GaloisField (OP)
Newbie
Offline
Activity: 27
Merit: 1
|
|
April 08, 2024, 12:34:10 PM |
|
Hello,
I recently take a quite big server where I'm running Bitcoind with txindex=1 and I think it can be interesting for people to have access to this.
In order to make it accessible I activated rpcbindaddress=0.0.0.0. For now I whitelisted two IPs but my idea is to put accessible to everyone. But it seems to be very dangerous according to every documentations and help.
I put here my conf and I'm very interested to understand how to give endpoints accessible by anyone to have Bitcoin info. I removed some unused options. I own the server and can modify everything.
Hope to understand all of this and don't make too many mistakes in order to do this.
## ## bitcoin.conf configuration file. ## Generated by contrib/devtools/gen-bitcoin-conf.sh. ## ## Lines beginning with # are comments. ## All possible configuration options are provided. To use, copy this file ## to your data directory (default or specified by -datadir), uncomment ## options you would like to change, and save the file. ##
### Options
# Execute command when an alert is raised (%s in cmd is replaced by # message) #alertnotify=<cmd>
# For backwards compatibility, treat an unused bitcoin.conf file in the # datadir as a warning, not an error. #allowignoredconf=1
# If this block is in the chain assume that it and its ancestors are valid # and potentially skip their script verification (0 to verify all, # default: # 000000000000000000026811d149d4d261995ec5b3f64f439a0a10e1a464af9a, # testnet: # 000000000001323071f38f21ea5aae529ece491eadaccce506a59bcc2d968917, # signet: # 0000000870f15246ba23c16e370a7ffb1fc8a3dcf8cb4492882ed4b0e3d4cd26) #assumevalid=<hex>
# Maintain an index of compact filters by block (default: 0, values: # basic). If <type> is not supplied or if <type> = 1, indexes for # all known types are enabled. #blockfilterindex=<type>
# Execute command when the best block changes (%s in cmd is replaced by # block hash) #blocknotify=<cmd>
# Extra transactions to keep in memory for compact block reconstructions # (default: 100) #blockreconstructionextratxn=<n>
# Specify directory to hold blocks subdirectory for *.dat files (default: # <datadir>) #blocksdir=<dir>
# Whether to reject transactions from network peers. Disables automatic # broadcast and rebroadcast of transactions, unless the source peer # has the 'forcerelay' permission. RPC transactions are not # affected. (default: 0) #blocksonly=1
# Maintain coinstats index used by the gettxoutsetinfo RPC (default: 0) coinstatsindex=1
# Maintain a full transaction index, used by the getrawtransaction rpc # call (default: 0) txindex=1
# Print version and exit #version=1
### Connection options
# Add a node to connect to and attempt to keep the connection open (see # the addnode RPC help for more info). This option can be specified # multiple times to add multiple nodes; connections are limited to # 8 at a time and are counted separately from the -maxconnections # limit. #addnode=<ip>
# Specify asn mapping used for bucketing of the peers (default: # ip_asn.map). Relative paths will be prefixed by the net-specific # datadir location. #asmap=<file>
# Default duration (in seconds) of manually configured bans (default: # 86400) #bantime=<n>
# Bind to given address and always listen on it (default: 0.0.0.0). Use # [host]:port notation for IPv6. Append =onion to tag any incoming # connections to that address and port as incoming Tor connections # (default: 127.0.0.1:8334=onion, testnet: 127.0.0.1:18334=onion, # signet: 127.0.0.1:38334=onion, regtest: 127.0.0.1:18445=onion) #bind=<addr>[:<port>][=onion]
# If set, then this host is configured for CJDNS (connecting to fc00::/8 # addresses would lead us to the CJDNS network, see doc/cjdns.md) # (default: 0) #cjdnsreachable=1
# Connect only to the specified node; -noconnect disables automatic # connections (the rules for this peer are the same as for # -addnode). This option can be specified multiple times to connect # to multiple nodes. #connect=<ip>
# Discover own IP addresses (default: 1 when listening and no -externalip # or -proxy) #discover=1
# Allow DNS lookups for -addnode, -seednode and -connect (default: 1) #dns=1
# Query for peer addresses via DNS lookup, if low on addresses (default: 1 # unless -connect used or -maxconnections=0) #dnsseed=1
# Specify your own public address externalip=94.16.123.98
# Allow fixed seeds if DNS seeds don't provide peers (default: 1) #fixedseeds=1
# Always query for peer addresses via DNS lookup (default: 0) #forcednsseed=1
# Whether to accept inbound I2P connections (default: 1). Ignored if # -i2psam is not set. Listening for inbound I2P connections is done # through the SAM proxy, not by binding to a local address and # port. #i2pacceptincoming=1
# I2P SAM proxy to reach I2P peers and accept I2P connections (default: # none) #i2psam=<ip:port>
# Accept connections from outside (default: 1 if no -proxy, -connect or # -maxconnections=0) listen=1
# Automatically create Tor onion service (default: 1) #listenonion=1
# Maintain at most <n> automatic connections to peers (default: 125). This # limit does not apply to connections manually added via -addnode # or the addnode RPC, which have a separate limit of 8. #maxconnections=<n>
# Maximum per-connection receive buffer, <n>*1000 bytes (default: 5000) #maxreceivebuffer=<n>
# Maximum per-connection memory usage for the send buffer, <n>*1000 bytes # (default: 1000) #maxsendbuffer=<n>
# Maximum allowed median peer time offset adjustment. Local perspective of # time may be influenced by outbound peers forward or backward by # this amount (default: 4200 seconds). #maxtimeadjustment=1
# Tries to keep outbound traffic under the given target per 24h. Limit # does not apply to peers with 'download' permission or blocks # created within past week. 0 = no limit (default: 0M). Optional # suffix units [k|K|m|M|g|G|t|T] (default: M). Lowercase is 1000 # base while uppercase is 1024 base #maxuploadtarget=<n>
# Use NAT-PMP to map the listening port (default: 0) #natpmp=1
# Enable all P2P network activity (default: 1). Can be changed by the # setnetworkactive RPC command networkactive=1
# Use separate SOCKS5 proxy to reach peers via Tor onion services, set # -noonion to disable (default: -proxy). May be a local file path # prefixed with 'unix:'. #onion=<ip:port|path>
# Make automatic outbound connections only to network <net> (ipv4, ipv6, # onion, i2p, cjdns). Inbound and manual connections are not # affected by this option. It can be specified multiple times to # allow multiple networks. #onlynet=<net>
# Serve compact block filters to peers per BIP 157 (default: 0) #peerblockfilters=1
# Support filtering of blocks and transaction with bloom filters (default: # 0) #peerbloomfilters=1
# Listen for connections on <port>. Nodes not using the default ports # (default: 8333, testnet: 18333, signet: 38333, regtest: 18444) # are unlikely to get incoming connections. Not relevant for I2P # (see doc/i2p.md). #port=<port>
# Connect through SOCKS5 proxy, set -noproxy to disable (default: # disabled). May be a local file path prefixed with 'unix:' if the # proxy supports it. #proxy=<ip:port|path>
# Randomize credentials for every proxy connection. This enables Tor # stream isolation (default: 1) #proxyrandomize=1
# Connect to a node to retrieve peer addresses, and disconnect. This # option can be specified multiple times to connect to multiple # nodes. #seednode=<ip>
# Specify socket connection timeout in milliseconds. If an initial attempt # to connect is unsuccessful after this amount of time, drop it # (minimum: 1, default: 5000) #timeout=<n>
# Tor control host and port to use if onion listening enabled (default: # 127.0.0.1:9051). If no port is specified, the default port of # 9051 will be used. #torcontrol=<ip>:<port>
# Tor control port password (default: empty) #torpassword=<pass>
# Use UPnP to map the listening port (default: 1 when listening and no # -proxy) #upnp=1
# Support v2 transport (default: 1) #v2transport=1
# Bind to the given address and add permission flags to the peers # connecting to it. Use [host]:port notation for IPv6. Allowed # permissions: bloomfilter (allow requesting BIP37 filtered blocks # and transactions), noban (do not ban for misbehavior; implies # download), forcerelay (relay transactions