Fix IPFS node connectivity from the outside as well as the private network #442
@@ -5,10 +5,6 @@ node.default['kosmos-ipfs']['api']['port'] = 5001
|
|||||||
node.default['kosmos-ipfs']['ipfs']['config'] = {
|
node.default['kosmos-ipfs']['ipfs']['config'] = {
|
||||||
# The default gateway is already used by kosmos' hubot (8080)
|
# The default gateway is already used by kosmos' hubot (8080)
|
||||||
"Addresses.Gateway" => "/ip4/127.0.0.1/tcp/9090",
|
"Addresses.Gateway" => "/ip4/127.0.0.1/tcp/9090",
|
||||||
# Do not keep track of bandwidth metrics. Disabling bandwidth metrics can
|
|
||||||
# lead to a slight performance improvement, as well as a reduction in memory
|
|
||||||
# usage.
|
|
||||||
'Swarm.DisableBandwidthMetrics' => true,
|
|
||||||
# API with Web UI
|
# API with Web UI
|
||||||
"Addresses.API" => "/ip4/0.0.0.0/tcp/5001",
|
"Addresses.API" => "/ip4/0.0.0.0/tcp/5001",
|
||||||
# Enable bandwith metrics
|
# Enable bandwith metrics
|
||||||
@@ -19,7 +15,41 @@ node.default['kosmos-ipfs']['ipfs']['config'] = {
|
|||||||
# operation
|
# operation
|
||||||
'Swarm.ConnMgr.HighWater' => 40,
|
'Swarm.ConnMgr.HighWater' => 40,
|
||||||
# Minimum number of connections to maintain
|
# Minimum number of connections to maintain
|
||||||
'Swarm.ConnMgr.LowWater' => 20
|
'Swarm.ConnMgr.LowWater' => 20,
|
||||||
|
# Do not dial out to these IP ranges
|
||||||
|
# We go a bit nuts on the 10.0 range definitions to allow dialouts on our own
|
||||||
|
# private network
|
||||||
|
'Swarm.AddrFilters' => [
|
||||||
|
'/ip4/10.128.0.0/ipcidr/9',
|
||||||
|
'/ip4/10.64.0.0/ipcidr/10',
|
||||||
|
'/ip4/10.32.0.0/ipcidr/11',
|
||||||
|
'/ip4/10.16.0.0/ipcidr/12',
|
||||||
|
'/ip4/10.8.0.0/ipcidr/13',
|
||||||
|
'/ip4/10.4.0.0/ipcidr/14',
|
||||||
|
'/ip4/10.2.0.0/ipcidr/15',
|
||||||
|
'/ip4/10.0.0.0/ipcidr/16',
|
||||||
|
'/ip4/10.1.128.0/ipcidr/17',
|
||||||
|
'/ip4/10.1.64.0/ipcidr/18',
|
||||||
|
'/ip4/10.1.32.0/ipcidr/19',
|
||||||
|
'/ip4/10.1.16.0/ipcidr/20',
|
||||||
|
'/ip4/10.1.8.0/ipcidr/21',
|
||||||
|
'/ip4/10.1.4.0/ipcidr/22',
|
||||||
|
'/ip4/10.1.2.0/ipcidr/23',
|
||||||
|
'/ip4/10.1.0.0/ipcidr/24',
|
||||||
|
'/ip4/100.64.0.0/ipcidr/10',
|
||||||
|
'/ip4/169.254.0.0/ipcidr/16',
|
||||||
|
'/ip4/172.16.0.0/ipcidr/12',
|
||||||
|
'/ip4/192.0.0.0/ipcidr/24',
|
||||||
|
'/ip4/192.0.0.0/ipcidr/29',
|
||||||
|
'/ip4/192.0.0.8/ipcidr/32',
|
||||||
|
'/ip4/192.0.0.170/ipcidr/32',
|
||||||
|
'/ip4/192.0.0.171/ipcidr/32',
|
||||||
|
'/ip4/192.0.2.0/ipcidr/24',
|
||||||
|
'/ip4/192.168.0.0/ipcidr/16',
|
||||||
|
'/ip4/198.18.0.0/ipcidr/15',
|
||||||
|
'/ip4/198.51.100.0/ipcidr/24',
|
||||||
|
'/ip4/203.0.113.0/ipcidr/24',
|
||||||
|
'/ip4/240.0.0.0/ipcidr/4'],
|
||||||
}
|
}
|
||||||
|
|
||||||
node.default['kosmos-ipfs']['nginx']['api_port'] = 5001
|
node.default['kosmos-ipfs']['nginx']['api_port'] = 5001
|
||||||
|
|||||||
@@ -24,3 +24,19 @@ firewall_rule 'ipfs_api' do
|
|||||||
command :allow
|
command :allow
|
||||||
logging :connections
|
logging :connections
|
||||||
end
|
end
|
||||||
|
|
||||||
|
firewall_rule 'ipfs_local_p2p_allow_out' do
|
||||||
|
destination "10.1.1.0/24"
|
||||||
|
direction :out
|
||||||
|
protocol :none
|
||||||
|
command :allow
|
||||||
|
logging :connections
|
||||||
|
end
|
||||||
|
|
||||||
|
firewall_rule 'ipfs_local_p2p_deny_out' do
|
||||||
|
destination "10.0.0.0/8"
|
||||||
|
direction :out
|
||||||
|
protocol :none
|
||||||
|
command :deny
|
||||||
|
logging :connections
|
||||||
|
end
|
||||||
|
|||||||
Reference in New Issue
Block a user