Skip to content

Instantly share code, notes, and snippets.

@simondlr

simondlr/a.md

Last active August 29, 2015 14:08
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save simondlr/9871056d4cb232a8aa16 to your computer and use it in GitHub Desktop.
Save simondlr/9871056d4cb232a8aa16 to your computer and use it in GitHub Desktop.
Download ZIP
Installing Counterparty/Dogeparty/ClearingHouse etc on OS X natively.
Raw
a.md

Since there's always hiccups, I documented my install process to get a local Dogeparty Wallet running on OS X [there's no build procedure for it yet]. This will work with Counterparty & Clearinghouse as well (and other upcoming XCP implementations). This will likely be old-hat once a proper build-procedure is in place.

The dockers here from Lars give helpful tips on how the setup would work with VMs: https://github.com/Dogeparty.

  1. Install Dogecoind. Let it sync up with txindex=1 & server=1.
  2. Install Doge Insight. Problems with npm, so had to use npm upgrade. Dogecoin had old block store, so had to pipe blk.dats to bootstrap.dat, delete dogecoin conf, and reimport blocks for proper sync. Export proper variables for insight. Connect, and run node insight.js (after npm install). Halfway through, ran into magic number auxwow error. Switch to use RPC at block 371337 instead of PERCENTAGE_TO_SYNC_RPC_FROM.
  3. Clone dogepartyd. Install Python3. Upgrade virtualenv itself to use python3. Create virtualenv with Python3 bin instead. Install pip-requirements using pip3. Manually install apsw (another python sqlite wrapper).
  4. Download config file from docker recipe. Change to suit local install (database file).
  5. Sync Dogeparty (with custom config).
  6. Git clone counterblockd. pip install requirments. Use python2 to install. Error with gevent. Fix comment bug. Create config file with relevant info to connect to counterpartyd/insight/mongo. Fix bug where geoip could not be downloaded to proper dir.
  7. Turn on mongod (had it installed).
  8. Sync counterblock (with custom config). Fix bug where Counterblock did not properly use an external conf file (not yet merged to upstream: https://github.com/simondlr/counterblockd/tree/config).
  9. Clone Dogeparty Wallet. Create servers.json (locally). Install nginx. Copy nginx.conf from wallet docker (including counterblock.conf). Edit nginx to suit OS X. Run nginx. For local testing, removed https (for now). Will again later.
  10. Head to browser. Use dogeparty. Wow.

NOTE: This is very, very hacky and duck-taped everywhere. Use above and conf files with caution. There's likely a lot that needs to be refactored still. DO NO USE IN PRODUCTION. This is only for reference. Fix/update/replace where needed. I use custom conf files, custom server setup files, custom ports, etc. So again. This is not for exact use, only for reference if you are running into the same problems.

Get in contact if you have issues.

Raw
counterblock.conf
worker_processes auto;
# pid /var/run/nginx.pid;
pid /var/log/nginx.pid;
events {
# determines how much clients will be served per worker
# max clients = worker_connections * worker_processes
# max clients is also limited by the number of socket connections available on the system (~64k)
worker_connections 1024;
# optmized to serve many clients with each thread, essential for linux
# use epoll; #linux 2.6+
# accept as many connections as possible, may flood worker connections if set too low
multi_accept on;
# (hopefully) improve performance a bit more
accept_mutex off;
}
http {
# this is helpful due to our use of openresty
variables_hash_bucket_size 128;
variables_hash_max_size 1024;
# don't give version in status string
server_tokens off;
# copies data between one FD and other from within the kernel
# faster then read() + write()
sendfile on;
# send headers in one piece, its better then sending them one by one
tcp_nopush on;
# don't buffer data sent, good for small data bursts in real time
tcp_nodelay on;
# server will close an open connection after this time
keepalive_timeout 50;
# more timeouts to help against slowlaris DDOS, etc
client_body_timeout 10;
client_header_timeout 10;
send_timeout 10;
types_hash_max_size 2048;
#include /etc/nginx/mime.types;
include mime.types;
default_type application/octet-stream;
# Logging Settings
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# Gzip Settings
gzip on;
gzip_http_version 1.1;
gzip_vary on;
gzip_comp_level 6;
gzip_proxied any;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
gzip_min_length 500;
gzip_types text/plain text/css text/comma-separated-values
application/json text/javascript application/javascript application/x-javascript
text/xml application/xml application/xml+rss application/atom+xml;
#^ text/html included by default
# Rate limiting (basic DDOS protection)
limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;
limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=15r/s;
# Utilize HSTS (HTTP Strict Transport Security) to force all traffic to be over HTTPS
# NOTE: DISABLED BY DEFAULT AS IT WONT WORK WITH SELF SIGNED CERTS. ENABLE IN PRODUCTION MODE.
# add_header Strict-Transport-Security max-age=31536000;
# config to don't allow the browser to render the page inside an frame or iframe
# and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking
# if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri
# https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
add_header X-Frame-Options DENY;
# when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header,
# to disable content-type sniffing on some browsers.
# https://www.owasp.org/index.php/List_of_useful_HTTP_headers
# currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx
# http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx
# 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020
add_header X-Content-Type-Options nosniff;
# This header enables the Cross-site scripting (XSS) filter built into most recent web browsers.
# It's usually enabled by default anyway, so the role of this header is to re-enable the filter for
# this particular website if it was disabled by the user.
# https://www.owasp.org/index.php/List_of_useful_HTTP_headers
add_header X-XSS-Protection "1; mode=block";
#used by adobe flash
add_header X-Permitted-Cross-Domain-Policies "master-only";
# Virtual Host Configs
#include /etc/nginx/conf.d/*.conf;
#include /etc/nginx/sites/*.conf;
include /usr/local/etc/nginx/sites/*.conf;
}
Simon-2:nginx simon$ cat sites/counterblock.conf
upstream cache_server {
server 127.0.0.1:6379; #default port
keepalive 128;
}
upstream counterblock_api_server {
server 127.0.0.1:4100;
keepalive 30;
}
upstream counterblock_t_api_server {
#server dogeblockd_testnet:14100;
server 127.0.0.1:14100;
keepalive 30;
}
# with Content Security Policy (CSP) enabled(and a browser that supports it(http://caniuse.com/#feat=contentsecuritypolicy),
# you can tell the browser that it can only download content from the domains you explicitly allow
# http://www.html5rocks.com/en/tutorials/security/content-security-policy/
# https://www.owasp.org/index.php/Content_Security_Policy
# I need to change our application code so we can increase security by disabling 'unsafe-inline' 'unsafe-eval'
# directives for css and js(if you have inline css or js, you will need to keep it too).
# more: http://www.html5rocks.com/en/tutorials/security/content-security-policy/#inline-code-considered-harmful
add_header Content-Security-Policy "default-src 'self'; script-src 'self' https://ssl.google-analytics.com https://query.yahooapis.com; img-src 'self' data: https://ssl.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' themes.googleusercontent.com fonts.gstatic.com; frame-src 'none'; object-src 'self'; connect-src 'self' ws://testnet.wallet.dogeparty.io wss://$host https://api.rollbar.com;";
server {
listen 4126;
server_name testnet.wallet.dogeparty.io;
###############
# BASE SITE SERVING (STATIC FILES)
# CACHING - For production use
open_file_cache max=200000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
location /_asset_img/ {
access_log off;
expires 1h;
alias /home/xcp/.config/counterblockd/asset_img/;
}
location /_t_asset_img/ {
access_log off;
expires 1h;
alias /home/xcp/.config/counterblockd-testnet/asset_img/;
}
location /src {
#For dev/testing (uses unminified resources)
open_file_cache off;
expires off;
alias /home/xcp/counterwallet/src/;
}
#location /servers.json {
# #alias /etc/nginx/servers-testnet.json;
# alias /Users/simon/code/dogeparty/etc/nginx/servers-testnet.json;
#}
location / {
access_log off;
expires 1h;
root /Users/simon/code/dogeparty/dogeparty-wallet/src/;
#Enable this during single server system updates
#root /home/xcp/counterpartyd_build/dist/linux/nginx/upgrade_root/;
}
#############
#####
# TESTNET
# PROXY TO COUNTERWALLETD API REQUESTS (WSGI) - try to hit the cache in redis first
location ^~ /_t_api
{
#reject everything except GET, POST and OPTIONS
limit_except GET POST OPTIONS {
deny all;
}
#include /etc/nginx/sites/counterblock_api_cache.inc;
#set $redis_db "1";
# Send to app server if Redis could not answer the request
error_page 404 405 550 = @t_wsgi_api;
}
# PROXY TO COUNTERWALLETD API BACKEND (WSGI)
location @t_wsgi_api {
#include /etc/nginx/sites/counterblock_api.inc;
include /usr/local/etc/nginx/sites/counterblock_api.inc;
rewrite ^/_t_api/?$ /api/? break;
proxy_pass http://counterblock_t_api_server;
}
# PROXY TO COUNTERWALLETD FEED BACKEND (socket.io)
location ^~ /_t_feed {
#include /etc/nginx/sites/counterblock_socketio.inc;
include /usr/local/etc/nginx/sites/counterblock_socketio.inc;
#proxy_pass http://dogeblockd_testnet:14101/socket.io;
proxy_pass http://127.0.0.1:14101/socket.io;
}
# PROXY TO COUNTERWALLETD CHAT BACKEND (socket.io)
location ^~ /_t_chat {
#include /etc/nginx/sites/counterblock_socketio.inc;
include /usr/local/etc/nginx/sites/counterblock_socketio.inc;
#proxy_pass http://dogeblockd_testnet:14102/socket.io;
proxy_pass http://127.0.0.1:14102/socket.io;
}
}
server {
listen 80 default_server deferred;
server_name _;
rewrite ^ https://$host$request_uri permanent;
}
server {
#DEV PORT (firewall on production systems)
listen 81;
server_name _;
#for nginx newrelic agent
location /nginx_stub_status {
#stub_status on;
access_log off;
allow 127.0.0.0/8;
deny all;
}
}
server {
#listen 443 default_server ssl deferred;
listen 4127 default_server deferred;
server_name _;
###############
# SSL - For production use
# ssl_certificate /etc/ssl/certs/counterblockd.pem;
# ssl_certificate /etc/ssl/certs/wallet_dogeparty_io.crt-bundle;
# ssl_certificate_key /etc/ssl/private/dogeparty.key;
# SSL - For development use
#ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
#ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
# support FS, and BEAST protection - https://coderwall.com/p/ebl2qa
server_tokens off;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_prefer_server_ciphers on;
#ssl_session_timeout 5m;
# ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
###############
access_log /var/log/nginx/counterblock.access.log;
error_log /var/log/nginx/counterblock.error.log;
#access_log logs/counterblock.access.log;
#error_log logs/counterblock.error.log;
# basic rate limiting
limit_conn conn_limit_per_ip 15;
limit_req zone=req_limit_per_ip burst=100 nodelay;
# this has to be higher than we'd like otherwise, due to the create_support_case API call...
client_max_body_size 1m;
###############
# BASE SITE SERVING (STATIC FILES)
# CACHING - For production use
open_file_cache max=200000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
location /_asset_img/ {
access_log off;
expires 1h;
alias /home/xcp/.config/counterblockd/asset_img/;
}
location /src {
#For dev/testing (uses unminified resources)
open_file_cache off;
expires off;
alias /home/xcp/counterwallet/src/;
}
#location /servers.json {
# alias /etc/nginx/servers-livenet.json;
#}
location / {
access_log off;
expires 1h;
#root /usr/local/nginx/html/wallet/;
root /Users/simon/code/dogeparty/dogeparty-wallet/src/;
#Enable this during single server system updates
#root /home/xcp/counterpartyd_build/dist/linux/nginx/upgrade_root/;
}
#############
#####
# PRODUCTION
# PROXY TO COUNTERWALLETD API REQUESTS (WSGI) - try to hit the cache in redis first
location ^~ /_api
{
#reject everything except GET, POST and OPTIONS
limit_except GET POST OPTIONS {
deny all;
}
#include /etc/nginx/sites/counterblock_api_cache.inc;
#set $redis_db "0";
# Send to app server if Redis could not answer the request
error_page 404 405 550 = @wsgi_api;
}
# PROXY TO COUNTERWALLETD API BACKEND (WSGI)
location @wsgi_api {
#include /etc/nginx/sites/counterblock_api.inc;
include /usr/local/etc/nginx/sites/counterblock_api.inc;
rewrite ^/_api/?$ /api/? break;
proxy_pass http://counterblock_api_server;
}
# PROXY TO COUNTERWALLETD FEED BACKEND (socket.io)
location ^~ /_feed {
#include /etc/nginx/sites/counterblock_socketio.inc;
include /usr/local/etc/nginx/sites/counterblock_socketio.inc;
#proxy_pass http://dogeblockd:4101/socket.io;
proxy_pass http://127.0.0.1:4101/socket.io;
}
# PROXY TO COUNTERWALLETD CHAT BACKEND (socket.io)
location ^~ /_chat {
#include /etc/nginx/sites/counterblock_socketio.inc;
include /usr/local/etc/nginx/sites/counterblock_socketio.inc;
#proxy_pass http://dogeblockd:4102/socket.io;
proxy_pass http://127.0.0.1:4102/socket.io;
}
}
Raw
nginx.conf
worker_processes auto;
# pid /var/run/nginx.pid;
pid /var/log/nginx.pid;
events {
# determines how much clients will be served per worker
# max clients = worker_connections * worker_processes
# max clients is also limited by the number of socket connections available on the system (~64k)
worker_connections 1024;
# optmized to serve many clients with each thread, essential for linux
# use epoll; #linux 2.6+
# accept as many connections as possible, may flood worker connections if set too low
multi_accept on;
# (hopefully) improve performance a bit more
accept_mutex off;
}
http {
# this is helpful due to our use of openresty
variables_hash_bucket_size 128;
variables_hash_max_size 1024;
# don't give version in status string
server_tokens off;
# copies data between one FD and other from within the kernel
# faster then read() + write()
sendfile on;
# send headers in one piece, its better then sending them one by one
tcp_nopush on;
# don't buffer data sent, good for small data bursts in real time
tcp_nodelay on;
# server will close an open connection after this time
keepalive_timeout 50;
# more timeouts to help against slowlaris DDOS, etc
client_body_timeout 10;
client_header_timeout 10;
send_timeout 10;
types_hash_max_size 2048;
#include /etc/nginx/mime.types;
include mime.types;
default_type application/octet-stream;
# Logging Settings
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# Gzip Settings
gzip on;
gzip_http_version 1.1;
gzip_vary on;
gzip_comp_level 6;
gzip_proxied any;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
gzip_min_length 500;
gzip_types text/plain text/css text/comma-separated-values
application/json text/javascript application/javascript application/x-javascript
text/xml application/xml application/xml+rss application/atom+xml;
#^ text/html included by default
# Rate limiting (basic DDOS protection)
limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;
limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=15r/s;
# Utilize HSTS (HTTP Strict Transport Security) to force all traffic to be over HTTPS
# NOTE: DISABLED BY DEFAULT AS IT WONT WORK WITH SELF SIGNED CERTS. ENABLE IN PRODUCTION MODE.
# add_header Strict-Transport-Security max-age=31536000;
# config to don't allow the browser to render the page inside an frame or iframe
# and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking
# if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri
# https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
add_header X-Frame-Options DENY;
# when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header,
# to disable content-type sniffing on some browsers.
# https://www.owasp.org/index.php/List_of_useful_HTTP_headers
# currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx
# http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx
# 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020
add_header X-Content-Type-Options nosniff;
# This header enables the Cross-site scripting (XSS) filter built into most recent web browsers.
# It's usually enabled by default anyway, so the role of this header is to re-enable the filter for
# this particular website if it was disabled by the user.
# https://www.owasp.org/index.php/List_of_useful_HTTP_headers
add_header X-XSS-Protection "1; mode=block";
#used by adobe flash
add_header X-Permitted-Cross-Domain-Policies "master-only";
# Virtual Host Configs
#include /etc/nginx/conf.d/*.conf;
#include /etc/nginx/sites/*.conf;
include /usr/local/etc/nginx/sites/*.conf;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment