How to do basic auth to an eth node? OR, how to configure chainstack

I’ve got a node set up at Chainstack and it requires http basic auth to use.

I tried making the urls “https://username:password@server” (same for wss://)

This does not appear to work. I tried overriding the config:

config :ethereum_jsonrpc,
url: System.get_env(“ETHEREUM_JSONRPC_HTTP_URL”),
trace_url: System.get_env(“ETHEREUM_JSONRPC_TRACE_URL”),
http: [recv_timeout: 600_000, timeout: 600_000, hackney: [pool: :ethereum_jsonrpc, basic_auth: {“username”, “password”}], ssl: [{:verify, :verify_none}] ]

my settings are ignored I think

my logs are filled with:

Jul 08 19:38:15 blockscout mix[44744]: 2021-07-08T19:38:15.729 [info] TLS :client: In state :wait_cert_cr at ssl_handshake.erl:1897 generated CLIENT ALERT: Fatal - Handshake Failure
Jul 08 19:38:15 blockscout mix[44744]: - {:bad_cert, :hostname_check_failed}

can anyone give me advice?

Well, I just tried loading the URL from HTTPoison directly, and it worked fine so there must be something else causing the cert errors.

For the record, I “solved” this by proxying http and websocket rpc through nginx and configuring blockscout to use the unencrypted connections

Nice solution :slight_smile: How do you have your nginx proxy set up? Is it on the same node or different? SSL certs can be tricky sometimes. Interested in your response!

It’s on the same vm as blockscout. Here’s the basic setup:

location / {
    try_files /nonexistent @$http_upgrade;

location @websocket {
    proxy_set_header Authorization "Basic redacted==";
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host "";

location @ {
  proxy_set_header Host "";
  proxy_set_header Authorization "Basic reacted==";

where “redacted==” is base64(username:password). It chooses the right proxy based on the existence of the http upgrade header for websockets.

Then in blockscout:


It works and it handles all the load I have thrown at it, I have 32 cores cranking on it now. But I don’t like “hacks” in production. So I have a coworker who is more competent with Elixir than I am looking at the code to figure out why it doesn’t work out of the box. Which is strange because talking with some Chainstack engineers, there are people doing blockscout with it, so they must have figured it out.

BTW chainstack is pretty great so far, would recommend.

1 Like

Great, thanks for sharing!

I’ve not had issues as you are describing either. I can test this evening and weekend on a lab instance. Instead of using localhost, what results to you see if you use the actual internal static IP instead? Assuming you have the local IP address of


(for direct https also listen on 443)

Above assumes you listen on both localhost and a static IP address. Would be interesting to test and see log results change at all. Good luck, if above doesn’t help I’ll try to test this weekend as well!