4nk/sdk_relay
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
sdk_relay/docs/CONFIGURATION.md

630 lines
12 KiB
Markdown
Raw Blame History

# ⚙️ Guide de Configuration - sdk_relay
Guide complet pour configurer le service de relais sdk_relay selon vos besoins.
## 📋 Configuration Générale
### Variables d'Environnement
#### Configuration de Base
```bash
# Configuration du service
RUST_LOG=info # Niveau de log (debug, info, warn, error)
RUST_BACKTRACE=1 # Activer les backtraces
RUST_MIN_STACK=8388608 # Taille de la stack (8MB)
# Configuration réseau
HOST=0.0.0.0 # Interface d'écoute
WS_PORT=8090 # Port WebSocket
HTTP_PORT=8091 # Port HTTP
MAX_CONNECTIONS=1000 # Nombre max de connexions
# Configuration de sécurité
ENABLE_TLS=false # Activer TLS
CERT_PATH=/path/to/cert.pem # Chemin du certificat
KEY_PATH=/path/to/key.pem # Chemin de la clé privée
```
#### Configuration Bitcoin Core
```bash
# Configuration RPC Bitcoin Core
BITCOIN_RPC_HOST=localhost # Hôte Bitcoin Core
BITCOIN_RPC_PORT=18443 # Port RPC Bitcoin Core
BITCOIN_RPC_USER=your_username # Nom d'utilisateur RPC
BITCOIN_RPC_PASS=your_password # Mot de passe RPC
BITCOIN_RPC_COOKIE_PATH=/path/to/.cookie # Chemin du cookie
# Configuration réseau Bitcoin
BITCOIN_NETWORK=signet # Réseau (mainnet, testnet, signet)
BITCOIN_CONFIRMATIONS=6 # Nombre de confirmations
BITCOIN_TIMEOUT=30 # Timeout RPC (secondes)
```
#### Configuration Blindbit
```bash
# Configuration Blindbit Oracle
BLINDBIT_URL=http://localhost:8000 # URL de l'oracle Blindbit
BLINDBIT_API_KEY=your_api_key # Clé API Blindbit
BLINDBIT_TIMEOUT=10 # Timeout API (secondes)
BLINDBIT_RETRY_ATTEMPTS=3 # Nombre de tentatives
```
### Fichier de Configuration
#### Structure du Fichier .conf
```toml
# Configuration générale
[general]
log_level = "info"
host = "0.0.0.0"
ws_port = 8090
http_port = 8091
max_connections = 1000
# Configuration Bitcoin Core
[bitcoin]
host = "localhost"
port = 18443
username = "your_username"
password = "your_password"
cookie_path = "/path/to/.cookie"
network = "signet"
confirmations = 6
timeout = 30
# Configuration Blindbit
[blindbit]
url = "http://localhost:8000"
api_key = "your_api_key"
timeout = 10
retry_attempts = 3
# Configuration de sécurité
[security]
enable_tls = false
cert_path = "/path/to/cert.pem"
key_path = "/path/to/key.pem"
allowed_origins = ["*"]
# Configuration des relais
[relays]
discovery_interval = 300
sync_interval = 60
max_relays = 10
connection_timeout = 30
# Configuration de performance
[performance]
worker_threads = 4
max_memory_mb = 512
cache_size_mb = 100
cache_ttl_seconds = 3600
```
## 🔧 Configuration Bitcoin Core
### Installation et Configuration
#### Installation Bitcoin Core
```bash
# Ubuntu/Debian
sudo apt update
sudo apt install -y bitcoin-core
# Ou télécharger depuis bitcoin.org
wget https://bitcoin.org/bin/bitcoin-core-24.0.1/bitcoin-24.0.1-x86_64-linux-gnu.tar.gz
tar -xzf bitcoin-24.0.1-x86_64-linux-gnu.tar.gz
sudo cp bitcoin-24.0.1/bin/* /usr/local/bin/
```
#### Configuration Bitcoin Core
Créer le fichier `~/.bitcoin/bitcoin.conf` :
```ini
# Configuration réseau
network=signet
rpcuser=your_username
rpcpassword=your_password
rpcallowip=127.0.0.1
rpcbind=127.0.0.1:18443
# Configuration de sécurité
rpcssl=false
server=1
txindex=1
# Configuration de performance
dbcache=450
maxorphantx=10
maxmempool=50
mempoolexpiry=72
# Configuration pour Silent Payments
blockfilterindex=1
peerblockfilters=1
```
#### Démarrage Bitcoin Core
```bash
# Démarrage en mode daemon
bitcoind -daemon
# Vérifier le statut
bitcoin-cli -signet getblockchaininfo
# Attendre la synchronisation
bitcoin-cli -signet getblockchaininfo | grep blocks
```
### Configuration RPC
#### Authentification
```bash
# Méthode 1 : Username/Password
curl -u your_username:your_password \
-d '{"jsonrpc": "1.0", "id": "test", "method": "getblockchaininfo", "params": []}' \
-H 'content-type: text/plain;' \
http://localhost:18443/
# Méthode 2 : Cookie file
curl --data-binary '{"jsonrpc": "1.0", "id": "test", "method": "getblockchaininfo", "params": []}' \
-H 'content-type: text/plain;' \
--cookie ~/.bitcoin/signet/.cookie \
http://localhost:18443/
```
#### Permissions RPC
```ini
# bitcoin.conf - Permissions RPC
rpcallowip=127.0.0.1
rpcallowip=192.168.1.0/24
rpcallowip=10.0.0.0/8
