12 KiB
12 KiB
⚙️ Guide de Configuration - sdk_relay
Guide complet pour configurer le service de relais sdk_relay selon vos besoins.
📋 Configuration Générale
Variables d'Environnement
Configuration de Base
# Configuration du service
RUST_LOG=info # Niveau de log (debug, info, warn, error)
RUST_BACKTRACE=1 # Activer les backtraces
RUST_MIN_STACK=8388608 # Taille de la stack (8MB)
# Configuration réseau
HOST=0.0.0.0 # Interface d'écoute
WS_PORT=8090 # Port WebSocket
HTTP_PORT=8091 # Port HTTP
MAX_CONNECTIONS=1000 # Nombre max de connexions
# Configuration de sécurité
ENABLE_TLS=false # Activer TLS
CERT_PATH=/path/to/cert.pem # Chemin du certificat
KEY_PATH=/path/to/key.pem # Chemin de la clé privée
Configuration Bitcoin Core
# Configuration RPC Bitcoin Core
BITCOIN_RPC_HOST=localhost # Hôte Bitcoin Core
BITCOIN_RPC_PORT=18443 # Port RPC Bitcoin Core
BITCOIN_RPC_USER=your_username # Nom d'utilisateur RPC
BITCOIN_RPC_PASS=your_password # Mot de passe RPC
BITCOIN_RPC_COOKIE_PATH=/path/to/.cookie # Chemin du cookie
# Configuration réseau Bitcoin
BITCOIN_NETWORK=signet # Réseau (mainnet, testnet, signet)
BITCOIN_CONFIRMATIONS=6 # Nombre de confirmations
BITCOIN_TIMEOUT=30 # Timeout RPC (secondes)
Configuration Blindbit
# Configuration Blindbit Oracle
BLINDBIT_URL=http://localhost:8000 # URL de l'oracle Blindbit
BLINDBIT_API_KEY=your_api_key # Clé API Blindbit
BLINDBIT_TIMEOUT=10 # Timeout API (secondes)
BLINDBIT_RETRY_ATTEMPTS=3 # Nombre de tentatives
Fichier de Configuration
Structure du Fichier .conf
# Configuration générale
[general]
log_level = "info"
host = "0.0.0.0"
ws_port = 8090
http_port = 8091
max_connections = 1000
# Configuration Bitcoin Core
[bitcoin]
host = "localhost"
port = 18443
username = "your_username"
password = "your_password"
cookie_path = "/path/to/.cookie"
network = "signet"
confirmations = 6
timeout = 30
# Configuration Blindbit
[blindbit]
url = "http://localhost:8000"
api_key = "your_api_key"
timeout = 10
retry_attempts = 3
# Configuration de sécurité
[security]
enable_tls = false
cert_path = "/path/to/cert.pem"
key_path = "/path/to/key.pem"
allowed_origins = ["*"]
# Configuration des relais
[relays]
discovery_interval = 300
sync_interval = 60
max_relays = 10
connection_timeout = 30
# Configuration de performance
[performance]
worker_threads = 4
max_memory_mb = 512
cache_size_mb = 100
cache_ttl_seconds = 3600
🔧 Configuration Bitcoin Core
Installation et Configuration
Installation Bitcoin Core
# Ubuntu/Debian
sudo apt update
sudo apt install -y bitcoin-core
# Ou télécharger depuis bitcoin.org
wget https://bitcoin.org/bin/bitcoin-core-24.0.1/bitcoin-24.0.1-x86_64-linux-gnu.tar.gz
tar -xzf bitcoin-24.0.1-x86_64-linux-gnu.tar.gz
sudo cp bitcoin-24.0.1/bin/* /usr/local/bin/
Configuration Bitcoin Core
Créer le fichier ~/.bitcoin/bitcoin.conf :
# Configuration réseau
network=signet
rpcuser=your_username
rpcpassword=your_password
rpcallowip=127.0.0.1
rpcbind=127.0.0.1:18443
# Configuration de sécurité
rpcssl=false
server=1
txindex=1
# Configuration de performance
dbcache=450
maxorphantx=10
maxmempool=50
mempoolexpiry=72
# Configuration pour Silent Payments
blockfilterindex=1
peerblockfilters=1
Démarrage Bitcoin Core
# Démarrage en mode daemon
bitcoind -daemon
# Vérifier le statut
bitcoin-cli -signet getblockchaininfo
# Attendre la synchronisation
bitcoin-cli -signet getblockchaininfo | grep blocks
Configuration RPC
Authentification
# Méthode 1 : Username/Password
curl -u your_username:your_password \
-d '{"jsonrpc": "1.0", "id": "test", "method": "getblockchaininfo", "params": []}' \
-H 'content-type: text/plain;' \
http://localhost:18443/
# Méthode 2 : Cookie file
curl --data-binary '{"jsonrpc": "1.0", "id": "test", "method": "getblockchaininfo", "params": []}' \
-H 'content-type: text/plain;' \
--cookie ~/.bitcoin/signet/.cookie \
http://localhost:18443/
Permissions RPC
# bitcoin.conf - Permissions RPC
rpcallowip=127.0.0.1
