# ⚙️ Guide de Configuration - sdk_relay Guide complet pour configurer le service de relais sdk_relay selon vos besoins. ## 📋 Configuration Générale ### Variables d'Environnement #### Configuration de Base ```bash # Configuration du service RUST_LOG=info # Niveau de log (debug, info, warn, error) RUST_BACKTRACE=1 # Activer les backtraces RUST_MIN_STACK=8388608 # Taille de la stack (8MB) # Configuration réseau HOST=0.0.0.0 # Interface d'écoute WS_PORT=8090 # Port WebSocket HTTP_PORT=8091 # Port HTTP MAX_CONNECTIONS=1000 # Nombre max de connexions # Configuration de sécurité ENABLE_TLS=false # Activer TLS CERT_PATH=/path/to/cert.pem # Chemin du certificat KEY_PATH=/path/to/key.pem # Chemin de la clé privée ``` #### Configuration Bitcoin Core ```bash # Configuration RPC Bitcoin Core BITCOIN_RPC_HOST=localhost # Hôte Bitcoin Core BITCOIN_RPC_PORT=18443 # Port RPC Bitcoin Core BITCOIN_RPC_USER=your_username # Nom d'utilisateur RPC BITCOIN_RPC_PASS=your_password # Mot de passe RPC BITCOIN_RPC_COOKIE_PATH=/path/to/.cookie # Chemin du cookie # Configuration réseau Bitcoin BITCOIN_NETWORK=signet # Réseau (mainnet, testnet, signet) BITCOIN_CONFIRMATIONS=6 # Nombre de confirmations BITCOIN_TIMEOUT=30 # Timeout RPC (secondes) ``` #### Configuration Blindbit ```bash # Configuration Blindbit Oracle BLINDBIT_URL=http://localhost:8000 # URL de l'oracle Blindbit BLINDBIT_API_KEY=your_api_key # Clé API Blindbit BLINDBIT_TIMEOUT=10 # Timeout API (secondes) BLINDBIT_RETRY_ATTEMPTS=3 # Nombre de tentatives ``` ### Fichier de Configuration #### Structure du Fichier .conf ```toml # Configuration générale [general] log_level = "info" host = "0.0.0.0" ws_port = 8090 http_port = 8091 max_connections = 1000 # Configuration Bitcoin Core [bitcoin] host = "localhost" port = 18443 username = "your_username" password = "your_password" cookie_path = "/path/to/.cookie" network = "signet" confirmations = 6 timeout = 30 # Configuration Blindbit [blindbit] url = "http://localhost:8000" api_key = "your_api_key" timeout = 10 retry_attempts = 3 # Configuration de sécurité [security] enable_tls = false cert_path = "/path/to/cert.pem" key_path = "/path/to/key.pem" allowed_origins = ["*"] # Configuration des relais [relays] discovery_interval = 300 sync_interval = 60 max_relays = 10 connection_timeout = 30 # Configuration de performance [performance] worker_threads = 4 max_memory_mb = 512 cache_size_mb = 100 cache_ttl_seconds = 3600 ``` ## 🔧 Configuration Bitcoin Core ### Installation et Configuration #### Installation Bitcoin Core ```bash # Ubuntu/Debian sudo apt update sudo apt install -y bitcoin-core # Ou télécharger depuis bitcoin.org wget https://bitcoin.org/bin/bitcoin-core-24.0.1/bitcoin-24.0.1-x86_64-linux-gnu.tar.gz tar -xzf bitcoin-24.0.1-x86_64-linux-gnu.tar.gz sudo cp bitcoin-24.0.1/bin/* /usr/local/bin/ ``` #### Configuration Bitcoin Core Créer le fichier `~/.bitcoin/bitcoin.conf` : ```ini # Configuration réseau network=signet rpcuser=your_username rpcpassword=your_password rpcallowip=127.0.0.1 rpcbind=127.0.0.1:18443 # Configuration de sécurité rpcssl=false server=1 txindex=1 # Configuration de performance dbcache=450 maxorphantx=10 maxmempool=50 mempoolexpiry=72 # Configuration pour Silent Payments blockfilterindex=1 peerblockfilters=1 ``` #### Démarrage Bitcoin Core ```bash # Démarrage en mode daemon bitcoind -daemon # Vérifier le statut bitcoin-cli -signet getblockchaininfo # Attendre la synchronisation bitcoin-cli -signet getblockchaininfo | grep blocks ``` ### Configuration RPC #### Authentification ```bash # Méthode 1 : Username/Password curl -u your_username:your_password \ -d '{"jsonrpc": "1.0", "id": "test", "method": "getblockchaininfo", "params": []}' \ -H 'content-type: text/plain;' \ http://localhost:18443/ # Méthode 2 : Cookie file curl --data-binary '{"jsonrpc": "1.0", "id": "test", "method": "getblockchaininfo", "params": []}' \ -H 'content-type: text/plain;' \ --cookie ~/.bitcoin/signet/.cookie \ http://localhost:18443/ ``` #### Permissions RPC ```ini # bitcoin.conf - Permissions RPC rpcallowip=127.0.0.1 rpcallowip=192.168.1.0/24 rpcallowip=10.0.0.0/8 ``` ## 🔧 Configuration Blindbit ### Installation et Configuration #### Installation Blindbit ```bash # Cloner le repository git clone https://github.com/4nk/blindbit.git cd blindbit # Installer les dépendances Python pip install -r requirements.txt # Ou avec virtualenv python -m venv venv source venv/bin/activate pip install -r requirements.txt ``` #### Configuration Blindbit Créer le fichier `config.json` : ```json { "port": 8000, "host": "0.0.0.0", "api_key": "your_api_key", "bitcoin_rpc": { "host": "localhost", "port": 18443, "user": "your_username", "password": "your_password" }, "oracle": { "enabled": true, "update_interval": 60, "max_retries": 3 }, "security": { "enable_cors": true, "allowed_origins": ["*"], "rate_limit": 100 } } ``` #### Démarrage Blindbit ```bash # Démarrage direct python main.py # Ou avec gunicorn gunicorn -w 4 -b 0.0.0.0:8000 main:app # Vérifier le statut curl http://localhost:8000/health ``` ## 🔒 Configuration de Sécurité ### TLS/SSL #### Génération de Certificats ```bash # Générer une clé privée openssl genrsa -out server.key 2048 # Générer un certificat auto-signé openssl req -new -x509 -key server.key -out server.crt -days 365 # Ou utiliser Let's Encrypt sudo certbot certonly --standalone -d your-domain.com ``` #### Configuration TLS ```toml # Configuration TLS dans .conf [security] enable_tls = true cert_path = "/path/to/server.crt" key_path = "/path/to/server.key" tls_version = "1.3" ``` ### Authentification #### Authentification par Token ```toml # Configuration d'authentification [auth] enable_token_auth = true token_secret = "your-secret-key" token_expiry_hours = 24 ``` #### Authentification par Certificat Client ```toml # Configuration certificat client [auth] enable_client_cert = true ca_cert_path = "/path/to/ca.crt" require_client_cert = true ``` ### Pare-feu #### Configuration UFW ```bash # Installer UFW sudo apt install ufw # Configuration de base sudo ufw default deny incoming sudo ufw default allow outgoing # Autoriser les ports nécessaires sudo ufw allow 8090/tcp # WebSocket sudo ufw allow 8091/tcp # HTTP sudo ufw allow 18443/tcp # Bitcoin RPC (si externe) # Activer le pare-feu sudo ufw enable ``` #### Configuration iptables ```bash # Règles iptables de base iptables -A INPUT -p tcp --dport 8090 -j ACCEPT iptables -A INPUT -p tcp --dport 8091 -j ACCEPT iptables -A INPUT -p tcp --dport 18443 -j ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT ``` ## 🌐 Configuration Réseau ### Configuration des Relais #### Découverte des Relais ```toml # Configuration de découverte [relays] discovery_interval = 300 # Intervalle de découverte (secondes) sync_interval = 60 # Intervalle de synchronisation max_relays = 10 # Nombre max de relais connection_timeout = 30 # Timeout de connexion retry_attempts = 3 # Nombre de tentatives backoff_ms = 1000 # Délai entre tentatives ``` #### Configuration Mesh ```toml # Configuration mesh [mesh] enable_mesh = true mesh_port = 8092 mesh_secret = "your-mesh-secret" max_peers = 20 peer_discovery = true ``` ### Configuration Proxy #### Proxy HTTP ```toml # Configuration proxy [proxy] enable_proxy = false proxy_url = "http://proxy.example.com:8080" proxy_username = "proxy_user" proxy_password = "proxy_pass" ``` #### Load Balancer ```toml # Configuration load balancer [load_balancer] enable_lb = false lb_algorithm = "round_robin" health_check_interval = 30 health_check_timeout = 5 ``` ## 📊 Configuration de Performance ### Optimisations Système #### Configuration Mémoire ```toml # Configuration mémoire [performance] max_memory_mb = 512 memory_pool_size = 256 gc_interval = 300 ``` #### Configuration CPU ```toml # Configuration CPU [performance] worker_threads = 4 max_concurrent_requests = 100 request_timeout = 30 ``` ### Configuration Cache #### Cache en Mémoire ```toml # Configuration cache [cache] enable_cache = true cache_size_mb = 100 cache_ttl_seconds = 3600 cache_eviction_policy = "lru" ``` #### Cache Redis (Optionnel) ```toml # Configuration Redis [redis] enable_redis = false redis_url = "redis://localhost:6379" redis_password = "your_redis_password" redis_db = 0 ``` ## 🔧 Configuration Docker ### Dockerfile ```dockerfile # Dockerfile pour sdk_relay FROM rust:1.70-slim as builder WORKDIR /app COPY . . RUN cargo build --release FROM debian:bullseye-slim RUN apt-get update && apt-get install -y ca-certificates && rm -rf /var/lib/apt/lists/* COPY --from=builder /app/target/release/sdk_relay /usr/local/bin/sdk_relay EXPOSE 8090 8091 CMD ["sdk_relay", "--config", "/app/.conf"] ``` ### Docker Compose ```yaml # docker-compose.yml version: '3.8' services: sdk_relay: build: . ports: - "8090:8090" - "8091:8091" volumes: - ./config:/app/config - ./logs:/app/logs environment: - RUST_LOG=info - RUST_BACKTRACE=1 depends_on: - bitcoin - blindbit restart: unless-stopped bitcoin: image: bitcoin-core:24.0 ports: - "18443:18443" volumes: - bitcoin_data:/bitcoin/.bitcoin command: ["bitcoind", "-signet", "-rpcuser=user", "-rpcpassword=pass"] blindbit: image: blindbit:latest ports: - "8000:8000" environment: - API_KEY=your_api_key depends_on: - bitcoin volumes: bitcoin_data: ``` ## 📈 Configuration Monitoring ### Métriques et Alertes #### Configuration Prometheus ```toml # Configuration métriques [metrics] enable_metrics = true metrics_port = 9090 metrics_path = "/metrics" ``` #### Configuration Alertes ```toml # Configuration alertes [alerts] enable_alerts = true alert_webhook = "https://hooks.slack.com/your-webhook" alert_email = "admin@example.com" ``` ### Configuration Logs #### Rotation des Logs ```toml # Configuration logs [logging] log_file = "/var/log/sdk_relay.log" log_level = "info" log_rotation = "daily" log_max_size_mb = 100 log_max_files = 7 ``` #### Configuration Syslog ```toml # Configuration syslog [logging] enable_syslog = true syslog_facility = "daemon" syslog_tag = "sdk_relay" ``` ## 🧪 Configuration Tests ### Tests Unitaires ```toml # Configuration tests [testing] test_timeout = 30 test_parallel = true test_coverage = true ``` ### Tests d'Intégration ```toml # Configuration tests d'intégration [integration_tests] bitcoin_testnet = true blindbit_mock = true test_database = "test.db" ``` ## 🚨 Configuration Dépannage ### Debug et Profiling ```toml # Configuration debug [debug] enable_debug = false debug_port = 6060 debug_path = "/debug" profile_cpu = false profile_memory = false ``` ### Configuration Logs Détaillés ```bash # Variables d'environnement pour debug export RUST_LOG=debug export RUST_BACKTRACE=1 export RUST_LOG_STYLE=always # Logs spécifiques export RUST_LOG=sdk_relay::websocket=debug export RUST_LOG=sdk_relay::bitcoin=debug export RUST_LOG=sdk_relay::blindbit=debug ``` ## 📋 Checklist de Configuration ### Vérifications Pré-Déploiement - [ ] Bitcoin Core configuré et synchronisé - [ ] Blindbit configuré et accessible - [ ] Certificats TLS générés (si nécessaire) - [ ] Pare-feu configuré - [ ] Variables d'environnement définies - [ ] Fichier de configuration validé - [ ] Tests de connectivité effectués - [ ] Métriques configurées - [ ] Logs configurés - [ ] Sauvegarde configurée ### Vérifications Post-Déploiement - [ ] Service démarre correctement - [ ] Endpoints HTTP accessibles - [ ] WebSocket fonctionnel - [ ] Connexion Bitcoin Core établie - [ ] Connexion Blindbit établie - [ ] Métriques collectées - [ ] Logs générés - [ ] Performance acceptable - [ ] Sécurité validée --- **⚙️ Configuration sdk_relay - Optimisée pour vos besoins !** 🚀