diff --git a/doc/CodingStyle.md b/doc/CodingStyle.md index a060e14af3..3256675265 100644 --- a/doc/CodingStyle.md +++ b/doc/CodingStyle.md @@ -2,14 +2,38 @@ # Coding Standards -Coding standards used here are extreme strict and consistent. The style -evolved gradually over the years, incorporating generally acknowledged -best-practice C++ advice, experience, and personal preference. +Coding standards used here gradually evolve and propagate through +code reviews. Some aspects are enforced more strictly than others. -## Don't Repeat Yourself! +## Rules -The [Don't Repeat Yourself][1] principle summarises the essence of what it -means to write good code, in all languages, at all levels. +These rules only apply to our own code. We can't enforce any sort of +style on the external repositories and libraries we include. The best +guideline is to maintain the standards that are used in those libraries. + +* Tab inserts 4 spaces. No tab characters. +* Braces are indented in the [Allman style][1]. +* Modern C++ principles. No naked ```new``` or ```delete```. +* Line lengths limited to 80 characters. Exceptions limited to data and tables. + +## Guidelines + +If you want to do something contrary to these guidelines, understand +why you're doing it. Think, use common sense, and consider that this +your changes will probably need to be maintained long after you've +moved on to other projects. + +* Use white space and blank lines to guide the eye and keep your intent clear. +* Put private data members at the top of a class, and the 6 public special +members immediately after, in the following order: + * Destructor + * Default constructor + * Copy constructor + * Copy assignment + * Move constructor + * Move assignment +* Don't over-inline by defining large functions within the class +declaration, not even for template classes. ## Formatting @@ -17,9 +41,6 @@ The goal of source code formatting should always be to make things as easy to read as possible. White space is used to guide the eye so that details are not overlooked. Blank lines are used to separate code into "paragraphs." -* No tab characters please. -* Tab stops are set to 4 spaces. -* Braces are indented in the [Allman style][2]. * Always place a space before and after all binary operators, especially assignments (`operator=`). * The `!` operator should always be followed by a space. @@ -62,156 +83,4 @@ overlooked. Blank lines are used to separate code into "paragraphs." * Always place a space in between the template angle brackets and the type name. Template code is already hard enough to read! -## Naming conventions - -* Member variables and method names are written with camel-case, and never - begin with a capital letter. -* Class names are also written in camel-case, but always begin with a capital - letter. -* For global variables... well, you shouldn't have any, so it doesn't matter. -* Class data members begin with `m_`, static data members begin with `s_`. - Global variables begin with `g_`. This is so the scope of the corresponding - declaration can be easily determined. -* Avoid underscores in your names, especially leading or trailing underscores. - In particular, leading underscores should be avoided, as these are often used - in standard library code, so to use them in your own code looks quite jarring. -* If you really have to write a macro for some reason, then make it all caps, - with underscores to separate the words. And obviously make sure that its name - is unlikely to clash with symbols used in other libraries or 3rd party code. - -## Types, const-correctness - -* If a method can (and should!) be const, make it const! -* If a method definitely doesn't throw an exception (be careful!), mark it as - `noexcept` -* When returning a temporary object, e.g. a String, the returned object should - be non-const, so that if the class has a C++11 move operator, it can be used. -* If a local variable can be const, then make it const! -* Remember that pointers can be const as well as primitives; For example, if - you have a `char*` whose contents are going to be altered, you may still be - able to make the pointer itself const, e.g. `char* const foobar = getFoobar();`. -* Do not declare all your local variables at the top of a function or method - (i.e. in the old-fashioned C-style). Declare them at the last possible moment, - and give them as small a scope as possible. -* Object parameters should be passed as `const&` wherever possible. Only - pass a parameter as a copy-by-value object if you really need to mutate - a local copy inside the method, and if making a local copy inside the method - would be difficult. -* Use portable `for()` loop variable scoping (i.e. do not have multiple for - loops in the same scope that each re-declare the same variable name, as - this fails on older compilers) -* When you're testing a pointer to see if it's null, never write - `if (myPointer)`. Always avoid that implicit cast-to-bool by writing it more - fully: `if (myPointer != nullptr)`. And likewise, never ever write - `if (! myPointer)`, instead always write `if (myPointer == nullptr)`. - It is more readable that way. -* Avoid C-style casts except when converting between primitive numeric types. - Some people would say "avoid C-style casts altogether", but `static_cast` is - a bit unreadable when you just want to cast an `int` to a `float`. But - whenever a pointer is involved, or a non-primitive object, always use - `static_cast`. And when you're reinterpreting data, always use - `reinterpret_cast`. -* Until C++ gets a universal 64-bit primitive type (part of the C++11 - standard), it's best to stick to the `int64` and `uint64` typedefs. - -## Object lifetime and ownership - -* Absolutely do NOT use `delete`, `deleteAndZero`, etc. There are very very few - situations where you can't use a `ScopedPointer` or some other automatic - lifetime management class. -* Do not use `new` unless there's no alternative. Whenever you type `new`, always - treat it as a failure to find a better solution. If a local variable can be - allocated on the stack rather than the heap, then always do so. -* Do not ever use `new` or `malloc` to allocate a C++ array. Always use a - `HeapBlock` instead. -* And just to make it doubly clear: Never use `malloc` or `calloc`. -* If a parent object needs to create and own some kind of child object, always - use composition as your first choice. If that's not possible (e.g. if the - child needs a pointer to the parent for its constructor), then use a - `ScopedPointer`. -* If possible, pass an object as a reference rather than a pointer. If possible, - make it a `const` reference. -* Obviously avoid static and global values. Sometimes there's no alternative, - but if there is an alternative, then use it, no matter how much effort it - involves. -* If allocating a local POD structure (e.g. an operating-system structure in - native code), and you need to initialise it with zeros, use the `= { 0 };` - syntax as your first choice for doing this. If for some reason that's not - appropriate, use the `zerostruct()` function, or in case that isn't suitable, - use `zeromem()`. Don't use `memset()`. - -## Classes - -* Declare a class's public section first, and put its constructors and - destructor first. Any protected items come next, and then private ones. -* Use the most restrictive access-specifier possible for each member. Prefer - `private` over `protected`, and `protected` over `public`. Don't expose - things unnecessarily. -* Preferred positioning for any inherited classes is to put them to the right - of the class name, vertically aligned, e.g.: - class Thing : public Foo, - private Bar - { - } -* Put a class's member variables (which should almost always be private, of course), - after all the public and protected method declarations. -* Any private methods can go towards the end of the class, after the member - variables. -* If your class does not have copy-by-value semantics, derive the class from - `Uncopyable`. -* If your class is likely to be leaked, then derive your class from - `LeakChecked<>`. -* Constructors that take a single parameter should be default be marked - `explicit`. Obviously there are cases where you do want implicit conversion, - but always think about it carefully before writing a non-explicit constructor. -* Do not use `NULL`, `null`, or 0 for a null-pointer. And especially never use - '0L', which is particulary burdensome. Use `nullptr` instead - this is the - C++2011 standard, so get used to it. There's a fallback definition for `nullptr` - in Beast, so it's always possible to use it even if your compiler isn't yet - C++2011 compliant. -* All the C++ 'guru' books and articles are full of excellent and detailed advice - on when it's best to use inheritance vs composition. If you're not already - familiar with the received wisdom in these matters, then do some reading! - -## Miscellaneous - -* `goto` statements should not be used at all, even if the alternative is - more verbose code. The only exception is when implementing an algorithm in - a function as a state machine. -* Don't use macros! OK, obviously there are many situations where they're the - right tool for the job, but treat them as a last resort. Certainly don't ever - use a macro just to hold a constant value or to perform any kind of function - that could have been done as a real inline function. And it goes without saying - that you should give them names which aren't going to clash with other code. - And `#undef` them after you've used them, if possible. -* When using the `++` or `--` operators, never use post-increment if - pre-increment could be used instead. Although it doesn't matter for - primitive types, it's good practice to pre-increment since this can be - much more efficient for more complex objects. In particular, if you're - writing a for loop, always use pre-increment, - e.g. `for (int = 0; i < 10; ++i)` -* Never put an "else" statement after a "return"! This is well-explained in the - LLVM coding standards...and a couple of other very good pieces of advice from - the LLVM standards are in there as well. -* When getting a possibly-null pointer and using it only if it's non-null, limit - the scope of the pointer as much as possible - e.g. Do NOT do this: - - Foo* f = getFoo (); - if (f != nullptr) - f->doSomething (); - // other code - f->doSomething (); // oops! f may be null! - - ..instead, prefer to write it like this, which reduces the scope of the - pointer, making it impossible to write code that accidentally uses a null - pointer: - - if (Foo* f = getFoo ()) - f->doSomethingElse (); - - // f is out-of-scope here, so impossible to use it if it's null - - (This also results in smaller, cleaner code) - -[1]: http://en.wikipedia.org/wiki/Don%27t_repeat_yourself -[2]: http://en.wikipedia.org/wiki/Indent_style#Allman_style +[1]: http://en.wikipedia.org/wiki/Indent_style#Allman_style diff --git a/doc/rippled-example.cfg b/doc/rippled-example.cfg index d57510222c..3f1e929367 100644 --- a/doc/rippled-example.cfg +++ b/doc/rippled-example.cfg @@ -1,880 +1,880 @@ -#------------------------------------------------------------------------------- -# -# Rippled Server Instance Configuration Example -# -#------------------------------------------------------------------------------- -# -# Contents -# -# 1. Peer Networking -# -# 2. Websocket Networking -# -# 3. RPC Networking -# -# 4. SMS Gateway -# -# 5. Ripple Protcol -# -# 6. HTTPS Client -# -# 7. Database -# -# 8. Diagnostics -# -#------------------------------------------------------------------------------- -# -# Purpose -# -# This file documents and provides examples of all rippled server process +#------------------------------------------------------------------------------- +# +# Rippled Server Instance Configuration Example +# +#------------------------------------------------------------------------------- +# +# Contents +# +# 1. Peer Networking +# +# 2. Websocket Networking +# +# 3. RPC Networking +# +# 4. SMS Gateway +# +# 5. Ripple Protcol +# +# 6. HTTPS Client +# +# 7. Database +# +# 8. Diagnostics +# +#------------------------------------------------------------------------------- +# +# Purpose +# +# This file documents and provides examples of all rippled server process # configuration options. When the rippled server instance is launched, it -# looks for a file with the following name: -# -# rippled.cfg -# -# For more information on where the rippled server instance searches for -# the file please visit the Ripple wiki. Specifically, the section explaining -# the --conf command line option: -# -# https://ripple.com/wiki/Rippled#--conf.3Dpath -# -# This file should be named rippled.cfg. This file is UTF-8 with Dos, UNIX, -# or Mac style end of lines. Blank lines and lines beginning with '#' are -# ignored. Undefined sections are reserved. No escapes are currently defined. -# -# -# -#------------------------------------------------------------------------------- -# -# 1. Peer Networking -# -#------------------- -# -# These settings control security and access attributes of the Peer to Peer -# server section of the rippled process. Peer Networking implements the -# Ripple Payment protocol. It is over peer connections that transactions -# and validations are passed from to machine to machine, to make up the -# components of closed ledgers. -# -# -# -# [ips] -# -# List of hostnames or ips where the Ripple protocol is served. For a starter -# list, you can either copy entries from: https://ripple.com/ripple.txt or if -# you prefer you can specify r.ripple.com 51235 -# -# One IPv4 address or domain names per line is allowed. A port may optionally -# be specified after adding a space to the address. By convention, if known, -# IPs are listed in from most to least trusted. -# -# Examples: -# 192.168.0.1 -# 192.168.0.1 3939 -# r.ripple.com 51235 -# -# This will give you a good, up-to-date list of addresses: -# -# [ips] -# r.ripple.com 51235 -# -# -# -# [ips_fixed] -# -# List of IP addresses or hostnames to which rippled should always attempt to -# maintain peer connections with. This is useful for manually forming private -# networks, for example to configure a validation server that connects to the -# Ripple network through a public-facing server, or for building a set -# of cluster peers. -# -# One IPv4 address or domain names per line is allowed. A port may optionally -# be specified after adding a space to the address. -# -# -# -# [peer_ip] -# -# IP address or domain to bind to allow external connections from peers. -# Defaults to not binding, which disallows external connections from peers. -# -# Examples: 0.0.0.0 - Bind on all interfaces. -# -# -# -# [peer_port] -# -# If peer_ip is supplied, corresponding port to bind to for peer connections. -# -# -# -# [peer_port_proxy] -# -# An optional, additional listening port number for peers. Incoming -# connections on this port will be required to provide a PROXY Protocol -# handshake, described in this document (external link): -# -# http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt -# -# The PROXY Protocol is a popular method used by elastic load balancing -# service providers such as Amazon, to identify the true IP