設定 Azure 區塊鏈 Service 交易節點Configure Azure Blockchain Service transaction nodes

交易節點是用來透過公用端點將區塊鏈交易傳送至 Azure 區塊鏈 Service。Transaction nodes are used to send blockchain transactions to Azure Blockchain Service through a public endpoint. 預設交易節點包含在區塊鏈上註冊之乙太坊帳戶的私密金鑰,因此無法刪除。The default transaction node contains the private key of the Ethereum account registered on the blockchain, and as such cannot be deleted.

若要查看預設交易節點詳細資料:To view the default transaction node details:

  1. 登入 Azure 入口網站Sign in to the Azure portal.

  2. 瀏覽至您的 Azure 區塊鏈服務成員。Navigate to your Azure Blockchain Service member. 選取 [交易節點]。Select Transaction nodes.

    選取預設交易節點

    總覽詳細資料包含公用端點位址和公開金鑰。Overview details include public endpoint addresses and public key.

建立交易節點Create transaction node

您最多可以在區塊鏈成員中新增9個額外的交易節點,總計10個交易節點。You can add up to nine additional transaction nodes to your blockchain member, for a total of 10 transaction nodes. 藉由新增交易節點,您可以增加擴充性或散發負載。By adding transaction nodes, you can increase scalability or distribute load. 例如,您可能會有不同用戶端應用程式的交易節點端點。For example, you could have a transaction node endpoint for different client applications.

若要新增交易節點:To add a transaction node:

  1. 在 [Azure 入口網站中,流覽至您的 Azure 區塊鏈服務成員,然後選取 [交易節點] > 新增]。In the Azure portal, navigate to your Azure Blockchain Service member and select Transaction nodes > Add.

  2. 完成新交易節點的設定。Complete the settings for the new transaction node.

    新增交易節點

    設定Setting 描述Description
    名稱Name 交易節點名稱。Transaction node name. 該名稱會用來建立交易節點端點的 DNS 位址。The name is used to create the DNS address for the transaction node endpoint. 例如, newnode-myblockchainmember.blockchain.azure.comFor example, newnode-myblockchainmember.blockchain.azure.com. 節點名稱一旦建立之後就無法變更。The node name cannot be changed once it is created.
    密碼Password 設定強式密碼。Set a strong password. 使用密碼來存取具有基本驗證的交易節點端點。Use the password to access the transaction node endpoint with basic authentication.
  3. 選取 [建立]。Select Create.

    佈建一個新的交易節點大約需要 10 分鐘。Provisioning a new transaction node takes about 10 minutes. 額外的交易節點會產生成本。Additional transaction nodes incur cost. 如需成本的詳細資訊,請參閱Azure 定價For more information on costs, see Azure pricing.

EndpointsEndpoints

交易節點具有唯一的 DNS 名稱和公用端點。Transaction nodes have a unique DNS name and public endpoints.

若要查看交易節點的端點詳細資料:To view a transaction node's endpoint details:

  1. 在 Azure 入口網站中,流覽至您的其中一個 Azure 區塊鏈服務成員交易節點,然後選取總覽In the Azure portal, navigate to one of your Azure Blockchain Service member transaction nodes and select Overview.

    Endpoints

交易節點端點是安全的,而且需要驗證。Transaction node endpoints are secure and require authentication. 您可以使用 Azure AD 驗證、HTTPS 基本驗證,以及透過 HTTPS 的存取金鑰或透過 SSL 的 Websocket,連接到交易端點。You can connect to a transaction endpoint using Azure AD authentication, HTTPS basic authentication, and using an access key over HTTPS or Websocket over SSL.

Azure Active Directory 存取控制Azure Active Directory access control

Azure 區塊鏈 Service 交易節點端點支援 Azure Active Directory (Azure AD)驗證。Azure Blockchain Service transaction node endpoints support Azure Active Directory (Azure AD) authentication. 您可以將 Azure AD 使用者、群組和服務主體的存取權授與您的端點。You can grant Azure AD user, group, and service principal access to your endpoint.

若要將 Azure AD 存取控制授與您的端點:To grant Azure AD access control to your endpoint:

  1. 在 [Azure 入口網站中,流覽至您的 Azure 區塊鏈服務成員,然後選取 [交易節點 > 存取控制(IAM)] > 新增 > 新增角色指派]。In the Azure portal, navigate to your Azure Blockchain Service member and select Transaction nodes > Access control (IAM) > Add > Add role assignment.

  2. 為使用者、群組或服務主體(應用程式角色)建立新的角色指派。Create a new role assignment for a user, group, or service principal (application roles).

    新增 IAM 角色

    設定Setting 動作Action
    角色Role 選取 [擁有者]、[參與者] 或 [讀取者]。Select Owner, Contributor, or Reader.
    存取權指派對象Assign access to 選取 [ Azure AD 使用者、群組或服務主體]。Select Azure AD user, group, or service principal.
    選取 [封裝設定]Select 搜尋您想要新增的使用者、群組或服務主體。Search for the user, group, or service principal you want to add.
  3. 選取 [儲存] 以新增角色指派。Select Save to add the role assignment.

如需 Azure AD 存取控制的詳細資訊,請參閱使用 RBAC 和 Azure 入口網站來管理 Azure 資源的存取權For more information on Azure AD access control, see Manage access to Azure resources using RBAC and the Azure portal

如需如何使用 Azure AD authentication 進行連線的詳細資訊,請參閱使用 AAD 驗證連接到您的節點For details on how to connect using Azure AD authentication, see connect to your node using AAD authentication.

