New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docs request: How to use the IP allowlist #105

Open

sgatewood-da opened this issue Sep 24, 2024 · 1 comment

Collaborator

sgatewood-da commented Sep 24, 2024 •

edited

Loading

I think we need a versioned doc (e.g. on https://dev.network.canton.global/) describing which IPs get allowlisted to which endpoint
- e.g. I think I’m currently giving validators access to cometbft, and I’m not actually sure if they are supposed to have that access
I don’t see this taking a ton of effort, other than maybe answering questions that we really should be asking

More context

This is a duplicate of this issue within CN's internal repo
I also had this in our meetings doc and wayne asked I move it here

IEU's comment from the SV doc

IEU: Agree that we need this
- Hard to know which IPs to whitelist to which endpoints; need to manage multiple security groups
- Need documentation showing what should be accessed by / open to whom

Collaborator Author

sgatewood-da commented Oct 2, 2024

Leaked info found:

Validators only need access to:

Sequencer endpoint
Scan API

You should also allowlist their VPN to the scan UI

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment