-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdefault_config.toml
208 lines (183 loc) · 6.96 KB
/
default_config.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
# antelope-firewall config.
#
# NOTE: Toml tables with a key surrounded by two square brackets are analagous to an array
# of objects in json. i.e.
#
# [[foo]]
# bar = "abc"
#
# [[foo]]
# bar = "def"
#
# is roughly equivalent to
# {
# "foo": [
# { "bar": "abc" },
# { "bar": "def" }
# ]
# }
#
# For more help with toml format: https://toml.io/en/v1.0.0
# routing_mode: "round_robin" or "least_connections" or "random"
# round robin will send requests to each possibility in order, allowing for more requests to servers with higher weight
# least_connections will send to servers with the least number of current connections, allowing for more requests to servers with higher weight
# random will send to servers randomly, with more requests going to servers with more weight
routing_mode = "round_robin"
# address: String
# Socket the firewall will listen on
# Leave as 0.0.0.0:3000 to bind on port 3000 on all addresses assigned to this machine, including localhost
address = "0.0.0.0:3000"
# prometheus_address: Option<String>
# Socket that prometheus will run on
# Leave as 0.0.0.0:3001 to bind on port 3000 on all addresses assigned to this machine, including localhost
# Omit to not launch a prometheus process
prometheus_address = "0.0.0.0:3001"
# Healthcheck will run a get_info request every `interval` seconds on all nodes to determine
# which nodes are in sync. If a node has a head_block_time more than `grace_period` seconds
# older than the current system time, that node will not be considered as a valid node
# to route requests to. Healthcheck will then keep making requests at the same interval
# to determine if the node re-syncs.
#
# This is an optional field. If you remove or comment out the below table healthcheck will
# not run.
[healthcheck]
# interval: non-zero Integer
interval = 15
# grace_period: Integer
grace_period = 5
[filter]
# block_contracts: Array<String>
# block transactions that contain an action sent to an account in the below array
# note: Mutually exclusive with allow_only_contracts. At least one should be empty
block_contracts = []
# block_ips: Array<String>
# block requests that originate from the below IP list.
# This can be left out
block_ips = []
# allow_only_contracts = Array<String>
# only allow requests that contain only actions sent to accounts in the below array
# note: Mutually exclusive with block_contracts. At least one should be empty
allow_only_contracts = []
# Every table in the ratelimit array constitutes a new rate limiter that will be applied in
# consecutive order. Requests must pass all defined ratelimiters to make it through.
# Example of a ratelimiter that will block requests from any IP that has
# sent more than 5 failing requests over 60 seconds
[[ratelimit]]
# name: String
# Name of ratelimiter, used for logging and prometheus metrics. Must be unique
name = "base"
# limit_on: "attempt" or "failure"
# "attempt" increments the ratelimit count on incoming request, failure increments the count when
# a request is forwarded to and end node and comes back with an error http status
limit_on = "failure"
# bucket_type: "ip", "contract", "authorizer", or "table"
# Represents the ratelimit bucket. "ip" sets the bucket to be the request IP. "contract"
# is for all accounts in an action list, "authorizer" is for all accounts in an authorization, and "table" is explained in the next section
# list. For "contract" and "authorizer", the ratelimiter needs to pass for all accounts and all authorizers
# in a transaction, not just the first one.
bucket_type = "ip"
# limit: Integer
# We use the sliding window algorithm to ensure that (on average) the value of the
# ratelimiter will not go over `limit` for a given window of time. Will not allow more than
# 2*`limit` for any given window.
# https://medium.com/@m-elbably/rate-limiting-the-sliding-window-algorithm-daa1d91e6196#:~:text=The%20Sliding%20Window%20Algorithm%20is,rate%20limiting%20in%20various%20applications.
limit = 5
# window_duration: non-zero Integer
# Duration of the window in seconds.
window_duration = 60
# For the above ratelimiter, because select_accounts is not specified it will apply for all accounts
# OTHER POSSIBLE RATELIMITER EXAMPLES
# #--------------------------------
#
# #The following is a config for a ratelimiter that only allows each IP 30
# #table reads/min to the "accounts" table of eosio.token
# [[ratelimit]]
# name = "example_table_ratelimiter"
# limit_on = "attempt"
# bucket_type = "table"
# limit = 30
# window_duration = 60
#
# #Note that select_accounts now has a different meaning and format,
# #instead specifying the list of tables the rate limiter will be applied to.
# #Tables are listed as "{contract name}::{table name}"
# #If select_accounts is omitted, it will apply to all tables.
# select_accounts = ["eosio.token::accounts"]
#
# #--------------------------------
# #--------------------------------
#
# #Example of a ratelimiter that limits any given transaction authorizer to only
# #be able to send a request if they have not had more than 2 failed transactions
# #every 60 seconds.
# [[ratelimit]]
# name = "example_failure_ratelimiter"
# limit_on = "attempt"
# bucket_type = "authorizer"
# limit = 1
# window_duration = 60
# # If select_accounts is specified, the ratelimiter will only apply for accounts
# # in the list. If not specified, the ratelimiter will apply to all accounts.
# select_accounts = []
#
# #--------------------------------
# push_nodes
# List of nodes that requests that mutate blockchain state can be forwarded to
#
# Requests to the following endpoints can be forwarded to nodes in this list:
#
# /v1/chain/push_transaction
# /v1/chain/send_transaction
# /v1/chain/push_transactions
# /v1/chain/send_transaction2
# /v1/chain/compute_transaction
# /v1/chain/send_read_only_transaction
# /v1/chain/push_block
[[push_nodes]]
# name: String
# used for logging
name = "push_one"
# url: String
# base url that requests will be forwarded to. Please put without the ending /
url = "http://127.0.0.1:5000"
# weight: non-zero Integer
# Can be left out, will default to 1
weight = 1
# get_nodes:
# List of nodes that requests that only read blockchain state can be forwarded to
#
# Requests to the following endpoints can be forwarded to nodes in this list:
#
# /v1/chain/get_account
# /v1/chain/get_block
# /v1/chain/get_block_info
# /v1/chain/get_info
# /v1/chain/get_block_header_state
# /v1/chain/get_abi
# /v1/chain/get_currency_balance
# /v1/chain/get_currency_stats
# /v1/chain/get_required_keys
# /v1/chain/get_producers
# /v1/chain/get_raw_code_and_abi
# /v1/chain/get_scheduled_transactions
# /v1/chain/get_table_by_scope
# /v1/chain/get_table_rows
# /v1/chain/get_code
# /v1/chain/get_raw_abi
# /v1/chain/get_activated_protocol_features
# /v1/chain/get_accounts_by_authorizers
# /v1/chain/get_transaction_status
# /v1/chain/get_producer_schedule
#
[[get_nodes]]
name = "get_one"
url = "http://127.0.0.1:5001"
weight = 1
[[get_nodes]]
name = "get_two"
url = "http://127.0.0.1:5002"
weight = 1
[[get_nodes]]
name = "get_three"
url = "http://127.0.0.1:5003"
weight = 1