#------------------------------------------------------------------------------- # # Rippled Server Instance Configuration Example # #------------------------------------------------------------------------------- # # Contents # # 1. Peer Networking # # 2. Websocket Networking # # 3. RPC Networking # # 4. SMS Gateway # # 5. Ripple Protcol # # 6. HTTPS Client # # 7. Database # # 8. Diagnostics # #------------------------------------------------------------------------------- # # Purpose # # This file documents and provides examples of all rippled server process # configuration options. When the rippled server instance is lanched, it looks # for a file with the following name: # # rippled.cfg # # For more information on where the rippled serer instance searches for # the file please visit the Ripple wiki. Specifically, the section explaining # the --conf command line option: # # https://ripple.com/wiki/Rippled#--conf.3Dpath # # This file should be named rippled.cfg. This file is UTF-8 with Dos, UNIX, # or Mac style end of lines. Blank lines and lines beginning with '#' are # ignored. Undefined sections are reserved. No escapes are currently defined. # # # #------------------------------------------------------------------------------- # # 1. Peer Networking # #------------------- # # These settings control security and access attributes of the Peer to Peer # server section of the rippled process. Peer Networking implements the # Ripple Payment protocol. It is over peer connections that transactions # and validations are passed from to machine to machine, to make up the # components of closed ledgers. # # # # [ips] # # List of ips where the Ripple protocol is served. For a starter list, # you can copy entries from: https://ripple.com/ripple.txt # # Domain names are not allowed. One ipv4 or ipv6 address per line. A port # may optionally be specified after adding a space to the address. By # convention, if known, IPs are listed in from most to least trusted. # # Examples: # 192.168.0.1 # 192.168.0.1 3939 # 2001:0db8:0100:f101:0210:a4ff:fee3:9566 # # Here's the recent set of good, well known addresses: # # [ips] # 54.225.112.220 51235 # 54.225.123.13 51235 # 54.227.239.106 51235 # 107.21.251.218 51235 # 184.73.226.101 51235 # 23.23.201.55 51235 # # # # [peer_ip] # # IP address or domain to bind to allow external connections from peers. # Defaults to not binding, which disallows external connections from peers. # # Examples: 0.0.0.0 - Bind on all interfaces. # # # # [peer_port] # # If peer_ip is supplied, corresponding port to bind to for peer connections. # # # # [peer_port_proxy] # # An optional, additional listening port number for peers. Incoming # connections on this port will be required to provide a PROXY Protocol # handshake, described in this document (external link): # # http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt # # The PROXY Protocol is a popular method used by elastic load balancing # service providers such as Amazon, to identify the true IP address and # port number of external incoming connections. # # In addition to enabling this setting, it will also be required to # use your provider-specific control panel or administrative web page # to configure your server instance to receive PROXY Protocol handshakes, # and also to restrict access to your instance to the Elastic Load Balancer. # # [peer_private] # # 0 or 1. # # 0: Request peers to broadcast your address. Normal outbound peer connections [default] # 1: Request peers not broadcast your address. Only connect to configured peers. # # # # [peer_ssl_cipher_list] # # A colon delimited string with the allowed SSL cipher modes for peer. The # choices for for ciphers are defined by the OpenSSL API function # SSL_CTX_set_cipher_list, documented here (external link): # # http://pic.dhe.ibm.com/infocenter/tpfhelp/current/index.jsp?topic=%2Fcom.ibm.ztpf-ztpfdf.doc_put.cur%2Fgtpc2%2Fcpp_ssl_ctx_set_cipher_list.html # # The default setting is "ALL:!LOW:!EXP:!MD5:@STRENGTH", which allows # non-authenticated peer connections (they are, however, secure). # # # # [node_seed] # # This is used for clustering. To force a particular node seed or key, the # key can be set here. The format is the same as the validation_seed field. # To obtain a validation seed, use the validation_create command. # # Examples: RASH BUSH MILK LOOK BAD BRIM AVID GAFF BAIT ROT POD LOVE # shfArahZT9Q9ckTf3s1psJ7C7qzVN # # # # [cluster_nodes] # # To extend full trust to other nodes, place their node public keys here. # Generally, you should only do this for nodes under common administration. # Node public keys start with an 'n'. To give a node a name for identification # place a space after the public key and then the name. # # # # [sntp_servers] # # IP address or domain of NTP servers to use for time synchronization. # # These NTP servers are suitable for rippled servers located in the United # States: # time.windows.com # time.apple.com # time.nist.gov # pool.ntp.org # # # #------------------------------------------------------------------------------- # # 2. Websocket Networking # #------------------------ # # These settings control security and access attributes of the Websocket # server section of the rippled process, primarily used to service # client requests and backend applications. # # # # [websocket_public_ip] # # IP address or domain to bind to allow untrusted connections from clients. # In the future, this option will go away and the peer_ip will accept # websocket client connections. # # Examples: 0.0.0.0 - Bind on all interfaces. # 127.0.0.1 - Bind on localhost interface. Only local programs may connect. # # # # [websocket_public_port] # # Port to bind to allow untrusted connections from clients. In the future, # this option will go away and the peer_ip will accept websocket client # connections. # # # # [websocket_public_secure] # # 0, 1 or 2. # 0: Provide ws service for websocket_public_ip/websocket_public_port. # 1: Provide both ws and wss service for websocket_public_ip/websocket_public_port. [default] # 2: Provide wss service only for websocket_public_ip/websocket_public_port. # # Browser pages like the Ripple client will not be able to connect to a secure # websocket connection if a self-signed certificate is used. As the Ripple # reference client currently shares secrets with its server, this should be # enabled. # # # # [websocket_ping_frequency] # # # # The amount of time to wait in seconds, before sending a websocket 'ping' # message. Ping messages are used to determine if the remote end of the # connection is no longer availabile. # # # # [websocket_ip] # # IP address or domain to bind to allow trusted ADMIN connections from backend # applications. # # Examples: 0.0.0.0 - Bind on all interfaces. # 127.0.0.1 - Bind on localhost interface. Only local programs may connect. # # # # [websocket_port] # # Port to bind to allow trusted ADMIN connections from backend applications. # # # # [websocket_secure] # # 0, 1, or 2. # 0: Provide ws service only for websocket_ip/websocket_port. [default] # 1: Provide ws and wss service for websocket_ip/websocket_port # 2: Provide wss service for websocket_ip/websocket_port. # # # # [websocket_ssl_cert] # # Specify the path to the SSL certificate file in PEM format. # This is not needed if the chain includes it. # # # # [websocket_ssl_chain] # # If you need a certificate chain, specify the path to the certificate chain # here. The chain may include the end certificate. # # # # [websocket_ssl_key] # # Specify the filename holding the SSL key in PEM format. # # # #------------------------------------------------------------------------------- # # 3. RPC Networking # #------------------ # # This group of settings configures security and access attributes of the # RPC server section of the rippled process, used to service both local # an optional remote clients. # # # # [rpc_allow_remote] # # 0 or 1. # # 0: Allow RPC connections only from 127.0.0.1. [default] # 1: Allow RPC connections from any IP. # # # # [rpc_admin_allow] # # Specify an list of IP addresses allowed to have admin access. One per line. # If you want to test the output of non-admin commands add this section and # just put an ip address not under your control. # Defaults to 127.0.0.1. # # # # [rpc_admin_user] # # As a server, require this as the admin user to be specified. Also, require # rpc_admin_user and rpc_admin_password to be checked for RPC admin functions. # The request must specify these as the admin_user and admin_password in the # request object. # # As a client, supply this to the server in the request object. # # # # [rpc_admin_password] # # As a server, require this as the admin pasword to be specified. Also, # require rpc_admin_user and rpc_admin_password to be checked for RPC admin # functions. The request must specify these as the admin_user and # admin_password in the request object. # # As a client, supply this to the server in the request object. # # # # [rpc_ip] # # IP address or domain to bind to allow insecure RPC connections. # Defaults to not binding, which disallows RPC connections. # # # # [rpc_port] # # If rpc_ip is supplied, corresponding port to bind to for peer connections. # # # # [rpc_user] # # As a server, require a this user to specified and require rpc_password to # be checked for RPC access via the rpc_ip and rpc_port. The user and password # must be specified via HTTP's basic authentication method. # As a client, supply this to the server via HTTP's basic authentication # method. # # # # [rpc_password] # # As a server, require a this password to specified and require rpc_user to # be checked for RPC access via the rpc_ip and rpc_port. The user and password # must be specified via HTTP's basic authentication method. # As a client, supply this to the server via HTTP's basic authentication # method. # # # # [rpc_startup] # # Specify a list of RPC commands to run at startup. # # Examples: # { "command" : "server_info" } # { "command" : "log_level", "partition" : "ripplecalc", "severity" : "trace" } # # # # [rpc_secure] # # 0 or 1. # # 0: Server certificates are not provided for RPC clients using SSL [default] # 1: Client RPC connections wil be provided with SSL certificates. # # Note