diff --git a/docs/source/corda-configuration-file.rst b/docs/source/corda-configuration-file.rst index a8f80f2834..c3642f38b2 100644 --- a/docs/source/corda-configuration-file.rst +++ b/docs/source/corda-configuration-file.rst @@ -106,6 +106,9 @@ overridden via: Limitations ``````````` +* Please note that to limit external connections to your node please use loopback address 127.0.0.1 instead of + localhost for client settings such as p2pAddress; since localhost is translated internally to the physical hostname + and can be reached externally. * If the same key is overridden by both an environment variable and system property, the system property takes precedence. @@ -150,6 +153,7 @@ Configuration file fields additionalP2PAddresses An array of additional host:port values, which will be included in the advertised NodeInfo in the network map in addition to the :ref:`p2pAddress `. Nodes can use this configuration option to advertise HA endpoints and aliases to external parties. + 0.0.0.0 is not a valid host setting since each additionalP2PAddress must be an external client address. *Default:* empty list @@ -414,7 +418,8 @@ lazyBridgeStart messagingServerAddress The address of the ArtemisMQ broker instance. If not provided the node will run one locally. - + 0.0.0.0 should not be specified since this needs to be a valid client address. + *Default:* not defined messagingServerExternal @@ -549,9 +554,11 @@ p2pAddress However, note that the host is the included as the advertised entry in the network map. As a result the value listed here must be **externally accessible when running nodes across a cluster of machines.** If the provided host is unreachable, the node will try to auto-discover its public one. + 0.0.0.0 is not a valid host setting since p2pAddress must be an external client address. + *Default:* not defined - + rpcAddress (deprecated) The address of the RPC system on which RPC requests can be made to the node. If not provided then the node will run without RPC. @@ -568,12 +575,13 @@ rpcSettings **Important: The RPC SSL certificate is used by RPC clients to authenticate the connection. The Node operator must provide RPC clients with a truststore containing the certificate they can trust. We advise Node operators to not use the P2P keystore for RPC. The node can be run with the "generate-rpc-ssl-settings" command, which generates a secure keystore and truststore that can be used to secure the RPC connection. You can use this if you have no special requirements.** address - host and port for the RPC server binding. + host and port for the RPC server binding. Specifying 0.0.0.0 (as host) is a convention allowing the host to bind all of it's network interfaces when listening on a socket. By itself 0.0.0.0 is non-routeable. i.e. not a proper address. *Default:* not defined adminAddress host and port for the RPC admin binding (this is the endpoint that the node process will connect to). + this needs to follow the same host rules as address setting (see above) *Default:* not defined