@@ -3,51 +3,116 @@ version: '3.8'
33services :
44 # Service for advanced-wallet-manager (AWM)
55 advanced-wallet-manager :
6- build : . # Build from the Dockerfile inside the repo
6+ build : . # Build from the Dockerfile inside the repo
77 container_name : advanced-wallet-manager
88 networks :
9- - my-internal-network # Only part of the internal network
9+ - my-internal-network # Only part of the internal network
1010 environment :
11- - ADVANCED_WALLET_MANAGER_PORT=3081
12- - TLS_MODE=disabled
13- - ALLOW_SELF_SIGNED=true
14- - MTLS_REQUEST_CERT=false
15- - RECOVERY_MODE=true
11+ # Application mode (required)
1612 - APP_MODE=advanced-wallet-manager
17- - KMS_URL=http://172.20.0.1:3000
13+
14+ # Network settings
15+ - ADVANCED_WALLET_MANAGER_PORT=3080
1816 - BIND=0.0.0.0
17+ - TIMEOUT=305000
18+ - KEEP_ALIVE_TIMEOUT=65000
19+ - HEADERS_TIMEOUT=66000
20+
21+ # TLS settings
22+ - TLS_MODE=disabled
23+ - CLIENT_CERT_ALLOW_SELF_SIGNED=true
24+
25+ # KMS settings (required)
26+ - KMS_URL=http://172.20.0.1:3000 # UPDATE TO YOUR OWN KMS URL
27+ - KMS_SERVER_CERT_ALLOW_SELF_SIGNED=true
28+
29+ # Optional KMS TLS settings (uncomment if using mTLS with KMS)
30+ # - KMS_SERVER_CA_CERT_PATH=/path/to/kms-ca-cert.pem
31+ # - KMS_CLIENT_TLS_KEY_PATH=/path/to/kms-client-key.pem
32+ # - KMS_CLIENT_TLS_CERT_PATH=/path/to/kms-client-cert.pem
33+ # - KMS_CLIENT_TLS_KEY=<key-content>
34+ # - KMS_CLIENT_TLS_CERT=<cert-content>
35+
36+ # Optional server TLS settings (uncomment if using mTLS)
37+ # - SERVER_TLS_KEY_PATH=/path/to/server-key.pem
38+ # - SERVER_TLS_CERT_PATH=/path/to/server-cert.pem
39+ # - SERVER_TLS_KEY=<key-content>
40+ # - SERVER_TLS_CERT=<cert-content>
41+ # - MTLS_ALLOWED_CLIENT_FINGERPRINTS=ABC123,DEF456
42+
43+ # Logging and debug
44+ - HTTP_LOGFILE=logs/http-access.log
45+ - RECOVERY_MODE=true
46+ - NODE_ENV=production
47+ - LOG_LEVEL=info
1948 restart : always
20- ports : [] # No public ports exposed
49+ ports : [] # No public ports exposed
50+ volumes :
51+ - ./logs:/app/logs # Mount logs directory
2152
2253 # Service for master-bitgo-express (MBE) - both internal and publicly accessible
2354 master-bitgo-express :
24- build : . # Build from the Dockerfile inside the repo
55+ build : . # Build from the Dockerfile inside the repo
2556 container_name : master-bitgo-express
2657 networks :
27- - my-internal-network # Connect to the internal network for internal communication
28- - my-public-network # Connect to the public network for external access
58+ - my-internal-network # Connect to the internal network for internal communication
59+ - my-public-network # Connect to the public network for external access
2960 environment :
61+ # Application mode (required)
3062 - APP_MODE=master-express
63+
64+ # Network settings
65+ - MASTER_EXPRESS_PORT=3081
66+ - BIND=0.0.0.0
67+ - TIMEOUT=305000
68+ - KEEP_ALIVE_TIMEOUT=65000
69+ - HEADERS_TIMEOUT=66000
70+
71+ # BitGo API settings
3172 - BITGO_ENV=test
32- - TLS_KEY_PATH=test-ssl-key.pem
33- - TLS_CERT_PATH=test-ssl-cert.pem
34- - ADVANCED_WALLET_MANAGER_URL=http://advanced-wallet-manager:3081
35- - ENCLAVED_EXPRESS_CERT=./test-ssl-cert.pem
36- - MTLS_REQUEST_CERT=false
37- - ALLOW_SELF_SIGNED=true
73+ - BITGO_DISABLE_ENV_CHECK=true
74+ - BITGO_AUTH_VERSION=2
75+ # - BITGO_CUSTOM_ROOT_URI=https://custom-bitgo-api.com
76+ # - BITGO_CUSTOM_BITCOIN_NETWORK=testnet
77+
78+ # Advanced Wallet Manager connection (required)
79+ - ADVANCED_WALLET_MANAGER_URL=http://advanced-wallet-manager:3080
80+ - AWM_SERVER_CERT_ALLOW_SELF_SIGNED=true
81+
82+ # Optional AWM TLS settings (uncomment if using mTLS with AWM)
83+ # - AWM_SERVER_CA_CERT_PATH=/path/to/awm-ca-cert.pem
84+ # - AWM_CLIENT_TLS_KEY_PATH=/path/to/awm-client-key.pem
85+ # - AWM_CLIENT_TLS_CERT_PATH=/path/to/awm-client-cert.pem
86+ # - AWM_CLIENT_TLS_KEY=<key-content>
87+ # - AWM_CLIENT_TLS_CERT=<cert-content>
88+
89+ # TLS settings
3890 - TLS_MODE=disabled
91+ - CLIENT_CERT_ALLOW_SELF_SIGNED=true
92+
93+ # Optional server TLS settings (uncomment if using mTLS)
94+ # - SERVER_TLS_KEY_PATH=/path/to/server-key.pem
95+ # - SERVER_TLS_CERT_PATH=/path/to/server-cert.pem
96+ # - SERVER_TLS_KEY=<key-content>
97+ # - SERVER_TLS_CERT=<cert-content>
98+ # - MTLS_ALLOWED_CLIENT_FINGERPRINTS=ABC123,DEF456
99+
100+ # Logging and debug
101+ - HTTP_LOGFILE=logs/http-access.log
39102 - RECOVERY_MODE=true
40- - MASTER_EXPRESS_PORT=3081
41- - BIND=0.0.0.0
103+ - NODE_ENV=production
104+ - LOG_LEVEL=info
42105 restart : always
43106 ports :
44- - " 3081:3081" # Expose MBE publicly on port 3081
107+ - ' 3081:3081' # Expose MBE publicly on port 3081
108+ volumes :
109+ - ./logs:/app/logs # Mount logs directory
45110
46111# Networks section
47112networks :
48113 my-internal-network :
49- driver : bridge # Internal communication network, no access to the internet
50- internal : true # Ensures this network is not accessible from outside
51-
114+ driver : bridge # Internal communication network, no access to the internet
115+ internal : true # Ensures this network is not accessible from outside
116+
52117 my-public-network :
53- driver : bridge # Public network, allowing external access to MBE
118+ driver : bridge # Public network, allowing external access to MBE
0 commit comments