R5 Network
WebsiteR5 LabsGitHub
  • Getting Started
    • Hello & Welcome!
  • About R5
    • Overview
    • R5 Components
    • Consensus Mechanism
    • zkNet (Privacy)
  • R5 Coin
  • R5 Tokenomics
  • Tutorials & Guides
    • Connect & Use R5
      • R5 Desktop Wallet
      • MetaMask
      • Rabby Wallet
      • Coinbase Wallet
    • zkNet Web Wallet
    • R5 Desktop Wallet
      • Interface Overview
      • Send a Transaction
      • Receive a Transaction
      • Backup Your Wallet
      • Retrieve Your Private Key
    • How To: Deploy a Node
    • How To: Mine R5
    • How To: GPU Mine R5
    • How To: Build R5 From Source
    • How To: Connect Local Nodes
  • For Developers
    • R5 SDK
      • R5 Relayer
      • R5 Console
      • JS Console
      • CLI Wallet
      • SCdev
      • SSL Proxy
    • Hardware Requirements
    • R5 Testnet
    • R5 Devnet
    • Local Networks
    • JSON-RPC API
      • admin
      • debug
      • ethash
      • miner
      • net
      • r5 (eth)
      • rpc
      • txpool
      • web3
    • Indexer API
    • zkNet API
    • Node Configuration
    • Ethash-R5
    • Smart Contracts
    • Wrapped R5 (Native)
    • Tokens & NFTs
  • Bug Bounty Program
  • Resources
    • Website
    • R5 Labs
    • R5 Labs GitHub
Powered by GitBook
On this page
  • Overview
  • Before Starting the Proxy Service
  • Configuration File
  • Generating Self-Signed Certificates
  • Starting the Proxy
  1. For Developers
  2. R5 SDK

SSL Proxy

PreviousSCdevNextHardware Requirements

Last updated 2 months ago

Overview

The SSL Proxy tool adds native https support for RPC node operators. It works as a reverse proxy, and by default listens to port 443 and forwards the requests to port 8545 . It offers advanced security features, such as CORS configuration and rate-limiting.

Before Starting the Proxy Service

Before you start the proxy service, make sure you have your certificate files placed inside the /cert folder. By default, the system will try to read:

  • default.key - As your public key file.

  • default.crt - As your certificate file.

  • default.ca - As your CA Bundle file.

You can also customise the certificate paths and other parameters by creating or modifying your proxy.ini .

Make sure your node is running before you start the proxy.

Configuration File

You can create a proxy.ini file to define custom parameters for your reverse proxy server. Your proxy.ini file may contain the following parameters:

Parameter
Default
Description

destination_host

localhost

The destination host of your proxy service. You can use remote http RPC URLs, but it is not recommended.

destination_port

8545

Port to forward the requests.

listen_port

443

Listen port to receive incoming request. 443 is the default SSL port. We don't recommend changing unless you really know what you're doing.

allowed_origin

*

CORS policy. Determines the allowed origins for incoming requests. By default, it will accept requests from anywhere.

rate_limit

100

Maximum requests each IP can make per minute. You can set it to 0 for unlimited requests.

ssl_key

cert/default.key

Path to the SSL key file.

ssl_cert

cert/default.crt

Path to the SSL certificate file.

ssl_ca

cert/default.ca

Path to the SSL CA bundle file.

If you do not create a proxy.ini file before starting the proxy service, the system will create one for you.

The system will use the relative paths from where you're starting the proxy server. For example, if you're starting it via the R5 Relayer, the proxy.ini file and /cert folder will/should be placed in the same folder as your R5 Relayer executable; if you're starting the proxy service directly from the proxy executable (normally at /bin/proxy ), the configuration file, as well as the certificate folder paths will read from within that folder.

Generating Self-Signed Certificates

For testing environments, you can generate your own self-signed SSL certificates by adding the flag --gencert when starting the proxy service.

If you're starting the SSL Proxy tool via the R5 Relayer, you can use the command below to generate your self-signed certificates:

./r5 --proxy gencert

If you're starting the SSL Proxy tool directly, you can structure your starting command as follows:

./proxy --gencert

This will generate your certificates and place them inside the /cert folder. After you have your certificates, you can start the proxy tool without the --gencert flag.

Starting the Proxy

Once you have your node running and your SSL files configured, you can start the proxy service by running:

./r5 --proxy

If you're starting it via the R5 Relayer, or:

./proxy

If you're starting it directly.

configuration file