基本驗證Basic authentication

針對 HTTPS 基本驗證,使用者名稱和密碼認證會在要求的 HTTPS 標頭中傳遞至端點。For HTTPS basic authentication, user name and password credentials are passed in the HTTPS header of the request to the endpoint.

您可以在 Azure 入口網站中,查看交易節點的基本驗證端點詳細資料。You can view a transaction node's basic authentication endpoint details in the Azure portal. 流覽至您的其中一個 Azure 區塊鏈服務成員交易節點,然後選取 [設定] 中的 [基本驗證]。Navigate to one of your Azure Blockchain Service member transaction nodes and select Basic Authentication in settings.

基本驗證

[使用者名稱] 是您的節點名稱,而且無法變更。The user name is the name of your node and cannot be changed.

若要使用此 URL,請將 <password> 取代為布建節點時所設定的密碼。To use the URL, replace <password> with the password set when the node was provisioned. 您可以選取 [重設密碼] 來更新密碼。You can update the password by selecting Reset password.

存取金鑰Access keys

對於存取金鑰驗證,存取金鑰會包含在端點 URL 中。For access key authentication, the access key is included in the endpoint URL. 布建交易節點時,會產生兩個存取金鑰。When the transaction node is provisioned, two access keys are generated. 這兩個存取金鑰都可以用來進行驗證。Either access key can be used for authentication. 兩個金鑰可讓您變更和旋轉金鑰。Two keys enable you to change and rotate keys.

您可以查看交易節點的存取金鑰詳細資料,並複製包含存取金鑰的端點位址。You can view a transaction node's access key details and copy endpoint addresses that include the access keys. 流覽至您的其中一個 Azure 區塊鏈服務成員交易節點,然後選取 [設定] 中的 [存取金鑰]。Navigate to one of your Azure Blockchain Service member transaction nodes and select Access Keys in settings.

防火牆規則Firewall rules

防火牆規則可讓您限制可以嘗試向交易節點進行驗證的 IP 位址。Firewall rules enable you to limit the IP addresses that can attempt to authenticate to your transaction node. 如果沒有為您的交易節點設定防火牆規則,則任何合作物件都無法存取。If no firewall rules are configured for your transaction node, it cannot be accessed by any party.

若要查看交易節點的防火牆規則,請流覽至其中一個 Azure 區塊鏈服務成員交易節點,然後選取 [設定] 中的 [防火牆規則]。To view a transaction node's firewall rules, navigate to one of your Azure Blockchain Service member transaction nodes and select Firewall rules in settings.

您可以在 [防火牆規則] 方格中輸入規則名稱、起始 ip 位址和結束 ip 位址,以新增防火牆規則。You can add firewall rules by entering a rule name, starting IP address, and an ending IP address in the Firewall rules grid.

防火牆規則

若要啟用:To enable:

  • 單一 IP 位址: 為起始和結束 IP 位址設定相同的 IP 位址。Single IP address: Configure the same IP address for the starting and ending IP addresses.
  • IP 位址範圍: 設定 [開始] 和 [結束] IP 位址範圍。IP address range: Configure the starting and ending IP address range. 例如,從10.221.34.0 開始並于10.221.34.255 結束的範圍會啟用整個10.221.34.xxx 子網。For example, a range starting at 10.221.34.0 and ending at 10.221.34.255 would enable the entire 10.221.34.xxx subnet.
  • 允許所有 IP 位址: 將起始 IP 位址設定為0.0.0.0,並將結束 IP 位址設為255.255.255.255。Allow all IP addresses: Configure the starting IP address to 0.0.0.0 and the ending IP address to 255.255.255.255.

連接字串Connection strings

您的交易節點的連接字串語法是針對基本驗證或使用存取金鑰所提供。Connection string syntax for your transaction node is provided for basic authentication or using access keys. 提供連接字串,包括透過 HTTPS 和 Websocket 的存取金鑰。Connection strings including access keys over HTTPS and WebSockets are provided.

您可以查看交易節點的連接字串,並複製端點位址。You can view a transaction node's connection strings and copy endpoint addresses. 流覽至您的其中一個 Azure 區塊鏈服務成員交易節點,然後選取 [設定] 中的 [連接字串]。Navigate to one of your Azure Blockchain Service member transaction nodes and select Connection strings in settings.

連接字串

範例程式碼Sample code

提供範例程式碼,可讓您透過 Web3、Nethereum、Web3js 和 Truffle 快速連接到您的交易節點。Sample code is provided to quickly enable connecting to your transaction node via Web3, Nethereum, Web3js, and Truffle.

您可以查看交易節點的範例連接程式碼,並將它複製到搭配熱門開發人員工具使用。You can view a transaction node's sample connection code and copy it to use with popular developer tools. 移至您的其中一個 Azure 區塊鏈服務成員交易節點,然後選取 [設定] 中的範例程式碼Go to one of your Azure Blockchain Service member transaction nodes and select Sample Code in settings.

選擇 [Web3]、[Nethereum]、[Truffle] 或 [Web3j] 索引標籤,以查看您想要使用的程式碼範例。Choose the Web3, Nethereum, Truffle, or Web3j tab to view the code sample you want to use.

範例程式碼

後續步驟Next steps