# ⚙️ Guide de Configuration - sdk_client Guide complet pour configurer l'infrastructure sdk_client selon vos besoins. ## 📋 Configuration Générale ### 1. Variables d'Environnement Créer un fichier `.env` à la racine du projet : ```bash # Configuration sdk_client PROJECT_NAME=sdk_client NETWORK_NAME=4nk_node_btcnet # Logs RUST_LOG=debug,bitcoincore_rpc=trace # Bitcoin BITCOIN_COOKIE_PATH=/home/bitcoin/.bitcoin/signet/.cookie # Synchronisation ENABLE_SYNC_TEST=1 # Ports TOR_PORTS=9050:9050,9051:9051 BITCOIN_PORTS=38333:38333,18443:18443,29000:29000 BLINDBIT_PORTS=8000:8000 RELAY_1_PORTS=8090:8090,8091:8091 RELAY_2_PORTS=8092:8090,8093:8091 RELAY_3_PORTS=8094:8090,8095:8091 ``` ### 2. Configuration Réseau #### Réseau Docker Personnalisé ```bash # Créer un réseau personnalisé docker network create 4nk-network --subnet=172.20.0.0/16 --gateway=172.20.0.1 # Modifier docker-compose.yml sed -i 's/4nk_default/4nk-network/g' docker-compose.yml ``` #### Configuration de Pare-feu ```bash # Autoriser les ports nécessaires sudo ufw allow 18443/tcp # Bitcoin Core RPC sudo ufw allow 8090/tcp # sdk_relay WebSocket sudo ufw allow 8000/tcp # Blindbit API sudo ufw allow 9050/tcp # Tor SOCKS sudo ufw enable # Vérifier les règles sudo ufw status numbered ``` ## 🔧 Configuration Bitcoin Core ### 1. Configuration de Base Fichier : `bitcoin/bitcoin.conf` ```ini # Configuration Bitcoin Core Signet signet=1 rpcuser=bitcoin rpcpassword=your_secure_password rpcbind=0.0.0.0 rpcallowip=172.19.0.0/16 zmqpubrawblock=tcp://0.0.0.0:29000 zmqpubrawtx=tcp://0.0.0.0:29000 txindex=1 server=1 listen=1 # Configuration Signet [signet] listen=1 bind=0.0.0.0:38333 rpcbind=0.0.0.0:18443 rpcport=18443 fallbackfee=0.0001 blockfilterindex=1 datacarriersize=205 acceptnonstdtxn=1 dustrelayfee=0.00000001 minrelaytxfee=0.00000001 prune=0 signetchallenge=0020341c43803863c252df326e73574a27d7e19322992061017b0dc893e2eab90821 walletdir=/home/bitcoin/.bitcoin/wallets wallet=mining wallet=watchonly maxtxfee=1 addnode=tlv2yqamflv22vfdzy2hha2nwmt6zrwrhjjzz4lx7qyq7lyc6wfhabyd.onion ``` ### 2. Configuration Avancée #### Performance ```ini # Optimisation mémoire dbcache=450 maxmempool=300 maxconnections=125 # Optimisation disque txindex=1 blockfilterindex=1 coinstatsindex=1 # Optimisation réseau listenonion=1 onion=tor:9050 proxy=tor:9050 ``` #### Sécurité ```ini # Authentification rpcauth=bitcoin:c8ea921c7357bd6a5a8a7c43a12350a7$955e25b17672987b17c5a12f12cd8b9c1d38f0f86201c8cd47fc431f2e1c7956 rpcallowip=172.19.0.0/16 rpcworkqueue=32 rpcthreads=4 rpcdoccheck=1 # Limites maxuploadtarget=5000 maxconnections=125 ``` ### 3. Configuration des Wallets ```bash # Créer un wallet pour les relais docker exec bitcoin-signet bitcoin-cli -signet createwallet "relay_wallet" # Créer un wallet pour le mining docker exec bitcoin-signet bitcoin-cli -signet createwallet "mining_wallet" # Créer un wallet watch-only docker exec bitcoin-signet bitcoin-cli -signet createwallet "watchonly_wallet" true ``` ## 🔧 Configuration Blindbit ### 1. Configuration de Base Fichier : `blindbit/blindbit.toml` ```toml # Configuration Blindbit Oracle host = "0.0.0.0:8000" chain = "signet" rpc_endpoint = "http://bitcoin:18443" cookie_path = "/home/bitcoin/.bitcoin/signet/.cookie" rpc_user = "" rpc_pass = "" sync_start_height = 1 # Performance max_parallel_tweak_computations = 4 max_parallel_requests = 4 # Index tweaks_only = 0 tweaks_full_basic = 1 tweaks_full_with_dust_filter = 1 tweaks_cut_through_with_dust_filter = 1 ``` ### 2. Configuration Avancée #### Performance ```toml # Optimisation des calculs max_parallel_tweak_computations = 8 max_parallel_requests = 8 # Cache cache_size = 1000 cache_ttl = 3600 # Logs log_level = "info" log_file = "/data/blindbit.log" ``` #### Sécurité ```toml # Authentification