```
## 🔧 Configuration Blindbit
### Installation et Configuration
#### Installation Blindbit
```bash
# Cloner le repository
git clone https://github.com/4nk/blindbit.git
cd blindbit
# Installer les dépendances Python
pip install -r requirements.txt
# Ou avec virtualenv
python -m venv venv
source venv/bin/activate
pip install -r requirements.txt
```
#### Configuration Blindbit
Créer le fichier `config.json` :
```json
{
"port": 8000,
"host": "0.0.0.0",
"api_key": "your_api_key",
"bitcoin_rpc": {
"host": "localhost",
"port": 18443,
"user": "your_username",
"password": "your_password"
},
"oracle": {
"enabled": true,
"update_interval": 60,
"max_retries": 3
},
"security": {
"enable_cors": true,
"allowed_origins": ["*"],
"rate_limit": 100
}
}
```
#### Démarrage Blindbit
```bash
# Démarrage direct
python main.py
# Ou avec gunicorn
gunicorn -w 4 -b 0.0.0.0:8000 main:app
# Vérifier le statut
curl http://localhost:8000/health
```
## 🔒 Configuration de Sécurité
### TLS/SSL
#### Génération de Certificats
```bash
# Générer une clé privée
openssl genrsa -out server.key 2048
# Générer un certificat auto-signé
openssl req -new -x509 -key server.key -out server.crt -days 365
# Ou utiliser Let's Encrypt
sudo certbot certonly --standalone -d your-domain.com
```
#### Configuration TLS
```toml
# Configuration TLS dans .conf
[security]
enable_tls = true
cert_path = "/path/to/server.crt"
key_path = "/path/to/server.key"
tls_version = "1.3"
```
### Authentification
#### Authentification par Token
```toml
# Configuration d'authentification
[auth]
enable_token_auth = true
token_secret = "your-secret-key"
token_expiry_hours = 24
```
#### Authentification par Certificat Client
```toml
# Configuration certificat client
[auth]
enable_client_cert = true
ca_cert_path = "/path/to/ca.crt"
require_client_cert = true
```
### Pare-feu
#### Configuration UFW
```bash
# Installer UFW
sudo apt install ufw
# Configuration de base
sudo ufw default deny incoming
sudo ufw default allow outgoing
# Autoriser les ports nécessaires
sudo ufw allow 8090/tcp # WebSocket
sudo ufw allow 8091/tcp # HTTP
sudo ufw allow 18443/tcp # Bitcoin RPC (si externe)
# Activer le pare-feu
sudo ufw enable
```
#### Configuration iptables
```bash
# Règles iptables de base
iptables -A INPUT -p tcp --dport 8090 -j ACCEPT
iptables -A INPUT -p tcp --dport 8091 -j ACCEPT
iptables -A INPUT -p tcp --dport 18443 -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
```
## 🌐 Configuration Réseau
### Configuration des Relais
#### Découverte des Relais
```toml
# Configuration de découverte
[relays]
discovery_interval = 300 # Intervalle de découverte (secondes)
sync_interval = 60 # Intervalle de synchronisation
max_relays = 10 # Nombre max de relais
connection_timeout = 30 # Timeout de connexion
retry_attempts = 3 # Nombre de tentatives
backoff_ms = 1000 # Délai entre tentatives
```
#### Configuration Mesh
```toml
# Configuration mesh
[mesh]
enable_mesh = true
mesh_port = 8092
mesh_secret = "your-mesh-secret"
max_peers = 20
peer_discovery = true
```
### Configuration Proxy
#### Proxy HTTP
```toml
# Configuration proxy
[proxy]
enable_proxy = false
proxy_url = "http://proxy.example.com:8080"
proxy_username = "proxy_user"
proxy_password = "proxy_pass"
```
#### Load Balancer
```toml
# Configuration load balancer
[load_balancer]
enable_lb = false
lb_algorithm = "round_robin"
health_check_interval = 30
health_check_timeout = 5
```
## 📊 Configuration de Performance
### Optimisations Système
#### Configuration Mémoire
```toml
# Configuration mémoire
[performance]
max_memory_mb = 512
memory_pool_size = 256
gc_interval = 300
```
#### Configuration CPU
```toml
# Configuration CPU
[performance]
worker_threads = 4
max_concurrent_requests = 100
request_timeout = 30
```
### Configuration Cache
#### Cache en Mémoire
```toml
# Configuration cache
[cache]
enable_cache = true
cache_size_mb = 100
cache_ttl_seconds = 3600
cache_eviction_policy = "lru"
```
#### Cache Redis (Optionnel)
```toml
# Configuration Redis
[redis]
enable_redis = false
redis_url = "redis://localhost:6379"
redis_password = "your_redis_password"
redis_db = 0
```
## 🔧 Configuration Docker
### Dockerfile
```dockerfile
# Dockerfile pour sdk_relay
FROM rust:1.70-slim as builder
WORKDIR /app
COPY . .
RUN cargo build --release
FROM debian:bullseye-slim
RUN apt-get update && apt-get install -y ca-certificates && rm -rf /var/lib/apt/lists/*
COPY --from=builder /app/target/release/sdk_relay /usr/local/bin/sdk_relay
EXPOSE 8090 8091
CMD ["sdk_relay", "--config", "/app/.conf"]
```
### Docker Compose
```yaml
# docker-compose.yml
version: '3.8'
services:
sdk_relay:
build: .
ports:
- "8090:8090"
- "8091:8091"
volumes:
- ./config:/app/config
- ./logs:/app/logs
environment:
- RUST_LOG=info
- RUST_BACKTRACE=1
depends_on:
- bitcoin
- blindbit
restart: unless-stopped
bitcoin:
image: bitcoin-core:24.0
ports:
- "18443:18443"
volumes:
- bitcoin_data:/bitcoin/.bitcoin
command: ["bitcoind", "-signet", "-rpcuser=user", "-rpcpassword=pass"]
blindbit:
image: blindbit:latest
ports:
- "8000:8000"
environment:
- API_KEY=your_api_key
depends_on:
- bitcoin
volumes:
bitcoin_data:
```
## 📈 Configuration Monitoring
### Métriques et Alertes
#### Configuration Prometheus
```toml
# Configuration métriques
[metrics]
enable_metrics = true
metrics_port = 9090
metrics_path = "/metrics"
```
#### Configuration Alertes
```toml
# Configuration alertes
[alerts]
enable_alerts = true
alert_webhook = "https://hooks.slack.com/your-webhook"
alert_email = "admin@example.com"
```
### Configuration Logs
#### Rotation des Logs
```toml
# Configuration logs
[logging]
log_file = "/var/log/sdk_relay.log"
log_level = "info"
log_rotation = "daily"
log_max_size_mb = 100
log_max_files = 7
```
#### Configuration Syslog
```toml
# Configuration syslog
[logging]
enable_syslog = true
syslog_facility = "daemon"
syslog_tag = "sdk_relay"
```
## 🧪 Configuration Tests
### Tests Unitaires
```toml
# Configuration tests
[testing]
test_timeout = 30
test_parallel = true
test_coverage = true
```
### Tests d'Intégration
```toml
# Configuration tests d'intégration
[integration_tests]
bitcoin_testnet = true
blindbit_mock = true
test_database = "test.db"
```
## 🚨 Configuration Dépannage
### Debug et Profiling
```toml
# Configuration debug
[debug]
enable_debug = false
debug_port = 6060
debug_path = "/debug"
profile_cpu = false
profile_memory = false
```
### Configuration Logs Détaillés
```bash
# Variables d'environnement pour debug
export RUST_LOG=debug
export RUST_BACKTRACE=1
export RUST_LOG_STYLE=always
# Logs spécifiques
export RUST_LOG=sdk_relay::websocket=debug
export RUST_LOG=sdk_relay::bitcoin=debug
export RUST_LOG=sdk_relay::blindbit=debug
```
## 📋 Checklist de Configuration
### Vérifications Pré-Déploiement
- [ ] Bitcoin Core configuré et synchronisé
- [ ] Blindbit configuré et accessible
- [ ] Certificats TLS générés (si nécessaire)
- [ ] Pare-feu configuré
- [ ] Variables d'environnement définies
- [ ] Fichier de configuration validé
- [ ] Tests de connectivité effectués
- [ ] Métriques configurées
- [ ] Logs configurés
- [ ] Sauvegarde configurée
### Vérifications Post-Déploiement
- [ ] Service démarre correctement
- [ ] Endpoints HTTP accessibles
- [ ] WebSocket fonctionnel
- [ ] Connexion Bitcoin Core établie
- [ ] Connexion Blindbit établie
- [ ] Métriques collectées
- [ ] Logs générés
- [ ] Performance acceptable
- [ ] Sécurité validée
---
**⚙️ Configuration sdk_relay - Optimisée pour vos besoins !** 🚀
Reference in New Issue View Git Blame Copy Permalink