tokio-rustls 0.26.1", "tungstenite 0.23.0", "webpki-roots 0.26.7", ] @@ -7286,7 +7396,7 @@ dependencies = [ "rustls-pki-types", "tokio", "tokio-native-tls", - "tokio-rustls 0.26.0", + "tokio-rustls 0.26.1", "tungstenite 0.24.0", "webpki-roots 0.26.7", ] @@ -7940,6 +8050,18 @@ dependencies = [ "rustls-pki-types", ] +[[package]] +name = "which" +version = "4.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7" +dependencies = [ + "either", + "home", + "once_cell", + "rustix", +] + [[package]] name = "winapi" version = "0.3.9" diff --git a/batcher/aligned-batcher/Cargo.toml b/batcher/aligned-batcher/Cargo.toml index 8aeb70541f..388945d279 100644 --- a/batcher/aligned-batcher/Cargo.toml +++ b/batcher/aligned-batcher/Cargo.toml @@ -28,9 +28,12 @@ bincode = "1.3.3" aligned-sdk = { path = "../aligned-sdk" } ciborium = "=0.2.2" priority-queue = "2.1.0" -reqwest = { version = "0.12", features = ["json"] } +reqwest = { version = "0.12", default-features = false, features = ["json", "rustls-tls-native-roots"] } once_cell = "1.20.2" warp = "0.3.7" prometheus = { version = "0.13.4", features = ["process"] } backon = "1.2.0" +rustls = "0.23.19" +tokio-rustls = "0.26.1" + diff --git a/batcher/aligned-batcher/src/connection.rs b/batcher/aligned-batcher/src/connection.rs index 9a87230abc..d7630775b7 100644 --- a/batcher/aligned-batcher/src/connection.rs +++ b/batcher/aligned-batcher/src/connection.rs @@ -10,12 +10,14 @@ use lambdaworks_crypto::merkle_tree::merkle::MerkleTree; use log::{debug, error}; use serde::Serialize; use tokio::{net::TcpStream, sync::RwLock}; +use tokio_rustls::server::TlsStream; use tokio_tungstenite::{ tungstenite::{Error, Message}, WebSocketStream, }; -pub(crate) type WsMessageSink = Arc, Message>>>; +pub(crate) type WsMessageSink = + Arc>, Message>>>; pub(crate) async fn send_batch_inclusion_data_responses( finalized_batch: Vec, diff --git a/batcher/aligned-batcher/src/lib.rs b/batcher/aligned-batcher/src/lib.rs index 0b6f7c0d85..e04625a3a8 100644 --- a/batcher/aligned-batcher/src/lib.rs +++ b/batcher/aligned-batcher/src/lib.rs @@ -12,15 +12,15 @@ use retry::batcher_retryables::{ user_balance_is_unlocked_retryable, }; use retry::{retry_function, RetryError}; -use tokio::time::{timeout, Instant}; -use types::batch_state::BatchState; -use types::user_state::UserState; - use std::collections::HashMap; use std::env; use std::net::SocketAddr; +use std::path::PathBuf; use std::sync::Arc; use std::time::Duration; +use tokio::time::{timeout, Instant}; +use types::batch_state::BatchState; +use types::user_state::UserState; use aligned_sdk::core::constants::{ ADDITIONAL_SUBMISSION_GAS_COST_PER_PROOF, BATCHER_SUBMISSION_BASE_GAS_COST, @@ -44,8 +44,11 @@ use futures_util::{future, SinkExt, StreamExt, TryStreamExt}; use lambdaworks_crypto::merkle_tree::merkle::MerkleTree; use lambdaworks_crypto::merkle_tree::traits::IsMerkleTreeBackend; use log::{debug, error, info, warn}; +use rustls::pki_types::pem::PemObject; +use rustls::pki_types::{CertificateDer, PrivateKeyDer}; use tokio::net::{TcpListener, TcpStream}; use tokio::sync::{Mutex, MutexGuard, RwLock}; +use