flashbots · metachris · Apr 28, 2025 · Apr 24, 2025 · Apr 24, 2025 · Apr 25, 2025
diff --git a/cmd/receiver-proxy/main.go b/cmd/receiver-proxy/main.go
@@ -23,6 +23,9 @@ const (
 	flagSystemListenAddr = "system-listen-addr"
 	flagCertListenAddr   = "cert-listen-addr"
 	flagMaxUserRPS       = "max-user-requests-per-second"
+
+	flagCertPath    = "cert-path"
+	flagCertKeyPath = "cert-key-path"
 )
 
 var flags = []cli.Flag{
@@ -111,6 +114,16 @@ var flags = []cli.Flag{
 		Usage:   "generated certificate hosts",
 		EnvVars: []string{"CERT_HOSTS"},
 	},
+	&cli.DurationFlag{
+		Name:    flagCertPath,
+		Usage:   "path where to store the generated certificate",
+		EnvVars: []string{"CERT_PATH"},
+	},
+	&cli.StringFlag{
+		Name:    flagCertKeyPath,
+		Usage:   "path where to store the generated certificate key",
+		EnvVars: []string{"CERT_KEY_PATH"},
+	},
 
 	// Logging, metrics and debug
 	&cli.StringFlag{
@@ -216,8 +229,7 @@ func runMain(cCtx *cli.Context) error {
 
 	builderEndpoint := cCtx.String("builder-endpoint")
 	rpcEndpoint := cCtx.String("rpc-endpoint")
-	certDuration := cCtx.Duration("cert-duration")
-	certHosts := cCtx.StringSlice("cert-hosts")
+
 	builderConfigHubEndpoint := cCtx.String("builder-confighub-endpoint")
 	archiveEndpoint := cCtx.String("orderflow-archive-endpoint")
 	flashbotsSignerStr := cCtx.String("flashbots-orderflow-signer-address")
@@ -227,10 +239,21 @@ func runMain(cCtx *cli.Context) error {
 
 	maxUserRPS := cCtx.Int(flagMaxUserRPS)
 
+	certDuration := cCtx.Duration("cert-duration")
+	certHosts := cCtx.StringSlice("cert-hosts")
+	certPath := cCtx.String(flagCertPath)
+	certKeyPath := cCtx.String(flagCertKeyPath)
+	if certPath == "" || certKeyPath == "" {
+		log.Error("cert-path and cert-key-path must be set")
+		return nil
+	}
+
 	proxyConfig := &proxy.ReceiverProxyConfig{
 		ReceiverProxyConstantConfig: proxy.ReceiverProxyConstantConfig{Log: log, FlashbotsSignerAddress: flashbotsSignerAddress},
 		CertValidDuration:           certDuration,
 		CertHosts:                   certHosts,
+		CertPath:                    certPath,
+		CertKeyPath:                 certKeyPath,
 		BuilderConfigHubEndpoint:    builderConfigHubEndpoint,
 		ArchiveEndpoint:             archiveEndpoint,
 		ArchiveConnections:          connectionsPerPeer,

diff --git a/go.mod b/go.mod
@@ -8,7 +8,7 @@ require (
 	github.com/VictoriaMetrics/metrics v1.35.1
 	github.com/cenkalti/backoff v2.2.1+incompatible
 	github.com/ethereum/go-ethereum v1.15.5
-	github.com/flashbots/go-utils v0.10.1-0.20250416132112-39233b64a8c5
+	github.com/flashbots/go-utils v0.10.1-0.20250424105414-d6d0a6a11ce5
 	github.com/google/uuid v1.6.0
 	github.com/hashicorp/golang-lru/v2 v2.0.7
 	github.com/stretchr/testify v1.10.0

diff --git a/go.sum b/go.sum
@@ -32,10 +32,10 @@ github.com/ethereum/go-ethereum v1.15.5 h1:Fo2TbBWC61lWVkFw9tsMoHCNX1ndpuaQBRJ8H
 github.com/ethereum/go-ethereum v1.15.5/go.mod h1:1LG2LnMOx2yPRHR/S+xuipXH29vPr6BIH6GElD8N/fo=
 github.com/ethereum/go-verkle v0.2.2 h1:I2W0WjnrFUIzzVPwm8ykY+7pL2d4VhlsePn4j7cnFk8=
 github.com/ethereum/go-verkle v0.2.2/go.mod h1:M3b90YRnzqKyyzBEWJGqj8Qff4IDeXnzFw0P9bFw3uk=
-github.com/flashbots/go-utils v0.10.0 h1:75XWewRO5GIhdLn8+vqdzzuoqJh+j8wN54A++Id7W0Y=
-github.com/flashbots/go-utils v0.10.0/go.mod h1:i4xxEB6sHDFfNWEIfh+rP6nx3LxynEn8AOZa05EYgwA=
 github.com/flashbots/go-utils v0.10.1-0.20250416132112-39233b64a8c5 h1:oEfjmk2NQ/FtX+1h1Rx4PMpJtbNAa6T/l6otbUmzZp8=
 github.com/flashbots/go-utils v0.10.1-0.20250416132112-39233b64a8c5/go.mod h1:i4xxEB6sHDFfNWEIfh+rP6nx3LxynEn8AOZa05EYgwA=
+github.com/flashbots/go-utils v0.10.1-0.20250424105414-d6d0a6a11ce5 h1:F6pO8NC+JSG8jSFzTOAjP4TaR+CwZKygQ4vSLT+XPPw=
+github.com/flashbots/go-utils v0.10.1-0.20250424105414-d6d0a6a11ce5/go.mod h1:i4xxEB6sHDFfNWEIfh+rP6nx3LxynEn8AOZa05EYgwA=
 github.com/go-ole/go-ole v1.3.0 h1:Dt6ye7+vXGIKZ7Xtk4s6/xVdGDQynvom7xCFEdWr6uE=
 github.com/go-ole/go-ole v1.3.0/go.mod h1:5LS6F96DhAwUc7C+1HLexzMXY1xGRSryjyPPKW6zv78=
 github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw=

