chore: sync submodule state (parent ref update)

Made-with: Cursor
2026-03-02 12:14:14 -08:00
parent b6a776e5d7
commit 25c96e210a
316 changed files with 29779 additions and 677 deletions
--- a/scripts/deploy-rpc-endpoints.sh
+++ b/scripts/deploy-rpc-endpoints.sh
@@ -0,0 +1,334 @@
+#!/bin/bash
+
+# Deploy Production RPC Endpoints for ChainID 138
+# This script helps configure and deploy RPC endpoints
+
+set -e
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
+
+# Colors
+GREEN='\033[0;32m'
+RED='\033[0;31m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m'
+
+log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }
+log_success() { echo -e "${GREEN}[✓]${NC} $1"; }
+log_warn() { echo -e "${YELLOW}[WARN]${NC} $1"; }
+log_error() { echo -e "${RED}[ERROR]${NC} $1"; }
+
+log_info "========================================="
+log_info "RPC Endpoint Deployment Guide"
+log_info "========================================="
+log_info ""
+
+# RPC Configuration
+PRIMARY_RPC="https://rpc.d-bis.org"
+SECONDARY_RPC="https://rpc2.d-bis.org"
+INTERNAL_RPC="http://192.168.11.211:8545"
+
+log_info "RPC Endpoint Configuration:"
+log_info "  Primary: $PRIMARY_RPC"
+log_info "  Secondary: $SECONDARY_RPC"
+log_info "  Internal: $INTERNAL_RPC"
+log_info ""
+
+# Create deployment directory
+DEPLOY_DIR="$PROJECT_ROOT/rpc-deployment"
+mkdir -p "$DEPLOY_DIR"
+
+# Create nginx configuration for RPC
+log_info "Creating nginx configuration..."
+cat > "$DEPLOY_DIR/nginx-rpc.conf" << 'EOF'
+# Nginx configuration for RPC endpoints
+# This config provides HTTPS, CORS, and rate limiting for RPC endpoints
+
+upstream besu_rpc {
+    server 192.168.11.211:8545;
+    keepalive 32;
+}
+
+server {
+    listen 443 ssl http2;
+    server_name rpc.d-bis.org;
+
+    # SSL Configuration
+    ssl_certificate /etc/ssl/certs/d-bis.org.crt;
+    ssl_certificate_key /etc/ssl/private/d-bis.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers HIGH:!aNULL:!MD5;
+
+    # CORS Headers for MetaMask
+    add_header Access-Control-Allow-Origin * always;
+    add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
+    add_header Access-Control-Allow-Headers "Content-Type, Authorization" always;
+    add_header Access-Control-Max-Age 3600 always;
+
+    # Handle OPTIONS requests
+    if ($request_method = OPTIONS) {
+        return 204;
+    }
+
+    # Rate Limiting
+    limit_req_zone $binary_remote_addr zone=rpc_limit:10m rate=10r/s;
+    limit_req zone=rpc_limit burst=20 nodelay;
+
+    # RPC Endpoint
+    location / {
+        proxy_pass http://besu_rpc;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        
+        # Timeouts
+        proxy_connect_timeout 60s;
+        proxy_send_timeout 60s;
+        proxy_read_timeout 60s;
+    }
+
+    # Health Check
+    location /health {
+        access_log off;
+        return 200 "healthy\n";
+        add_header Content-Type text/plain;
+    }
+}
+
+# Secondary RPC endpoint
+server {
+    listen 443 ssl http2;
+    server_name rpc2.d-bis.org;
+
+    # SSL Configuration (same as primary)
+    ssl_certificate /etc/ssl/certs/d-bis.org.crt;
+    ssl_certificate_key /etc/ssl/private/d-bis.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+
+    # CORS Headers
+    add_header Access-Control-Allow-Origin * always;
+    add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
+    add_header Access-Control-Allow-Headers "Content-Type, Authorization" always;
+
+    # Rate Limiting
+    limit_req_zone $binary_remote_addr zone=rpc_limit:10m rate=10r/s;
+    limit_req zone=rpc_limit burst=20 nodelay;
+
+    location / {
+        proxy_pass http://besu_rpc;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
+
+# HTTP to HTTPS redirect
+server {
+    listen 80;
+    server_name rpc.d-bis.org rpc2.d-bis.org;
+    return 301 https://$server_name$request_uri;
+}
+EOF
+
+log_success "Created: $DEPLOY_DIR/nginx-rpc.conf"
+
+# Create Cloudflare configuration
+log_info "Creating Cloudflare configuration..."
