diff --git a/rippled-example.cfg b/rippled-example.cfg index a0c5bfdc6..265f07ad4 100644 --- a/rippled-example.cfg +++ b/rippled-example.cfg @@ -1,23 +1,512 @@ +#------------------------------------------------------------------------------- # -# Sample rippled.cfg +# Rippled Server Instance Configuration Example # -# This file contains configuration information for rippled. +#------------------------------------------------------------------------------- # -# Rippled when launched attempts to find this file. For details, refer to the -# wiki page for --conf command line option: -# https://ripple.com/wiki/Rippled#--conf.3Dpath +# Contents # -# This file should be named rippled.cfg. This file is UTF-8 with Dos, UNIX, or -# Mac style end of lines. Blank lines and lines beginning with '#' are -# ignored. Undefined sections are reserved. No escapes are currently defined. +# 1. Peer Networking +# +# 2. Websocket Networking +# +# 3. RPC Networking +# +# 4. SMS Gateway +# +# 5. Ripple Protcol +# +# 6. HTTPS Client +# +# 7. Database +# +# 8. Diagnostics +# +#------------------------------------------------------------------------------- +# +# Purpose +# +# This file documents and provides examples of all rippled server process +# configuration options. When the rippled server instance is lanched, it looks +# for a file with the following name: +# +# rippled.cfg +# +# For more information on where the rippled serer instance searches for +# the file please visit the Ripple wiki. Specifically, the section explaining +# the --conf command line option: +# +# https://ripple.com/wiki/Rippled#--conf.3Dpath +# +# This file should be named rippled.cfg. This file is UTF-8 with Dos, UNIX, +# or Mac style end of lines. Blank lines and lines beginning with '#' are +# ignored. Undefined sections are reserved. No escapes are currently defined. +# +# +# +#------------------------------------------------------------------------------- +# +# 1. Peer Networking +# +#------------------- +# +# These settings control security and access attributes of the Peer to Peer +# server section of the rippled process. Peer Networking implements the +# Ripple Payment protocol. It is over peer connections that transactions +# and validations are passed from to machine to machine, to make up the +# components of closed ledgers. +# +# +# +# [ips] +# +# List of ips where the Ripple protocol is served. For a starter list, +# you can copy entries from: https://ripple.com/ripple.txt +# +# Domain names are not allowed. One ipv4 or ipv6 address per line. A port +# may optionally be specified after adding a space to the address. By +# convention, if known, IPs are listed in from most to least trusted. +# +# Examples: +# 192.168.0.1 +# 192.168.0.1 3939 +# 2001:0db8:0100:f101:0210:a4ff:fee3:9566 +# +# Here's the recent set of good, well known addresses: +# +# [ips] +# 54.225.112.220 51235 +# 54.225.123.13 51235 +# 54.227.239.106 51235 +# 107.21.251.218 51235 +# 184.73.226.101 51235 +# 23.23.201.55 51235 +# +# +# +# [peer_ip] +# +# IP address or domain to bind to allow external connections from peers. +# Defaults to not binding, which disallows external connections from peers. +# +# Examples: 0.0.0.0 - Bind on all interfaces. +# +# +# +# [peer_port] +# +# If peer_ip is supplied, corresponding port to bind to for peer connections. +# +# +# +# [peer_port_proxy] +# +# An optional, additional listening port number for peers. Incoming +# connections on this port will be required to provide a PROXY Protocol +# handshake, described in this document (external link): +# +# http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt +# +# The PROXY Protocol is a popular method used by elastic load balancing +# service providers such as Amazon, to identify the true IP address and +# port number of external incoming connections. +# +# In addition to enabling this setting, it will also be required to +# use your provider-specific control panel or administrative web page +# to configure your server instance to receive PROXY Protocol handshakes, +# and also to restrict access to your instance to the Elastic Load Balancer. +# +# [peer_private] +# +# 0 or 1. +# +# 0: request peers to broadcast your address. [default] +# 1: request peers not broadcast your address. +# +# +# +# [peer_ssl_cipher_list] +# +# A colon delimited string with the allowed SSL cipher modes for peer. The +# choices for for ciphers