Documentation of theprocess of creating a Peatio Exchange Table of Contents Step 1: Provision the servers..................................................... 2 Step 2: Set up Server 1.............................................................. 2 Install bitgod..................................................................................................................................... 2 Set up your BitGo Wallet.................................................................................................................. 3 Connect Server 1 to your BitGo wallet............................................................................................. 3 Create a webhook............................................................................................................................. 4 Get Server 1 to sign Withdrawals..................................................................................................... 4 Troubleshooting Tips........................................................................................................................ 4 Step 3: Set up Server 2.............................................................. 6 Setup deploy user.............................................................................................................................. 6 Install Ruby...................................................................................................................................... 6 Instal Nginx & Passenger................................................................................................................. 7 Install JavaScript Runtime................................................................................................................ 7 Install ImageMagick......................................................................................................................... 8 Setup production environment variable............................................................................................ 8 Clone the Source............................................................................................................................... 8 Install Dependency gems.................................................................................................................. 8 Configure Peatio............................................................................................................................... 8 Config database settings................................................................................................................... 8 Modify currency.yml to point to server 1.......................................................................................... 9 Deposit integration with Server 1..................................................................................................... 9 Precompile assets.............................................................................................................................. 9 Run Daemons................................................................................................................................... 9 Configure Passenger....................................................................................................................... 10 Set up Liability Proof...................................................................................................................... 10 Setting the SSL certificate.............................................................................................................. 10 Steps................................................................................................................................................ 10 1.Modify production.rb................................................................................................................... 10 2.Generate CSR............................................................................................................................... 10 3.Buy and Activate the SSL certificate............................................................................................. 11 4.Install the certificate on Server 2 ................................................................................................. 11 Maintenance stuf................................................................... 13 Recompiling assets......................................................................................................................... 13 Starting bitgod and bitcoind on Server 1 after a restart................................................................... 14 Customising the look and feel of your exchange............................................................................ 14 Setting up automated Github deployments on Server 1.................................................................. 