d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
main
proxmox/docs/05-network/RPC_2500_CONFIGURATION_SUMMARY.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

4.5 KiB
Raw Permalink Blame History

VMID 2500 (Core RPC) Configuration Summary

Last Updated: 2026-01-31
Document Version: 1.0
Status: Active Documentation

Configuration status: Configured for local/permissioned nodes only.

Configuration Overview

VMID 2500 is the Core RPC node and is configured to ONLY connect to local/permissioned nodes on the internal network.

Configuration Settings

1. Configuration File

  • File: /etc/besu/config-rpc-core.toml
  • Template: smom-dbis-138-proxmox/templates/besu-configs/config-rpc-core.toml

2. Key Security Settings

Node Permissioning: ENABLED

permissions-nodes-config-file-enabled=true
permissions-nodes-config-file="/permissions/permissions-nodes.toml"
  • Only nodes in the allowlist can connect
  • Allowlist contains 12 local nodes (all on 192.168.11.0/24)

Discovery: DISABLED

discovery-enabled=false
  • No external node discovery
  • Only uses static nodes and permissioned allowlist
  • Prevents discovery of unauthorized nodes

Static Nodes: Enabled

static-nodes-file="/genesis/static-nodes.json"
  • Contains only validator nodes (1000-1004)
  • Used for initial peer connections

📋 Permissions Allowlist (12 Local Nodes)

All nodes in permissions-nodes.toml are on the local network (192.168.11.0/24):

Validators (5 nodes)

  • 192.168.11.100 - Validator 1
  • 192.168.11.101 - Validator 2
  • 192.168.11.102 - Validator 3
  • 192.168.11.103 - Validator 4
  • 192.168.11.104 - Validator 5

Sentries (4 nodes)

  • 192.168.11.150 - Sentry 1
  • 192.168.11.151 - Sentry 2
  • 192.168.11.152 - Sentry 3
  • 192.168.11.153 - Sentry 4

RPC Nodes (3 nodes)

  • 192.168.11.250 - Core RPC (this node)
  • 192.168.11.251 - Permissioned RPC
  • 192.168.11.252 - Public RPC

Total: 12 nodes (all local/permissioned)

🔧 RPC APIs Enabled

As a Core RPC node, VMID 2500 has full API access for internal/core infrastructure:

rpc-http-api=["ETH","NET","WEB3","ADMIN","DEBUG","TXPOOL"]
rpc-ws-api=["ETH","NET","WEB3","ADMIN","DEBUG","TXPOOL"]

APIs:

  • ETH - Ethereum protocol methods
  • NET - Network information
  • WEB3 - Web3 client version
  • ADMIN - Administrative methods
  • DEBUG - Debug/trace methods
  • TXPOOL - Transaction pool methods

🔒 Security Features

  1. No External Discovery: discovery-enabled=false prevents discovery of external nodes
  2. Strict Allowlisting: Only 12 explicitly listed nodes can connect
  3. Local Network Only: All allowed nodes are on 192.168.11.0/24
  4. Defense in Depth: Multiple layers of security (permissioning + disabled discovery)

📝 Files Modified/Created

  1. Created: smom-dbis-138-proxmox/templates/besu-configs/config-rpc-core.toml

    • Template for Core RPC node configuration
    • Discovery disabled
    • Full APIs enabled

  2. Updated: scripts/fix-rpc-2500.sh

    • Uses config-rpc-core.toml for VMID 2500
    • Ensures discovery is disabled
    • Verifies permissioning settings

  3. Documentation:

    • docs/05-network/RPC_2500_LOCAL_NODES_ONLY.md - Detailed configuration guide
    • docs/05-network/RPC_2500_CONFIGURATION_SUMMARY.md - This summary

Verification Checklist

To verify VMID 2500 is configured correctly:

# 1. Check discovery is disabled
pct exec 2500 -- grep "discovery-enabled" /etc/besu/config-rpc-core.toml
# Expected: discovery-enabled=false

# 2. Check permissioning is enabled
pct exec 2500 -- grep "permissions-nodes-config-file-enabled" /etc/besu/config-rpc-core.toml
# Expected: permissions-nodes-config-file-enabled=true

# 3. Verify permissions file contains only local nodes
pct exec 2500 -- cat /permissions/permissions-nodes.toml | grep -o "192.168.11\.[0-9]*" | sort -u | wc -l
# Expected: 12 (5 validators + 4 sentries + 3 RPC)

# 4. Check connected peers (should only be local network)
curl -X POST http://192.168.11.250:8545 \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","method":"admin_peers","params":[],"id":1}' | jq '.result[].remoteAddress'
# Expected: Only 192.168.11.x addresses

📚 Related Documentation

Last Updated: $(date)
Configuration Status: Complete - VMID 2500 only connects to local/permissioned nodes

Reference in New Issue View Git Blame Copy Permalink