that are already in the # mempool; implies relay), relay (relay even in -blocksonly mode, # and unlimited transaction announcements), mempool (allow # requesting BIP35 mempool contents), download (allow getheaders # during IBD, no disconnect after maxuploadtarget limit), addr # (responses to GETADDR avoid hitting the cache and contain random # records with the most up-to-date info). Specify multiple # permissions separated by commas (default: # download,noban,mempool,relay). Can be specified multiple times. #whitebind=<[permissions@]addr>
# Add permission flags to the peers using the given IP address (e.g. # 1.2.3.4) or CIDR-notated network (e.g. 1.2.3.0/24). Uses the same # permissions as -whitebind. Additional flags "in" and "out" # control whether permissions apply to incoming connections and/or # manual (default: incoming only). Can be specified multiple times. #whitelist=<[permissions@]IP address or network>
### Wallet options
# What type of addresses to use ("legacy", "p2sh-segwit", "bech32", or # "bech32m", default: "bech32") #addresstype=1
# Group outputs by address, selecting many (possibly all) or none, instead # of selecting on a per-output basis. Privacy is improved as # addresses are mostly swept with fewer transactions and outputs # are aggregated in clean change addresses. It may result in higher # fees due to less optimal coin selection caused by this added # limitation and possibly a larger-than-necessary number of inputs # being used. Always enabled for wallets with "avoid_reuse" # enabled, otherwise default: 0. #avoidpartialspends=1
# What type of change to use ("legacy", "p2sh-segwit", "bech32", or # "bech32m"). Default is "legacy" when -addresstype=legacy, else it # is an implementation detail. #changetype=1
# The maximum feerate (in BTC/kvB) at which transaction building may use # more inputs than strictly necessary so that the wallet's UTXO # pool can be reduced (default: 0.0001). #consolidatefeerate=<amt>
# Do not load the wallet and disable wallet RPC calls #disablewallet=1
# The fee rate (in BTC/kvB) that indicates your tolerance for discarding # change by adding it to the fee (default: 0.0001). Note: An output # is discarded if it is dust at this rate, but we will always # discard up to the dust relay fee and a discard fee above that is # limited by the fee estimate for the longest target #discardfee=<amt>
# A fee rate (in BTC/kvB) that will be used when fee estimation has # insufficient data. 0 to entirely disable the fallbackfee feature. # (default: 0.00) #fallbackfee=<amt>
# Set key pool size to <n> (default: 1000). Warning: Smaller sizes may # increase the risk of losing funds when restoring from an old # backup, if none of the addresses in the original keypool have # been used. #keypool=<n>
# Spend up to this amount in additional (absolute) fees (in BTC) if it # allows the use of partial spend avoidance (default: 0.00) #maxapsfee=<n>
# Fee rates (in BTC/kvB) smaller than this are considered zero fee for # transaction creation (default: 0.00001) #mintxfee=<amt>
# Fee rate (in BTC/kvB) to add to transactions you send (default: 0.00) #paytxfee=<amt>
# External signing tool, see doc/external-signer.md #signer=<cmd>
# Spend unconfirmed change when sending transactions (default: 1) #spendzeroconfchange=1
# If paytxfee is not set, include enough fee so transactions begin # confirmation on average within n blocks (default: 6) #txconfirmtarget=<n>
# Specify wallet path to load at startup. Can be used multiple times to # load multiple wallets. Path is to a directory containing wallet # data and log files. If the path is not absolute, it is # interpreted relative to <walletdir>. This only loads existing # wallets and does not create new ones. For backwards compatibility # this also accepts names of existing top-level data files in # <walletdir>. #wallet=<path>
# Make the wallet broadcast transactions (default: 1) #walletbroadcast=1
# Specify directory to hold wallets (default: <datadir>/wallets if it # exists, otherwise <datadir>) #walletdir=<dir>
# Execute command when a wallet transaction changes. %s in cmd is replaced # by TxID, %w is replaced by wallet name, %b is replaced by