tokio_rustls::{rustls, TlsAcceptor}; use tokio_tungstenite::tungstenite::{Error, Message}; use types::batch_queue::{self, BatchQueueEntry, BatchQueueEntryPriority}; use types::errors::{BatcherError, TransactionSendError}; @@ -267,7 +270,25 @@ impl Batcher { } } - pub async fn listen_connections(self: Arc, address: &str) -> Result<(), BatcherError> { + pub async fn listen_connections( + self: Arc, + address: &str, + cert: PathBuf, + key: PathBuf, + ) -> Result<(), BatcherError> { + // Reference: https://github.com/rustls/tokio-rustls/blob/main/examples/server.rs + let cert = vec![CertificateDer::from_pem_file(cert) + .map_err(|e| BatcherError::TlsError(format!("{e}")))?]; + let key = PrivateKeyDer::from_pem_file(key) + .map_err(|e| BatcherError::TlsError(format!("{e}")))?; + + let config = rustls::ServerConfig::builder() + .with_no_client_auth() + .with_single_cert(cert, key) + .map_err(|e| BatcherError::TlsError(format!("{e}")))?; + + let acceptor = Arc::new(TlsAcceptor::from(Arc::new(config))); + // Create the event loop and TCP listener we'll accept connections on. let listener = TcpListener::bind(address) .await @@ -279,7 +300,7 @@ impl Batcher { Ok((stream, addr)) => { let batcher = self.clone(); // Let's spawn the handling of each connection in a separate task. - tokio::spawn(batcher.handle_connection(stream, addr)); + tokio::spawn(batcher.handle_connection(stream, addr, acceptor.clone())); } Err(e) => { self.metrics.user_error(&["connection_accept_error", ""]); @@ -373,11 +394,15 @@ impl Batcher { self: Arc, raw_stream: TcpStream, addr: SocketAddr, + acceptor: Arc, ) -> Result<(), BatcherError> { info!("Incoming TCP connection from: {}", addr); self.metrics.open_connections.inc(); - - let ws_stream_future = tokio_tungstenite::accept_async(raw_stream); + let tls_stream = acceptor + .accept(raw_stream) + .await + .map_err(|e| BatcherError::TlsError(e.to_string()))?; + let ws_stream_future = tokio_tungstenite::accept_async(tls_stream); let ws_stream = match timeout(Duration::from_secs(CONNECTION_TIMEOUT), ws_stream_future).await { Ok(Ok(stream)) => stream, diff --git a/batcher/aligned-batcher/src/main.rs b/batcher/aligned-batcher/src/main.rs index bc13885052..68e13421fb 100644 --- a/batcher/aligned-batcher/src/main.rs +++ b/batcher/aligned-batcher/src/main.rs @@ -1,9 +1,10 @@ extern crate dotenvy; -use std::sync::Arc; - use clap::Parser; use env_logger::Env; +use rustls::crypto::{aws_lc_rs, CryptoProvider}; +use std::path::PathBuf; +use std::sync::Arc; use aligned_batcher::{types::errors::BatcherError, Batcher}; @@ -24,10 +25,19 @@ struct Cli { env_file: Option, #[arg(short, long)] port: Option, + /// cert file + #[arg(long, short = 'C')] + cert: PathBuf, + /// key file + #[arg(long, short = 'k')] + key: PathBuf, } #[tokio::main] async fn main() -> Result<(), BatcherError> { + CryptoProvider::install_default(aws_lc_rs::default_provider()) + .expect("failed to initialize crypto provider"); + let cli = Cli::parse(); let port = cli.port.unwrap_or(8080); @@ -40,8 +50,6 @@ async fn main() -> Result<(), BatcherError> { let batcher = Batcher::new(cli.config).await; let batcher = Arc::new(batcher); - let addr = format!