are defined by the OpenSSL API function +# SSL_CTX_set_cipher_list, documented here (external link): +# +# http://pic.dhe.ibm.com/infocenter/tpfhelp/current/index.jsp?topic=%2Fcom.ibm.ztpf-ztpfdf.doc_put.cur%2Fgtpc2%2Fcpp_ssl_ctx_set_cipher_list.html +# +# The default setting is "ALL:!LOW:!EXP:!MD5:@STRENGTH", which allows +# non-authenticated peer connections (they are, however, secure). +# +# +# +# [node_seed] +# +# This is used for clustering. To force a particular node seed or key, the +# key can be set here. The format is the same as the validation_seed field. +# To obtain a validation seed, use the validation_create command. +# +# Examples: RASH BUSH MILK LOOK BAD BRIM AVID GAFF BAIT ROT POD LOVE +# shfArahZT9Q9ckTf3s1psJ7C7qzVN +# +# +# +# [cluster_nodes] +# +# To extend full trust to other nodes, place their node public keys here. +# Generally, you should only do this for nodes under common administration. +# Node public keys start with an 'n'. To give a node a name for identification +# place a space after the public key and then the name. +# +# +# +# [sntp_servers] +# +# IP address or domain of NTP servers to use for time synchronization. +# +# These NTP servers are suitable for rippled servers located in the United +# States: +# time.windows.com +# time.apple.com +# time.nist.gov +# pool.ntp.org +# +# +# +#------------------------------------------------------------------------------- +# +# 2. Websocket Networking +# +#------------------------ +# +# These settings control security and access attributes of the Websocket +# server section of the rippled process, primarily used to service +# client requests and backend applications. +# +# +# +# [websocket_public_ip] +# +# IP address or domain to bind to allow untrusted connections from clients. +# In the future, this option will go away and the peer_ip will accept +# websocket client connections. +# +# Examples: 0.0.0.0 - Bind on all interfaces. +# 127.0.0.1 - Bind on localhost interface. Only local programs may connect. +# +# +# +# [websocket_public_port] +# +# Port to bind to allow untrusted connections from clients. In the future, +# this option will go away and the peer_ip will accept websocket client +# connections. +# +# +# +# [websocket_public_secure] +# +# 0, 1 or 2. +# 0: Provide ws service for websocket_public_ip/websocket_public_port. +# 1: Provide both ws and wss service for websocket_public_ip/websocket_public_port. [default] +# 2: Provide wss service only for websocket_public_ip/websocket_public_port. +# +# Browser pages like the Ripple client will not be able to connect to a secure +# websocket connection if a self-signed certificate is used. As the Ripple +# reference client currently shares secrets with its server, this should be +# enabled. +# +# +# +# [websocket_ping_frequency] +# +# +# +# The amount of time to wait in seconds, before sending a websocket 'ping' +# message. Ping messages are used to determine if the remote end of the +# connection is no longer availabile. +# +# +# +# [websocket_ip] +# +# IP address or domain to bind to allow trusted ADMIN connections from backend +# applications. +# +# Examples: 0.0.0.0 - Bind on all interfaces. +# 127.0.0.1 - Bind on localhost interface. Only local programs may connect. +# +# +# +# [websocket_port] +# +# Port to bind to allow trusted ADMIN connections from backend applications. +# +# +# +# [websocket_secure] +# +# 0, 1, or 2. +# 0: Provide ws service only for websocket_ip/websocket_port. [default] +# 1: Provide ws and wss service for websocket_ip/websocket_port +# 2: Provide wss service for websocket_ip/websocket_port. +# +# +# +# [websocket_ssl_cert] +# +# Specify the path to the SSL certificate file in PEM format. +# This is not needed if the chain includes it. +# +# +# +# [websocket_ssl_chain] +# +# If you need a certificate chain, specify the path to the certificate chain +# here. The chain may include the end certificate. +# +# +# +# [websocket_ssl_key] +# +# Specify the filename holding the SSL key in PEM format. +# +# +# +#------------------------------------------------------------------------------- +# +# 3. RPC Networking +# +#------------------ +# +# This group of settings configures security and access attributes of the +# RPC server section of the rippled process, used to service both local +# an optional remote clients. +# +# +# +# [rpc_allow_remote] +# +# 0 or 1. +# +# 0: Allow RPC