Configuring ChAINLINK

ChAINLINK’s primary options:

• --daemon: Runs the application as a daemon.
• --umask=mask: Sets the default file permissions of all files created by the daemon.
• --pidfile=path: Writes the process ID of the daemon to the given file.
• --client=parent_ip_or_hostname: Connects to a parent node (i.e. if not the root node).
• --psk=password: The password to use for invitations.
• --server: The default if unspecified. Runs the node as a root server.
• --country=cn: Which country the CA / client certificate should use.
• --province=pn: Which province the CA / client certificate should use.
• --city=ct: Which city the CA / client certificate should use.
• --organisation=org: Which organisation the CA / client certificate should use.
• --common-name=co: Which common-name the CA / client certificate should use. The recommendation is to use your own name, as this is likely what the network administrators will primarily be checking.

Additionally, ChAINLINK offers sane defaults, however these can be customised as necessary:

• --validity-duration=seconds: How long the issued CA certificate should be valid for.
• --public-address=addr: The IP:Port pair to listen on for public control-plane traffic.
• --psk-ttl=ttl: The time invitations should be valid for.
• --wireguard-address=addr: The IP:Port pair to listen on for WireGuard traffic. This needs to be accessible to all clients.
• --private-port: The port to listen on for private control-plane traffic.

There are some options which will be offered as part of the invite, however they can also be set manually:

• --referrer=ID: Which node is extending the invitation.
• --timestamp=UTC: The UTC timestamp of the invitation.
• --psk-hash=SHA256: The SHA256 hash of the invite pre-shared-key & timestamp.
• --psk-signature: The pre-shared-key hash signed with the referring node’s certificate.
• --psk-ttl=ttl: The time-to-live of the PSK offered.

Firewall

ChAINLINK by default requires specific ports to be open:

• 272 (TCP)
• 273 (TCP)
• 274 (UDP)

These nodes are only need to pass traffic to the nodes connecting to them. I.e. if a node needs to adopt “child” nodes, then it needs these ports open to the child at least.