Difference between revisions of "NodeCore Networking"

From Veriblock Wiki
Jump to: navigation, search
Line 8: Line 8:
  
 
{| class="wikitable"
 
{| class="wikitable"
! Port
+
! Port (MainNet)
 +
! Port (TestNet)
 
! Protocol
 
! Protocol
 
! Users
 
! Users
Line 14: Line 15:
 
! Comments
 
! Comments
 
|-
 
|-
| 10500 (MainNet)
+
| 10500
10501 (TestNet)
+
| 1050'''1'''
 
| Admin RPC (gRPC)
 
| Admin RPC (gRPC)
 
| Wallet or CommandLine
 
| Wallet or CommandLine
Line 21: Line 22:
 
| Hosted on trusted machine (usually local or intranet) with NodeCore instance. Access to local wallet, so highly secure.
 
| Hosted on trusted machine (usually local or intranet) with NodeCore instance. Access to local wallet, so highly secure.
 
|-
 
|-
 +
| 8501
 
| 8501
 
| 8501
 
| UCP (raw socket)
 
| UCP (raw socket)
Line 27: Line 29:
 
| Used for PoW mining pool (and in future, SPV-like clients)
 
| Used for PoW mining pool (and in future, SPV-like clients)
 
|-
 
|-
 +
| 8500
 
| 8500
 
| 8500
 
| HTTP
 
| HTTP
Line 33: Line 36:
 
| Displays a web page showing pool status (recent share submissions on a per-address basis)
 
| Displays a web page showing pool status (recent share submissions on a per-address basis)
 
|-
 
|-
| 6500 (MainNet)
+
| 6500
6501 (TestNet)
+
| 650'''1'''
 
| P2P RPC (gRPC)
 
| P2P RPC (gRPC)
 
| Other NodeCore instances
 
| Other NodeCore instances

Revision as of 21:35, 10 May 2018

See: Main_Page

Overview

These are the default ports and connection protocols used by NodeCore.

Port (MainNet) Port (TestNet) Protocol Users Security Comments
10500 10501 Admin RPC (gRPC) Wallet or CommandLine IP Whitelisting, SSL/TLS Channel, Passwords Hosted on trusted machine (usually local or intranet) with NodeCore instance. Access to local wallet, so highly secure.
8501 8501 UCP (raw socket) Thin clients, miners Used for PoW mining pool (and in future, SPV-like clients)
8500 8500 HTTP Pool Miners Displays a web page showing pool status (recent share submissions on a per-address basis)
6500 6501 P2P RPC (gRPC) Other NodeCore instances IP Blacklisting Connect to other VeriBlock NodeCore instances


Admin RPC (port 10500)

IP Whitelisting

For a NodeCore instance, IP Whitelisting allows explicitly adding IPs such that only remote clients on that list can connect to your VeriBlock NodeCore instance.

1. In nodecore.properties, change the admin endpoint to bind to 0.0.0.0 and add a whitelist entry for your IP address.

Note that NodeCore expects IPv4, such as: http://whatismyip.host

#no longer directly bound to local host
rpc.bind.address=0.0.0.0

#allow the specified IP to connect
rpc.whitelist.addresses = 98.213.111.91

Note that the whitelist entry is a CSV list. It can be a:

  • single IP address, e.g. 193.168.1.1
  • "wildcard" IP, e.g. 193.168.*.* (which would be all IP's in the 192.168 range)
  • CIDR representation, e.g. 193.168.0.0/16

2. If there is a firewall between the VeriBlock NodeCore instance and the device(s) you wish to allow access to, then open port 10500.

This will vary depending on your operating system. Here is an example for a RHEL-based linux distro (example is CentOS 7):

firewall-cmd --permanent --add-port=10500/tcp
firewall-cmd --reload

3. Restart NodeCore.

Passwords

To secure the RPC connection, you will either need to provide your own X509 certificate and private key, or use scripts/openssl-cert-gen.(sh|ps1) to generate the required certs and private keys. Once you have your certificates, you can configure the security mode and certificate paths

rpc.security.mode = ServerTls
rpc.security.cert.chain.path = scripts/certs/server.crt
rpc.security.private.key.path = scripts/certs/server.pem

The first time NodeCore runs, it will create a random RPC password and update the nodecore.properties file. To change this password, just modify your nodecore.properties file

rpc.security.password=rpcpass123

There will also be the following property added to your props file, which you will need to set to true to enforce the password authentication (disabled by default):

rpc.security.password.enabled=true

If you completely remove the password property, nodecore will generate a new random password when it starts.

To configure nodecore-cli to connect to your secured nodecore instance, see: HowTo_connect_NC_CLI_to_remote_NodeCore_instance