14 Install whiskey_disk gem................................................................................................................. 14 Change user and directory.............................................................................................................. 14 Open the sudoers file for editing..................................................................................................... 15 Add a cron jobs............................................................................................................................... 15 ......................................................................................................................................................................................................................... 16 Make all the scripts executable.....04 bitcoind and bitgod will be running Server 2 EC2 C4. 16 Add a script to run whisky_disk.....pem ubuntu@<SERVER1> sudo apt-get update && sudo apt-get upgrade –y Install NodeJS: curl -sL https://deb................... 16 Add a pre-commit script.........................................................................micro ............... 16 Add a post-deploy script.................................... This is the database Step 2: Set up Server 1 Log into server 2 Install bitgod Log into Sever 1 $ ssh -i <LOCATION_TO_PEM_file>.....mico Ubuntu This is where the 14....................................................................... 17 Run setup command to complete process..................................................................................................... Add liability-proof script....................................................com/BitGo/bitgod... 16 Add the whyskey_disk configuration file......................large Ubuntu This is where the 14............................com/setup | sudo bash - All other commands required as part of this process in sudo and install latest stable (backwards compatible version of npm) with sudo npm -g install npm@latest Now install bitgod $ git clone https://github....................nodesource.........git $ cd bitgod ................... 17 Step 1: Provision the servers Create 4 servers with the following specs: Server Name AWS Service Type Specs Purpose Server 1 EC2 T2........04 peatio website is hosted Server 3 RDS T2.......................... Connect Server 1 to your BitGo wallet Specify your wallet details in the connect-to-bitgo./start-bitgod. In my case.com/enterprise/personal/wallets/3L6nxZ5guxZRdhWXZgz7bMUNYY8Fir JgFy. You will need the public IP Address of your instance. Take note of your Wallet ID.sh .sh Start bitgod $ . $ sudo npm -g install bitgod Set up your BitGo Wallet 1. My Wallet ID is therefore:3L6nxZ5guxZRdhWXZgz7bMUNYY8FirJgFy 3.bitgo.sh script should look like this: bitcoin-cli -rpcport=9332 settoken <YOUR_TOKEN_ID> bitcoin-cli -rpcport=9332 setwallet <YOUR_WALLET_ID> bitcoin-cli -rpcport=9332 walletpassphrase <YOUR_WALLET_PASSWORD> 32000000 Make script executable $ chmod +x connect-to-bitgo.sh Add the following line as the script content: nohup bitgod -masqueradeaccount=payment & Make script executable $ chmod +x start-bitgod. the URL shown when I open my wallet is: https://www. 2.sh script $ pico start-bitgod.sh script: $ pico connect-to-bitgo.sh Your connect-to-bitgo. From your BitGo Account Settings. create a token that allows you to connect to your from Server 1.sh Create a start-bitgod. o You can get your Wallet ID from the URL that points to your wallet. Wallet Address and create a Wallet Password you will remember. Create an account on BitGo and create a Bitcoin Wallet. balance: 0.09828.bitgo. keypoolsize: 101. relayfee: 0. timeoffset: -66.00001.You may have to wait a few minutes for bitgod to start.out: Validating in loose mode Connected to proxy bitcoind at <SERVER1>:8332 { version: 110000. walletversion: 60000. proxy: ''.sh You know everything has worked when you see output which looks like this: Authenticated as BitGo user: <YOUR_EMAIL_ADDRESS> Set wallet: 3L6nxZ5guxZRdhWXZgz7bMUNYY8FirJgFy Create a webhook Now add a webhook using the BitGo Webhook API: https://www. Once started. difficulty: 60883825480.com/api/#add-webhooks Here is an example of how you would do it: $ WALLETID=2NEE9QHKPB2GNQLB3HFFMUDCOFKZFJHYJYX ACCESS_TOKEN=9E1194FD035E2C8D5268E648C796425429FC2BD57BB5DA7FBEBBF09E1711A6B6 CURL -X POST \ -H “CONTENT-TYPE: APPLICATION/JSON” \ -H “AUTHORIZATION: BEARER $ACCESS_TOKEN” \ -D “{ \”URL\”: \”HTTP://<SERVER_1_URL>/WEBHOOKS/TX\". protocolversion: 70002. keypoololdest: 1440612908. paytxfee: 0. errors: '' } Connect to your bitgo wallet: $ .COM/API/V1/WALLET/$WALLETID/WEBHOOKS Get Server 1 to sign Withdrawals Give BitGoD the wallet passphrase (used when creating the BitGo multi- sig wallet): $ bitcoin-cli -rpcport=19332 walletpassphrase [passphrase] 1500000 . connections: 9. you can check see the following output when you tail nohup. \”TYPE\”: \”TRANSACTION\” }” \ HTTPS://WWW. blocks: 379051./connect-to-bitgo. testnet: false.BITGO. Troubleshooting Tips Run the following command to check if bitgod is running: $ ps -ef |grep bitgod You will see a line/output which looks like