the # hash of the block including the transaction (set to 'unconfirmed' # if the transaction is not included) and %h is replaced by the # block height (-1 if not included). %w is not currently # implemented on windows. On systems where %w is supported, it # should NOT be quoted because this would break shell escaping used # to invoke the command. #walletnotify=<cmd>
# Send transactions with full-RBF opt-in enabled (RPC only, default: 1) walletrbf=1
### Node relay options
# Equivalent bytes per sigop in transactions for relay and mining # (default: 20) #bytespersigop=1
# Relay and mine data carrier transactions (default: 1) #datacarrier=1
# Relay and mine transactions whose data-carrying raw scriptPubKey is of # this size or less (default: 83) #datacarriersize=1
# Accept transaction replace-by-fee without requiring replaceability # signaling (default: 0) mempoolfullrbf=1
# Fees (in BTC/kvB) smaller than this are considered zero fee for # relaying, mining and transaction creation (default: 0.00001) #minrelaytxfee=<amt>
# Relay non-P2SH multisig (default: 1) #permitbaremultisig=1
# Add 'forcerelay' permission to whitelisted peers with default # permissions. This will relay transactions even if the # transactions were already in the mempool. (default: 0) #whitelistforcerelay=1
# Add 'relay' permission to whitelisted peers with default permissions. # This will accept relayed transactions even when not relaying # transactions (default: 1) #whitelistrelay=1
### Block creation options
# Set maximum BIP141 block weight (default: 3996000) #blockmaxweight=<n>
# Set lowest fee rate (in BTC/kvB) for transactions to be included in # block creation. (default: 0.00001) #blockmintxfee=<amt>
### RPC server options
# Accept public REST requests (default: 0) rest=1
# Allow JSON-RPC connections from specified source. Valid values for <ip> # are a single IP (e.g. 1.2.3.4), a network/netmask (e.g. # 1.2.3.4/255.255.255.0), a network/CIDR (e.g. 1.2.3.4/24), all # ipv4 (0.0.0.0/0), or all ipv6 (::/0). This option can be # specified multiple times rpcallowip=MY_IP_1 rpcallowip=MY_IP_2
# Username and HMAC-SHA-256 hashed password for JSON-RPC connections. The # field <userpw> comes in the format: <USERNAME>:<SALT>$<HASH>. A # canonical python script is included in share/rpcauth. The client # then connects normally using the # rpcuser=<USERNAME>/rpcpassword=<PASSWORD> pair of arguments. This # option can be specified multiple times rpcauth=USER:0949c0b552d208e24608d4896e706422$15b778b47156bc76545a262452a6475db8d78a8a3639c2d044ee2a6a73675ea7
# Bind to given address to listen for JSON-RPC connections. Do not expose # the RPC server to untrusted networks such as the public internet! # This option is ignored unless -rpcallowip is also passed. Port is # optional and overrides -rpcport. Use [host]:port notation for # IPv6. This option can be specified multiple times (default: # 127.0.0.1 and ::1 i.e., localhost) rpcbind=0.0.0.0:8332
# Location of the auth cookie. Relative paths will be prefixed by a # net-specific datadir location. (default: data dir) #rpccookiefile=<loc>
# Password for JSON-RPC connections #rpcpassword=<pw>
# Listen for JSON-RPC connections on <port> (default: 8332, testnet: # 18332, signet: 38332, regtest: 18443) #rpcport=<port>
# Set the number of threads to service RPC calls (default: 4) rpcthreads=1000
# Username for JSON-RPC connections #rpcuser=<user>
# Set a whitelist to filter incoming RPC calls for a specific user. The # field <whitelist> comes in the format: <USERNAME>:<rpc 1>,<rpc # 2>,...,<rpc n>. If multiple whitelists are set for a given user, # they are set-intersected. See -rpcwhitelistdefault documentation # for information on default whitelist behavior. #rpcwhitelist=<whitelist>
# Sets default behavior for rpc whitelisting. Unless rpcwhitelistdefault # is set to 0, if any -rpcwhitelist is set, the rpc server acts as # if all rpc users are subject to empty-unless-otherwise-specified # whitelists. If rpcwhitelistdefault is set to 1 and no # -rpcwhitelist is set, rpc server acts as if all rpc users are # subject to empty whitelists. #rpcwhitelistdefault=1
# Accept command line and JSON-RPC commands server=1
|