diff --git a/proxy/receiver_proxy.go b/proxy/receiver_proxy.go
@@ -76,8 +76,11 @@ type ReceiverProxyConstantConfig struct {
 
 type ReceiverProxyConfig struct {
 	ReceiverProxyConstantConfig
+
 	CertValidDuration time.Duration
 	CertHosts         []string
+	CertPath          string
+	CertKeyPath       string
 
 	BuilderConfigHubEndpoint string
 	ArchiveEndpoint          string
@@ -99,7 +102,7 @@ func NewReceiverProxy(config ReceiverProxyConfig) (*ReceiverProxy, error) {
 		return nil, err
 	}
 
-	cert, key, err := utils_tls.GenerateTLS(config.CertValidDuration, config.CertHosts)
+	cert, key, err := utils_tls.GetOrGenerateTLS(config.CertPath, config.CertKeyPath, config.CertValidDuration, config.CertHosts)
 	if err != nil {
 		return nil, err
 	}

diff --git a/proxy/receiver_proxy_test.go b/proxy/receiver_proxy_test.go
@@ -74,11 +74,11 @@ func (setup *OrderflowProxyTestSetup) Close() {
 	setup.proxy.Stop()
 }
 
-func StartTestOrderflowProxy(name string) (*OrderflowProxyTestSetup, error) {
+func StartTestOrderflowProxy(name, certPath, certKeyPath string) (*OrderflowProxyTestSetup, error) {
 	localBuilderRequests := make(chan *RequestData, 1)
 	localBuilderServer := ServeHTTPRequestToChan(localBuilderRequests)
 
-	proxy := createProxy(localBuilderServer.URL, name)
+	proxy := createProxy(localBuilderServer.URL, name, certPath, certKeyPath)
 	publicProxyServer := &http.Server{ //nolint:gosec
 		Handler:   proxy.SystemHandler,
 		TLSConfig: proxy.TLSConfig(),
@@ -169,7 +169,7 @@ func TestMain(m *testing.M) {
 	defer archiveServer.Close()
 
 	for i := range 3 {
-		proxy, err := StartTestOrderflowProxy(fmt.Sprintf("proxy:%d", i))
+		proxy, err := StartTestOrderflowProxy(fmt.Sprintf("proxy:%d", i), "/tmp/orderflow-proxy-test.cert", "/tmp/orderflow-proxy-test.key")
 		proxies = append(proxies, proxy)
 		if err != nil {
 			panic(err)
@@ -184,16 +184,19 @@ func TestMain(m *testing.M) {
 	os.Exit(m.Run())
 }
 
-func createProxy(localBuilder, name string) *ReceiverProxy {
+func createProxy(localBuilder, name, certPath, certKeyPath string) *ReceiverProxy {
 	log := slog.New(slog.NewTextHandler(os.Stdout, &slog.HandlerOptions{Level: slog.LevelDebug}))
 	proxy, err := NewReceiverProxy(ReceiverProxyConfig{
 		ReceiverProxyConstantConfig: ReceiverProxyConstantConfig{
 			Log:                    log,
 			Name:                   name,
 			FlashbotsSignerAddress: flashbotsSigner.Address(),
 		},
-		CertValidDuration:        time.Hour * 24,
-		CertHosts:                []string{"localhost", "127.0.0.1"},
+		CertValidDuration: time.Hour * 24,
+		CertHosts:         []string{"localhost", "127.0.0.1"},
+		CertPath:          certPath,
+		CertKeyPath:       certKeyPath,
+
 		BuilderConfigHubEndpoint: builderHub.URL,
 		ArchiveEndpoint:          archiveServer.URL,
 		LocalBuilderEndpoint:     localBuilder,
@@ -551,7 +554,7 @@ func TestProxyBidSubsidiseBlockCall(t *testing.T) {
 }
 
 func TestBuilderNetRootCall(t *testing.T) {
-	proxy, err := StartTestOrderflowProxy("1")
+	proxy, err := StartTestOrderflowProxy("1", "/tmp/orderflow-proxy-test.cert", "/tmp/orderflow-proxy-test.key")
 	require.NoError(t, err)
 
 	req := httptest.NewRequest(http.MethodGet, "/", nil)