ARCHIVE/xrpl-dev-portal
1
0
Fork 0
mirror of https://github.com/XRPLF/xrpl-dev-portal.git synced 2025-11-21 20:25:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Secure Signing: revs to LAN conf examples & related

Browse Source
This commit is contained in:
mDuo13
2019-02-01 15:25:58 -08:00
parent 52562febb9
commit e7005208b9
1 changed files with 13 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
content/tutorials/get-started/set-up-secure-signing.md
View File

@@ -60,7 +60,9 @@ To use this configuration:
Be sure that this machine meets the minimum [system requirements for `rippled`](system-requirements.html).
2. Configure the `rippled` machine to have a static IP address in the local private LAN, or use a private DNS server to give the server a consistent name.
2. Configure the `rippled` machine to have a static IP address in your private LAN.
Consult your network administrator for instructions for setting up a static IP in your LAN. If you do not have a static IP, you must change your config and restart `rippled` every time the machine's IP changes.
With IPv4, private LAN addresses commonly start with `10.`, `192.168.`, or `172.(16 to 31).`. With IPv6, private LAN addresses typically start with `fc` or `fd`.
@@ -70,20 +72,26 @@ To use this configuration:
[port_rpc_admin_local]
port = 5005
ip = 10.1.0.0 # Changed from 127.0.0.1
admin = 10.1.1.2 # Only the client with this IP is treated as admin
# Change the IP port to match the server's static IP
ip = 10.1.10.13
# Only the client with the following IP is treated as admin
admin = 10.1.10.2
protocol = http
[port_ws_admin_local]
port = 6006
ip = 10.1.0.0 # Changed from 127.0.0.1
admin = 10.1.1.2 # Only the client with this IP is treated as admin
# Change the IP port to match the server's static IP
ip = 10.1.10.13
# Only the client with the following IP is treated as admin
admin = 10.1.10.2
protocol = ws
4. If your `rippled` machine runs a software firewall, configure the firewall to accept connections on your local private network at the JSON-RPC and Websocket ports you configured in the previous step. (Ports `5005` and `6006` in the previous example.)
The exact configuration depends on your firewall software.
If you use Network Address Translation (NAT), **do not** configure your router or hardware firewall to forward these ports from the outside.
5. On the machine(s) that will submit transactions, connect to your server using your `rippled` server's private IP address and the configured ports. Use the [sign method][] (for single signatures) or [sign_for method][] (for multi-signatures).
The example configuration from the previous steps uses port `5005` for JSON-RPC connections and port `6006` for Websocket connections.