this: To kill that particular process you run the following command: $ kill -9 Tail the . To start bitcoind run the following command: $ bitcoind . bitgod will attempt to connect to a local bitcoind instance.out file to check if there are any issues $ tail -f nohup. You can check that one is running by using the following commmand: $ bitcoin-cli getblockcount If it's not running you will likely get an error.out bitgod runs in verbose mode and all output is printed at the end of the file.nohup. It's the first place you want to check to make sure everything is running smoothly Check that bitcoind is running. rbenv/plugins/ruby-build $ echo 'export PATH="$HOME/.git .2. and assign it to the sudo group: $ sudo adduser deploy $ sudo usermod -a -G sudo deploy Re-login as deploy user using the following command: $ sudo su .git ~/.bashrc $ exec $SHELL Install Ruby through rbenv: $ rbenv install 2.rbenv/bin:$PATH"' >> ~/.rbenv $ echo 'export PATH="$HOME/.1 Install bundler .deploy Install Ruby Make sure your system is up-to-date.bashrc $ exec $SHELL $ git clone git://github.2.com/sstephenson/ruby-build.bashrc $ echo 'eval "$(rbenv init -)"' >> ~/.1 $ rbenv global 2.com/sstephenson/rbenv.Step 3: Set up Server 2 Setup deploy user Create (if it doesn’t exist) deploy user.rbenv/plugins/ruby-build/bin:$PATH"' >> ~/. $ sudo apt-get update $ sudo apt-get upgrade Installing rbenv using a Installer $ sudo apt-get install git-core curl zlib1g-dev build-essential \ libssl-dev libreadline-dev libyaml-dev libsqlite3-dev sqlite3 \ libxml2-dev libxslt1-dev libcurl4-openssl-dev \ python-software-properties libffi-dev $ cd $ git clone git://github. gemrc $ gem install bundler $ rbenv rehash Instal Nginx & Passenger Install Phusion's PGP key to verify packages $ sudo apt-key adv --keyserver keyserver.conf find the following lines. $ echo "gem: --no-ri --no-rdoc" > ~/. we need to update the Nginx configuration to point Passenger to the version of Ruby that we're using.com/apt/passenger trusty main' $ sudo apt-get update Install nginx and passenger $ sudo apt-get install nginx-extras passenger Next.ini. Install JavaScript Runtime .conf in your favorite editor.ubuntu.com --recv-keys 561F9B9CAC40B2F7 Add HTTPS support to APT $ sudo apt-get install apt-transport-https ca-certificates Add the passenger repository $ sudo add-apt-repository 'deb https://oss- binaries.rbenv/shims/ruby. update the second line to read: passenger_ruby /home/deploy/. $ sudo vim /etc/nginx/nginx. passenger_ruby /usr/bin/ruby. You'll want to open up /etc/nginx/nginx.phusionpassenger. and uncomment them: passenger_root /usr/lib/ruby/vendor_ruby/phusion_passenger/locations. bashrc $ source ~/.nodesource. $ curl -sL https://deb.com/setup | sudo bash - $ sudo apt-get install nodejs Install ImageMagick $ sudo apt-get -y install imagemagick gsfonts Setup production environment variable $ echo "export RAILS_ENV=production" >> ~/.A JavaScript Runtime is needed for Asset Pipeline to work.yml should point to Server 3 $ vim config/database.yml Config database settings The settings in database.git ~/ peatio/current $ cd peatio/current Install Dependency gems $ bundle install --without development test --path vendor/bundle Configure Peatio Prepare configure files $ bin/init_config Setup Pusher by uncommenting Pusher related settings $ vim config/application.yml Initialise the database and load seed data $ bundle exec rake db:setup .bashrc Clone the Source $ mkdir -p ~/peatio $ git clone git://github.js is recommended. Any runtime will do but Node.com/peatio/peatio. yml for editing $ vim config/currency.19332 Deposit integration with Server 1 To inform Peatio about the new coin deposits when they occurred.enqueue(:deposit_coin.rb: post '/webhooks/tx' => 'webhooks#tx' Precompile assets $ bundle exec rake assets:precompile Run Daemons The following command will start all the daemons $ bundle exec rake daemons:start .id: 2 coin: true quick_withdraw_max: 1000 key: satoshi code: btc rpc: Error! Hyperlink reference not valid.js to accept an incoming webhook: class WebhooksController < ApplicationController before_action :auth_anybody! skip_before_filter :verify_authenticity_token def tx if params[:type] == "transaction" && params[:hash].present? AMQPQueue. I added app/controllers/webhooks_controller. channel_key: "satoshi") render :json => { :status => "queued" } end end (Note how Peatio only accepts the Transaction ID— the deposit_coins daemon uses this to kick off checks on the deposit address and then verifies the transaction amount) Here is the new route in config/routes. txid: params[:hash].yml The modify the following line to look like this .Modify currency.yml to point to server 1 Open currency. if your SSL Certificated is been configured.rb 2.conf $ sudo service nginx restart Set up Liability Proof Add the following line to your crontab so that it runs regularly RAILS_ENV=production rake solvency:liability_proof Setting the SSL certificate I bought my SSL certificate on namecheap. Generate a CSR 3. Install certificate