SSL Proxy

Last updated 2 months ago

SSL Proxy

Overview

The SSL Proxy tool adds native https support for RPC node operators. It works as a reverse proxy, and by default listens to port 443 and forwards the requests to port 8545 . It offers advanced security features, such as CORS configuration and rate-limiting.

Before Starting the Proxy Service

Before you start the proxy service, make sure you have your certificate files placed inside the /cert folder. By default, the system will try to read:

default.key - As your public key file.
default.crt - As your certificate file.
default.ca - As your CA Bundle file.

You can also customise the certificate paths and other parameters by creating or modifying your proxy.ini .

Make sure your node is running before you start the proxy.

Configuration File

You can create a proxy.ini file to define custom parameters for your reverse proxy server. Your proxy.ini file may contain the following parameters:

Parameter

Default

Description

destination_host

localhost

The destination host of your proxy service. You can use remote http RPC URLs, but it is not recommended.

destination_port

8545

Port to forward the requests.

listen_port

443

Listen port to receive incoming request. 443 is the default SSL port. We don't recommend changing unless you really know what you're doing.

allowed_origin

*

CORS policy. Determines the allowed origins for incoming requests. By default, it will accept requests from anywhere.

rate_limit

100

Maximum requests each IP can make per minute. You can set it to 0 for unlimited requests.

ssl_key

cert/default.key

Path to the SSL key file.

ssl_cert

cert/default.crt

Path to the SSL certificate file.

ssl_ca

cert/default.ca

Path to the SSL CA bundle file.

If you do not create a proxy.ini file before starting the proxy service, the system will create one for you.

The system will use the relative paths from where you're starting the proxy server. For example, if you're starting it via the R5 Relayer, the proxy.ini file and /cert folder will/should be placed in the same folder as your R5 Relayer executable; if you're starting the proxy service directly from the proxy executable (normally at /bin/proxy ), the configuration file, as well as the certificate folder paths will read from within that folder.

Generating Self-Signed Certificates

For testing environments, you can generate your own self-signed SSL certificates by adding the flag --gencert when starting the proxy service.

If you're starting the SSL Proxy tool via the R5 Relayer, you can use the command below to generate your self-signed certificates:

./r5 --proxy gencert

If you're starting the SSL Proxy tool directly, you can structure your starting command as follows:

./proxy --gencert

This will generate your certificates and place them inside the /cert folder. After you have your certificates, you can start the proxy tool without the --gencert flag.

Starting the Proxy

Once you have your node running and your SSL files configured, you can start the proxy service by running:

./r5 --proxy

If you're starting it via the R5 Relayer, or:

./proxy

If you're starting it directly.

PreviousSCdev NextHardware Requirements