d-bis/metamask-integration
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
metamask-integration/scripts/deploy-rpc-endpoints.sh
defiQUG 25c96e210a chore: sync submodule state (parent ref update) 
Made-with: Cursor
2026-03-02 12:14:14 -08:00

335 lines
8.7 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
# Deploy Production RPC Endpoints for ChainID 138
# This script helps configure and deploy RPC endpoints
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
# Colors
GREEN='\033[0;32m'
RED='\033[0;31m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'
log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }
log_success() { echo -e "${GREEN}[✓]${NC} $1"; }
log_warn() { echo -e "${YELLOW}[WARN]${NC} $1"; }
log_error() { echo -e "${RED}[ERROR]${NC} $1"; }
log_info "========================================="
log_info "RPC Endpoint Deployment Guide"
log_info "========================================="
log_info ""
# RPC Configuration
PRIMARY_RPC="https://rpc.d-bis.org"
SECONDARY_RPC="https://rpc2.d-bis.org"
INTERNAL_RPC="http://192.168.11.211:8545"
log_info "RPC Endpoint Configuration:"
log_info " Primary: $PRIMARY_RPC"
log_info " Secondary: $SECONDARY_RPC"
log_info " Internal: $INTERNAL_RPC"
log_info ""
# Create deployment directory
DEPLOY_DIR="$PROJECT_ROOT/rpc-deployment"
mkdir -p "$DEPLOY_DIR"
# Create nginx configuration for RPC
log_info "Creating nginx configuration..."
cat > "$DEPLOY_DIR/nginx-rpc.conf" << 'EOF'
# Nginx configuration for RPC endpoints
# This config provides HTTPS, CORS, and rate limiting for RPC endpoints
upstream besu_rpc {
server 192.168.11.211:8545;
keepalive 32;
}
server {
listen 443 ssl http2;
server_name rpc.d-bis.org;
# SSL Configuration
ssl_certificate /etc/ssl/certs/d-bis.org.crt;
ssl_certificate_key /etc/ssl/private/d-bis.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
# CORS Headers for MetaMask
add_header Access-Control-Allow-Origin * always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
add_header Access-Control-Allow-Headers "Content-Type, Authorization" always;
add_header Access-Control-Max-Age 3600 always;
# Handle OPTIONS requests
if ($request_method = OPTIONS) {
return 204;
}
# Rate Limiting
limit_req_zone $binary_remote_addr zone=rpc_limit:10m rate=10r/s;
limit_req zone=rpc_limit burst=20 nodelay;
# RPC Endpoint
location / {
proxy_pass http://besu_rpc;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
# Health Check
location /health {
access_log off;
return 200 "healthy\n";
add_header Content-Type text/plain;
}
}
# Secondary RPC endpoint
server {
listen 443 ssl http2;
server_name rpc2.d-bis.org;
# SSL Configuration (same as primary)
ssl_certificate /etc/ssl/certs/d-bis.org.crt;
ssl_certificate_key /etc/ssl/private/d-bis.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
# CORS Headers
add_header Access-Control-Allow-Origin * always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
add_header Access-Control-Allow-Headers "Content-Type, Authorization" always;
# Rate Limiting
limit_req_zone $binary_remote_addr zone=rpc_limit:10m rate=10r/s;
limit_req zone=rpc_limit burst=20 nodelay;
location / {
proxy_pass http://besu_rpc;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
# HTTP to HTTPS redirect
server {
listen 80;
server_name rpc.d-bis.org rpc2.d-bis.org;
return 301 https://$server_name$request_uri;
}
EOF
log_success "Created: $DEPLOY_DIR/nginx-rpc.conf"
# Create Cloudflare configuration
log_info "Creating Cloudflare configuration..."