connections only from 127.0.0.1. [default] +# 1: Allow RPC connections from any IP. +# +# +# +# [rpc_admin_allow] +# +# Specify an list of IP addresses allowed to have admin access. One per line. +# If you want to test the output of non-admin commands add this section and +# just put an ip address not under your control. +# Defaults to 127.0.0.1. +# +# +# +# [rpc_admin_user] +# +# As a server, require this as the admin user to be specified. Also, require +# rpc_admin_user and rpc_admin_password to be checked for RPC admin functions. +# The request must specify these as the admin_user and admin_password in the +# request object. +# +# As a client, supply this to the server in the request object. +# +# +# +# [rpc_admin_password] +# +# As a server, require this as the admin pasword to be specified. Also, +# require rpc_admin_user and rpc_admin_password to be checked for RPC admin +# functions. The request must specify these as the admin_user and +# admin_password in the request object. +# +# As a client, supply this to the server in the request object. +# +# +# +# [rpc_ip] +# +# IP address or domain to bind to allow insecure RPC connections. +# Defaults to not binding, which disallows RPC connections. +# +# +# +# [rpc_port] +# +# If rpc_ip is supplied, corresponding port to bind to for peer connections. +# +# +# +# [rpc_user] +# +# As a server, require a this user to specified and require rpc_password to +# be checked for RPC access via the rpc_ip and rpc_port. The user and password +# must be specified via HTTP's basic authentication method. +# As a client, supply this to the server via HTTP's basic authentication +# method. +# +# +# +# [rpc_password] +# +# As a server, require a this password to specified and require rpc_user to +# be checked for RPC access via the rpc_ip and rpc_port. The user and password +# must be specified via HTTP's basic authentication method. +# As a client, supply this to the server via HTTP's basic authentication +# method. +# +# +# +# [rpc_startup] +# +# Specify a list of RPC commands to run at startup. +# +# Examples: +# { "command" : "server_info" } +# { "command" : "log_level", "partition" : "ripplecalc", "severity" : "trace" } +# +# +# +# [rpc_secure] +# +# 0 or 1. +# +# 0: Server certificates are not provided for RPC clients using SSL [default] +# 1: Client RPC connections wil be provided with SSL certificates. +# +# Note that if rpc_secure is enabled, it will also be necessasry to configure the +# certificate file settings located in rpc_ssl_cert, rpc_ssl_chain, and rpc_ssl_key +# +# +# +# [rpc_ssl_cert] +# +# +# +# A file system path leading to the SSL certificate file to use for secure RPC. +# The file is in PEM format. The file is not needed if the chain includes it. +# +# +# +# [rpc_ssl_chain] +# +# +# +# A file system path leading to the file with the certificate chain. +# The chain may include the end certificate. +# +# +# +# [rpc_ssl_key] +# +# +# +# A file system path leading to the file with the SSL key. +# The file is in PEM format. +# +# +# +#------------------------------------------------------------------------------- +# +# 4. SMS Gateway +# +#--------------- +# +# If you have a certain SMS messaging provider you can configure these +# settings to allow the rippled server instance to send an SMS text to the +# configured gateway in response to an admin-level RPC command "sms" with +# one parameter, 'text' containing the message to send. This allows backend +# applications to use the rippled instance to securely notify administrators +# of custom events or information via SMS gateway. +# +# When the 'sms' RPC command is issued, the configured SMS gateway will be +# contacted via HTTPS GET at the URL indicated by sms_url. The URI formed +# will be in this format: +# +# [sms_url]?from=[sms_from]&to=[sms_to]&api_key=[sms_key]&api_secret=[sms_secret]&text=['text'] +# +# Where [...] are the corresponding valus from the configuration file, and +# ['test'] is the value of the JSON field with name 'text'. +# +# [sms_url] +# +# The URL to contact via HTTPS when sending SMS messages +# +# [sms_from] +# [sms_to] +# [sms_key] +# [sms_secret] +# +# These are all strings passed directly in the URI as query parameters +# to the provider of the SMS gateway. +# +# +# +#------------------------------------------------------------------------------- +# +# 5. Ripple Protcol +# +#------------------ +# +# These settings affect the behavior of the server instance with respect +# to Ripple payment protocol level activities such as validating and +# closing ledgers, establishing a quorum, or adjusting fees in response +# to server overloads. +# +# +# +# [node_size] +# +# Tunes the servers based on the expected load and available memory. Legal +# sizes are "tiny", "small", "medium", "large", and "huge". We recommend +# you start at the default and raise the setting if you have extra memory. +# The default is "tiny". +# +# +# +# [validation_quorum] +# +# Sets the minimum number of trusted validations a ledger must have before +# the server considers it fully validated. Note that if you are validating, +# your validation counts. +# +# +# +# [ledger_history] +# +# The number of past ledgers to acquire on server startup and the minimum to +# maintain while running. +# +# To serve clients, servers need historical ledger data. Servers that don't +# need to serve clients can set this to "none". Servers that want complete +# history can set this to "full". +# +# The default is: 256 +# +# +# +# [path_search_size] +# +# When searching for paths, the maximum number of nodes allowed. This can take +# exponentially more resources as the size is increased. +# +# The default is: 4 +# +# +# +# [validation_seed] +# +# To perform validation, this section should contain either a validation seed +# or key. The validation seed is used to generate the validation +# public/private key pair. To obtain a validation seed, use the +# validation_create command. +# +# Examples: RASH BUSH MILK LOOK BAD BRIM AVID GAFF BAIT ROT POD LOVE +# shfArahZT9Q9ckTf3s1psJ7C7qzVN # -# [debug_logfile] -# Specifies were a debug logfile is kept. By default, no debug log is kept. -# Unless absolute, the path is relative the directory containing this file. # -# Example: debug.log # # [validators] +# # List of nodes to always accept as validators. Nodes are specified by domain # or public key. # @@ -32,7 +521,10 @@ # n9KorY8QtTdRx7TVDpwnG9NvyxsDwHUKUEeDLY3AkiGncVaSXZi5 # n9MqiExBcoG19UXwoLjBJnhsxEhAZMuWwJDRdkyDz1EkEkwzQTNt John Doe # +# +# # [validators_file] +# # Path to file contain a list of nodes to always accept as validators. Use # this to specify a file other than this file to manage your validators list. # @@ -51,183 +543,62 @@ # C:/home/johndoe/ripple/validators.txt # /home/johndoe/ripple/validators.txt # +# +# # [validators_site] +# # Specifies where to find validators.txt for UNL boostrapping and RPC # unl_network command. # # Example: ripple.com # -# [ips] -# List of ips where the Ripple protocol is served. For a starter list, you -# can copy entries from: https://ripple.com/ripple.txt -# -# Domain names are not allowed. One ipv4 or ipv6 address per line. A port -# may optionally be specified after adding a space to the address. By -# convention, if known, IPs are listed in from most to least trusted. -# -# Examples: -# 192.168.0.1 -# 192.168.0.1 3939 -# 2001:0db8:0100:f101:0210:a4ff:fee3:9566 -# -# [sntp_servers] -# IP address or domain of NTP servers to use for time synchronization. -# -# These NTP servers are suitable for rippled servers located in the United -# States: -# time.windows.com -# time.apple.com -# time.nist.gov -# pool.ntp.org -# -# [peer_ip] -# IP address or domain to bind to allow external connections from peers. -# Defaults to not binding, which disallows external connections from peers. -# -# Examples: 0.0.0.0 - Bind on all interfaces. -# -# [peer_port] -# If peer_ip is supplied, corresponding port to bind to for peer connections. -# -# [peer_private] -# 0 or 1. -# 0: request peers to broadcast your address. [default] -# 1: request peers not broadcast your address. -# -# [rpc_ip] -# IP address or domain to bind to allow insecure RPC connections. -# Defaults to not binding, which disallows RPC connections. -# -# [rpc_port] -# If rpc_ip is supplied, corresponding port to bind to for peer connections. -# -# [rpc_allow_remote] -# 0 or 1. -# 0: Allow RPC connections only from 127.0.0.1. [default] -# 1: Allow RPC connections from any IP. -# -# [rpc_admin_allow] -# Specify an list of IP addresses allowed to have admin access. One per line. -# If you want to test the output of non-admin commands add this section and -# just put an ip address not under your control. -# -# Defaults to 127.0.0.1. -# -# [rpc_user] -# As a server, require a this user to specified