a Corda Network Map Service, meeting the protocol, both documented and otherwise.
100K+
v0.5.1, latest - Corda 4.x compatible releasev0.4.4 - latest stable releaseedge - latest master build, unstablev0.4.4-s390x - s390x base image to run on IBM LinuxOneSee our issues board for what this networkmap can't do as yet:
https://gitlab.com/cordite/network-map-service/boards
See here.
We encourage you to raise any issues/bugs you find in Cordite. Please follow the below steps before raising issues:
We welcome contributions both technical and non-technical with open arms! There's a lot of work to do here. The Contributing Guide provides more information on how to contribute.
Network Map Service is being developed by a group of financial services companies, software vendors and open source contributors. The project is hosted on here on GitLab.
All software in this repository is licensed under the Apache License, Version 2.0 (the "License"); you may not use this software except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
See the detailed instructions in the FAQ
You can configure the service using -D system properties. See the section for
command line parameters.
| Property | Env Variable | Default | Description |
|---|---|---|---|
| auth-password | NMS_AUTH_PASSWORD | admin | system admin password |
| auth-username | NMS_AUTH_USERNAME | sa | system admin username |
| cache-timeout | NMS_CACHE_TIMEOUT | 2S | http cache timeout for this service in ISO 8601 duration format |
| certman | NMS_CERTMAN | true | enable Cordite certman protocol so that nodes can authenticate using a signed TLS cert |
| certman-pkix | NMS_CERTMAN_PKIX | false | enables certman's pkix validation against JDK default truststore |
| certman-strict-ev | NMS_CERTMAN_STRICT_EV | false | enables strict constraint for EV certs only in certman |
| certman-truststore | NMS_CERTMAN_TRUSTSTORE | specified a custom truststore instead of the default JRE cacerts | |
| certman-truststore-password | NMS_CERTMAN_TRUSTSTORE_PASSWORD | truststore password | |
| db | NMS_DB | .db | database directory for this service |
| doorman | NMS_DOORMAN | true | enable Corda doorman protocol |
| hostname | NMS_HOSTNAME | 0.0.0.0 | interface to bind the service to |
| network-map-delay | NMS_NETWORK_MAP_DELAY | 1S | queue time for the network map to update for addition of nodes |
| param-update-delay | NMS_PARAM_UPDATE_DELAY | 10S | schedule duration for a parameter update |
| port | NMS_PORT | 8080 | web port |
| root-ca-name | NMS_ROOT_CA_NAME | CN="", OU=Cordite Foundation Network, O=Cordite Foundation, L=London, ST=London, C=GB | the name for the root ca. If doorman and certman are turned off this will automatically default to Corda dev root ca |
| tls | NMS_TLS | false | whether TLS is enabled or not |
| tls-cert-path | NMS_TLS_CERT_PATH | path to cert if TLS is turned on | |
| tls-key-path | NMS_TLS_KEY_PATH | path to key if TLS turned on |
This network map supports the Corda doorman protocol. This facility can be disabled with doorman system property or NMS_DOORMAN environment variable.
network-map-truststore.jksIf you wish to use the doorman protocol to register a node as per Corda you will need the network's network-map-truststore.jks.
You can do this using the url <network-map-url>/network-map/truststore.
This network map provides an alternative means of gaining the required keystore files using any TLS certificate and private key, issued by a formal PKI root CA.
Assuming you have certificate domain.crt and its corresponding private key domain.key, and assuming the network map is bound to http://localhost:8080, the following command line will retrieve the keystore files:
openssl dgst -sha256 -sign domain.key domain.crt | base64 | cat domain.crt - | curl -k -X POST -d @- http://localhost:8080/certman/api/generate -o keys.zip
This essentially signs the certificate with your private key and sends only the certificate and signature to the network-map.
If the certificate passes validation, the request returns a zip file of the keystores required by the node.
These should be stored in the <node-directory>/certificates.
$ java -Dtls=false -jar target/network-map-service.jar)
node.conf file:
compatibilityZoneURL="http://localhost:8080"http://localhost:8080/network-map/truststore and place it in the node's
folder under certificates/java -jar corda.jar --initial-registration --network-root-truststore-password trustpassjava -jar corda.jarhttps://localhost:8080 to see the nodeTo release NMS you just need to tag it. It is then released to docker hub.
View license information for the software contained in this image.
As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
Content type
Image
Digest
Size
147.9 MB
Last updated
over 5 years ago
docker pull cordite/network-map:v0.4.4-s390x