address and -# port number of external incoming connections. -# -# In addition to enabling this setting, it will also be required to -# use your provider-specific control panel or administrative web page -# to configure your server instance to receive PROXY Protocol handshakes, -# and also to restrict access to your instance to the Elastic Load Balancer. -# -# -# -# [peer_private] -# -# 0 or 1. -# -# 0: Request peers to broadcast your address. Normal outbound peer connections [default] -# 1: Request peers not broadcast your address. Only connect to configured peers. -# -# -# -# [peers_max] -# -# The largest number of desired peer connections (incoming or outgoing). -# Cluster and fixed peers do not count towards this total. There are -# implementation-defined lower limits imposed on this value for security -# purposes. -# -# -# -# [peer_ssl_cipher_list] -# -# A colon delimited string with the allowed SSL cipher modes for peer. The -# choices for for ciphers are defined by the OpenSSL API function -# SSL_CTX_set_cipher_list, documented here (external link): -# -# http://pic.dhe.ibm.com/infocenter/tpfhelp/current/index.jsp?topic=%2Fcom.ibm.ztpf-ztpfdf.doc_put.cur%2Fgtpc2%2Fcpp_ssl_ctx_set_cipher_list.html -# -# The default setting is "ALL:!LOW:!EXP:!MD5:@STRENGTH", which allows -# non-authenticated peer connections (they are, however, secure). -# -# -# -# [node_seed] -# -# This is used for clustering. To force a particular node seed or key, the -# key can be set here. The format is the same as the validation_seed field. -# To obtain a validation seed, use the validation_create command. -# -# Examples: RASH BUSH MILK LOOK BAD BRIM AVID GAFF BAIT ROT POD LOVE -# shfArahZT9Q9ckTf3s1psJ7C7qzVN -# -# -# -# [cluster_nodes] -# -# To extend full trust to other nodes, place their node public keys here. -# Generally, you should only do this for nodes under common administration. -# Node public keys start with an 'n'. To give a node a name for identification -# place a space after the public key and then the name. -# -# -# -# [sntp_servers] -# -# IP address or domain of NTP servers to use for time synchronization. -# -# These NTP servers are suitable for rippled servers located in the United -# States: -# time.windows.com -# time.apple.com -# time.nist.gov -# pool.ntp.org -# -# -# -#------------------------------------------------------------------------------- -# -# 2. Websocket Networking -# -#------------------------ -# -# These settings control security and access attributes of the Websocket -# server section of the rippled process, primarily used to service -# client requests and backend applications. -# -# -# -# [websocket_public_ip] -# -# IP address or domain to bind to allow untrusted connections from clients. -# In the future, this option will go away and the peer_ip will accept -# websocket client connections. -# -# Examples: 0.0.0.0 - Bind on all interfaces. -# 127.0.0.1 - Bind on localhost interface. Only local programs may connect. -# -# -# -# [websocket_public_port] -# -# Port to bind to allow untrusted connections from clients. In the future, -# this option will go away and the peer_ip will accept websocket client -# connections. -# -# -# -# [websocket_public_secure] -# -# 0, 1 or 2. -# 0: Provide ws service for websocket_public_ip/websocket_public_port. -# 1: Provide both ws and wss service for websocket_public_ip/websocket_public_port. [default] -# 2: Provide wss service only for websocket_public_ip/websocket_public_port. -# -# Browser pages like the Ripple client will not be able to connect to a secure -# websocket connection if a self-signed certificate is used. As the Ripple -# reference client currently shares secrets with its server, this should be -# enabled. -# -# -# -# [websocket_ping_frequency] -# -# -# -# The amount of time to wait in seconds, before sending a websocket 'ping' -# message. Ping messages are used to determine if the remote end of the -# connection is no longer available. -# -# -# -# [websocket_ip] -# -# IP address or domain to bind to allow trusted ADMIN connections from backend -# applications. -# -# Examples: 0.0.0.0 - Bind on all interfaces. -# 127.0.0.1 - Bind on localhost interface. Only local programs may connect. -# -# -# -# [websocket_port] -# -# Port to bind to allow trusted ADMIN connections from backend applications. -# -# -# -# [websocket_secure] -# -# 0, 1, or 2. -# 0: Provide ws service only for websocket_ip/websocket_port. [default] -# 1: Provide ws and wss service for websocket_ip/websocket_port -# 2: Provide wss service for websocket_ip/websocket_port. -# -# -# -# [websocket_ssl_cert] -# -# Specify the path to the SSL certificate file in PEM format. -# This is not needed if the chain includes it. -# -# -# -# [websocket_ssl_chain] -# -# If you need a certificate chain, specify the path to the certificate chain -# here. The chain may include the end certificate. -# -# -# -# [websocket_ssl_key] -# -# Specify the filename holding the SSL key in PEM format. -# -# -# -#------------------------------------------------------------------------------- -# -# 3. RPC Networking -# -#------------------ -# -# This group of settings configures security and access attributes of the -# RPC server section of the rippled process, used to service both local -# and optional remote clients. -# -# -# -# [rpc_allow_remote] -# -# 0 or 1. -# -# 0: Allow RPC connections only from 127.0.0.1. [default] -# 1: Allow RPC connections from any IP. -# -# -# -# [rpc_admin_allow] -# -# Specify a list of IP addresses allowed to have admin access. One per line. -# If you want to test the output of non-admin commands add this section and -# just put an ip address not under your control. -# Defaults to 127.0.0.1. -# -# -# -# [rpc_admin_user] -# -# As a server, require this as the admin user to be specified. Also, require -# rpc_admin_user and rpc_admin_password to be checked for RPC admin functions. -# The request must specify these as the admin_user and admin_password in the -# request object. -# -# As a client, supply this to the server in the request object. -# -# -# -# [rpc_admin_password] -# -# As a server, require this as the admin password to be specified. Also, -# require rpc_admin_user and rpc_admin_password to be checked for RPC admin -# functions. The request must specify these as the admin_user and -# admin_password in the request object. -# -# As a client, supply this to the server in the request object. -# -# -# -# [rpc_ip] -# -# IP address or domain to bind to allow insecure RPC connections. -# Defaults to not binding, which disallows RPC connections. -# -# -# -# [rpc_port] -# -# If rpc_ip is supplied, corresponding port to bind to for peer connections. -# -# -# -# [rpc_user] -# -# As a server, require this user to be specified and require rpc_password to -# be checked for RPC access via the rpc_ip and rpc_port. The user and password -# must be specified via HTTP's basic authentication method. -# As a client, supply this to the server via HTTP's basic authentication -# method. -# -# -# -# [rpc_password] -# -# As a server, require this password to be specified and require rpc_user to -# be checked for RPC access via the rpc_ip and rpc_port. The user and password -# must be specified via HTTP's basic authentication method. -# As a client, supply this to the server via HTTP's basic authentication -# method. -# -# -# -# [rpc_startup] -# -# Specify a list of RPC commands to run at startup. -# -# Examples: -# { "command" : "server_info" } -# { "command" : "log_level", "partition" : "ripplecalc", "severity" : "trace" } -# -# -# -# [rpc_secure] -# -# 0 or 1. -# -# 0: Server certificates