rpcallowip=192.168.1.0/24
rpcallowip=10.0.0.0/8
🔧 Configuration Blindbit
Installation et Configuration
Installation Blindbit
# Cloner le repository
git clone https://github.com/4nk/blindbit.git
cd blindbit
# Installer les dépendances Python
pip install -r requirements.txt
# Ou avec virtualenv
python -m venv venv
source venv/bin/activate
pip install -r requirements.txt
Configuration Blindbit
Créer le fichier config.json :
{
"port": 8000,
"host": "0.0.0.0",
"api_key": "your_api_key",
"bitcoin_rpc": {
"host": "localhost",
"port": 18443,
"user": "your_username",
"password": "your_password"
},
"oracle": {
"enabled": true,
"update_interval": 60,
"max_retries": 3
},
"security": {
"enable_cors": true,
"allowed_origins": ["*"],
"rate_limit": 100
}
}
Démarrage Blindbit
# Démarrage direct
python main.py
# Ou avec gunicorn
gunicorn -w 4 -b 0.0.0.0:8000 main:app
# Vérifier le statut
curl http://localhost:8000/health
🔒 Configuration de Sécurité
TLS/SSL
Génération de Certificats
# Générer une clé privée
openssl genrsa -out server.key 2048
# Générer un certificat auto-signé
openssl req -new -x509 -key server.key -out server.crt -days 365
# Ou utiliser Let's Encrypt
sudo certbot certonly --standalone -d your-domain.com
Configuration TLS
# Configuration TLS dans .conf
[security]
enable_tls = true
cert_path = "/path/to/server.crt"
key_path = "/path/to/server.key"
tls_version = "1.3"
Authentification
Authentification par Token
# Configuration d'authentification
[auth]
enable_token_auth = true
token_secret = "your-secret-key"
token_expiry_hours = 24
Authentification par Certificat Client
# Configuration certificat client
[auth]
enable_client_cert = true
ca_cert_path = "/path/to/ca.crt"
require_client_cert = true
Pare-feu
Configuration UFW
# Installer UFW
sudo apt install ufw
# Configuration de base
sudo ufw default deny incoming
sudo ufw default allow outgoing
# Autoriser les ports nécessaires
sudo ufw allow 8090/tcp # WebSocket
sudo ufw allow 8091/tcp # HTTP
sudo ufw allow 18443/tcp # Bitcoin RPC (si externe)
# Activer le pare-feu
sudo ufw enable
Configuration iptables
# Règles iptables de base
iptables -A INPUT -p tcp --dport 8090 -j ACCEPT
iptables -A INPUT -p tcp --dport 8091 -j ACCEPT
iptables -A INPUT -p tcp --dport 18443 -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
🌐 Configuration Réseau
Configuration des Relais
Découverte des Relais
# Configuration de découverte
[relays]
discovery_interval = 300 # Intervalle de découverte (secondes)
sync_interval = 60 # Intervalle de synchronisation
max_relays = 10 # Nombre max de relais
connection_timeout = 30 # Timeout de connexion
retry_attempts = 3 # Nombre de tentatives
backoff_ms = 1000 # Délai entre tentatives
Configuration Mesh
# Configuration mesh
[mesh]
enable_mesh = true
mesh_port = 8092
mesh_secret = "your-mesh-secret"
max_peers = 20
peer_discovery = true
Configuration Proxy
Proxy HTTP
# Configuration proxy
[proxy]
enable_proxy = false
proxy_url = "http://proxy.example.com:8080"
proxy_username = "proxy_user"
proxy_password = "proxy_pass"
Load Balancer
# Configuration load balancer
[load_balancer]
enable_lb = false
lb_algorithm = "round_robin"
health_check_interval = 30
health_check_timeout = 5
📊 Configuration de Performance
Optimisations Système
Configuration Mémoire
# Configuration mémoire
[performance]
max_memory_mb = 512
memory_pool_size = 256
gc_interval = 300
Configuration CPU
# Configuration CPU
[performance]
worker_threads = 4
max_concurrent_requests = 100
request_timeout = 30
Configuration Cache
Cache en Mémoire
# Configuration cache
[cache]
enable_cache = true
cache_size_mb = 100
cache_ttl_seconds = 3600
cache_eviction_policy = "lru"
Cache Redis (Optionnel)
# Configuration Redis
[redis]
enable_redis = false
redis_url = "redis://localhost:6379"
redis_password = "your_redis_password"
redis_db = 0
🔧 Configuration Docker
Dockerfile
# Dockerfile pour sdk_relay
FROM rust:1.70-slim as builder
WORKDIR /app
COPY . .