cat > "$DEPLOY_DIR/cloudflare-dns-config.md" << 'EOF'
# Cloudflare DNS Configuration for RPC Endpoints
## DNS Records Required
### Primary RPC Endpoint (rpc.d-bis.org)
**A Record**:
- Name: `rpc`
- Type: `A`
- Content: `<server-ip-address>`
- TTL: `Auto` or `300`
- Proxy: `Proxied` (for DDoS protection)
**AAAA Record** (if IPv6 available):
- Name: `rpc`
- Type: `AAAA`
- Content: `<server-ipv6-address>`
- TTL: `Auto` or `300`
- Proxy: `Proxied`
### Secondary RPC Endpoint (rpc2.d-bis.org)
**A Record**:
- Name: `rpc2`
- Type: `A`
- Content: `<server-ip-address>`
- TTL: `Auto` or `300`
- Proxy: `Proxied`
**AAAA Record** (if IPv6 available):
- Name: `rpc2`
- Type: `AAAA`
- Content: `<server-ipv6-address>`
- TTL: `Auto` or `300`
- Proxy: `Proxied`
## SSL/TLS Configuration
1. **Enable SSL/TLS**:
- Go to Cloudflare Dashboard → SSL/TLS
- Set encryption mode to "Full" or "Full (strict)"
- Enable "Always Use HTTPS"
2. **SSL Certificate**:
- Cloudflare provides free SSL certificates
- Automatic certificate provisioning
- Certificate auto-renewal
3. **Minimum TLS Version**:
- Set to TLS 1.2 minimum
- Recommended: TLS 1.3
## Page Rules
Create page rules for optimal performance:
1. **Cache Level**: Standard
2. **Browser Cache TTL**: 4 hours
3. **Edge Cache TTL**: 2 hours
## Security Settings
1. **Security Level**: Medium
2. **Challenge Passage**: 30 minutes
3. **Browser Integrity Check**: On
4. **Privacy Pass Support**: On
## Rate Limiting
Configure rate limiting rules:
- Rate: 10 requests per second per IP
- Burst: 20 requests
- Action: Challenge or Block
## Monitoring
Set up Cloudflare Analytics:
- Monitor RPC endpoint traffic
- Track error rates
- Monitor response times
EOF
log_success "Created: $DEPLOY_DIR/cloudflare-dns-config.md"
# Create deployment checklist
cat > "$DEPLOY_DIR/DEPLOYMENT_CHECKLIST.md" << 'EOF'
# RPC Endpoint Deployment Checklist
## Pre-Deployment
- [ ] Server is provisioned and accessible
- [ ] Nginx is installed and configured
- [ ] SSL certificates are obtained
- [ ] DNS records are configured
- [ ] Firewall rules are configured
- [ ] Monitoring is set up
## Deployment Steps
1. **Configure Nginx**:
- [ ] Copy nginx-rpc.conf to /etc/nginx/sites-available/
- [ ] Create symlink to sites-enabled
- [ ] Test configuration: `nginx -t`
- [ ] Reload nginx: `systemctl reload nginx`
2. **Configure SSL**:
- [ ] Install SSL certificates
- [ ] Verify certificate validity
- [ ] Test HTTPS connection
- [ ] Verify certificate auto-renewal
3. **Configure DNS**:
- [ ] Add A records for rpc.d-bis.org
- [ ] Add A records for rpc2.d-bis.org
- [ ] Verify DNS propagation
- [ ] Test DNS resolution
4. **Configure Cloudflare**:
- [ ] Add domain to Cloudflare
- [ ] Update nameservers
- [ ] Configure SSL/TLS
- [ ] Enable proxy
- [ ] Configure page rules
5. **Test Endpoints**:
- [ ] Test primary RPC: `curl https://rpc.d-bis.org`
- [ ] Test secondary RPC: `curl https://rpc2.d-bis.org`
- [ ] Test CORS headers
- [ ] Test rate limiting
- [ ] Test from MetaMask
6. **Monitor**:
- [ ] Set up monitoring alerts
- [ ] Configure logging
- [ ] Test health checks
- [ ] Monitor performance
## Post-Deployment
- [ ] Update MetaMask network config with new RPC URLs
- [ ] Update token lists with new RPC URLs
- [ ] Test MetaMask connection
- [ ] Document RPC endpoints
- [ ] Announce RPC endpoints
## Verification
Test RPC endpoints:
```bash
# Test primary RPC
curl -X POST https://rpc.d-bis.org \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
# Test secondary RPC
curl -X POST https://rpc2.d-bis.org \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
# Test CORS
curl -I -X OPTIONS https://rpc.d-bis.org \
-H "Origin: https://metamask.io" \
-H "Access-Control-Request-Method: POST"
```
Expected CORS headers:
- `Access-Control-Allow-Origin: *`
- `Access-Control-Allow-Methods: GET, POST, OPTIONS`
- `Access-Control-Allow-Headers: Content-Type, Authorization`
EOF
log_success "Created: $DEPLOY_DIR/DEPLOYMENT_CHECKLIST.md"
log_info ""
log_info "========================================="
log_info "RPC Deployment Guide Complete!"
log_info "========================================="
log_info ""
log_info "Files created in: $DEPLOY_DIR"
log_info " - nginx-rpc.conf (nginx configuration)"
log_info " - cloudflare-dns-config.md (DNS setup)"
log_info " - DEPLOYMENT_CHECKLIST.md (deployment steps)"
log_info ""
log_info "Next steps:"
log_info "1. Review deployment files"
log_info "2. Follow DEPLOYMENT_CHECKLIST.md"
log_info "3. Deploy RPC endpoints"
log_info ""
Reference in New Issue View Git Blame Copy Permalink