7.0 KiB
The Corda Configuration File
Configuration File Location
The Corda all-in-one corda.jar
file is generated by the gradle buildCordaJAR
task and defaults to reading configuration from a node.conf
file in the present working directory. This behaviour can be overidden using the --config-file
command line option to target configuration files with different names, or different file location (relative paths are relative to the current working directory). Also, the --base-directory
command line option alters the Corda node workspace location and if specified a node.conf
configuration file is then expected in the root of the workspace.
The configuration file templates used for the gradle installTemplateNodes
task are to be found in the /config/dev
folder. Also note that there is a basic set of defaults loaded from the built in resource file /node/src/main/resources/reference.conf
of the :node
gradle module. All properties in this can be overidden in the file configuration and for rarely changed properties this defaulting allows the property to be excluded from the configuration file.
Configuration File Format
Corda uses the Typesafe configuration library to parse the configuration see the typesafe config on Github the format of the configuration files can be simple JSON, but for the more powerful substitution features uses HOCON format see HOCON documents
Configuration File Examples
General node configuration file for hosting the IRSDemo services.
basedir : "./nodea"
myLegalName : "Bank A"
nearestCity : "London"
keyStorePassword : "cordacadevpass"
trustStorePassword : "trustpass"
dataSourceProperties : {
dataSourceClassName : org.h2.jdbcx.JdbcDataSource
"dataSource.url" : "jdbc:h2:"${basedir}"/persistence"
"dataSource.user" : sa
"dataSource.password" : ""
}
artemisAddress : "localhost:31337"
webAddress : "localhost:31339"
extraAdvertisedServiceIds: "corda.interest_rates"
networkMapAddress : "localhost:12345"
useHTTPS : false
NetworkMapService plus Simple Notary configuration file.
basedir : "./nameserver"
myLegalName : "Notary Service"
nearestCity : "London"
keyStorePassword : "cordacadevpass"
trustStorePassword : "trustpass"
artemisAddress : "localhost:12345"
webAddress : "localhost:12346"
extraAdvertisedServiceIds: ""
useHTTPS : false
Configuration File Fields
- basedir
This specifies the node workspace folder either as an absolute path, or relative to the current working directory. It can be overidden by the
--base-directory
command line option, in which case the the value in the file is ignored and anode.conf
file is expected in that workspace directory as the configuration source.- myLegalName
The legal identity of the node acts as a human readable alias to the node's public key and several demos use this to lookup the NodeInfo.
- nearestCity
The location of the node as used to locate coordinates on the world map when running the network simulator demo. See
network-simulator
.- keyStorePassword
The password to unlock the KeyStore file (
<workspace>/certificates/sslkeystore.jks
) containing the node certificate and private key.note:: This is the non-secret value for the development certificates automatically generated during the first node run. Longer term these keys will be managed in secure hardware devices.
- trustStorePassword
The password to unlock the Trust store file (
<workspace>/certificates/truststore.jks
) containing the R3 Corda root certificate. This is the non-secret value for the development certificates automatically generated during the first node run.Note
Longer term these keys will be managed in secure hardware devices.
- dataSourceProperties
This section is used to configure the jdbc connection and database driver used for the nodes persistence. Currently the defaults in
/node/src/main/resources/reference.conf
are as shown in the first example. This is currently the only configuration that has been tested, although in the future full support for other storage layers will be validated.- artemisAddress
The host and port on which the node is available for protocol operations over ArtemisMQ.
Note
In practice the ArtemisMQ messaging services bind to all local addresses on the specified port. However, note that the host is the included as the advertised entry in the NetworkMapService. As a result the value listed here must be externally accessible when running nodes across a cluster of machines.
- messagingServerAddress
The address of the ArtemisMQ broker instance. If not provided the node will run one locally.
- webAddress
The host and port on which the node is available for web operations.
Note
If HTTPS is enabled then the browser security checks will require that the accessing url host name is one of either the machine name, fully qualified machine name, or server IP address to line up with the Subject Alternative Names contained within the development certificates. This is addition to requiring the
/config/dev/corda_dev_ca.cer
root certificate be installed as a Trusted CA.- extraAdvertisedServiceIds
A list of ServiceType id strings to be advertised to the NetworkMapService and thus be available when other nodes query the NetworkMapCache for supporting nodes. This can also include plugin services loaded from .jar files in the plugins folder.
- networkMapAddress
If null, or missing the node is declaring itself as the NetworkMapService host. Otherwise the configuration value is the remote HostAndPort string for the ArtemisMQ service on the hosting node.
- useHTTPS
If false the node's web server will be plain HTTP. If true the node will use the same certificate and private key from the
<workspace>/certificates/sslkeystore.jks
file as the ArtemisMQ port for HTTPS. If HTTPS is enabled then unencrypted HTTP traffic to the node's webAddress port is not supported.
RPC Users File
Corda also uses the rpc-users.properties
file, found in the base directory, to control access to the RPC subsystem. This is a Java properties file (details can be found in the Javadocs) which specifies a list of users with their password and list of permissions they're enabled for.
admin=notsecure,ADMIN
user1=letmein,CASH,PAPER
In this example user1
has password letmein
and has permissions for CASH
and PAPER
. The permissions are free-form strings which can be used by the RPC methods to control access.
If rpc-users.properties
is empty or doesn't exist then the RPC subsystem is effectively locked down.