("localhost:{}", port); - // spawn task to listening for incoming blocks tokio::spawn({ let app = batcher.clone(); @@ -54,7 +62,8 @@ async fn main() -> Result<(), BatcherError> { batcher.metrics.inc_batcher_restart(); - batcher.listen_connections(&addr).await?; + let addr = format!("0.0.0.0:{}", port); + batcher.listen_connections(&addr, cli.cert, cli.key).await?; Ok(()) } diff --git a/batcher/aligned-batcher/src/types/errors.rs b/batcher/aligned-batcher/src/types/errors.rs index 1262045d64..8d0ca1fef6 100644 --- a/batcher/aligned-batcher/src/types/errors.rs +++ b/batcher/aligned-batcher/src/types/errors.rs @@ -41,6 +41,7 @@ impl From for TransactionSendError { } pub enum BatcherError { + TlsError(String), TcpListenerError(String), ConnectionError(tungstenite::Error), BatchVerifiedEventStreamError(String), @@ -75,6 +76,9 @@ impl From for BatcherError { impl fmt::Debug for BatcherError { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { match self { + BatcherError::TlsError(e) => { + write!(f, "TLS Handshake error: {}", e) + } BatcherError::TcpListenerError(e) => { write!(f, "TCP Listener error: {}", e) } diff --git a/batcher/aligned-sdk/src/sdk.rs b/batcher/aligned-sdk/src/sdk.rs index e933ab6f8d..4908102aa3 100644 --- a/batcher/aligned-sdk/src/sdk.rs +++ b/batcher/aligned-sdk/src/sdk.rs @@ -568,9 +568,9 @@ pub async fn get_nonce_from_batcher( batcher_ws_url: &str, address: Address, ) -> Result { - let (ws_stream, _) = connect_async(batcher_ws_url).await.map_err(|_| { - GetNonceError::ConnectionFailed("Ws connection to batcher failed".to_string()) - })?; + let (ws_stream, _) = connect_async(batcher_ws_url) + .await + .map_err(|e| GetNonceError::ConnectionFailed(e.to_string()))?; debug!("WebSocket handshake has been successfully completed"); let (mut ws_write, mut ws_read) = ws_stream.split(); diff --git a/batcher/aligned-task-sender/src/structs.rs b/batcher/aligned-task-sender/src/structs.rs index 7c5d36f6bb..e8937e2a76 100644 --- a/batcher/aligned-task-sender/src/structs.rs +++ b/batcher/aligned-task-sender/src/structs.rs @@ -91,7 +91,7 @@ pub struct TestConnectionsArgs { #[arg( name = "Batcher connection address", long = "batcher-url", - default_value = "ws://localhost:8080" + default_value = "wss://localhost:8080" )] pub batcher_url: String, #[arg( @@ -114,7 +114,7 @@ pub struct SendInfiniteProofsArgs { #[arg( name = "Batcher connection address", long = "batcher-url", - default_value = "ws://localhost:8080" + default_value = "wss://localhost:8080" )] pub batcher_url: String, #[arg( diff --git a/batcher/aligned/generate_proof_and_send.sh b/batcher/aligned/generate_proof_and_send.sh index bcfa684544..4bab1c2f20 100755 --- a/batcher/aligned/generate_proof_and_send.sh +++ b/batcher/aligned/generate_proof_and_send.sh @@ -26,7 +26,7 @@ go run scripts/test_files/gnark_groth16_bn254_infinite_script/cmd/main.go $x # Set default values for RPC and BATCHER if they are not set RPC=${RPC:-http://localhost:8545} -BATCHER_CONN=${BATCHER_CONN:-ws://localhost:8080} +BATCHER_CONN=${BATCHER_CONN:-wss://localhost:8080} if [ -z "$NETWORK" ]; then