However, in many cases it may be preferable to control the Broker remotely without directly accessing the machine that it is running on. This may be particularly important as part of a strategy to increase security through the principle of least privilege.
To control a remote broker, follow the steps below.
Open RPC port
To control your Broker remotely, your client must have access to the Broker's RPC port, which by default is:
You may want to limit incoming connections to this port to a known IP or IP range to increase the security of your Broker.
Your local machine will need the certificate of the Broker that was created as part of the build process. During the build, this certificate is stored on the machine that the Broker was built on (e.g. your server) at
~/.sparkswap/certs/broker-rpc-tls.cert. You'll need it in the same location on your local machine to use the CLI (and it's recommended to keep it there even when running a custom Broker client).
To copy it from the remote machine using
scp, try the following:
mkdir -p ~/.sparkswap/certs && scp <your user>@<remote.ip.address>:~/.sparkswap/certs/broker-rpc-tls.cert ~/.sparkswap/certs/broker-rpc-tls.cert
Configure your client
You'll need to configure your client with the
RPC_PASS from the Broker's
.env file as well as the address where your broker can be reached.
It is important that the RPC address you use for your Broker is the same as the
EXTERNAL_ADDRESS in the Broker's
.env file, as that's used to create the certificate. Using another hostname will result in a failure to connect to the Broker RPC.
If you're using the CLI, you'll need to update the
~/.sparkswap/config.js file on your local machine, and you'll need to update the:
If you're using a custom client, be sure that the username, password, and host location are configured properly.
Your local machine should now be set up as a client of your remote Broker. The connection will be secured with TLS, and requests will be authenticated with the username and password that you set up.
If you're having any issues with your remote setup, please ask for assistance on Discord.