d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f0ab0eadc23ad19a67499ed3ed9dd4e8ca80b468
proxmox/docs/05-network/RPC_2500_CONFIGURATION_SUMMARY.md
defiQUG 9c37af10c0 Complete optional next steps: fix references and consolidate duplicates 
- Fixed 104 broken references in 59 files
- Consolidated 40+ duplicate status files
- Archived duplicates to reports/archive/duplicates/
- Created scripts for reference fixing and consolidation
- Updated content inconsistency reports

All optional cleanup tasks complete.
2026-01-06 02:25:38 -08:00

4.4 KiB
Raw Blame History

VMID 2500 (Core RPC) Configuration Summary

Date: $(date)
Status: CONFIGURED FOR LOCAL/PERMISSIONED NODES ONLY

Configuration Overview

VMID 2500 is the Core RPC node and is configured to ONLY connect to local/permissioned nodes on the internal network.

Configuration Settings

1. Configuration File

  • File: /etc/besu/config-rpc-core.toml
  • Template: smom-dbis-138-proxmox/templates/besu-configs/config-rpc-core.toml

2. Key Security Settings

Node Permissioning: ENABLED

permissions-nodes-config-file-enabled=true
permissions-nodes-config-file="/permissions/permissions-nodes.toml"
  • Only nodes in the allowlist can connect
  • Allowlist contains 12 local nodes (all on 192.168.11.0/24)

Discovery: DISABLED

discovery-enabled=false
  • No external node discovery
  • Only uses static nodes and permissioned allowlist
  • Prevents discovery of unauthorized nodes

Static Nodes: Enabled

static-nodes-file="/genesis/static-nodes.json"
  • Contains only validator nodes (1000-1004)
  • Used for initial peer connections

📋 Permissions Allowlist (12 Local Nodes)

All nodes in permissions-nodes.toml are on the local network (192.168.11.0/24):

Validators (5 nodes)

  • 192.168.11.100 - Validator 1
  • 192.168.11.101 - Validator 2
  • 192.168.11.102 - Validator 3
  • 192.168.11.103 - Validator 4
  • 192.168.11.104 - Validator 5

Sentries (4 nodes)

  • 192.168.11.150 - Sentry 1
  • 192.168.11.151 - Sentry 2
  • 192.168.11.152 - Sentry 3
  • 192.168.11.153 - Sentry 4

RPC Nodes (3 nodes)

  • 192.168.11.250 - Core RPC (this node)
  • 192.168.11.251 - Permissioned RPC
  • 192.168.11.252 - Public RPC

Total: 12 nodes (all local/permissioned)

🔧 RPC APIs Enabled

As a Core RPC node, VMID 2500 has full API access for internal/core infrastructure:

rpc-http-api=["ETH","NET","WEB3","ADMIN","DEBUG","TXPOOL"]
rpc-ws-api=["ETH","NET","WEB3","ADMIN","DEBUG","TXPOOL"]

APIs:

  • ETH - Ethereum protocol methods
  • NET - Network information
  • WEB3 - Web3 client version
  • ADMIN - Administrative methods
  • DEBUG - Debug/trace methods
  • TXPOOL - Transaction pool methods

🔒 Security Features

  1. No External Discovery: discovery-enabled=false prevents discovery of external nodes
  2. Strict Allowlisting: Only 12 explicitly listed nodes can connect
  3. Local Network Only: All allowed nodes are on 192.168.11.0/24
  4. Defense in Depth: Multiple layers of security (permissioning + disabled discovery)

📝 Files Modified/Created

  1. Created: smom-dbis-138-proxmox/templates/besu-configs/config-rpc-core.toml

    • Template for Core RPC node configuration
    • Discovery disabled
    • Full APIs enabled

  2. Updated: scripts/fix-rpc-2500.sh

    • Uses config-rpc-core.toml for VMID 2500
    • Ensures discovery is disabled
    • Verifies permissioning settings

  3. Documentation:

    • docs/05-network/RPC_2500_LOCAL_NODES_ONLY.md - Detailed configuration guide
    • docs/05-network/RPC_2500_CONFIGURATION_SUMMARY.md - This summary

Verification Checklist

To verify VMID 2500 is configured correctly:

# 1. Check discovery is disabled
pct exec 2500 -- grep "discovery-enabled" /etc/besu/config-rpc-core.toml
# Expected: discovery-enabled=false

# 2. Check permissioning is enabled
pct exec 2500 -- grep "permissions-nodes-config-file-enabled" /etc/besu/config-rpc-core.toml
# Expected: permissions-nodes-config-file-enabled=true

# 3. Verify permissions file contains only local nodes
pct exec 2500 -- cat /permissions/permissions-nodes.toml | grep -o "192.168.11\.[0-9]*" | sort -u | wc -l
# Expected: 12 (5 validators + 4 sentries + 3 RPC)

# 4. Check connected peers (should only be local network)
curl -X POST http://192.168.11.250:8545 \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","method":"admin_peers","params":[],"id":1}' | jq '.result[].remoteAddress'
# Expected: Only 192.168.11.x addresses

📚 Related Documentation

Last Updated: $(date)
Configuration Status: Complete - VMID 2500 only connects to local/permissioned nodes

Reference in New Issue View Git Blame Copy Permalink