d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8d5540bf1d7ffbe8f48ded1aa38cc18713f65fbe
proxmox/docs/05-network/RPC_2500_CONFIGURATION_SUMMARY.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

160 lines
4.5 KiB
Markdown
Raw Blame History

# VMID 2500 (Core RPC) Configuration Summary
**Last Updated:** 2026-01-31
**Document Version:** 1.0
**Status:** Active Documentation
**Configuration status:** Configured for local/permissioned nodes only.
---
## Configuration Overview
VMID 2500 is the **Core RPC node** and is configured to **ONLY** connect to local/permissioned nodes on the internal network.
---
## ✅ Configuration Settings
### 1. Configuration File
- **File**: `/etc/besu/config-rpc-core.toml`
- **Template**: `smom-dbis-138-proxmox/templates/besu-configs/config-rpc-core.toml`
### 2. Key Security Settings
#### Node Permissioning: ✅ ENABLED
```toml
permissions-nodes-config-file-enabled=true
permissions-nodes-config-file="/permissions/permissions-nodes.toml"
```
- **Only nodes in the allowlist can connect**
- Allowlist contains **12 local nodes** (all on 192.168.11.0/24)
#### Discovery: ❌ DISABLED
```toml
discovery-enabled=false
```
- **No external node discovery**
- Only uses static nodes and permissioned allowlist
- Prevents discovery of unauthorized nodes
#### Static Nodes: ✅ Enabled
```toml
static-nodes-file="/genesis/static-nodes.json"
```
- Contains only validator nodes (1000-1004)
- Used for initial peer connections
---
## 📋 Permissions Allowlist (12 Local Nodes)
All nodes in `permissions-nodes.toml` are on the local network (192.168.11.0/24):
### Validators (5 nodes)
- 192.168.11.100 - Validator 1
- 192.168.11.101 - Validator 2
- 192.168.11.102 - Validator 3
- 192.168.11.103 - Validator 4
- 192.168.11.104 - Validator 5
### Sentries (4 nodes)
- 192.168.11.150 - Sentry 1
- 192.168.11.151 - Sentry 2
- 192.168.11.152 - Sentry 3
- 192.168.11.153 - Sentry 4
### RPC Nodes (3 nodes)
- 192.168.11.250 - Core RPC (this node)
- 192.168.11.251 - Permissioned RPC
- 192.168.11.252 - Public RPC
**Total**: 12 nodes (all local/permissioned)
---
## 🔧 RPC APIs Enabled
As a Core RPC node, VMID 2500 has **full API access** for internal/core infrastructure:
```toml
rpc-http-api=["ETH","NET","WEB3","ADMIN","DEBUG","TXPOOL"]
rpc-ws-api=["ETH","NET","WEB3","ADMIN","DEBUG","TXPOOL"]
```
**APIs**:
- `ETH` - Ethereum protocol methods
- `NET` - Network information
- `WEB3` - Web3 client version
- `ADMIN` - Administrative methods
- `DEBUG` - Debug/trace methods
- `TXPOOL` - Transaction pool methods
---
## 🔒 Security Features
1. **No External Discovery**: `discovery-enabled=false` prevents discovery of external nodes
2. **Strict Allowlisting**: Only 12 explicitly listed nodes can connect
3. **Local Network Only**: All allowed nodes are on 192.168.11.0/24
4. **Defense in Depth**: Multiple layers of security (permissioning + disabled discovery)
---
## 📝 Files Modified/Created
1.**Created**: `smom-dbis-138-proxmox/templates/besu-configs/config-rpc-core.toml`
- Template for Core RPC node configuration
- Discovery disabled
- Full APIs enabled
2.**Updated**: `scripts/fix-rpc-2500.sh`
- Uses `config-rpc-core.toml` for VMID 2500
- Ensures discovery is disabled
- Verifies permissioning settings
3.**Documentation**:
- `docs/05-network/RPC_2500_LOCAL_NODES_ONLY.md` - Detailed configuration guide
- `docs/05-network/RPC_2500_CONFIGURATION_SUMMARY.md` - This summary
---
## ✅ Verification Checklist
To verify VMID 2500 is configured correctly:
```bash
# 1. Check discovery is disabled
pct exec 2500 -- grep "discovery-enabled" /etc/besu/config-rpc-core.toml
# Expected: discovery-enabled=false
# 2. Check permissioning is enabled
pct exec 2500 -- grep "permissions-nodes-config-file-enabled" /etc/besu/config-rpc-core.toml
# Expected: permissions-nodes-config-file-enabled=true
# 3. Verify permissions file contains only local nodes
pct exec 2500 -- cat /permissions/permissions-nodes.toml | grep -o "192.168.11\.[0-9]*" | sort -u | wc -l
# Expected: 12 (5 validators + 4 sentries + 3 RPC)
# 4. Check connected peers (should only be local network)
curl -X POST http://192.168.11.250:8545 \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","method":"admin_peers","params":[],"id":1}' | jq '.result[].remoteAddress'
# Expected: Only 192.168.11.x addresses
```
---
## 📚 Related Documentation
- [RPC 2500 Local Nodes Only](./RPC_2500_LOCAL_NODES_ONLY.md)
- [RPC Node Types Architecture](./RPC_NODE_TYPES_ARCHITECTURE.md)
- [RPC 2500 Troubleshooting](/docs/09-troubleshooting/RPC_2500_TROUBLESHOOTING.md)
- [Besu Allowlist Runbook](../06-besu/BESU_ALLOWLIST_RUNBOOK.md)
---
**Last Updated**: $(date)
**Configuration Status**: ✅ Complete - VMID 2500 only connects to local/permissioned nodes
Reference in New Issue View Git Blame Copy Permalink