Difference between revisions of "NodeCore Networking"
(8 intermediate revisions by 4 users not shown) | |||
Line 10: | Line 10: | ||
! Port (MainNet) | ! Port (MainNet) | ||
! Port (TestNet) | ! Port (TestNet) | ||
+ | ! Port (AlphaNet) | ||
! Protocol | ! Protocol | ||
! Users | ! Users | ||
Line 17: | Line 18: | ||
| 10500 | | 10500 | ||
| 1050'''1''' | | 1050'''1''' | ||
+ | | 1050'''2''' | ||
| Admin RPC (gRPC) | | Admin RPC (gRPC) | ||
| Wallet or CommandLine | | Wallet or CommandLine | ||
| IP Whitelisting, SSL/TLS Channel, Passwords | | IP Whitelisting, SSL/TLS Channel, Passwords | ||
| Hosted on trusted machine (usually local or intranet) with NodeCore instance. Access to local wallet, so highly secure. | | Hosted on trusted machine (usually local or intranet) with NodeCore instance. Access to local wallet, so highly secure. | ||
+ | |- | ||
+ | | 10600 | ||
+ | | 10600 | ||
+ | | 10600 | ||
+ | | HTTP | ||
+ | | Nodecore API | ||
+ | | | ||
+ | | https://wiki.veriblock.org/index.php/NodeCore_HTTP_API | ||
|- | |- | ||
+ | | 8501 | ||
| 8501 | | 8501 | ||
| 8501 | | 8501 | ||
Line 29: | Line 40: | ||
| Used for PoW mining pool (and in future, SPV-like clients) | | Used for PoW mining pool (and in future, SPV-like clients) | ||
|- | |- | ||
+ | | 8500 | ||
| 8500 | | 8500 | ||
| 8500 | | 8500 | ||
Line 36: | Line 48: | ||
| Displays a web page showing pool status (recent share submissions on a per-address basis) | | Displays a web page showing pool status (recent share submissions on a per-address basis) | ||
|- | |- | ||
− | | | + | | 7500 |
− | | | + | | 750'''1''' |
− | | P2P RPC | + | | 750'''2''' |
+ | | P2P RPC | ||
| Other NodeCore instances | | Other NodeCore instances | ||
| IP Blacklisting | | IP Blacklisting | ||
| Connect to other VeriBlock NodeCore instances | | Connect to other VeriBlock NodeCore instances | ||
|} | |} | ||
− | |||
== Admin RPC (port 10500) == | == Admin RPC (port 10500) == | ||
Line 64: | Line 76: | ||
Note that the whitelist entry is a CSV list. It can be a: | Note that the whitelist entry is a CSV list. It can be a: | ||
− | * single IP address, e.g. | + | * single IP address, e.g. 192.168.1.1 |
− | * "wildcard" IP, e.g. | + | * "wildcard" IP, e.g. 192.168.*.* (which would be all IP's in the 192.168 range) |
− | * CIDR representation, e.g. | + | * CIDR representation, e.g. 192.168.0.0/16 |
2. If there is a firewall between the VeriBlock NodeCore instance and the device(s) you wish to allow access to, then open port 10500. | 2. If there is a firewall between the VeriBlock NodeCore instance and the device(s) you wish to allow access to, then open port 10500. | ||
Line 80: | Line 92: | ||
=== Passwords === | === Passwords === | ||
+ | |||
+ | NOTE: Password protection is separate from whitelisting. Even if password is set up, the remote client must not be blocked via whitelisting. | ||
+ | |||
+ | <pre> | ||
+ | #nodecore.properties | ||
+ | rpc.whitelist.addresses=<my_client_ip> | ||
+ | </pre> | ||
+ | |||
To secure the RPC connection, you will either need to provide your own X509 certificate and private key, or use scripts/openssl-cert-gen.(sh|ps1) to generate the required certs and private keys. Once you have your certificates, you can configure the security mode and certificate paths | To secure the RPC connection, you will either need to provide your own X509 certificate and private key, or use scripts/openssl-cert-gen.(sh|ps1) to generate the required certs and private keys. Once you have your certificates, you can configure the security mode and certificate paths |
Latest revision as of 14:47, 4 December 2019
See: Main_Page
Overview
These are the default ports and connection protocols used by NodeCore.
Port (MainNet) | Port (TestNet) | Port (AlphaNet) | Protocol | Users | Security | Comments |
---|---|---|---|---|---|---|
10500 | 10501 | 10502 | Admin RPC (gRPC) | Wallet or CommandLine | IP Whitelisting, SSL/TLS Channel, Passwords | Hosted on trusted machine (usually local or intranet) with NodeCore instance. Access to local wallet, so highly secure. |
10600 | 10600 | 10600 | HTTP | Nodecore API | https://wiki.veriblock.org/index.php/NodeCore_HTTP_API | |
8501 | 8501 | 8501 | UCP (raw socket) | Thin clients, miners | Used for PoW mining pool (and in future, SPV-like clients) | |
8500 | 8500 | 8500 | HTTP | Pool Miners | Displays a web page showing pool status (recent share submissions on a per-address basis) | |
7500 | 7501 | 7502 | P2P RPC | Other NodeCore instances | IP Blacklisting | Connect to other VeriBlock NodeCore instances |
Admin RPC (port 10500)
IP Whitelisting
For a NodeCore instance, IP Whitelisting allows explicitly adding IPs such that only remote clients on that list can connect to your VeriBlock NodeCore instance.
1. In nodecore.properties, change the admin endpoint to bind to 0.0.0.0 and add a whitelist entry for your IP address.
Note that NodeCore expects IPv4, such as: http://whatismyip.host
#no longer directly bound to local host rpc.bind.address=0.0.0.0 #allow the specified IP to connect rpc.whitelist.addresses = 98.213.111.91
Note that the whitelist entry is a CSV list. It can be a:
- single IP address, e.g. 192.168.1.1
- "wildcard" IP, e.g. 192.168.*.* (which would be all IP's in the 192.168 range)
- CIDR representation, e.g. 192.168.0.0/16
2. If there is a firewall between the VeriBlock NodeCore instance and the device(s) you wish to allow access to, then open port 10500.
This will vary depending on your operating system. Here is an example for a RHEL-based linux distro (example is CentOS 7):
firewall-cmd --permanent --add-port=10500/tcp firewall-cmd --reload
3. Restart NodeCore.
Passwords
NOTE: Password protection is separate from whitelisting. Even if password is set up, the remote client must not be blocked via whitelisting.
#nodecore.properties rpc.whitelist.addresses=<my_client_ip>
To secure the RPC connection, you will either need to provide your own X509 certificate and private key, or use scripts/openssl-cert-gen.(sh|ps1) to generate the required certs and private keys. Once you have your certificates, you can configure the security mode and certificate paths
rpc.security.mode = ServerTls rpc.security.cert.chain.path = scripts/certs/server.crt rpc.security.private.key.path = scripts/certs/server.pem
The first time NodeCore runs, it will create a random RPC password and update the nodecore.properties file. To change this password, just modify your nodecore.properties file
rpc.security.password=rpcpass123
There will also be the following property added to your props file, which you will need to set to true to enforce the password authentication (disabled by default):
rpc.security.password.enabled=true
If you completely remove the password property, nodecore will generate a new random password when it starts.
To configure nodecore-cli to connect to your secured nodecore instance, see: HowTo_connect_NC_CLI_to_remote_NodeCore_instance