on Server 2 1. please change the following line in config/environments/production.rb config.com so it’s going to be a Comodo PositiveSSL (the one for which these steps were built).conf /etc/nginx/conf.Configure Passenger $ sudo rm /etc/nginx/sites-enabled/default $ sudo ln -s /home/deploy/peatio/current/config/nginx.com so I assume you are going to buy the same SSL certificate on namecheap. Generate CSR First create a folder called ssl in your home folder $ cd ~ $ mkdir ssl Run the following command to generate your CSR $ openssl req -new -newkey rsa:2048 -nodes -keyout server. Modify production.force_ssl = true 2.csr .key -out server. Steps 1. you must setup SSL Certificate for production environment. Buy and Activate the certificate 4. Modify production.d/peatio.rb For security reason. crt.crt 3.crt 2.com. Answer them. a file called server.csr. It’s in the path /home/deploy/server.crt AddTrustExternalCARoot. When you activate the SSL certificate you will be asked for a CSR. This creates two files. Install the certificate on Server 2 After you activate your certificate on namecheap. you will get the following files emailed to you: 1. 4. be sure to backup the private key. Buy and Activate the SSL certificate In the step above. AddTrustExternalCARoot. *youdomainname*.You will be asked a bunch of questions. When that time comes.crt ComodoRSADomainValidationSecureServerCA.csr was created.crt 2.key chmod 0400 cert_chain.crt 3.key contains a private key.crt COMODO_DV_SHA-256_bundle. COMODORSAAddTrustCA.crt >> cert_chain. paste the contents of the server. You do this using the following command: $ cat *yourdomainname*. In particular. do not disclose this file to anyone.crt COMODORSAAddTrustCA. *youdomainname*. That file will be your SSL certificate.crt The goal is to combine the files into one file.crt >> cert_chain. We shall name this file cert_chain. as there is no means to recover it should it be lost. You need to upload them to Server 2 and put them in the path /home/deploy/ssl/.crt Sometimes you will get the last 3 files bundled into one file so you will have the following 2 files instead of 4 files: 1.crt 4. The file myserver. The private key is used as input in the command to generate a Certificate Signing Request (CSR). just make sure that the file containing the private key is readable only to the system account which runs the server (chown and chmod on Unix-like systems) chmod 0400 server. ComodoRSADomainValidationSecureServerCA.crt . Carefully protect the private key.key chmod 0400 cert_chain.csr file.crt or if you got the bundled file you run: $ cat *yourdomainname*. COMODO_DV_SHA-256_bundle.crt chmod 0400 server. add_header Cache-Control public. In addition to port changes you will need to add the special lines in the record: ssl on. you should add it manually. } location ~ ^/(assets)/ { gzip_static on. ssl_certificate_key / home/deploy/ssl/sever.swf { expires max.Now edit your nginx.png { expires max. gzip on.crt.key.co. expires max. add_header Cache-Control public.org/sysadmin.conf file Open the file for editing $ cd ~/peatio/current $ sudo pico config/nginx. To simplify the process. } } . passenger_enabled on. root /home/deploy/peatio/current/public. passenger_enabled on. } location = /ZeroClipboard.conf server { listen 80 default. Simply add it below the non- secure module. } # disable gzip on all omniauth paths to prevent BREACH location ~ ^/auth/ { gzip off. you can duplicate the record for port 80 (should be in your VirtualHost file by default) and change port 80 to port 443. How to harden Nginx SSL https://weakdh.conf If you do not have a record for port 443 in your VirtualHost. add_header Cache-Control public.uk. ssl_certificate /home/deploy/ssl/cert_chain.html The file to change is this one sudo pico peatio/current/config/nginx. location = /favicon. server_name yourdomainname. gzip on.key.2.8 valid=300s.3. add_header X-Content-Type-Options nosniff. # Requires nginx >= 1.pem.co.com/ssltest/ Now restart your web server $ sudo nginx restart Maintenance stuf Recompiling assets Usually you want to do this after making a change to the translation file or a change to an asset that controls the appearance of the site.crt. # Requires nginx => 1. ssl_certificate_key /home/deploy/ssl/server. server_name yourdomainname. You should run the following commands: $ cd ~/peatio/current $ bundle exec rake assets:clean $ bundle exec rake assets:clobber $ bundle exec rake tmp:clear $ bundle exec rake assets:precompile .8. add_header Strict-Transport-Security "max-age=31536000. ssl_session_cache shared:SSL:10m. ssl_stapling on. ssl_dhparam dhparams.4.1 TLSv1. Test SSL certificate and ciphers and shit: https://www.7 resolver 8. includeSubDomains". ssl_protocols TLSv1 TLSv1.uk. passenger_enabled on.4 8.3.server { listen 443 ssl http2.7 ssl_stapling_verify on. root /home/deploy/peatio/current/public. ssl_certificate /home/deploy/ssl/cert_chain.8. ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM- SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM- SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM- SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES12$ ssl_prefer_server_ciphers on. resolver_timeout 5s. add_header X-Frame-Options DENY.8. ssl on.ssllabs. css.0 version and Sass.Starting bitgod and bitcoind on Server 1 after a restart Starting bitcond $ bitcoind Running bitgod in background $ nohup bitgod -masqueradeaccount=payment & Killing bitgod $ ps -ef |grep bitgod deploy 33725 33641 0 16:46 pts/5 00:00:01 node /usr/local/bin/bitgod deploy 34075 33990 0 16:52 pts/3 00:00:00 grep --color=auto bitgod $ kill -9 33725 Now you need to restart daemons $ bundle exec rake daemons:stop $ bundle exec rake daemons:start Customising the look and feel of your exchange The Peatio front-end is based Bootstrap 3.scss defined variables layout/_custom.scss' vars/_custom.scss add your custom css style in layouts/_custom.scss can overwrite vars/_basic. $ gem install whiskey_disk Change user and directory $ sudo su . and you can custom exchange style for your mind.css.css.css.css.scss can overwrite layout/_basic.css.css.css.scss style Setting up automated Github deployments on Server 1 Install whiskey_disk gem The first step is to install the whiskey_disk gem. Automated deployments depends on that gem.scss add or change features style in `features/_xyz.scss change peatio custom default variables in vars/_basic.scss add your custom variables in vars/_custom.scss and layouts/_header.css.css. change bootstrap default variables in vars/_bootstrap.deploy $ cd peatio/current/ . Open the sudoers file for editing $ sudo visudo Add the following line: deploy ALL=(ALL) NOPASSWD: ALL Add a cron jobs $ crontab –e Your cron file should look like this: PATH=/home/deploy/. # # Each task to run has to be defined through a single line # indicating with different fields when the task will be run # and what command to run for the task # # To define the time you can provide concrete values for # minute (m).# # Notice that tasks will be started based on the cron's system # daemon's notion of time and timezones. # # For example. # # Output of the crontab jobs (including errors) is sent through # email to the user the crontab file belongs to (unless redirected).sh > /home/deploy/peatio/current/log/cron. month (mon).log . day of month (dom). you can run a backup of all your user accounts # at 5 a.rbenv/plugins/ruby- build/bin:/home/deploy/.m every week with: # 0 5 * * 1 tar -zcf /var/backups/home. # and day of week (dow) or use '*' in these fields (for 'any'). hour (h).rbenv/bin:/usr/local/bin: /usr/bin:/bin:/usr/local/games:/usr/games PWD=/home/deploy/peatio/current LANG=en_US.UTF-8 NODE_PATH=/usr/lib/nodejs:/usr/lib/node_modules:/usr/share/javascript RBENV_SHELL=bash SHLVL=1 HOME=/home/deploy RAILS_ENV=production LOGNAME=deploy LESSOPEN=| /usr/bin/lesspipe %s XDG_RUNTIME_DIR=/run/user/1000 LESSCLOSE=/usr/bin/lesspipe %s %s _=/usr/bin/env # Edit this file to introduce tasks to be run by cron.sh > /home/deploy/peatio/current/log/deployments.rbenv/shims:/home/deploy/.tgz /home/ # # For more information see the manual pages of crontab(5) and cron(8) # # m h dom mon dow commands */15 * * * * /home/deploy/peatio/current/script/liability_proof.log * * * * * /home/deploy/peatio/current/script/run_whiskey_disk. .sh Make sure it has the following contents git stash -q --keep-index echo 'running all tests.sh .sh The script should have the following contents: cd /home/deploy/peatio/current bundle exec wd --debug --check --to=prod --path=/home/deploy/peatio/current/config/deploy.sh Make sure it has the following contents: cd /home/deploy/peatip/current bundle install bundle exec rake db:migrate bundle exec rake daemons:stop bundle exec rake assets:clean bundle exec rake assets:clobber bundle exec rake tmp:clear bundle exec rake assets:precompile bundle exec rake daemons:start echo "2wsx#EDC4rfv" | sudo -S service nginx restart Add a pre-commit script $ vim script/pre-commit.yml deploy Make all the scripts executable $ chmod +x script/liability_proof.sh It should contain the following information $ cd /home/deploy/peatio/current && RAILS_ENV=production bundle exec rake solvency:liability_proof Add a post-deploy script $ vim script/post_wd_deploy.' rspec spec echo 'done' RESULT=$? git stash pop -q [ $RESULT -ne 0 ] && exit 1 exit 0 Add a script to run whisky_disk $ vim script/run_whiskey_disk.Add liability-proof script $ vim script/liability_proof.sh $ chmod +x script/post_wd_deploy.. sh $ chmod +x script/run_whiskey_disk.sh" rake_env: RAILS_ENV: 'production' Run setup command to complete process $ bundle exec wd setup --to=prod .com:peatio/peatio.git" branch: "prod" post_deploy_script: "/home/deploy/peatio/current/script/post_wd_deploy.sh Add the whyskey_disk configuration file $ vim config/deploy.yml Make sure it has the following contents prod: domain: "local" deploy_to: "/home/deploy/peatio/current" repository: "git@github. $ chmod +x script/pre-commit.
Report "Documentation of the Process of Creating a Peatio Exchange"