that if rpc_secure is enabled, it will also be necessasry to configure the # certificate file settings located in rpc_ssl_cert, rpc_ssl_chain, and rpc_ssl_key # # # # [rpc_ssl_cert] # # # # A file system path leading to the SSL certificate file to use for secure RPC. # The file is in PEM format. The file is not needed if the chain includes it. # # # # [rpc_ssl_chain] # # # # A file system path leading to the file with the certificate chain. # The chain may include the end certificate. # # # # [rpc_ssl_key] # # # # A file system path leading to the file with the SSL key. # The file is in PEM format. # # # #------------------------------------------------------------------------------- # # 4. SMS Gateway # #--------------- # # If you have a certain SMS messaging provider you can configure these # settings to allow the rippled server instance to send an SMS text to the # configured gateway in response to an admin-level RPC command "sms" with # one parameter, 'text' containing the message to send. This allows backend # applications to use the rippled instance to securely notify administrators # of custom events or information via SMS gateway. # # When the 'sms' RPC command is issued, the configured SMS gateway will be # contacted via HTTPS GET at the URL indicated by sms_url. The URI formed # will be in this format: # # [sms_url]?from=[sms_from]&to=[sms_to]&api_key=[sms_key]&api_secret=[sms_secret]&text=['text'] # # Where [...] are the corresponding valus from the configuration file, and # ['test'] is the value of the JSON field with name 'text'. # # [sms_url] # # The URL to contact via HTTPS when sending SMS messages # # [sms_from] # [sms_to] # [sms_key] # [sms_secret] # # These are all strings passed directly in the URI as query parameters # to the provider of the SMS gateway. # # # #------------------------------------------------------------------------------- # # 5. Ripple Protocol # #------------------ # # These settings affect the behavior of the server instance with respect # to Ripple payment protocol level activities such as validating and # closing ledgers, establishing a quorum, or adjusting fees in response # to server overloads. # # # # [node_size] # # Tunes the servers based on the expected load and available memory. Legal # sizes are "tiny", "small", "medium", "large", and "huge". We recommend # you start at the default and raise the setting if you have extra memory. # The default is "tiny". # # # # [validation_quorum] # # Sets the minimum number of trusted validations a ledger must have before # the server considers it fully validated. Note that if you are validating, # your validation counts. # # # # [ledger_history] # # The number of past ledgers to acquire on server startup and the minimum to # maintain while running. # # To serve clients, servers need historical ledger data. Servers that don't # need to serve clients can set this to "none". Servers that want complete # history can set this to "full". # # The default is: 256 # # # # [validation_seed] # # To perform validation, this section should contain either a validation seed # or key. The validation seed is used to generate the validation # public/private key pair. To obtain a validation seed, use the # validation_create command. # # Examples: RASH BUSH MILK LOOK BAD BRIM AVID GAFF BAIT ROT POD LOVE # shfArahZT9Q9ckTf3s1psJ7C7qzVN # # # # [validators] # # List of nodes to always accept as validators. Nodes are specified by domain # or public key. # # For domains, rippled will probe for https web servers at the specified # domain in the following order: ripple.DOMAIN, www.DOMAIN, DOMAIN # # For public key entries, a comment may optionally be spcified after adding a # space to the pulic key. # # Examples: # ripple.com # n9KorY8QtTdRx7TVDpwnG9NvyxsDwHUKUEeDLY3AkiGncVaSXZi5 # n9MqiExBcoG19UXwoLjBJnhsxEhAZMuWwJDRdkyDz1EkEkwzQTNt John Doe # # # # [validators_file] # # Path to file contain a list of nodes to always accept as validators. Use # this to specify a file other than this file to manage your validators list. # # If this entry is not present or empty and no nodes from previous runs were # found in the database, rippled will look for a validators.txt in the config # directory. If not found there, it will attempt to retrieve the file from # the [validators_site] web site. # # After specifying a different [validators_file] or changing the contents of # the validators file, issue a RPC unl_load command to have rippled load the # file. # # Specify the file by specifying its full path. # # Examples: # C:/home/johndoe/ripple/validators.txt # /home/johndoe/ripple/validators.txt # # # # [validators_site] # # Specifies where to find validators.txt for UNL boostrapping and RPC # unl_network command. # # Example: ripple.com # # # # [path_search] # When searching for paths, the default search aggressiveness. This can take # exponentially more resources as the size is increased. # # The default is: 7 # # [path_search_fast] # [path_search_max] # When seaching for paths, the minimum and maximum search aggressiveness. # # The default for 'path_search_fast' is 2. The default