# README

Rescue-Proxy

Rocket Pool Rescue Node's Rescue-Proxy is a custom reverse proxy meant to sit between a shared beacon node and its downstream users. It behaves like a normal reverse proxy with the following added features and protections:

HMAC authentication via HTTP Basic Auth / GRPC headers
Fee Recipient validation for Rocket Pool validator clients
Credential expiration
Robust caching for frequently accessed immutable chain data
GRPC support for Prysm; HTTP support for Nimbus, Lighthouse, and Teku

Usage

Usage of ./rescue-proxy:
  -addr string
        Address on which to reply to HTTP requests (default "0.0.0.0:80")
  -admin-addr string
        Address on which to reply to admin/metrics requests (default "0.0.0.0:8000")
  -api-addr string
        Address on which to reply to gRPC API requests (default "0.0.0.0:8080")
  -auth-valid-for string
        The duration after which a credential should be considered invalid, eg, 360h for 15 days (default "360h")
  -bn-url string
        URL to the beacon node to proxy, eg, http://localhost:5052
  -cache-path string
        A path to cache EL data in. Leave blank to disable caching.
  -debug
        Whether to enable verbose logging
  -ec-url string
        URL to the execution client to use, eg, http://localhost:8545
  -grpc-addr string
        Address on which to reply to gRPC requests
  -grpc-beacon-addr string
        Address to the beacon node to proxy for gRPC, eg, localhost:4000
  -hmac-secret string
        The secret to use for HMAC (default "test-secret")
  -rocketstorage-addr string
        Address of the Rocket Storage contract. Defaults to mainnet (default "0x1d8f8f00cfa6758d7bE78336684788Fb0ee0Fa46")

The -grpc flags should only be used with a Prysm beacon node.
- The user must pass --grpc-headers=rprnauth=USERNAME:PASSWORD in this case.
The user should use Basic Auth for access (e.g. Beacon Node URL http://USERNAME:[email protected]:80)
-hmac-secret must match the one used with the Credentials library that generated the username, password