136 lines
7.1 KiB
Plaintext
136 lines
7.1 KiB
Plaintext
# =============================================================================
|
|
# MPC Service - Production Environment Configuration
|
|
# =============================================================================
|
|
#
|
|
# Deployment: Server B (192.168.1.111)
|
|
# Role: MPC gateway service that bridges NestJS microservices with Go TSS backend
|
|
#
|
|
# Architecture:
|
|
# ┌─────────────────────────────────────────────────────────────────────────┐
|
|
# │ mpc-service (NestJS on port 3006) │
|
|
# │ ├── Caches username ↔ publicKey mappings │
|
|
# │ ├── Stores delegate key shares (encrypted) │
|
|
# │ ├── Forwards keygen/signing requests to mpc-system │
|
|
# │ └── Publishes events to Kafka for identity-service │
|
|
# └─────────────────────────────────────────────────────────────────────────┘
|
|
# │
|
|
# ▼
|
|
# ┌─────────────────────────────────────────────────────────────────────────┐
|
|
# │ mpc-system (Go/TSS on Server B) │
|
|
# │ ├── account-service: port 4000 (session management) │
|
|
# │ ├── session-coordinator: port 8081 (TSS coordination) │
|
|
# │ ├── message-router: port 8082 (WebSocket for TSS messages) │
|
|
# │ └── server-party-api: port 8083 (server party operations) │
|
|
# └─────────────────────────────────────────────────────────────────────────┘
|
|
#
|
|
# Setup:
|
|
# 1. Copy to .env: cp .env.example .env
|
|
# 2. In Docker Compose mode, most values are overridden by docker-compose.yml
|
|
# =============================================================================
|
|
|
|
# =============================================================================
|
|
# Application
|
|
# =============================================================================
|
|
NODE_ENV="production"
|
|
APP_PORT=3006
|
|
API_PREFIX="api/v1"
|
|
|
|
# =============================================================================
|
|
# Database (PostgreSQL on Server B)
|
|
# =============================================================================
|
|
# Docker Compose: postgresql://rwa_user:xxx@rwa-postgres:5432/rwa_mpc
|
|
# Direct access: postgresql://rwa_user:xxx@192.168.1.111:5432/rwa_mpc
|
|
DATABASE_URL="postgresql://rwa_user:your_password@192.168.1.111:5432/rwa_mpc?schema=public"
|
|
|
|
# =============================================================================
|
|
# Redis (on Server B)
|
|
# =============================================================================
|
|
# Docker Compose: rwa-redis / Direct: 192.168.1.111
|
|
REDIS_HOST="192.168.1.111"
|
|
REDIS_PORT=6379
|
|
REDIS_PASSWORD=""
|
|
REDIS_DB=5
|
|
|
|
# =============================================================================
|
|
# JWT Configuration
|
|
# =============================================================================
|
|
# SECURITY: Generate with: openssl rand -base64 32
|
|
# MUST match JWT_SECRET in backend/services/.env
|
|
JWT_SECRET="your-jwt-secret-change-in-production"
|
|
JWT_ACCESS_EXPIRES_IN="2h"
|
|
JWT_REFRESH_EXPIRES_IN="30d"
|
|
|
|
# =============================================================================
|
|
# Kafka (on Server B)
|
|
# =============================================================================
|
|
# Docker Compose: rwa-kafka:29092 / Direct: 192.168.1.111:9092
|
|
KAFKA_BROKERS="192.168.1.111:9092"
|
|
KAFKA_CLIENT_ID="mpc-service"
|
|
KAFKA_GROUP_ID="mpc-service-group"
|
|
|
|
# =============================================================================
|
|
# MPC System Configuration (Go/TSS Backend on Server B)
|
|
# =============================================================================
|
|
# All mpc-system services run in Docker on Server B (192.168.1.111)
|
|
|
|
# Account Service - Creates and manages keygen/signing sessions
|
|
# Docker Compose: http://mpc-account-service:8080
|
|
# Direct access: http://192.168.1.111:4000
|
|
MPC_ACCOUNT_SERVICE_URL="http://192.168.1.111:4000"
|
|
|
|
# Session Coordinator - Coordinates TSS protocol execution
|
|
# Docker Compose: http://mpc-session-coordinator:8080
|
|
# Direct access: http://192.168.1.111:8081
|
|
MPC_COORDINATOR_URL="http://192.168.1.111:8081"
|
|
MPC_SESSION_COORDINATOR_URL="http://192.168.1.111:8081"
|
|
|
|
# Message Router - WebSocket for TSS peer-to-peer messages
|
|
# Docker Compose: ws://mpc-message-router:8080
|
|
# Direct access: ws://192.168.1.111:8082
|
|
MPC_MESSAGE_ROUTER_WS_URL="ws://192.168.1.111:8082"
|
|
|
|
# Server Party API - Server-side party operations
|
|
# Docker Compose: http://mpc-server-party-api:8080
|
|
# Direct access: http://192.168.1.111:8083
|
|
MPC_SERVER_PARTY_API_URL="http://192.168.1.111:8083"
|
|
|
|
# MPC JWT Secret - MUST match mpc-system's JWT_SECRET_KEY
|
|
# SECURITY: Generate with: openssl rand -base64 48
|
|
MPC_JWT_SECRET="change_this_jwt_secret_key_to_random_value_min_32_chars"
|
|
|
|
# Coordinator timeout in milliseconds
|
|
MPC_COORDINATOR_TIMEOUT=30000
|
|
|
|
# =============================================================================
|
|
# Blockchain Service Configuration
|
|
# =============================================================================
|
|
# Docker Compose: http://rwa-blockchain-service:3012
|
|
# Direct access: http://192.168.1.111:3012
|
|
BLOCKCHAIN_SERVICE_URL="http://192.168.1.111:3012"
|
|
|
|
# =============================================================================
|
|
# Share Encryption
|
|
# =============================================================================
|
|
# SECURITY: Generate 256-bit hex key with: openssl rand -hex 32
|
|
# WARNING: If you lose this key, encrypted shares cannot be recovered!
|
|
# MUST match SHARE_MASTER_KEY in backend/services/.env
|
|
SHARE_MASTER_KEY="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
|
|
|
|
# =============================================================================
|
|
# MPC Protocol Timeouts (in milliseconds)
|
|
# =============================================================================
|
|
# Keygen: 2-of-3 threshold key generation (typically 30-60 seconds)
|
|
MPC_KEYGEN_TIMEOUT=300000
|
|
|
|
# Signing: Threshold signature generation (typically 5-15 seconds)
|
|
MPC_SIGNING_TIMEOUT=180000
|
|
|
|
# Key refresh: Update key shares without changing public key
|
|
MPC_REFRESH_TIMEOUT=300000
|
|
|
|
# =============================================================================
|
|
# TSS Library (optional, for direct TSS operations)
|
|
# =============================================================================
|
|
TSS_LIB_PATH="/opt/tss-lib/tss"
|
|
TSS_TEMP_DIR="/tmp/tss"
|