and require rpc_password to -# be checked for RPC access via the rpc_ip and rpc_port. The user and password -# must be specified via HTTP's basic authentication method. -# -# As a client, supply this to the server via HTTP's basic authentication -# method. -# -# [rpc_password] -# As a server, require a this password to specified and require rpc_user to -# be checked for RPC access via the rpc_ip and rpc_port. The user and password -# must be specified via HTTP's basic authentication method. -# -# As a client, supply this to the server via HTTP's basic authentication -# method. -# -# [rpc_admin_user] -# As a server, require this as the admin user to be specified. Also, require -# rpc_admin_user and rpc_admin_password to be checked for RPC admin functions. -# The request must specify these as the admin_user and admin_password in the -# request object. -# -# As a client, supply this to the server in the request object. -# -# [rpc_admin_password] -# As a server, require this as the admin pasword to be specified. Also, -# require rpc_admin_user and rpc_admin_password to be checked for RPC admin -# functions. The request must specify these as the admin_user and -# admin_password in the request object. -# -# As a client, supply this to the server in the request object. -# -# [validation_quorum] -# Sets the minimum number of trusted validations a ledger must have before -# the server considers it fully validated. Note that if you are validating, -# your validation counts. -# -# [websocket_public_ip] -# IP address or domain to bind to allow untrusted connections from clients. -# In the future, this option will go away and the peer_ip will accept -# websocket client connections. -# -# Examples: 0.0.0.0 - Bind on all interfaces. -# 127.0.0.1 - Bind on localhost interface. Only local programs may connect. -# -# [websocket_public_port] -# Port to bind to allow untrusted connections from clients. In the future, -# this option will go away and the peer_ip will accept websocket client -# connections. -# -# [websocket_public_secure] -# 0, 1 or 2. -# 0: Provide ws service for websocket_public_ip/websocket_public_port. -# 1: Provide both ws and wss service for websocket_public_ip/websocket_public_port. [default] -# 2: Provide wss service only for websocket_public_ip/websocket_public_port. -# -# Browser pages like the Ripple client will not be able to connect to a secure -# websocket connection if a self-signed certificate is used. As the Ripple -# reference client currently shares secrets with its server, this should be -# enabled. -# -# [websocket_ip] -# IP address or domain to bind to allow trusted ADMIN connections from backend -# applications. -# -# Examples: 0.0.0.0 - Bind on all interfaces. -# 127.0.0.1 - Bind on localhost interface. Only local programs may connect. -# -# [websocket_port] -# Port to bind to allow trusted ADMIN connections from backend applications. -# -# [websocket_secure] -# 0, 1, or 2. -# 0: Provide ws service only for websocket_ip/websocket_port. [default] -# 1: Provide ws and wss service for websocket_ip/websocket_port -# 2: Provide wss service for websocket_ip/websocket_port. -# -# [websocket_ssl_key] -# Specify the filename holding the SSL key in PEM format. -# -# [websocket_ssl_cert] -# Specify the path to the SSL certificate file in PEM format. -# This is not needed if the chain includes it. -# -# [websocket_ssl_chain] -# If you need a certificate chain, specify the path to the certificate chain -# here. The chain may include the end certificate. -# -# [ssl_verify_file] -# [ssl_verify_dir] -# Specify the path to a file or directory containing the root certificates -# that the server will accept for verifying HTTP servers. Used only for -# outbound HTTPS client connections. -# -# [validation_seed] -# To perform validation, this section should contain either a validation seed -# or key. The validation seed is used to generate the validation -# public/private key pair. To obtain a validation seed, use the -# validation_create command. -# -# Examples: RASH BUSH MILK LOOK BAD BRIM AVID GAFF BAIT ROT POD LOVE -# shfArahZT9Q9ckTf3s1psJ7C7qzVN -# -# [node_seed] -# This is used for clustering. To force a particular node seed or key, the -# key can be set here. The format is the same as the validation_seed field. -# To obtain a validation seed, use the validation_create command. -# -# Examples: RASH BUSH MILK LOOK BAD BRIM AVID