rpc_user = "blindbit_user" rpc_pass = "secure_password" # Limites max_request_size = 1048576 rate_limit = 100 ``` ## 🔧 Configuration des Relais ### 1. Configuration de Base #### Relay 1 - `sdk_relay/.conf.docker.relay1` ```ini core_url=http://bitcoin:18443 core_wallet=relay_wallet ws_url=0.0.0.0:8090 wallet_name=relay_wallet.json network=signet blindbit_url=http://blindbit:8000 zmq_url=tcp://bitcoin:29000 data_dir=.4nk cookie_path=/home/bitcoin/.4nk/bitcoin.cookie dev_mode=true standalone=false relay_id=relay-1 ``` #### Relay 2 - `sdk_relay/.conf.docker.relay2` ```ini core_url=http://bitcoin:18443 core_wallet=relay_wallet ws_url=0.0.0.0:8090 wallet_name=relay_wallet.json network=signet blindbit_url=http://blindbit:8000 zmq_url=tcp://bitcoin:29000 data_dir=.4nk cookie_path=/home/bitcoin/.4nk/bitcoin.cookie dev_mode=true standalone=false relay_id=relay-2 ``` #### Relay 3 - `sdk_relay/.conf.docker.relay3` ```ini core_url=http://bitcoin:18443 core_wallet=relay_wallet ws_url=0.0.0.0:8090 wallet_name=relay_wallet.json network=signet blindbit_url=http://blindbit:8000 zmq_url=tcp://bitcoin:29000 data_dir=.4nk cookie_path=/home/bitcoin/.4nk/bitcoin.cookie dev_mode=true standalone=false relay_id=relay-3 ``` ### 2. Configuration Avancée #### Performance ```ini # Optimisation mémoire max_connections=100 connection_timeout=30 read_timeout=60 # Cache cache_size=1000 cache_ttl=3600 # Logs log_level=info log_file=/home/bitcoin/.4nk/relay.log ``` #### Sécurité ```ini # Authentification auth_required=true auth_token=your_secure_token # Limites max_message_size=1048576 rate_limit=1000 ``` ### 3. Configuration de Synchronisation ```ini # Synchronisation sync_enabled=true sync_interval=30 sync_timeout=10 # Découverte discovery_enabled=true discovery_interval=60 discovery_timeout=5 # Cache de déduplication dedup_enabled=true dedup_ttl=300 dedup_max_size=10000 ``` ## 🌐 Configuration des Nœuds Externes ### 1. Configuration de Base Fichier : `sdk_relay/external_nodes.conf` ```toml # Configuration des nœuds externes [relays] external-relay-1 = "external-relay-1.example.com:8090" external-relay-2 = "192.168.1.100:8090" dev3-relay = "dev3.4nkweb.com:443" [discovery] auto_discover = true bootstrap_nodes = [ "bootstrap-1.4nk.net:8090", "bootstrap-2.4nk.net:8090" ] [security] allowed_domains = [ "*.4nk.net", "*.example.com", "localhost", "127.0.0.1" ] [validation] max_connection_timeout = 10 health_check_interval = 300 blacklist_threshold = 5 ``` ### 2. Configuration Avancée #### Découverte Automatique ```toml [discovery] auto_discover = true bootstrap_nodes = [ "bootstrap-1.4nk.net:8090", "bootstrap-2.4nk.net:8090" ] discovery_interval = 300 discovery_timeout = 10 max_discovered_nodes = 50 ``` #### Sécurité ```toml [security] allowed_domains = [ "*.4nk.net", "*.example.com", "localhost", "127.0.0.1" ] blocked_domains = [ "malicious.example.com" ] allowed_ips = [ "192.168.1.0/24", "10.0.0.0/8" ] ``` #### Validation ```toml [validation] max_connection_timeout = 10 health_check_interval = 300 blacklist_threshold = 5 whitelist_enabled = false certificate_verification = true ``` ## 🔧 Configuration Tor ### 1. Configuration de Base Fichier : `tor/torrc` ```ini # Configuration Tor SocksPort 9050 ControlPort 9051 DataDirectory /var/lib/tor PidFile /var/run/tor/tor.pid # Logs Log notice file /var/log/tor/notices.log Log info file /var/log/tor/info.log # Sécurité CookieAuthentication 1 ``` ### 2. Configuration Avancée #### Performance ```ini # Optimisation réseau MaxCircuitDirtiness 600 MaxClientCircuitsPending 32 EnforceDistinctSubnets 1 # Cache MaxMemInQueues 64 MB ``` #### Sécurité ```ini # Authentification CookieAuthentication 1 ControlPort 9051 # Limites MaxConnections 1000 MaxConnectionsEntry 100 ``` ## 🔧 Configuration Docker Compose ### 1. Configuration de Base Fichier : `docker-compose.yml` ```yaml version: '3.8' services: tor: image: dperson/torproxy:latest container_name: tor-proxy networks: btcnet: aliases: - tor ports: - "9050:9050" - "9051:9051" restart: unless-stopped bitcoin: build: ./bitcoin container_name: bitcoin-signet depends_on: - tor volumes: - bitcoin_data:/home/bitcoin/.bitcoin - ./bitcoin/bitcoin.conf:/home/bitcoin/.bitcoin/bitcoin.conf ports: - "38333:38333" - "18443:18443" - "29000:29000" networks: btcnet: aliases: - bitcoin environment: - TOR_HOST=tor - TOR_PORT=9050 restart: unless-stopped healthcheck: test: ["CMD", "bitcoin-cli", "-conf=/home/bitcoin/.bitcoin/bitcoin.conf", "getblockchaininfo"] interval: 30s timeout: 10s retries: 3 blindbit: build: ./blindbit container_name: blindbit-oracle depends_on: - bitcoin volumes: - blindbit_data:/data - ./blindbit/blindbit.toml:/data/blindbit.toml - bitcoin_data:/home/bitcoin/.bitcoin ports: - "8000:8000" networks: btcnet: aliases: - blindbit restart: unless-stopped sdk_relay_1: build: context: .. dockerfile: 4NK_node/sdk_relay/Dockerfile container_name: sdk_relay_1 depends_on: bitcoin: condition: service_healthy blindbit: condition: service_started volumes: - bitcoin_data:/home/bitcoin/.bitcoin - ./bitcoin/bitcoin.conf:/home/bitcoin/.bitcoin/bitcoin.conf - sdk_relay_1_data:/home/bitcoin/.4nk - ./sdk_relay/.conf.docker.relay1:/home/bitcoin/.conf.docker - ./sdk_relay/external_nodes.conf:/home/bitcoin/.4nk/external_nodes.conf ports: - "8090:8090" - "8091:8091" networks: btcnet: aliases: - sdk_relay_1 environment: - RUST_LOG=debug,bitcoincore_rpc=trace - HOME=/home/bitcoin - BITCOIN_COOKIE_PATH=/home/bitcoin/.bitcoin/signet/.cookie - ENABLE_SYNC_TEST=1 restart: on-failure:3 healthcheck: test: ["CMD", "/usr/local/bin/healthcheck.sh"] interval: 30s timeout: 15s retries: 3 start_period: 60s volumes: bitcoin_data: name: 4nk_node_bitcoin_data blindbit_data: name: 4nk_node_blindbit_data sdk_relay_1_data: name: 4nk_node_sdk_relay_1_data networks: btcnet: name: 4nk_node_btcnet driver: bridge ``` ### 2. Configuration Avancée #### Ressources ```yaml services: bitcoin: deploy: resources: limits: memory: 2G cpus: '1.0' reservations: memory: 1G cpus: '0.5' sdk_relay_1: deploy: resources: limits: memory: 512M cpus: '0.5' reservations: memory: 256M cpus: '0.25' ``` #### Sécurité ```yaml services: bitcoin: security_opt: - no-new-privileges:true read_only: false tmpfs: - /tmp:noexec,nosuid,size=100m sdk_relay_1: security_opt: - no-new-privileges:true read_only: false tmpfs: - /tmp:noexec,nosuid,size=50m ``` ## 🔧 Configuration SSL/TLS ### 1. Certificat Auto-Signé ```bash # Générer un certificat auto-signé openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes # Configurer nginx comme proxy SSL cat > nginx.conf << EOF server { listen 443 ssl; server_name your-domain.com; ssl_certificate cert.pem; ssl_certificate_key key.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; location / { proxy_pass http://localhost:8090; proxy_http_version 1.1; proxy_set_header Upgrade \$http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host \$host; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto \$scheme; } } EOF ``` ### 2. Certificat Let's Encrypt ```bash # Installer certbot sudo apt install certbot python3-certbot-nginx # Obtenir un certificat sudo certbot --nginx -d your-domain.com # Configuration automatique sudo certbot renew --dry-run ``` ## 🔧 Configuration de Monitoring ### 1. Prometheus ```yaml # docker-compose.yml addition services: prometheus: image: prom/prometheus:latest container_name: prometheus ports: - "9090:9090" volumes: - ./prometheus.yml:/etc/prometheus/prometheus.yml - prometheus_data:/prometheus command: - '--config.file=/etc/prometheus/prometheus.yml' - '--storage.tsdb.path=/prometheus' - '--web.console.libraries=/etc/prometheus/console_libraries' - '--web.console.templates=/etc/prometheus/consoles' - '--storage.tsdb.retention.time=200h' - '--web.enable-lifecycle' grafana: image: grafana/grafana:latest container_name: grafana ports: - "3000:3000" volumes: - grafana_data:/var/lib/grafana environment: - GF_SECURITY_ADMIN_PASSWORD=admin volumes: prometheus_data: grafana_data: ``` ### 2. Configuration Prometheus Fichier : `prometheus.yml` ```yaml global: scrape_interval: 15s evaluation_interval: 15s rule_files: # - "first_rules.yml" # - "second_rules.yml" scrape_configs: - job_name: 'bitcoin' static_configs: - targets: ['bitcoin:18443'] - job_name: 'blindbit' static_configs: - targets: ['blindbit:8000'] - job_name: 'sdk_relay' static_configs: - targets: ['sdk_relay_1:8091'] ``` ## 🔧 Configuration de Sauvegarde ### 1. Script de Sauvegarde ```bash #!/bin/bash # backup_4nk.sh DATE=$(date +%Y%m%d_%H%M%S) BACKUP_DIR="/backup/4nk_node_$DATE" mkdir -p $BACKUP_DIR # Sauvegarder les configurations cp -r sdk_relay/.conf* $BACKUP_DIR/ cp external_nodes.conf $BACKUP_DIR/ cp bitcoin/bitcoin.conf $BACKUP_DIR/ cp blindbit/blindbit.toml $BACKUP_DIR/ # Sauvegarder les données Bitcoin docker exec bitcoin-signet tar czf /tmp/bitcoin-backup.tar.gz /home/bitcoin/.bitcoin docker cp bitcoin-signet:/tmp/bitcoin-backup.tar.gz $BACKUP_DIR/ # Sauvegarder les données Blindbit docker exec blindbit-oracle tar czf /tmp/blindbit-backup.tar.gz /data docker cp blindbit-oracle:/tmp/blindbit-backup.tar.gz $BACKUP_DIR/ # Sauvegarder les données des relais for i in {1..3}; do docker exec sdk_relay_$i tar czf /tmp/relay_$i-backup.tar.gz /home/bitcoin/.4nk docker cp sdk_relay_$i:/tmp/relay_$i-backup.tar.gz $BACKUP_DIR/ done # Nettoyer les anciennes sauvegardes (garder 7 jours) find /backup -name "4nk_node_*" -type d -mtime +7 -exec rm -rf {} \; echo "Sauvegarde terminée: $BACKUP_DIR" ``` ### 2. Configuration Cron ```bash # Ajouter au cron pour sauvegarde automatique echo "0 2 * * * /path/to/backup_4nk.sh" | crontab - ``` ## 🔧 Configuration de Logs ### 1. Rotation des Logs ```bash # Configuration logrotate cat > /etc/logrotate.d/4nk-node << EOF /var/lib/docker/containers/*/*.log { daily rotate 7 compress delaycompress missingok notifempty copytruncate size 100M } EOF ``` ### 2. Centralisation des Logs ```yaml # docker-compose.yml addition services: elasticsearch: image: docker.elastic.co/elasticsearch/elasticsearch:7.17.0 container_name: elasticsearch environment: - discovery.type=single-node ports: - "9200:9200" volumes: - elasticsearch_data:/usr/share/elasticsearch/data kibana: image: docker.elastic.co/kibana/kibana:7.17.0 container_name: kibana ports: - "5601:5601" depends_on: - elasticsearch filebeat: image: docker.elastic.co/beats/filebeat:7.17.0 container_name: filebeat volumes: - /var/lib/docker/containers:/var/lib/docker/containers:ro - ./filebeat.yml:/usr/share/filebeat/filebeat.yml:ro depends_on: - elasticsearch volumes: elasticsearch_data: ``` ## 📝 Checklist de Configuration - [ ] Variables d'environnement configurées - [ ] Configuration Bitcoin Core vérifiée - [ ] Configuration Blindbit vérifiée - [ ] Configurations des relais vérifiées - [ ] Configuration des nœuds externes vérifiée - [ ] Configuration Tor vérifiée - [ ] Configuration Docker Compose vérifiée - [ ] SSL/TLS configuré (si nécessaire) - [ ] Monitoring configuré (si nécessaire) - [ ] Sauvegarde configurée - [ ] Logs configurés - [ ] Pare-feu configuré - [ ] Tests de configuration passés ## 🎯 Commandes de Configuration ```bash # Vérifier la configuration docker-compose config # Tester la configuration ./test_final_sync.sh # Appliquer la configuration ./restart_4nk_node.sh # Vérifier les logs docker-compose logs --tail=50 ``` ---