feat: use 0.0.0.0 as the default listening address for RPC and gnoweb

[thehowl]

Decided to create this PR after discussing with @zivkovicmilos.

This PR changes the default listening address for the RPC node and gnoweb to be 0.0.0.0 instead of 127.0.0.1. This entails that when starting up a gno.land node or a gnoweb server, it is accessible from any IP address (on the specified port). This includes local loopback addresses like 127.0.0.1, private network addresses like 192.0.0.X, public addresses if the machine has one and the ports are not firewalled, as well as giving the ability to expose the services in docker without having to juggle flags or configuration files.

Milos: What do you think about changing the default IP to 0.0.0.0?
In the code itself, always

Morgan: that is an option and my first thought
but I think there could be security concerns
ie. the RPC node could be an attack vector a validator might not want to expose by default, so it makes sense to expose it only with an opt-in

Milos: I have never in my life seen a production blockchain node directly exposed to the internet
without something like nginx in front of it
There are entire layers of issues that don't have to be solved node-level
The protocol can't cover everything, and it shouldn't
I'd 100% back having the default listen address 0.0.0.0
There is no argument against it really, because the node won't ever be "naked" on the internet

This PR attempts to improve the developer experience of using the two services "by default", with the risk of exposing the RPC endpoints out-of-the-box which could be undesirable for some production environments. However, as Milos has stated, and I agree, any validator who wants to launch a production-grade node

1. without having a firewall already set up on their system
2. without checking through the configuration and defaults for the gnoland node
3. without putting a reverse-proxy like nginx, caddy, $what_have_you
4. expecting that this does not expose the RPC endpoint by default

... is probably insane.

cc/ @albttx

Contributors' checklist...

• Added new tests, or not needed, or not feasible
• Provided an example (e.g. screenshot) to aid review or the PR is self-explanatory
• Updated the official documentation or not needed
• No breaking changes were made, or a BREAKING CHANGE: xxx message was included in the description
• Added references to related issues and PRs
• Provided any useful hints for running manual tests
• Added new benchmarks to generated graphs, if any. More info here.

[codecov]

Codecov Report

Attention: 1 lines in your changes are missing coverage. Please review.

Comparison is base (0cce745) 56.17% compared to head (b478455) 56.57%.

Files	Patch %	Lines
tm2/pkg/bft/rpc/config/config.go	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #1657      +/-   ##
==========================================
+ Coverage   56.17%   56.57%   +0.40%     
==========================================
  Files         439      439              
  Lines       66242    66618     +376     
==========================================
+ Hits        37209    37690     +481     
+ Misses      26143    26009     -134     
- Partials     2890     2919      +29     

Flag	Coverage Δ
go-1.21.x	∅ <ø> (∅)
misc	∅ <ø> (∅)
misc-_test.genstd	∅ <ø> (∅)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[zivkovicmilos]

Looking good 💯

[albttx]

i'm 100% Again this. This is WAY TO DANGEROUS for mainnet.

Too many validators on cosmos with having 127.0.0.1 by default expose their validator on 0.0.0.0, which is a terrible error and it's dangerous.

The result will be way worse if we set it to 0.0.0.0 by default.

[thehowl]

After discussing with Guillhem and Albert, I think it's best if we move as follows:

• Prefer 127.0.0.1 as it "documents" that the RPC node should not be publicly exposed by default.
• For the docker usecase, place gnoland init and gnoland config ... rpc.laddr 0.0.0.0:26657 (in Dockerfile) so it is automatically set up in that context. This can be done with / after feat: add gnoland config command suite #1605 is merged.

Closing this PR!

[waymobetta]

This is how geth handles working with Docker.

Also, may need to include :: to accommodate ipv6 as well.

[kristovatlas]

Resolved during call today.