RUN cargo build --release
FROM debian:bullseye-slim
RUN apt-get update && apt-get install -y ca-certificates && rm -rf /var/lib/apt/lists/*
COPY --from=builder /app/target/release/sdk_relay /usr/local/bin/sdk_relay
EXPOSE 8090 8091
CMD ["sdk_relay", "--config", "/app/.conf"]
Docker Compose
# docker-compose.yml
version: '3.8'
services:
sdk_relay:
build: .
ports:
- "8090:8090"
- "8091:8091"
volumes:
- ./config:/app/config
- ./logs:/app/logs
environment:
- RUST_LOG=info
- RUST_BACKTRACE=1
depends_on:
- bitcoin
- blindbit
restart: unless-stopped
bitcoin:
image: bitcoin-core:24.0
ports:
- "18443:18443"
volumes:
- bitcoin_data:/bitcoin/.bitcoin
command: ["bitcoind", "-signet", "-rpcuser=user", "-rpcpassword=pass"]
blindbit:
image: blindbit:latest
ports:
- "8000:8000"
environment:
- API_KEY=your_api_key
depends_on:
- bitcoin
volumes:
bitcoin_data:
📈 Configuration Monitoring
Métriques et Alertes
Configuration Prometheus
# Configuration métriques
[metrics]
enable_metrics = true
metrics_port = 9090
metrics_path = "/metrics"
Configuration Alertes
# Configuration alertes
[alerts]
enable_alerts = true
alert_webhook = "https://hooks.slack.com/your-webhook"
alert_email = "admin@example.com"
Configuration Logs
Rotation des Logs
# Configuration logs
[logging]
log_file = "/var/log/sdk_relay.log"
log_level = "info"
log_rotation = "daily"
log_max_size_mb = 100
log_max_files = 7
Configuration Syslog
# Configuration syslog
[logging]
enable_syslog = true
syslog_facility = "daemon"
syslog_tag = "sdk_relay"
🧪 Configuration Tests
Tests Unitaires
# Configuration tests
[testing]
test_timeout = 30
test_parallel = true
test_coverage = true
Tests d'Intégration
# Configuration tests d'intégration
[integration_tests]
bitcoin_testnet = true
blindbit_mock = true
test_database = "test.db"
🚨 Configuration Dépannage
Debug et Profiling
# Configuration debug
[debug]
enable_debug = false
debug_port = 6060
debug_path = "/debug"
profile_cpu = false
profile_memory = false
Configuration Logs Détaillés
# Variables d'environnement pour debug
export RUST_LOG=debug
export RUST_BACKTRACE=1
export RUST_LOG_STYLE=always
# Logs spécifiques
export RUST_LOG=sdk_relay::websocket=debug
export RUST_LOG=sdk_relay::bitcoin=debug
export RUST_LOG=sdk_relay::blindbit=debug
📋 Checklist de Configuration
Vérifications Pré-Déploiement
- Bitcoin Core configuré et synchronisé
- Blindbit configuré et accessible
- Certificats TLS générés (si nécessaire)
- Pare-feu configuré
- Variables d'environnement définies
- Fichier de configuration validé
- Tests de connectivité effectués
- Métriques configurées
- Logs configurés
- Sauvegarde configurée
Vérifications Post-Déploiement
- Service démarre correctement
- Endpoints HTTP accessibles
- WebSocket fonctionnel
- Connexion Bitcoin Core établie
- Connexion Blindbit établie
- Métriques collectées
- Logs générés
- Performance acceptable
- Sécurité validée
⚙️ Configuration sdk_relay - Optimisée pour vos besoins ! 🚀