are not provided for RPC clients using SSL [default] -# 1: Client RPC connections wil be provided with SSL certificates. -# -# Note that if rpc_secure is enabled, it will also be necessary to configure +# looks for a file with the following name: +# +# rippled.cfg +# +# For more information on where the rippled server instance searches for +# the file please visit the Ripple wiki. Specifically, the section explaining +# the --conf command line option: +# +# https://ripple.com/wiki/Rippled#--conf.3Dpath +# +# This file should be named rippled.cfg. This file is UTF-8 with Dos, UNIX, +# or Mac style end of lines. Blank lines and lines beginning with '#' are +# ignored. Undefined sections are reserved. No escapes are currently defined. +# +# +# +#------------------------------------------------------------------------------- +# +# 1. Peer Networking +# +#------------------- +# +# These settings control security and access attributes of the Peer to Peer +# server section of the rippled process. Peer Networking implements the +# Ripple Payment protocol. It is over peer connections that transactions +# and validations are passed from to machine to machine, to make up the +# components of closed ledgers. +# +# +# +# [ips] +# +# List of hostnames or ips where the Ripple protocol is served. For a starter +# list, you can either copy entries from: https://ripple.com/ripple.txt or if +# you prefer you can specify r.ripple.com 51235 +# +# One IPv4 address or domain names per line is allowed. A port may optionally +# be specified after adding a space to the address. By convention, if known, +# IPs are listed in from most to least trusted. +# +# Examples: +# 192.168.0.1 +# 192.168.0.1 3939 +# r.ripple.com 51235 +# +# This will give you a good, up-to-date list of addresses: +# +# [ips] +# r.ripple.com 51235 +# +# +# +# [ips_fixed] +# +# List of IP addresses or hostnames to which rippled should always attempt to +# maintain peer connections with. This is useful for manually forming private +# networks, for example to configure a validation server that connects to the +# Ripple network through a public-facing server, or for building a set +# of cluster peers. +# +# One IPv4 address or domain names per line is allowed. A port may optionally +# be specified after adding a space to the address. +# +# +# +# [peer_ip] +# +# IP address or domain to bind to allow external connections from peers. +# Defaults to not binding, which disallows external connections from peers. +# +# Examples: 0.0.0.0 - Bind on all interfaces. +# +# +# +# [peer_port] +# +# If peer_ip is supplied, corresponding port to bind to for peer connections. +# +# +# +# [peer_port_proxy] +# +# An optional, additional listening port number for peers. Incoming +# connections on this port will be required to provide a PROXY Protocol +# handshake, described in this document (external link): +# +# http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt +# +# The PROXY Protocol is a popular method used by elastic load balancing +# service providers such as Amazon, to identify the true IP address and +# port number of external incoming connections. +# +# In addition to enabling this setting, it will also be required to +# use your provider-specific control panel or administrative web page +# to configure your server instance to receive PROXY Protocol handshakes, +# and also to restrict access to your instance to the Elastic Load Balancer. +# +# +# +# [peer_private] +# +# 0 or 1. +# +# 0: Request peers to broadcast your address. Normal outbound peer connections [default] +# 1: Request peers not broadcast your address. Only connect to configured peers. +# +# +# +# [peers_max] +# +# The largest number of desired peer connections (incoming or outgoing). +# Cluster and fixed peers do not count towards this total. There are +# implementation-defined lower limits imposed on this value for security +# purposes. +# +# +# +# [peer_ssl_cipher_list] +# +# A colon delimited string with the allowed SSL cipher modes for peer. The +# choices for for ciphers are defined by the OpenSSL API function +# SSL_CTX_set_cipher_list, documented here (external link): +# +# http://pic.dhe.ibm.com/infocenter/tpfhelp/current/index.jsp?topic=%2Fcom.ibm.ztpf-ztpfdf.doc_put.cur%2Fgtpc2%2Fcpp_ssl_ctx_set_cipher_list.html +# +# The default setting is "ALL:!LOW:!EXP:!MD5:@STRENGTH", which allows +# non-authenticated peer connections (they are, however, secure). +# +# +# +# [node_seed] +# +# This is used for clustering. To force a particular node seed or key, the +# key can be set here. The format is the same as the validation_seed field. +# To obtain a validation seed, use the validation_create command. +# +# Examples: RASH BUSH MILK LOOK BAD BRIM AVID GAFF BAIT ROT POD LOVE +# shfArahZT9Q9ckTf3s1psJ7C7qzVN +# +# +# +# [cluster_nodes] +# +# To extend full trust to other nodes, place their node public keys here. +# Generally, you should only do this for nodes under common administration. +# Node public keys start with an 'n'. To give a node a name for identification +# place a space after the public key and then the name. +# +# +# +# [sntp_servers] +# +# IP address or domain of NTP servers to use for time synchronization. +# +# These NTP servers are suitable for rippled servers located in the United +# States: +# time.windows.com +# time.apple.com +# time.nist.gov +# pool.ntp.org +# +# +# +#------------------------------------------------------------------------------- +# +# 2. Websocket Networking +# +#------------------------ +# +# These settings control security and access attributes of the Websocket +# server section of the rippled process, primarily used to service +# client requests and backend applications. +# +# +# +# [websocket_public_ip] +# +# IP address or domain to bind to allow untrusted connections from clients. +# In the future, this option will go away and the peer_ip will accept +# websocket client connections. +# +# Examples: 0.0.0.0 - Bind on all interfaces. +# 127.0.0.1 - Bind on localhost interface. Only local programs may connect. +# +# +# +# [websocket_public_port] +# +# Port to bind to allow untrusted connections from clients. In the future, +# this option will go away and the peer_ip will accept websocket client +# connections. +# +# +# +# [websocket_public_secure] +# +# 0, 1 or 2. +# 0: Provide ws service for websocket_public_ip/websocket_public_port. +# 1: Provide both ws and wss service for websocket_public_ip/websocket_public_port. [default] +# 2: Provide wss service only for websocket_public_ip/websocket_public_port. +# +# Browser pages like the Ripple client will not be able to connect to a secure +# websocket connection if a self-signed certificate is used. As the Ripple +# reference client currently shares secrets with its server, this should be +# enabled. +# +# +# +# [websocket_ping_frequency] +# +# +# +# The amount of time to wait in seconds, before sending a websocket 'ping' +# message. Ping messages are used to determine if the remote end of the +# connection is no longer available. +# +# +# +# [websocket_ip] +# +# IP address or domain to bind to allow trusted ADMIN connections from backend +# applications. +# +# Examples: 0.0.0.0 - Bind on all interfaces. +# 127.0.0.1 - Bind on localhost interface. Only local programs may connect. +# +# +# +# [websocket_port] +# +# Port to bind to allow trusted ADMIN connections from backend applications. +# +# +# +# [websocket_secure] +# +# 0, 1, or 2. +# 0: Provide ws service only for websocket_ip/websocket_port. [default] +# 1: Provide ws and wss service for websocket_ip/websocket_port +# 2: Provide wss service for