Public RPC

Substrate node contains a set of CLI flags that allow you to expose the RPC interfaces publicly, namely:

--ws-external
--rpc-external

And their --unsafe-* versions. By default the node will refuse to start if you try to expose RPC and run a validator node at the same time. --unsafe-* flags allow to suppress this security measure.

The fact that the options are provided does not mean we endorse doing so, in fact, quite opposite, exposing your RPC interfaces may open up a huge surface of attacks and has to be carefully reviewed. There are quite a few RPC methods that can be used to control the node's behaviour and should never (or rarely) be exposed:

• author_submitExtrinsic - allows submitting transactions to local pool.
• author_insertKey - allows inserting private keys to local keystore.
• author_rotateKeys - session keys rotation.
• author_removeExtrinsic - remove and ban extrinsic from the pool.
• system_addReservedPeer - add reserved node.
• system_removeReservedPeer - removed reserved node.

Other RPCs are not so much dangerous but can take a long time to execute, potentially blocking the client from syncing. These include:

• state_getKeys - get all the keys in the state with a particular prefix.
• state_getPairs - get all the keys in the state with a particular prefix together with their values.

It's critical to filter out these kind of calls if the requests are coming from untrusted users. The way to do it is through a JSON-RPC proxy that is able to inspect calls and only pass through whitelisted set of APIs.

Here is an example configuration file for jsonrpc-proxy: https://github.com/tomusdrw/jsonrpc-proxy/blob/master/examples/permissions.json#L5

Note that there might be other solutions in the wild that could be used for this purpose, also note that the project listed above should be considered experimental.