The Corda Configuration File

Configuration File Location

The Corda all-in-one corda.jar file is generated by the gradle buildCordaJAR task and defaults to reading configuration from a node.conf file in the present working directory. This behaviour can be overidden using the --config-file command line option to target configuration files with different names, or different file location (relative paths are relative to the current working directory). Also, the --base-directory command line option alters the Corda node workspace location and if specified a node.conf configuration file is then expected in the root of the workspace.

The configuration file templates used for the gradle deployNodes task are to be found in the /config/dev folder. Also note that there is a basic set of defaults loaded from the built in resource file /node/src/main/resources/reference.conf of the :node gradle module. All properties in this can be overidden in the file configuration and for rarely changed properties this defaulting allows the property to be excluded from the configuration file.

Configuration File Format

Corda uses the Typesafe configuration library to parse the configuration see the typesafe config on Github the format of the configuration files can be simple JSON, but for the more powerful substitution features uses HOCON format see HOCON documents

Configuration File Examples

General node configuration file for hosting the IRSDemo services.

basedir : "./nodea"
myLegalName : "Bank A"
nearestCity : "London"
keyStorePassword : "cordacadevpass"
trustStorePassword : "trustpass"
dataSourceProperties : {
   dataSourceClassName : org.h2.jdbcx.JdbcDataSource
   "dataSource.url" : "jdbc:h2:"${basedir}"/persistence"
   "dataSource.user" : sa
   "dataSource.password" : ""
}
artemisAddress : "localhost:31337"
webAddress : "localhost:31339"
extraAdvertisedServiceIds: "corda.interest_rates"
networkMapAddress : "localhost:12345"
useHTTPS : false
rpcUsers : [
    { user=user1, password=letmein, permissions=[ cash ] }
]

NetworkMapService plus Simple Notary configuration file.

basedir : "./nameserver"
myLegalName : "Notary Service"
nearestCity : "London"
keyStorePassword : "cordacadevpass"
trustStorePassword : "trustpass"
artemisAddress : "localhost:12345"
webAddress : "localhost:12346"
extraAdvertisedServiceIds: ""
useHTTPS : false

Configuration File Fields

basedir:

This specifies the node workspace folder either as an absolute path, or relative to the current working directory. It can be overidden by the --base-directory command line option, in which case the the value in the file is ignored and a node.conf file is expected in that workspace directory as the configuration source.

myLegalName:

The legal identity of the node acts as a human readable alias to the node’s public key and several demos use this to lookup the NodeInfo.

nearestCity:

The location of the node as used to locate coordinates on the world map when running the network simulator demo. See Network Simulator.

keyStorePassword:
 

The password to unlock the KeyStore file (<workspace>/certificates/sslkeystore.jks) containing the node certificate and private key.

note:: This is the non-secret value for the development certificates automatically generated during the first node run. Longer term these keys will be managed in secure hardware devices.

trustStorePassword:
 

The password to unlock the Trust store file (<workspace>/certificates/truststore.jks) containing the R3 Corda root certificate. This is the non-secret value for the development certificates automatically generated during the first node run.

Note

Longer term these keys will be managed in secure hardware devices.

dataSourceProperties:
 

This section is used to configure the jdbc connection and database driver used for the nodes persistence. Currently the defaults in /node/src/main/resources/reference.conf are as shown in the first example. This is currently the only configuration that has been tested, although in the future full support for other storage layers will be validated.

artemisAddress:

The host and port on which the node is available for protocol operations over ArtemisMQ.

Note

In practice the ArtemisMQ messaging services bind to all local addresses on the specified port. However, note that the host is the included as the advertised entry in the NetworkMapService. As a result the value listed here must be externally accessible when running nodes across a cluster of machines.

messagingServerAddress:
 

The address of the ArtemisMQ broker instance. If not provided the node will run one locally.

webAddress:

The host and port on which the node is available for web operations.

Note

If HTTPS is enabled then the browser security checks will require that the accessing url host name is one of either the machine name, fully qualified machine name, or server IP address to line up with the Subject Alternative Names contained within the development certificates. This is addition to requiring the /config/dev/corda_dev_ca.cer root certificate be installed as a Trusted CA.

extraAdvertisedServiceIds:
 

A list of ServiceType id strings to be advertised to the NetworkMapService and thus be available when other nodes query the NetworkMapCache for supporting nodes. This can also include plugin services loaded from .jar files in the plugins folder.

networkMapAddress:
 

If null, or missing the node is declaring itself as the NetworkMapService host. Otherwise the configuration value is the remote HostAndPort string for the ArtemisMQ service on the hosting node.

useHTTPS:

If false the node’s web server will be plain HTTP. If true the node will use the same certificate and private key from the <workspace>/certificates/sslkeystore.jks file as the ArtemisMQ port for HTTPS. If HTTPS is enabled then unencrypted HTTP traffic to the node’s webAddress port is not supported.

rpcUsers:

A list of users who are authorised to access the RPC system. Each user in the list is a config object with the following fields:

user:Username consisting only of word characters (a-z, A-Z, 0-9 and _)
password:The password
permissions:A list of permission strings which RPC methods can use to control access

If this field is absent or an empty list then RPC is effectively locked down.