GAFF BAIT ROT POD LOVE -# shfArahZT9Q9ckTf3s1psJ7C7qzVN # # #------------------------------------------------------------------------------- # -# Database Configuration Settings +# 6. HTTPS Client +# +#---------------- +# +# The rippled server instance uses HTTPS GET requests in a variety of +# circumstances, including but not limited to the SMS Messaging Gateway +# feature and also for contacting trusted domains to fetch information +# such as mapping an email address to a Ripple Payment Network address. +# +# [ssl_verify] +# +# 0 or 1. +# +# 0. HTTPS client connections will not verify certificates. +# 1. Certificates will be checked for HTTPS client connections . +# +# +# +# [ssl_verify_file] +# +# +# +# A file system path leading to the certificate verification file for +# HTTPS client requests. +# +# +# +# [ssl_verify_dir] +# +# +# +# +# A file system path leading to a file or directory containing the root +# certificates that the server will accept for verifying HTTP servers. +# Used only for outbound HTTPS client connections. +# +# +# +#------------------------------------------------------------------------------- +# +# 7. Database +# +#------------ # # rippled creates 4 SQLite database to hold bookkeeping information # about transactions, local credentials, and various other things. @@ -293,45 +664,33 @@ # creating a directory called "db" located in the same place as your # rippled.cfg file. # +# +# #------------------------------------------------------------------------------- # -# [node_size] -# Tunes the servers based on the expected load and available memory. Legal -# sizes are "tiny", "small", "medium", "large", and "huge". We recommend -# you start at the default and raise the setting if you have extra memory. -# The default is "tiny". +# 8. Diagnostics # -# [cluster_nodes] -# To extend full trust to other nodes, place their node public keys here. -# Generally, you should only do this for nodes under common administration. -# Node public keys start with an 'n'. To give a node a name for identification -# place a space after the public key and then the name. +#--------------- # -# [ledger_history] -# The number of past ledgers to acquire on server startup and the minimum to -# maintain while running. +# These settings are designed to help server administrators diagnose +# problems, and obtain detailed information about the activities being +# performed by the rippled process. # -# To serve clients, servers need historical ledger data. Servers that don't -# need to serve clients can set this to "none". Servers that want complete -# history can set this to "full". # -# The default is: 256 # -# [path_search_size] -# When searching for paths, the maximum number of nodes allowed. This can take -# exponentially more resources as the size is increased. +# [debug_logfile] # -# The default is: 4 +# Specifies were a debug logfile is kept. By default, no debug log is kept. +# Unless absolute, the path is relative the directory containing this file. # -# [rpc_startup] -# Specify a list of RPC commands to run at startup. +# Example: debug.log # -# Examples: -# { "command" : "server_info" } -# { "command" : "log_level", "partition" : "ripplecalc", "severity" : "trace" } # +# +#------------------------------------------------------------------------------- # Allow other peers to connect to this server. +# [peer_ip] 0.0.0.0 @@ -339,20 +698,23 @@ 51235 # Allow untrusted clients to connect to this server. +# [websocket_public_ip] 0.0.0.0 [websocket_public_port] 5006 -# Provide trusted websocket ADMIN access. +# Provide trusted websocket ADMIN access to the localhost. +# [websocket_ip] 127.0.0.1 [websocket_port] 6006 -# Provide trusted json-rpc ADMIN access. +# Provide trusted json-rpc ADMIN access to the localhost. +# [rpc_ip] 127.0.0.1 @@ -365,9 +727,11 @@ [node_size] medium -#[node_db] -#type=HyperLevelDB -#path=db/hyperldb +# Note that HyperLevelDB is unavailable on Windows platforms +# +[node_db] +type=HyperLevelDB +path=db/hyperldb [debug_logfile] log/debug.log @@ -379,7 +743,12 @@ time.nist.gov pool.ntp.org # Where to find some other servers speaking the Ripple protocol. +# This set of addresses is recent as of September 5, 2013 +# [ips] -23.21.167.100 51235 -23.23.201.55 51235 -107.21.116.214 51235 +54.225.112.220 51235 +54.225.123.13 51235 +54.227.239.106 51235 +107.21.251.218 51235 +184.73.226.101 51235 +23.23.201.55 51235