for 'path_search_max' is 10. # # [path_search_old] # # For clients that use the legacy path finding interfaces, the search # agressiveness to use. The default is 7. # # # #------------------------------------------------------------------------------- # # 6. HTTPS Client # #---------------- # # The rippled server instance uses HTTPS GET requests in a variety of # circumstances, including but not limited to the SMS Messaging Gateway # feature and also for contacting trusted domains to fetch information # such as mapping an email address to a Ripple Payment Network address. # # [ssl_verify] # # 0 or 1. # # 0. HTTPS client connections will not verify certificates. # 1. Certificates will be checked for HTTPS client connections . # # # # [ssl_verify_file] # # # # A file system path leading to the certificate verification file for # HTTPS client requests. # # # # [ssl_verify_dir] # # # # # A file system path leading to a file or directory containing the root # certificates that the server will accept for verifying HTTP servers. # Used only for outbound HTTPS client connections. # # # #------------------------------------------------------------------------------- # # 7. Database # #------------ # # rippled creates 4 SQLite database to hold bookkeeping information # about transactions, local credentials, and various other things. # It also creates the NodeDB, which holds all the objects that # make up the current and historical ledgers. The size of the NodeDB # grows in proportion to the amount of new data and the amount of # historical data (a configurable setting). # # The performance of the underlying storage media where the NodeDB # is placed can affect the performance of the server. Some virtual # hosting providers offer high speed secondary storage, with the # caveat that the data is not persisted across launches. If rippled # runs in such an environment, it can be beneficial to configure the # temp_db setting, which activates a secondary "look-aside" cache # that can speed up the server. Some testing is suggested to determine # if the temp_db setting is an improvement for your environment # # Partial pathnames will be considered relative to the location of # the rippled.cfg file. # # [node_db] Settings for the NodeDB (required) # [temp_db] Settings for the look-aside temporary db (optional) # [import_db] Settings for performing a one-time import (optional) # # Format (without spaces): # One or more lines of key / value pairs: # '=' # ... # # Examples: # type=HyperLevelDB # path=db/hyperldb # # Choices for 'type' (not case-sensitive) # HyperLevelDB Use an improved version of LevelDB (preferred) # LevelDB Use Google's LevelDB database (deprecated) # MDB Use MDB # none Use no backend # SQLite Use SQLite # # Required keys: # path Location to store the database (all types) # # Optional keys: # (none yet) # # Notes: # The 'node_db' entry configures the primary, persistent storage. # # The 'temp_db' configures a look-aside cache for high volume storage # which doesn't necessarily persist between server launches. This # is an optional configuration parameter. If it is left out then # no look-aside database is created or used. # # The 'import_db' is used with the '--import' command line option to # migrate the specified database into the current database given # in the [node_db] section. # # [database_path] Path to the book-keeping databases. # # There are 4 book-keeping SQLite database that the server creates and # maintains. If you omit this configuration setting, it will default to # creating a directory called "db" located in the same place as your # rippled.cfg file. # # # #------------------------------------------------------------------------------- # # 8. Diagnostics # #--------------- # # These settings are designed to help server administrators diagnose # problems, and obtain detailed information about the activities being # performed by the rippled process. # # # # [debug_logfile] # # Specifies were a debug logfile is kept. By default, no debug log is kept. # Unless absolute, the path is relative the directory containing this file. # # Example: debug.log # # # #------------------------------------------------------------------------------- # Allow other peers to connect to this server. # [peer_ip] 0.0.0.0 [peer_port] 51235 # Allow untrusted clients to connect to this server. # [websocket_public_ip] 0.0.0.0 [websocket_public_port] 5006 # Provide trusted websocket ADMIN access to the localhost. # [websocket_ip] 127.0.0.1 [websocket_port] 6006 # Provide trusted json-rpc ADMIN access to the localhost. # [rpc_ip] 127.0.0.1 [rpc_port] 5005 [rpc_allow_remote] 0 [node_size] medium # Note that HyperLevelDB is unavailable on Windows platforms # [node_db] type=HyperLevelDB path=db/hyperldb [debug_logfile] log/debug.log [sntp_servers] time.windows.com time.apple.com time.nist.gov pool.ntp.org # Where to find some other servers speaking the Ripple protocol. # This set of addresses is recent as of September 5, 2013 # [ips] 54.225.112.220 51235 54.225.123.13 51235 54.227.239.106 51235 107.21.251.218 51235 184.73.226.101 51235 23.23.201.55 51235