vsecoder/dchain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7e7393e4f8081c8cfe42bfb01b10f39ef2db966c
dchain/deploy/prod/caddy/Caddyfile
vsecoder 7e7393e4f8 chore: initial commit for v0.0.1 
DChain single-node blockchain + React Native messenger client.

Core:
- PBFT consensus with multi-sig validator admission + equivocation slashing
- BadgerDB + schema migration scaffold (CurrentSchemaVersion=0)
- libp2p gossipsub (tx/v1, blocks/v1, relay/v1, version/v1)
- Native Go contracts (username_registry) alongside WASM (wazero)
- WebSocket gateway with topic-based fanout + Ed25519-nonce auth
- Relay mailbox with NaCl envelope encryption (X25519 + Ed25519)
- Prometheus /metrics, per-IP rate limit, body-size cap

Deployment:
- Single-node compose (deploy/single/) with Caddy TLS + optional Prometheus
- 3-node dev compose (docker-compose.yml) with mocked internet topology
- 3-validator prod compose (deploy/prod/) for federation
- Auto-update from Gitea via /api/update-check + systemd timer
- Build-time version injection (ldflags → node --version)
- UI / Swagger toggle flags (DCHAIN_DISABLE_UI, DCHAIN_DISABLE_SWAGGER)

Client (client-app/):
- Expo / React Native / NativeWind
- E2E NaCl encryption, typing indicator, contact requests
- Auto-discovery of canonical contracts, chain_id aware, WS reconnect on node switch

Documentation:
- README.md, CHANGELOG.md, CONTEXT.md
- deploy/single/README.md with 6 operator scenarios
- deploy/UPDATE_STRATEGY.md with 4-layer forward-compat design
- docs/contracts/*.md per contract
2026-04-17 14:16:44 +03:00

89 lines
3.6 KiB
Caddyfile
Raw Blame History

# Caddy configuration for DChain prod.
#
# What this does:
# 1. Auto-HTTPS via Let's Encrypt (requires the DOMAIN envvar and
# a DNS A-record pointing at this host).
# 2. Round-robins HTTP /api/* across the three node backends. GETs are
# idempotent so round-robin is safe; POST /api/tx is accepted by any
# validator and gossiped to the rest — no stickiness needed.
# 3. Routes /api/ws (WebSocket upgrade) through with header
# preservation. Uses ip_hash (lb_policy client_ip) so one client
# sticks to one node — avoids re-doing the auth handshake on every
# subscribe.
# 4. Serves /metrics ONLY from localhost IPs so the Prometheus inside
# the stack can scrape it; public scrapers are refused.
#
# To use:
# - Set environment var DOMAIN before `docker compose up`:
# DOMAIN=dchain.example.com docker compose up -d
# - DNS must resolve DOMAIN → this host's public IP.
# - Port 80 must be reachable for ACME HTTP-01 challenge.
{
# Global options. `auto_https` is on by default — leave it alone.
email {$ACME_EMAIL:admin@example.com}
servers {
# Enable HTTP/3 for mobile clients.
protocols h1 h2 h3
}
}
# ── Public endpoint ────────────────────────────────────────────────────────
{$DOMAIN:localhost} {
# Compression for JSON / HTML responses.
encode zstd gzip
# ── WebSocket ──────────────────────────────────────────────────────
# Client-IP stickiness so reconnects land on the same node. This keeps
# per-subscription state local and avoids replaying every auth+subscribe
# to a cold node.
@ws path /api/ws
handle @ws {
reverse_proxy node1:8080 node2:8080 node3:8080 {
lb_policy ip_hash
# Health-check filters dead nodes out of the pool automatically.
health_uri /api/netstats
health_interval 15s
# Upgrade headers preserved by Caddy by default for WS path; no
# extra config needed.
}
}
# ── REST API ──────────────────────────────────────────────────────
handle /api/* {
reverse_proxy node1:8080 node2:8080 node3:8080 {
lb_policy least_conn
health_uri /api/netstats
health_interval 15s
# Soft fail open: if no node is healthy, return a clear 503.
fail_duration 30s
}
}
# ── /metrics — internal only ──────────────────────────────────────
# Refuse external scraping of Prometheus metrics. Inside the Docker
# network Prometheus hits node1:8080/metrics directly, bypassing Caddy.
@metricsPublic {
path /metrics
not remote_ip 127.0.0.1 ::1 172.16.0.0/12 192.168.0.0/16 10.0.0.0/8
}
handle @metricsPublic {
respond "forbidden" 403
}
# ── Everything else → explorer HTML ───────────────────────────────
handle {
reverse_proxy node1:8080 {
health_uri /api/netstats
health_interval 15s
}
}
# Server-side logging; write JSON for easy log aggregation.
log {
output stdout
format json
level INFO
}
}
Reference in New Issue View Git Blame Copy Permalink