# ============================================================================= # RWA Backend Services - Production Environment Configuration # ============================================================================= # # Deployment Topology: # ┌─────────────────────────────────────────────────────────────────────────┐ # │ Internet (https://rwaapi.szaiai.com) │ # └─────────────────────────────────────────────────────────────────────────┘ # │ # ▼ # ┌─────────────────────────────────────────────────────────────────────────┐ # │ Server A (Gateway) - 119.145.15.38 (Public) / 192.168.1.100 (Internal) │ # │ nginx (SSL termination) → Kong (API Gateway) │ # └─────────────────────────────────────────────────────────────────────────┘ # │ # ▼ # ┌─────────────────────────────────────────────────────────────────────────┐ # │ Server B (Backend) - 192.168.1.111 (Internal Only) │ # │ ├── Microservices (identity, wallet, mpc-service, blockchain, etc.) │ # │ ├── MPC System (account-service, session-coordinator, message-router) │ # │ └── Infrastructure (PostgreSQL, Redis, Kafka) │ # └─────────────────────────────────────────────────────────────────────────┘ # # Setup Instructions: # 1. Copy this file: cp .env.example .env # 2. Update ALL password/secret values (generate with openssl commands below) # 3. Start services: ./deploy.sh up # # WARNING: Never commit .env to version control! # ============================================================================= # ============================================================================= # Network Configuration # ============================================================================= # Public domain for the API PUBLIC_DOMAIN=rwaapi.szaiai.com # Server A: Gateway server (nginx + kong) GATEWAY_SERVER_PUBLIC_IP=119.145.15.38 GATEWAY_SERVER_INTERNAL_IP=192.168.1.100 # Server B: Backend services server BACKEND_SERVER_IP=192.168.1.111 # ============================================================================= # PostgreSQL Database # ============================================================================= POSTGRES_USER=rwa_user # SECURITY: Generate with: openssl rand -base64 32 POSTGRES_PASSWORD=your_secure_password_here # ============================================================================= # Redis Cache # ============================================================================= # Leave empty if Redis is only accessible within Docker network # For additional security, generate with: openssl rand -base64 24 REDIS_PASSWORD= # ============================================================================= # JWT Configuration # ============================================================================= # SECURITY: Generate with: openssl rand -base64 32 JWT_SECRET=your_jwt_secret_here # ============================================================================= # Service-to-Service Authentication # ============================================================================= # SECURITY: Generate with: openssl rand -base64 32 SERVICE_JWT_SECRET=your_service_jwt_secret_here # ============================================================================= # Wallet Encryption # ============================================================================= # SECURITY: Generate with: openssl rand -base64 32 WALLET_ENCRYPTION_SALT=your_wallet_salt_here # ============================================================================= # Backup Service Encryption # ============================================================================= # SECURITY: Generate 256-bit hex key with: openssl rand -hex 32 BACKUP_ENCRYPTION_KEY=your_64_char_hex_key_here # ============================================================================= # MPC Share Encryption # ============================================================================= # SECURITY: Generate 256-bit hex key with: openssl rand -hex 32 # WARNING: If you lose this key, encrypted shares cannot be recovered! SHARE_MASTER_KEY=your_64_char_hex_key_here # ============================================================================= # MPC System Configuration (Go TSS Backend on Server B) # ============================================================================= # These URLs are used when services communicate directly with mpc-system # Note: In Docker Compose, services use internal Docker network names instead MPC_COORDINATOR_URL=http://192.168.1.111:8081 MPC_MESSAGE_ROUTER_URL=ws://192.168.1.111:8082 MPC_ACCOUNT_SERVICE_URL=http://192.168.1.111:4000 # MPC JWT Secret - MUST match mpc-system's JWT_SECRET_KEY # SECURITY: Generate with: openssl rand -base64 48 MPC_JWT_SECRET=change_this_jwt_secret_key_to_random_value_min_32_chars # ============================================================================= # MinIO Object Storage (Server A: 192.168.1.100) # ============================================================================= # MinIO S3 API endpoint (internal LAN access) MINIO_ENDPOINT=192.168.1.100 MINIO_PORT=9000 MINIO_USE_SSL=false # MinIO credentials (must match minio server config) MINIO_ACCESS_KEY=admin MINIO_SECRET_KEY=change_me_to_secure_password # Bucket for user avatars MINIO_BUCKET_AVATARS=avatars # Public URL for accessing files MINIO_PUBLIC_URL=https://minio.szaiai.com # ============================================================================= # MPC Hot Wallet (用于提现转账) # ============================================================================= # 热钱包用户名(MPC 系统中的标识) HOT_WALLET_USERNAME=rwadurian-system-hot-wallet-01 # 热钱包地址(从 MPC 公钥派生的 EVM 地址) HOT_WALLET_ADDRESS=0x895aaf83C57f807416E3BbBd093d7aB74a6FDd33