+cat > "$DEPLOY_DIR/cloudflare-dns-config.md" << 'EOF'
+# Cloudflare DNS Configuration for RPC Endpoints
+
+## DNS Records Required
+
+### Primary RPC Endpoint (rpc.d-bis.org)
+
+**A Record**:
+- Name: `rpc`
+- Type: `A`
+- Content: `<server-ip-address>`
+- TTL: `Auto` or `300`
+- Proxy: `Proxied` (for DDoS protection)
+
+**AAAA Record** (if IPv6 available):
+- Name: `rpc`
+- Type: `AAAA`
+- Content: `<server-ipv6-address>`
+- TTL: `Auto` or `300`
+- Proxy: `Proxied`
+
+### Secondary RPC Endpoint (rpc2.d-bis.org)
+
+**A Record**:
+- Name: `rpc2`
+- Type: `A`
+- Content: `<server-ip-address>`
+- TTL: `Auto` or `300`
+- Proxy: `Proxied`
+
+**AAAA Record** (if IPv6 available):
+- Name: `rpc2`
+- Type: `AAAA`
+- Content: `<server-ipv6-address>`
+- TTL: `Auto` or `300`
+- Proxy: `Proxied`
+
+## SSL/TLS Configuration
+
+1. **Enable SSL/TLS**:
+   - Go to Cloudflare Dashboard → SSL/TLS
+   - Set encryption mode to "Full" or "Full (strict)"
+   - Enable "Always Use HTTPS"
+
+2. **SSL Certificate**:
+   - Cloudflare provides free SSL certificates
+   - Automatic certificate provisioning
+   - Certificate auto-renewal
+
+3. **Minimum TLS Version**:
+   - Set to TLS 1.2 minimum
+   - Recommended: TLS 1.3
+
+## Page Rules
+
+Create page rules for optimal performance:
+
+1. **Cache Level**: Standard
+2. **Browser Cache TTL**: 4 hours
+3. **Edge Cache TTL**: 2 hours
+
+## Security Settings
+
+1. **Security Level**: Medium
+2. **Challenge Passage**: 30 minutes
+3. **Browser Integrity Check**: On
+4. **Privacy Pass Support**: On
+
+## Rate Limiting
+
+Configure rate limiting rules:
+- Rate: 10 requests per second per IP
+- Burst: 20 requests
+- Action: Challenge or Block
+
+## Monitoring
+
+Set up Cloudflare Analytics:
+- Monitor RPC endpoint traffic
+- Track error rates
+- Monitor response times
+EOF
+
+log_success "Created: $DEPLOY_DIR/cloudflare-dns-config.md"
+
+# Create deployment checklist
+cat > "$DEPLOY_DIR/DEPLOYMENT_CHECKLIST.md" << 'EOF'
+# RPC Endpoint Deployment Checklist
+
+## Pre-Deployment
+
+- [ ] Server is provisioned and accessible
+- [ ] Nginx is installed and configured
+- [ ] SSL certificates are obtained
+- [ ] DNS records are configured
+- [ ] Firewall rules are configured
+- [ ] Monitoring is set up
+
+## Deployment Steps
+
+1. **Configure Nginx**:
+   - [ ] Copy nginx-rpc.conf to /etc/nginx/sites-available/
+   - [ ] Create symlink to sites-enabled
+   - [ ] Test configuration: `nginx -t`
+   - [ ] Reload nginx: `systemctl reload nginx`
+
+2. **Configure SSL**:
+   - [ ] Install SSL certificates
+   - [ ] Verify certificate validity
+   - [ ] Test HTTPS connection
+   - [ ] Verify certificate auto-renewal
+
+3. **Configure DNS**:
+   - [ ] Add A records for rpc.d-bis.org
+   - [ ] Add A records for rpc2.d-bis.org
+   - [ ] Verify DNS propagation
+   - [ ] Test DNS resolution
+
+4. **Configure Cloudflare**:
+   - [ ] Add domain to Cloudflare
+   - [ ] Update nameservers
+   - [ ] Configure SSL/TLS
+   - [ ] Enable proxy
+   - [ ] Configure page rules
+
+5. **Test Endpoints**:
+   - [ ] Test primary RPC: `curl https://rpc.d-bis.org`
+   - [ ] Test secondary RPC: `curl https://rpc2.d-bis.org`
+   - [ ] Test CORS headers
+   - [ ] Test rate limiting
+   - [ ] Test from MetaMask
+
+6. **Monitor**:
+   - [ ] Set up monitoring alerts
+   - [ ] Configure logging
+   - [ ] Test health checks
+   - [ ] Monitor performance
+
+## Post-Deployment
+
+- [ ] Update MetaMask network config with new RPC URLs
+- [ ] Update token lists with new RPC URLs
+- [ ] Test MetaMask connection
+- [ ] Document RPC endpoints
+- [ ] Announce RPC endpoints
+
+## Verification
+
+Test RPC endpoints:
+
+```bash
+# Test primary RPC
+curl -X POST https://rpc.d-bis.org \
+  -H "Content-Type: application/json" \
+  -d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
+
+# Test secondary RPC
+curl -X POST https://rpc2.d-bis.org \
+  -H "Content-Type: application/json" \
+  -d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
+
+# Test CORS
+curl -I -X OPTIONS https://rpc.d-bis.org \
+  -H "Origin: https://metamask.io" \
+  -H "Access-Control-Request-Method: POST"
+```
+
+Expected CORS headers:
+- `Access-Control-Allow-Origin: *`
+- `Access-Control-Allow-Methods: GET, POST, OPTIONS`
+- `Access-Control-Allow-Headers: Content-Type, Authorization`
+EOF
+
+log_success "Created: $DEPLOY_DIR/DEPLOYMENT_CHECKLIST.md"
+
+log_info ""
+log_info "========================================="
+log_info "RPC Deployment Guide Complete!"
+log_info "========================================="
+log_info ""
+log_info "Files created in: $DEPLOY_DIR"
+log_info "  - nginx-rpc.conf (nginx configuration)"
+log_info "  - cloudflare-dns-config.md (DNS setup)"
+log_info "  - DEPLOYMENT_CHECKLIST.md (deployment steps)"
+log_info ""
+log_info "Next steps:"
+log_info "1. Review deployment files"
+log_info "2. Follow DEPLOYMENT_CHECKLIST.md"
+log_info "3. Deploy RPC endpoints"
+log_info ""