Configure a node

The default node configuration is optimized for most common scenarios. But you can fine-tune the settings to match your specific requirements.

We recommend beginning with learning how the node configuration process works, and then browse the example configuration for tuning knobs.

Here are few common configuration scenarios.

Accept incoming connections

When your node starts it will listen for node-to-node connections on the TCP endpoint 127.0.0.1:5158. Select a different endpoint via the tenzir.endpoint option. For example, to bind to an IPv6 address use [::1]:42000.

Refuse incoming connections

Set tenzir.endpoint to false to disable the endpoint, making the node exclusively accessible through the Tenzir Platform. This effectively prevents connections from other tenzir or tenzir-node processes.

Configure pipeline subprocesses

Pipelines that run in a node can be partially moved to a subprocess for improved error resilience and resource utilization. Operators that need to communicate with a component still run inside the main node process for architectural reasons. Set tenzir.pipeline-subprocesses: true in tenzir.yaml or TENZIR_PIPELINE_SUBPROCESSES=true on the command line to enable this feature, which is disabled by default.

Learn more about pipeline subprocesses and their trade-offs.

Specifically configure the Platform TLS connection

By default, the platform connection uses TLS and will pick up the settings from the configurations section tenzir.tls. See Configure TLS for all available TLS options.

If you need to, you can configure TLS settings for the platform connection specifically:

plugins:
  platform:
    tls-min-version: "1.2"
    tls-ciphers: "HIGH:!aNULL:!MD5"

The tls-ciphers option uses OpenSSL cipher list syntax. The example above selects high-strength ciphers while excluding those without authentication (!aNULL) and those using MD5 (!MD5).