websocket_ip/websocket_port. +# +# +# +# [websocket_ssl_cert] +# +# Specify the path to the SSL certificate file in PEM format. +# This is not needed if the chain includes it. +# +# +# +# [websocket_ssl_chain] +# +# If you need a certificate chain, specify the path to the certificate chain +# here. The chain may include the end certificate. +# +# +# +# [websocket_ssl_key] +# +# Specify the filename holding the SSL key in PEM format. +# +# +# +#------------------------------------------------------------------------------- +# +# 3. RPC Networking +# +#------------------ +# +# This group of settings configures security and access attributes of the +# RPC server section of the rippled process, used to service both local +# and optional remote clients. +# +# +# +# [rpc_allow_remote] +# +# 0 or 1. +# +# 0: Allow RPC connections only from 127.0.0.1. [default] +# 1: Allow RPC connections from any IP. +# +# +# +# [rpc_admin_allow] +# +# Specify a list of IP addresses allowed to have admin access. One per line. +# If you want to test the output of non-admin commands add this section and +# just put an ip address not under your control. +# Defaults to 127.0.0.1. +# +# +# +# [rpc_admin_user] +# +# As a server, require this as the admin user to be specified. Also, require +# rpc_admin_user and rpc_admin_password to be checked for RPC admin functions. +# The request must specify these as the admin_user and admin_password in the +# request object. +# +# As a client, supply this to the server in the request object. +# +# +# +# [rpc_admin_password] +# +# As a server, require this as the admin password to be specified. Also, +# require rpc_admin_user and rpc_admin_password to be checked for RPC admin +# functions. The request must specify these as the admin_user and +# admin_password in the request object. +# +# As a client, supply this to the server in the request object. +# +# +# +# [rpc_ip] +# +# IP address or domain to bind to allow insecure RPC connections. +# Defaults to not binding, which disallows RPC connections. +# +# +# +# [rpc_port] +# +# If rpc_ip is supplied, corresponding port to bind to for peer connections. +# +# +# +# [rpc_user] +# +# As a server, require this user to be specified and require rpc_password to +# be checked for RPC access via the rpc_ip and rpc_port. The user and password +# must be specified via HTTP's basic authentication method. +# As a client, supply this to the server via HTTP's basic authentication +# method. +# +# +# +# [rpc_password] +# +# As a server, require this password to be specified and require rpc_user to +# be checked for RPC access via the rpc_ip and rpc_port. The user and password +# must be specified via HTTP's basic authentication method. +# As a client, supply this to the server via HTTP's basic authentication +# method. +# +# +# +# [rpc_startup] +# +# Specify a list of RPC commands to run at startup. +# +# Examples: +# { "command" : "server_info" } +# { "command" : "log_level", "partition" : "ripplecalc", "severity" : "trace" } +# +# +# +# [rpc_secure] +# +# 0 or 1. +# +# 0: Server certificates are not provided for RPC clients using SSL [default] +# 1: Client RPC connections wil be provided with SSL certificates. +# +# Note that if rpc_secure is enabled, it will also be necessary to configure # the certificate file settings located in rpc_ssl_cert, rpc_ssl_chain, and -# rpc_ssl_key -# -# -# -# [rpc_ssl_cert] -# -# -# +# rpc_ssl_key +# +# +# +# [rpc_ssl_cert] +# +# +# # A file system path leading to the SSL certificate file to use for secure # RPC. The file is in PEM format. The file is not needed if the chain -# includes it. -# -# -# -# [rpc_ssl_chain] -# -# -# -# A file system path leading to the file with the certificate chain. -# The chain may include the end certificate. -# -# -# -# [rpc_ssl_key] -# -# -# -# A file system path leading to the file with the SSL key. -# The file is in PEM format. -# -# -# -#------------------------------------------------------------------------------- -# -# 4. SMS Gateway -# -#--------------- -# -# If you have a certain SMS messaging provider you can configure these -# settings to allow the rippled server instance to send an SMS text to the -# configured gateway in response to an admin-level RPC command "sms" with -# one parameter, 'text' containing the message to send. This allows backend -# applications to use the rippled instance to securely notify administrators -# of custom events or information via SMS gateway. -# -# When the 'sms' RPC command is issued, the configured SMS gateway will be -# contacted via HTTPS GET at the URL indicated by sms_url. The URI formed -# will be in this format: -# -# [sms_url]?from=[sms_from]&to=[sms_to]&api_key=[sms_key]&api_secret=[sms_secret]&text=['text'] -# -# Where [...] are the corresponding values from the configuration file, and -# ['test'] is the value of the JSON field with name 'text'. -# -# [sms_url] -# -# The URL to contact via HTTPS when sending SMS messages -# -# [sms_from] -# [sms_to] -# [sms_key] -# [sms_secret] -# -# These are all strings passed directly in the URI as query parameters -# to the provider of the SMS gateway. -# -# -# -#------------------------------------------------------------------------------- -# -# 5. Ripple Protocol -# -#------------------ -# -# These settings affect the behavior of the server instance with respect -# to Ripple payment protocol level activities such as validating and -# closing ledgers, establishing a quorum, or adjusting fees in response -# to server overloads. -# -# -# -# [node_size] -# -# Tunes the servers based on the expected load and available memory. Legal -# sizes are "tiny", "small", "medium", "large", and "huge". We recommend -# you start at the default and raise the setting if you have extra memory. -# The default is "tiny". -# -# -# -# [validation_quorum] -# -# Sets the minimum number of trusted validations a ledger must have before -# the server considers it fully validated. Note that if you are validating, -# your validation counts. -# -# -# -# [ledger_history] -# -# The number of past ledgers to acquire on server startup and the minimum to -# maintain while running. -# -# To serve clients, servers need historical ledger data. Servers that don't -# need to serve clients can set this to "none". Servers that want complete -# history can set this to "full". -# -# The default is: 256 -# -# -# -# [fetch_depth] -# -# The number of past ledgers to serve to other peers that request historical -# ledger data (or "full" for no limit). -# -# Servers that require low latency and high local performance may wish to -# restrict the historical ledgers they are willing to serve. Setting this -# below 32 can harm network stability as servers require easy access to -# recent history to stay in sync. Values below 128 are not recommended. -# -# The default is: full -# -# -# -# [validation_seed] -# -# To perform validation, this section should contain either a validation seed -# or key. The validation seed is used to generate the validation -# public/private key pair. To obtain a validation seed, use the -# validation_create command. -# -# Examples: RASH BUSH MILK LOOK BAD BRIM AVID GAFF BAIT ROT POD LOVE -# shfArahZT9Q9ckTf3s1psJ7C7qzVN -# -# -# -# [validators] -# -# List of nodes to always accept as validators. Nodes are specified by domain -# or public key. -# -# For domains, rippled will probe for https web servers at the specified -# domain in the following order: ripple.DOMAIN, www.DOMAIN, DOMAIN -# -# For public key entries, a comment may optionally be specified after adding -# a space to the public key. -# -# Examples: -# ripple.com -# n9KorY8QtTdRx7TVDpwnG9NvyxsDwHUKUEeDLY3AkiGncVaSXZi5 -# n9MqiExBcoG19UXwoLjBJnhsxEhAZMuWwJDRdkyDz1EkEkwzQTNt John Doe -# -# -# -# [validators_file] -# -# Path to file contain a list of nodes to always accept as validators. Use -# this to specify a file other than this file to manage your validators list. -# -# If this entry is not present or empty and no nodes from previous runs were -# found in the database, rippled will look for a validators.txt in the config -# directory. If not found there, it will attempt to retrieve the file from -# the [validators_site] web site. -# -# After specifying a different [validators_file] or changing the contents of -# the validators file, issue a RPC unl_load command to have rippled load the -# file. -# -# Specify the file by specifying its full path. -# -# Examples: -# C:/home/johndoe/ripple/validators.txt -# /home/johndoe/ripple/validators.txt -# -# -# -# [validators_site] -# -# Specifies where to find validators.txt for UNL boostrapping and RPC -# unl_network command. -# -# Example: ripple.com -# -# -# -# [path_search] -# When searching for paths, the default search aggressiveness. This can take -# exponentially more resources as the size is increased. -# -# The default is: 7 -# -# [path_search_fast] -# [path_search_max] -# When searching for paths, the minimum and maximum search aggressiveness. -# -# The default for 'path_search_fast' is 2. The default for 'path_search_max' is 10. -# -# [path_search_old] -# -# For clients that use the legacy path finding interfaces, the search -# agressivness to use. The default is 7. -# -# -# -#------------------------------------------------------------------------------- -# -# 6. HTTPS Client -# -#---------------- -# -# The rippled server instance uses HTTPS GET requests in a variety of -# circumstances, including but not limited to the SMS Messaging Gateway -# feature and also for contacting trusted domains to fetch information -# such as mapping an email address to a Ripple Payment Network address. -# -# [ssl_verify] -# -# 0 or 1. -# -# 0. HTTPS client connections will not verify certificates. -# 1. Certificates will be checked for HTTPS client connections . -# -# -# -# [ssl_verify_file] -# -# -# -# A file system path leading to the certificate verification file for -# HTTPS client requests. -# -# -# -# [ssl_verify_dir] -# -# -# -# -# A file system path leading to a file or directory containing the root -# certificates that the server will accept for verifying HTTP servers. -# Used only for outbound HTTPS client connections. -# -# -# -#------------------------------------------------------------------------------- -# -# 7. Database -# -#------------ -# -# rippled creates 4 SQLite database to hold bookkeeping information -# about transactions, local credentials, and various other things. -# It also creates the NodeDB, which holds all the objects that -# make up the current and historical ledgers. The size of the NodeDB -# grows in proportion to the amount of new data and the amount of -# historical data (a configurable setting). -# -# The performance of the underlying storage media where the NodeDB -# is placed can affect the performance of the server. Some virtual -# hosting providers offer high speed secondary storage, with the -# caveat that the data is not persisted across launches. If rippled -# runs in such an environment, it can be beneficial to configure the -# temp_db setting, which activates a secondary "look-aside" cache -# that can speed up the server. Some testing is suggested to determine -# if the temp_db setting is an improvement for your environment -# -# Partial pathnames will be considered relative to the location of -# the rippled.cfg file. -# -# [node_db] Settings for the NodeDB (required) -# [temp_db] Settings for the look-aside temporary db (optional) -# [import_db] Settings for performing a one-time import (optional) -# -# Format (without spaces): -# One or more lines of key / value pairs: -# '=' -# ... -# -# Examples: -# type=HyperLevelDB -# path=db/hyperldb -# compression=0 -# -# Choices for 'type' (not case-sensitive) -# RocksDB Use Facebook's RocksDB database (preferred) -# HyperLevelDB Use an improved version of LevelDB -# SQLite Use SQLite -# LevelDB Use Google's LevelDB database (deprecated) -# none Use no backend -# -# Required keys: -# path Location to store the database (all types) -# -# Optional keys: -# compression 0 for none, 1 for Snappy compression -# -# Notes: -# The 'node_db' entry configures the primary, persistent storage. -# -# The 'temp_db' configures a look-aside cache for high volume storage -# which doesn't necessarily persist between server launches. This -# is an optional configuration parameter. If it is left out then -# no look-aside database is created or used. -# -# The 'import_db' is used with the '--import' command line option to -# migrate the specified database into the current database given -# in the [node_db] section. -# -# [database_path] Path to the book-keeping databases. -# -# There are 4 book-keeping SQLite database that the server creates and -# maintains. If you omit this configuration setting, it will default to -# creating a directory called "db" located in the same place as your -# rippled.cfg file. -# -# -# -#------------------------------------------------------------------------------- -# -# 8. Diagnostics -# -#--------------- -# -# These settings are designed to help server administrators diagnose -# problems, and obtain detailed information about the activities being -# performed by the rippled process. -# -# -# -# [debug_logfile] -# -# Specifies were a debug logfile is kept. By default, no debug log is kept. -# Unless absolute, the path is relative the directory containing this file. -# -# Example: debug.log -# -# -# -# [insight] -# -# Configuration parameters for the Beast.Insight stats collection module. -# -# Insight is a module that collects information from the areas of rippled -# that have instrumentation. The configuration paramters control where the -# collection metrics are sent. The parameters are expressed as key = value -# pairs with no white space. The main parameter is the choice of server: -# -# "server" -# -# Choice of server to send metrics to. Currently the only choice is -# "statsd" which sends UDP packets to a StatsD daemon, which must be -# running while rippled is running. More information on StatsD is -# available here: -# https://github.com/b/statsd_spec -# -# When server=statsd, these additional keys are used: -# -# "address" The UDP address and port of the listening StatsD server, -# in the format, n.n.n.n:port. -# -# "prefix" A string prepended to each collected metric. This is used -# to distinguish between different running instances of rippled. -# -# If this section is missing, or the server type is unspecified or unknown, -# statistics are not collected or reported. -# -# Example: -# -# [insight] -# server=statsd -# address=192.168.0.95:4201 -# prefix=my_validator -# -#------------------------------------------------------------------------------- - -# Allow other peers to connect to this server. -# -[peer_ip] -0.0.0.0 - -[peer_port] -51235 - -# Allow untrusted clients to connect to this server. -# -[websocket_public_ip] -0.0.0.0 - -[websocket_public_port] -5006 - -# Provide trusted websocket ADMIN access to the localhost. -# -[websocket_ip] -127.0.0.1 - -[websocket_port] -6006 - -# Provide trusted json-rpc ADMIN access to the localhost. -# -[rpc_ip] -127.0.0.1 - -[rpc_port] -5005 - -[rpc_allow_remote] -0 - -[node_size] -medium - -# This is primary persistent datastore for rippled. This includes transaction -# metadata, account states, and ledger headers. Helpful information can be -# found here: https://ripple.com/wiki/NodeBackEnd -[node_db] -type=RocksDB -path=/var/lib/rippled/db/rocksdb -open_files=2000 -filter_bits=12 -cache_mb=256 -file_size_mb=8 -file_size_mult=2 - -[database_path] -/var/lib/rippled/db - -# This needs to be an absolute directory reference, not a relative one. -# Modify this value as required. -[debug_logfile] -/var/log/rippled/debug.log - -[sntp_servers] -time.windows.com -time.apple.com -time.nist.gov -pool.ntp.org - -# Where to find some other servers speaking the Ripple protocol. -# -[ips] -r.ripple.com 51235 - -# The latest validators can be obtained from -# https://ripple.com/ripple.txt -# -[validators] -n949f75evCHwgyP4fPVgaHqNHxUVN15PsJEZ3B3HnXPcPjcZAoy7 RL1 -n9MD5h24qrQqiyBC8aeqqCWvpiBiYQ3jxSr91uiDvmrkyHRdYLUj RL2 -n9L81uNCaPgtUJfaHh89gmdvXKAmSt5Gdsw2g1iPWaPkAHW5Nm4C RL3 -n9KiYM9CgngLvtRCQHZwgC2gjpdaZcCcbt3VboxiNFcKuwFVujzS RL4 -n9LdgEtkmGB9E2h3K4Vp7iGUaKuq23Zr32ehxiU8FWY7xoxbWTSA RL5 - -# Ditto. -[validation_quorum] -3 - -# Turn down default logging to save disk space in the long run. -# Valid values here are trace, debug, info, warning, error, and fatal -[rpc_startup] -{ "command": "log_level", "severity": "warning" } - -# Configure SSL for WebSockets. Not enabled by default because not everybody -# has an SSL cert on their server, but if you uncomment the following lines and -# set the path to the SSL certificate and private key the WebSockets protocol -# will be protected by SSL/TLS. -#[websocket_secure] -#1 - -#[websocket_ssl_cert] -#/etc/ssl/certs/server.crt - -#[websocket_ssl_key] -#/etc/ssl/private/server.key - -# Defaults to 0 ("no") so that you can use self-signed SSL certificates for -# development, or internally. -#[ssl_verify] -#0 - - +# includes it. +# +# +# +# [rpc_ssl_chain] +# +# +# +# A file system path leading to the file with the certificate chain. +# The chain may include the end certificate. +# +# +# +# [rpc_ssl_key] +# +# +# +# A file system path leading to the file with the SSL key. +# The file is in PEM format. +# +# +# +#------------------------------------------------------------------------------- +# +# 4. SMS Gateway +# +#--------------- +# +# If you have a certain SMS messaging provider you can configure these +# settings to allow the rippled server instance to send an SMS text to the +# configured gateway in response to an admin-level RPC command "sms" with +# one parameter, 'text' containing the message to send. This allows backend +# applications to use the rippled instance to securely notify administrators +# of custom events or information via SMS gateway. +# +# When the 'sms' RPC command is issued, the configured SMS gateway will be +# contacted via HTTPS GET at the URL indicated by sms_url. The URI formed +# will be in this format: +# +# [sms_url]?from=[sms_from]&to=[sms_to]&api_key=[sms_key]&api_secret=[sms_secret]&text=['text'] +# +# Where [...] are the corresponding values from the configuration file, and +# ['test'] is the value of the JSON field with name 'text'. +# +# [sms_url] +# +# The URL to contact via HTTPS when sending SMS messages +# +# [sms_from] +# [sms_to] +# [sms_key] +# [sms_secret] +# +# These are all strings passed directly in the URI as query parameters +# to the provider of the SMS gateway. +# +# +# +#------------------------------------------------------------------------------- +# +# 5. Ripple Protocol +# +#------------------ +# +# These settings affect the behavior of the server instance with respect +# to Ripple payment protocol level activities such as validating and +# closing ledgers, establishing a quorum, or adjusting fees in response +# to server overloads. +# +# +# +# [node_size] +# +# Tunes the servers based on the expected load and available memory. Legal +# sizes are "tiny", "small", "medium", "large", and "huge". We recommend +# you start at the default and raise the setting if you have extra memory. +# The default is "tiny". +# +# +# +# [validation_quorum] +# +# Sets the minimum number of trusted validations a ledger must have before +# the server considers it fully validated. Note that if you are validating, +# your validation counts. +# +# +# +# [ledger_history] +# +# The number of past ledgers to acquire on server startup and the minimum to +# maintain while running. +# +# To serve clients, servers need historical ledger data. Servers that don't +# need to serve clients can set this to "none". Servers that want complete +# history can set this to "full". +# +# The default is: 256 +# +# +# +# [fetch_depth] +# +# The number of past ledgers to serve to other peers that request historical +# ledger data (or "full" for no limit). +# +# Servers that require low latency and high local performance may wish to +# restrict the historical ledgers they are willing to serve. Setting this +# below 32 can harm network stability as servers require easy access to +# recent history to stay in sync. Values below 128 are not recommended. +# +# The default is: full +# +# +# +# [validation_seed] +# +# To perform validation, this section should contain either a validation seed +# or key. The validation seed is used to generate the validation +# public/private key pair. To obtain a validation seed, use the +# validation_create command. +# +# Examples: RASH BUSH MILK LOOK BAD BRIM AVID GAFF BAIT ROT POD LOVE +# shfArahZT9Q9ckTf3s1psJ7C7qzVN +# +# +# +# [validators] +# +# List of nodes to always accept as validators. Nodes are specified by domain +# or public key. +# +# For domains, rippled will probe for https web servers at the specified +# domain in the following order: ripple.DOMAIN, www.DOMAIN, DOMAIN +# +# For public key entries, a comment may optionally be specified after adding +# a space to the public key. +# +# Examples: +# ripple.com +# n9KorY8QtTdRx7TVDpwnG9NvyxsDwHUKUEeDLY3AkiGncVaSXZi5 +# n9MqiExBcoG19UXwoLjBJnhsxEhAZMuWwJDRdkyDz1EkEkwzQTNt John Doe +# +# +# +# [validators_file] +# +# Path to file contain a list of nodes to always accept as validators. Use +# this to specify a file other than this file to manage your validators list. +# +# If this entry is not present or empty and no nodes from previous runs were +# found in the database, rippled will look for a validators.txt in the config +# directory. If not found there, it will attempt to retrieve the file from +# the [validators_site] web site. +# +# After specifying a different [validators_file] or changing the contents of +# the validators file, issue a RPC unl_load command to have rippled load the +# file. +# +# Specify the file by specifying its full path. +# +# Examples: +# C:/home/johndoe/ripple/validators.txt +# /home/johndoe/ripple/validators.txt +# +# +# +# [validators_site] +# +# Specifies where to find validators.txt for UNL boostrapping and RPC +# unl_network command. +# +# Example: ripple.com +# +# +# +# [path_search] +# When searching for paths, the default search aggressiveness. This can take +# exponentially more resources as the size is increased. +# +# The default is: 7 +# +# [path_search_fast] +# [path_search_max] +# When searching for paths, the minimum and maximum search aggressiveness. +# +# The default for 'path_search_fast' is 2. The default for 'path_search_max' is 10. +# +# [path_search_old] +# +# For clients that use the legacy path finding interfaces, the search +# agressivness to use. The default is 7. +# +# +# +#------------------------------------------------------------------------------- +# +# 6. HTTPS Client +# +#---------------- +# +# The rippled server instance uses HTTPS GET requests in a variety of +# circumstances, including but not limited to the SMS Messaging Gateway +# feature and also for contacting trusted domains to fetch information +# such as mapping an email address to a Ripple Payment Network address. +# +# [ssl_verify] +# +# 0 or 1. +# +# 0. HTTPS client connections will not verify certificates. +# 1. Certificates will be checked for HTTPS client connections . +# +# +# +# [ssl_verify_file] +# +# +# +# A file system path leading to the certificate verification file for +# HTTPS client requests. +# +# +# +# [ssl_verify_dir] +# +# +# +# +# A file system path leading to a file or directory containing the root +# certificates that the server will accept for verifying HTTP servers. +# Used only for outbound HTTPS client connections. +# +# +# +#------------------------------------------------------------------------------- +# +# 7. Database +# +#------------ +# +# rippled creates 4 SQLite database to hold bookkeeping information +# about transactions, local credentials, and various other things. +# It also creates the NodeDB, which holds all the objects that +# make up the current and historical ledgers. The size of the NodeDB +# grows in proportion to the amount of new data and the amount of +# historical data (a configurable setting). +# +# The performance of the underlying storage media where the NodeDB +# is placed can affect the performance of the server. Some virtual +# hosting providers offer high speed secondary storage, with the +# caveat that the data is not persisted across launches. If rippled +# runs in such an environment, it can be beneficial to configure the +# temp_db setting, which activates a secondary "look-aside" cache +# that can speed up the server. Some testing is suggested to determine +# if the temp_db setting is an improvement for your environment +# +# Partial pathnames will be considered relative to the location of +# the rippled.cfg file. +# +# [node_db] Settings for the NodeDB (required) +# [temp_db] Settings for the look-aside temporary db (optional) +# [import_db] Settings for performing a one-time import (optional) +# +# Format (without spaces): +# One or more lines of key / value pairs: +# '=' +# ... +# +# Examples: +# type=HyperLevelDB +# path=db/hyperldb +# compression=0 +# +# Choices for 'type' (not case-sensitive) +# RocksDB Use Facebook's RocksDB database (preferred) +# HyperLevelDB Use an improved version of LevelDB +# SQLite Use SQLite +# LevelDB Use Google's LevelDB database (deprecated) +# none Use no backend +# +# Required keys: +# path Location to store the database (all types) +# +# Optional keys: +# compression 0 for none, 1 for Snappy compression +# +# Notes: +# The 'node_db' entry configures the primary, persistent storage. +# +# The 'temp_db' configures a look-aside cache for high volume storage +# which doesn't necessarily persist between server launches. This +# is an optional configuration parameter. If it is left out then +# no look-aside database is created or used. +# +# The 'import_db' is used with the '--import' command line option to +# migrate the specified database into the current database given +# in the [node_db] section. +# +# [database_path] Path to the book-keeping databases. +# +# There are 4 book-keeping SQLite database that the server creates and +# maintains. If you omit this configuration setting, it will default to +# creating a directory called "db" located in the same place as your +# rippled.cfg file. +# +# +# +#------------------------------------------------------------------------------- +# +# 8. Diagnostics +# +#--------------- +# +# These settings are designed to help server administrators diagnose +# problems, and obtain detailed information about the activities being +# performed by the rippled process. +# +# +# +# [debug_logfile] +# +# Specifies were a debug logfile is kept. By default, no debug log is kept. +# Unless absolute, the path is relative the directory containing this file. +# +# Example: debug.log +# +# +# +# [insight] +# +# Configuration parameters for the Beast.Insight stats collection module. +# +# Insight is a module that collects information from the areas of rippled +# that have instrumentation. The configuration paramters control where the +# collection metrics are sent. The parameters are expressed as key = value +# pairs with no white space. The main parameter is the choice of server: +# +# "server" +# +# Choice of server to send metrics to. Currently the only choice is +# "statsd" which sends UDP packets to a StatsD daemon, which must be +# running while rippled is running. More information on StatsD is +# available here: +# https://github.com/b/statsd_spec +# +# When server=statsd, these additional keys are used: +# +# "address" The UDP address and port of the listening StatsD server, +# in the format, n.n.n.n:port. +# +# "prefix" A string prepended to each collected metric. This is used +# to distinguish between different running instances of rippled. +# +# If this section is missing, or the server type is unspecified or unknown, +# statistics are not collected or reported. +# +# Example: +# +# [insight] +# server=statsd +# address=192.168.0.95:4201 +# prefix=my_validator +# +#------------------------------------------------------------------------------- + +# Allow other peers to connect to this server. +# +[peer_ip] +0.0.0.0 + +[peer_port] +51235 + +# Allow untrusted clients to connect to this server. +# +[websocket_public_ip] +0.0.0.0 + +[websocket_public_port] +5006 + +# Provide trusted websocket ADMIN access to the localhost. +# +[websocket_ip] +127.0.0.1 + +[websocket_port] +6006 + +# Provide trusted json-rpc ADMIN access to the localhost. +# +[rpc_ip] +127.0.0.1 + +[rpc_port] +5005 + +[rpc_allow_remote] +0 + +[node_size] +medium + +# This is primary persistent datastore for rippled. This includes transaction +# metadata, account states, and ledger headers. Helpful information can be +# found here: https://ripple.com/wiki/NodeBackEnd +[node_db] +type=RocksDB +path=/var/lib/rippled/db/rocksdb +open_files=2000 +filter_bits=12 +cache_mb=256 +file_size_mb=8 +file_size_mult=2 + +[database_path] +/var/lib/rippled/db + +# This needs to be an absolute directory reference, not a relative one. +# Modify this value as required. +[debug_logfile] +/var/log/rippled/debug.log + +[sntp_servers] +time.windows.com +time.apple.com +time.nist.gov +pool.ntp.org + +# Where to find some other servers speaking the Ripple protocol. +# +[ips] +r.ripple.com 51235 + +# The latest validators can be obtained from +# https://ripple.com/ripple.txt +# +[validators] +n949f75evCHwgyP4fPVgaHqNHxUVN15PsJEZ3B3HnXPcPjcZAoy7 RL1 +n9MD5h24qrQqiyBC8aeqqCWvpiBiYQ3jxSr91uiDvmrkyHRdYLUj RL2 +n9L81uNCaPgtUJfaHh89gmdvXKAmSt5Gdsw2g1iPWaPkAHW5Nm4C RL3 +n9KiYM9CgngLvtRCQHZwgC2gjpdaZcCcbt3VboxiNFcKuwFVujzS RL4 +n9LdgEtkmGB9E2h3K4Vp7iGUaKuq23Zr32ehxiU8FWY7xoxbWTSA RL5 + +# Ditto. +[validation_quorum] +3 + +# Turn down default logging to save disk space in the long run. +# Valid values here are trace, debug, info, warning, error, and fatal +[rpc_startup] +{ "command": "log_level", "severity": "warning" } + +# Configure SSL for WebSockets. Not enabled by default because not everybody +# has an SSL cert on their server, but if you uncomment the following lines and +# set the path to the SSL certificate and private key the WebSockets protocol +# will be protected by SSL/TLS. +#[websocket_secure] +#1 + +#[websocket_ssl_cert] +#/etc/ssl/certs/server.crt + +#[websocket_ssl_key] +#/etc/ssl/private/server.key + +# Defaults to 0 ("no") so that you can use self-signed SSL certificates for +# development, or internally. +#[ssl_verify] +#0 + +