echo "NETWORK is not set. Setting it to devnet" NETWORK="devnet" diff --git a/batcher/aligned/send_infinite_sp1_tasks/send_infinite_sp1_tasks.sh b/batcher/aligned/send_infinite_sp1_tasks/send_infinite_sp1_tasks.sh index 079a8dcc57..1684c3de93 100755 --- a/batcher/aligned/send_infinite_sp1_tasks/send_infinite_sp1_tasks.sh +++ b/batcher/aligned/send_infinite_sp1_tasks/send_infinite_sp1_tasks.sh @@ -13,7 +13,7 @@ else fi RPC=${RPC:-http://localhost:8545} -BATCHER_CONN=${BATCHER_CONN:-ws://localhost:8080} +BATCHER_CONN=${BATCHER_CONN:-wss://localhost:8080} if [ -z "$NETWORK" ]; then echo "NETWORK is not set. Setting it to devnet" NETWORK="devnet" diff --git a/batcher/aligned/send_infinite_tasks.sh b/batcher/aligned/send_infinite_tasks.sh index d79ff8ab3b..93577f79e9 100755 --- a/batcher/aligned/send_infinite_tasks.sh +++ b/batcher/aligned/send_infinite_tasks.sh @@ -14,7 +14,7 @@ fi # Set default values for RPC and BATCHER if they are not set RPC=${RPC:-http://localhost:8545} -BATCHER_CONN=${BATCHER_CONN:-ws://localhost:8080} +BATCHER_CONN=${BATCHER_CONN:-wss://localhost:8080} if [ -z "$NETWORK" ]; then echo "NETWORK is not set. Setting it to devnet" NETWORK="devnet" diff --git a/batcher/aligned/src/main.rs b/batcher/aligned/src/main.rs index 1153cacbda..775b1c2a5b 100644 --- a/batcher/aligned/src/main.rs +++ b/batcher/aligned/src/main.rs @@ -66,7 +66,7 @@ pub struct SubmitArgs { #[arg( name = "Batcher connection address", long = "batcher_url", - default_value = "ws://localhost:8080" + default_value = "wss://localhost:8080" )] batcher_url: String, #[arg( @@ -207,7 +207,7 @@ pub struct GetUserNonceArgs { #[arg( name = "Batcher connection address", long = "batcher_url", - default_value = "ws://localhost:8080" + default_value = "wss://localhost:8080" )] batcher_url: String, #[arg( diff --git a/docker/batcher.Dockerfile b/docker/batcher.Dockerfile index 0f7689abb8..013e98496e 100644 --- a/docker/batcher.Dockerfile +++ b/docker/batcher.Dockerfile @@ -60,6 +60,7 @@ COPY ../scripts/test_files/ ./scripts/test_files COPY ./config-files/config-batcher-docker.yaml ./config-files/ COPY ./config-files/anvil.batcher.ecdsa.key.json ./config-files/ -RUN apt update -y && apt install -y libssl-dev ca-certificates +RUN apt update -y && apt install -y libssl-dev ca-certificates mkcert +RUN mkcert -install -cert-file rootCA.crt -key-file rootCA.key localhost -CMD ["aligned-batcher", "--config", "./config-files/config-batcher-docker.yaml"] +CMD ["aligned-batcher", "--config", "./config-files/config-batcher-docker.yaml", "--cert", "./rootCA.crt", "--key", "./rootCA.key"] diff --git a/docs/3_guides/6_setup_aligned.md b/docs/3_guides/6_setup_aligned.md index 536deac049..477d184973 100644 --- a/docs/3_guides/6_setup_aligned.md +++ b/docs/3_guides/6_setup_aligned.md @@ -9,6 +9,7 @@ Ensure you have the following installed: - [Foundry](https://book.getfoundry.sh/getting-started/installation) - [jq](https://jqlang.github.io/jq/) - [yq](https://github.com/mikefarah/yq) +- [mkcert](https://github.com/FiloSottile/mkcert) After installing foundryup, you need to install a specific Foundry version: