Configure a Private Server
A private server is a rippled server that connects to the network only through specific, trusted peers instead of connecting directly to discovered peers in the open peer-to-peer network. This kind of configuration is an optional precaution most commonly recommended for validators, but it can be useful for other specific purposes.
Prerequisites
To use a private server, you must meet the following requirements:
- You must have
rippledinstalled and updated to the latest version, but not running yet. - You must decide whether to connect through proxies you run yourself, or through public hubs. For a comparison of these options, see Pros and Cons of Peering Configurations.
- If you are using proxies, you must have additional machines with
rippledinstalled and running to use as the proxies. These servers must be able to connect to the outside network and to your private server. - For either configuration, you must know the IP addresses and ports of the peers you intend to connect to.
- If you are using proxies, you must have additional machines with
Steps
To set up a specific server as a private peer, complete the following steps:
Edit your
rippled's config file.vim /etc/opt/ripple/rippled.cfg
The recommended installation uses the config file
/etc/opt/ripple/rippled.cfgby default. Other places you can put a config file include$HOME/.config/ripple/rippled.cfg(where$HOMEis the home directory of the user runningrippled),$HOME/.local/ripple/rippled.cfg, or the current working directory from where you startrippled.Enable private peering.
Add or uncomment the following stanza in your config file:
[peer_private] 1
Add fixed peers.
Add or uncomment an
[ips_fixed]stanza in your config file. Each line in this stanza should be the hostname or IP address of a peer to connect to, followed by a space and the port where this peer accepts peer protocol connections.For example, to connect using public hubs, you could use the following stanza:
[ips_fixed] r.ripple.com 51235
If your server connects using proxies, the IP addresses and ports should match the configurations of the
rippledservers you are using as proxies. For each of those servers, the port number should match theprotocol = peerport in that server's config file (usually 51235). For example, your configuration might look like this:[ips_fixed] 192.168.0.1 51235 192.168.0.2 51235
NoteIf you omit the port number, the server uses port 2459, the IANA-assigned port for the XRP Ledger protocol.If using proxies, cluster them with your private peer and each other.
If you are using public hubs, skip this step.
If you are using proxies, configure the proxies as a cluster that includes your private peer. Each member of the cluster should have an
[ips_fixed]stanza that lists each other member of the cluster. However, only the private server should have a[peer_private]stanza.Restart
rippledon the proxies one-by-one. On each proxy server:sudo service systemctl restart rippled
Start
rippledon the private server.sudo service systemctl start rippled
Use the peers method to confirm that your private server is connected only to its peers.
The
peersarray in the response should not contain any objects whoseaddressis not one of your configured peers. If this is not the case, double-check your config file and restart the private server.
Next Steps
As an additional precaution, you should configure your firewall to block incoming connections to your private server from servers that are not your specific peers. If you are running proxy servers, forward peer ports through your firewall to the proxies, but not to the private peer. The exact details of how to configure this depend on what firewall you use.
Be sure the firewall does not block outgoing HTTP connections on port 80. The default configuration uses this port to download the latest recommended validator list from vl.ripple.com. Without a validator list, the server does not know which validators to trust and cannot recognize when the network reaches a consensus.
See Also
- Concepts:
- Tutorials:
- References: