From 4ea74a45b5928d522b16b912b7533a2efff8f3f1 Mon Sep 17 00:00:00 2001 From: amosmwsmith <52164621+amosmwsmith@users.noreply.github.com> Date: Tue, 25 Feb 2020 17:28:04 +0000 Subject: [PATCH] =?UTF-8?q?ENT-5018:=20Updated=20documentation=20for=20RPC?= =?UTF-8?q?=20Settings=20address=20field=20based=20on=20client=20=E2=80=A6?= =?UTF-8?q?=20(#5991)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Updated documentation for RPC Settings address field based on client feedback explain implications of specifying 0.0.0.0 as host. * Further updates to p2pAddress and messagingServerAddress sections of node settings. * Further updates to additionalP2pAddresses and explaining localhost vs loopback address implications. * Correct messagingServerAddress and amend adminAddress section. --- docs/source/corda-configuration-file.rst | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/docs/source/corda-configuration-file.rst b/docs/source/corda-configuration-file.rst index a8f80f2834..c3642f38b2 100644 --- a/docs/source/corda-configuration-file.rst +++ b/docs/source/corda-configuration-file.rst @@ -106,6 +106,9 @@ overridden via: Limitations ``````````` +* Please note that to limit external connections to your node please use loopback address 127.0.0.1 instead of + localhost for client settings such as p2pAddress; since localhost is translated internally to the physical hostname + and can be reached externally. * If the same key is overridden by both an environment variable and system property, the system property takes precedence. @@ -150,6 +153,7 @@ Configuration file fields additionalP2PAddresses An array of additional host:port values, which will be included in the advertised NodeInfo in the network map in addition to the :ref:`p2pAddress `. Nodes can use this configuration option to advertise HA endpoints and aliases to external parties. + 0.0.0.0 is not a valid host setting since each additionalP2PAddress must be an external client address. *Default:* empty list @@ -414,7 +418,8 @@ lazyBridgeStart messagingServerAddress The address of the ArtemisMQ broker instance. If not provided the node will run one locally. - + 0.0.0.0 should not be specified since this needs to be a valid client address. + *Default:* not defined messagingServerExternal @@ -549,9 +554,11 @@ p2pAddress However, note that the host is the included as the advertised entry in the network map. As a result the value listed here must be **externally accessible when running nodes across a cluster of machines.** If the provided host is unreachable, the node will try to auto-discover its public one. + 0.0.0.0 is not a valid host setting since p2pAddress must be an external client address. + *Default:* not defined - + rpcAddress (deprecated) The address of the RPC system on which RPC requests can be made to the node. If not provided then the node will run without RPC. @@ -568,12 +575,13 @@ rpcSettings **Important: The RPC SSL certificate is used by RPC clients to authenticate the connection. The Node operator must provide RPC clients with a truststore containing the certificate they can trust. We advise Node operators to not use the P2P keystore for RPC. The node can be run with the "generate-rpc-ssl-settings" command, which generates a secure keystore and truststore that can be used to secure the RPC connection. You can use this if you have no special requirements.** address - host and port for the RPC server binding. + host and port for the RPC server binding. Specifying 0.0.0.0 (as host) is a convention allowing the host to bind all of it's network interfaces when listening on a socket. By itself 0.0.0.0 is non-routeable. i.e. not a proper address. *Default:* not defined adminAddress host and port for the RPC admin binding (this is the endpoint that the node process will connect to). + this needs to follow the same host rules as address setting (see above) *Default:* not defined