# ============================================================================= # MPC Service - Production Environment Configuration # ============================================================================= # # Deployment: Server B (192.168.1.111) # Role: MPC gateway service that bridges NestJS microservices with Go TSS backend # # Architecture: # ┌─────────────────────────────────────────────────────────────────────────┐ # │ mpc-service (NestJS on port 3006) │ # │ ├── Caches username ↔ publicKey mappings │ # │ ├── Stores delegate key shares (encrypted) │ # │ ├── Forwards keygen/signing requests to mpc-system │ # │ └── Publishes events to Kafka for identity-service │ # └─────────────────────────────────────────────────────────────────────────┘ # │ # ▼ # ┌─────────────────────────────────────────────────────────────────────────┐ # │ mpc-system (Go/TSS on Server B) │ # │ ├── account-service: port 4000 (session management) │ # │ ├── session-coordinator: port 8081 (TSS coordination) │ # │ ├── message-router: port 8082 (WebSocket for TSS messages) │ # │ └── server-party-api: port 8083 (server party operations) │ # └─────────────────────────────────────────────────────────────────────────┘ # # Setup: # 1. Copy to .env: cp .env.example .env # 2. In Docker Compose mode, most values are overridden by docker-compose.yml # ============================================================================= # ============================================================================= # Application # ============================================================================= NODE_ENV="production" APP_PORT=3006 API_PREFIX="api/v1" # ============================================================================= # Database (PostgreSQL on Server B) # ============================================================================= # Docker Compose: postgresql://rwa_user:xxx@rwa-postgres:5432/rwa_mpc # Direct access: postgresql://rwa_user:xxx@192.168.1.111:5432/rwa_mpc DATABASE_URL="postgresql://rwa_user:your_password@192.168.1.111:5432/rwa_mpc?schema=public" # ============================================================================= # Redis (on Server B) # ============================================================================= # Docker Compose: rwa-redis / Direct: 192.168.1.111 REDIS_HOST="192.168.1.111" REDIS_PORT=6379 REDIS_PASSWORD="" REDIS_DB=5 # ============================================================================= # JWT Configuration # ============================================================================= # SECURITY: Generate with: openssl rand -base64 32 # MUST match JWT_SECRET in backend/services/.env JWT_SECRET="your-jwt-secret-change-in-production" JWT_ACCESS_EXPIRES_IN="2h" JWT_REFRESH_EXPIRES_IN="30d" # ============================================================================= # Kafka (on Server B) # ============================================================================= # Docker Compose: rwa-kafka:29092 / Direct: 192.168.1.111:9092 KAFKA_BROKERS="192.168.1.111:9092" KAFKA_CLIENT_ID="mpc-service" KAFKA_GROUP_ID="mpc-service-group" # ============================================================================= # MPC System Configuration (Go/TSS Backend on Server B) # ============================================================================= # All mpc-system services run in Docker on Server B (192.168.1.111) # Account Service - Creates and manages keygen/signing sessions # Docker Compose: http://mpc-account-service:8080 # Direct access: http://192.168.1.111:4000 MPC_ACCOUNT_SERVICE_URL="http://192.168.1.111:4000" # Session Coordinator - Coordinates TSS protocol execution # Docker Compose: http://mpc-session-coordinator:8080 # Direct access: http://192.168.1.111:8081 MPC_COORDINATOR_URL="http://192.168.1.111:8081" MPC_SESSION_COORDINATOR_URL="http://192.168.1.111:8081" # Message Router - WebSocket for TSS peer-to-peer messages # Docker Compose: ws://mpc-message-router:8080 # Direct access: ws://192.168.1.111:8082 MPC_MESSAGE_ROUTER_WS_URL="ws://192.168.1.111:8082" # Server Party API - Server-side party operations # Docker Compose: http://mpc-server-party-api:8080 # Direct access: http://192.168.1.111:8083 MPC_SERVER_PARTY_API_URL="http://192.168.1.111:8083" # MPC JWT Secret - MUST match mpc-system's JWT_SECRET_KEY # SECURITY: Generate with: openssl rand -base64 48 MPC_JWT_SECRET="change_this_jwt_secret_key_to_random_value_min_32_chars" # Coordinator timeout in milliseconds MPC_COORDINATOR_TIMEOUT=30000 # ============================================================================= # Blockchain Service Configuration # ============================================================================= # Docker Compose: http://rwa-blockchain-service:3012 # Direct access: http://192.168.1.111:3012 BLOCKCHAIN_SERVICE_URL="http://192.168.1.111:3012" # ============================================================================= # Share Encryption # ============================================================================= # SECURITY: Generate 256-bit hex key with: openssl rand -hex 32 # WARNING: If you lose this key, encrypted shares cannot be recovered! # MUST match SHARE_MASTER_KEY in backend/services/.env SHARE_MASTER_KEY="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" # ============================================================================= # MPC Protocol Timeouts (in milliseconds) # ============================================================================= # Keygen: 2-of-3 threshold key generation (typically 30-60 seconds) MPC_KEYGEN_TIMEOUT=300000 # Signing: Threshold signature generation (typically 5-15 seconds) MPC_SIGNING_TIMEOUT=180000 # Key refresh: Update key shares without changing public key MPC_REFRESH_TIMEOUT=300000 # ============================================================================= # TSS Library (optional, for direct TSS operations) # ============================================================================= TSS_LIB_PATH="/opt/tss-lib/tss" TSS_TEMP_DIR="/tmp/tss"