Bitcoin nyob rau hauv lub tawb?

Nws thiaj li tshwm sim hais tias los ntawm txoj hauj lwm kuv yog ib tug thawj coj ntawm lub computer systems thiab networks (nyob rau hauv luv luv: system administrator), thiab kuv muaj lub sij hawm los qhia prof rau me ntsis ntau tshaj 10 xyoo. kev ua ub no ntawm ntau lub tshuab, nrog rau cov uas yuav tsum tau [hnyav] ntsuas kev ruaj ntseg. Nws kuj tshwm sim tias qee lub sij hawm dhau los kuv pom nws nthuav bitcoin, thiab tsis tsuas yog siv nws, tab sis kuj tau tsim ntau lub micro-kev pabcuam txhawm rau kawm paub yuav ua li cas nws tus kheej ua haujlwm nrog Bitcoin network (aka p2p tom qab tag nrho) los ntawm qhov pom ntawm tus tsim tawm (Kuv yog ib qho ntawm cov dev, yog li ntawd, kuv tau hla dhau). Tab sis kuv tsis hais txog kev txhim kho, Kuv tab tom tham txog qhov chaw nyab xeeb thiab muaj txiaj ntsig zoo rau kev siv.

Nyiaj txiag Technology (fintech) mus tom ntej ntawm kev ruaj ntseg ntaub ntawv (cov infosec) thiab thawj zaug tuaj yeem ua haujlwm yam tsis muaj qhov thib ob, tab sis tsis ntev. Yog vim li cas kuv thiaj xav qhia kuv qhov kev paub thiab cov txheej txheem uas kuv siv, uas suav nrog ob qho tib si fintech, thiab cov infosec, thiab tib lub sijhawm, thiab tseem tuaj yeem siv rau lub hom phiaj dav dua lossis txawv kiag li. Hauv tsab xov xwm no kuv yuav qhia koj tsis ntau txog Bitcoin, tab sis hais txog cov qauv kev tsim kho vaj tse rau kev txhim kho thiab kev ua haujlwm ntawm nyiaj txiag (thiab tsis yog) cov kev pabcuam - hauv ib lo lus, cov kev pabcuam uas "B" tseem ceeb. Qhov no siv ob qho tib si rau kev sib pauv Bitcoin thiab rau cov tuam txhab zoo tshaj plaws ntawm cov kev pabcuam ntawm lub tuam txhab me tsis txuas nrog Bitcoin hauv txhua txoj kev.

Kuv xav kom nco ntsoov tias kuv yog tus txhawb nqa ntawm cov ntsiab cai "kom nws ruam yooj yim" и "tsawg yog ntau", yog li ntawd, ob tsab xov xwm thiab dab tsi tau piav qhia hauv nws yuav muaj cov yam ntxwv uas cov ntsiab cai no hais txog.

Kev xav scenario: Cia peb saib txhua yam siv tus piv txwv ntawm bitcoin exchanger. Peb tau txiav txim siab los tsim kev sib pauv ntawm rubles, nyiaj, euros rau bitcoins thiab rov qab, thiab peb twb muaj kev daws teeb meem ua haujlwm, tab sis rau lwm cov nyiaj digital xws li qiwi thiab webmoney, i.e. Peb tau kaw tag nrho cov teeb meem kev cai lij choj, peb muaj daim ntawv thov npaj ua haujlwm uas ua haujlwm rau kev them nyiaj rau rubles, nyiaj thiab euros thiab lwm yam kev them nyiaj. Nws txuas nrog peb cov txhab nyiaj hauv txhab nyiaj thiab muaj qee yam API rau peb cov ntawv thov kawg. Peb kuj muaj ib daim ntawv thov lub vev xaib uas ua raws li kev sib pauv rau cov neeg siv, zoo, zoo li tus lej qiwi lossis webmoney account - tsim ib tus account, ntxiv daim npav, thiab lwm yam. Nws sib txuas lus nrog peb daim ntawv thov rooj vag, txawm tias dhau los ntawm REST API hauv cheeb tsam. Thiab yog li peb txiav txim siab txuas bitcoins thiab tib lub sijhawm txhim kho cov txheej txheem, vim tias ... Thaum xub thawj, txhua yam tau muab tso rau hauv nrawm nrawm ntawm virtualboxes hauv chaw ua haujlwm hauv qab rooj ... lub xaib tau pib siv, thiab peb pib txhawj xeeb txog lub sijhawm ua haujlwm thiab kev ua haujlwm.

Yog li, cia peb pib nrog qhov tseem ceeb - xaiv lub server. Vim kev lag luam hauv peb qhov piv txwv yog me me thiab peb ntseeg tus tswv tsev (OVH) peb yuav xaiv kev xaiv nyiaj txiag nyob rau hauv uas nws yog tsis yooj yim sua rau nruab lub system los ntawm tus thawj .iso duab, tab sis nws tsis muaj teeb meem, IT Security department yuav twv yuav raug hu soj ntsuam cov duab ntsia. Thiab thaum peb loj hlob tuaj, peb yuav xauj peb lub txee dai khaub ncaws hauv qab xauv thiab qhov tseem ceeb nrog kev siv lub cev tsawg, thiab tej zaum peb yuav tsim peb tus kheej DC. Txawm li cas los xij, nws tsim nyog nco ntsoov tias thaum xauj khoom kho vajtse thiab txhim kho cov duab ua tiav, muaj lub caij nyoog uas koj yuav muaj "Trojan los ntawm tus tswv tsev" dai ntawm koj lub kaw lus, uas feem ntau tsis yog los soj ntsuam koj. tab sis kom muab cov cuab yeej tswj xyuas yooj yim dua server.

Server installation

Txhua yam yooj yim ntawm no. Peb xaiv cov khoom siv uas haum rau peb cov kev xav tau. Tom qab ntawd xaiv cov duab FreeBSD. Zoo, los yog peb txuas (nyob rau hauv rooj plaub ntawm lwm hoster thiab peb tus kheej kho vajtse) ntawm IPMI los yog nrog ib tug saib thiab pub lub .iso FreeBSD duab rau hauv lub download. Rau kev teeb tsa orchestral kuv siv Ua tau zoo и mfsbd ua. Qhov tsuas yog, nyob rau hauv peb rooj plaub nrog kimsufi, peb xaiv kev cai installation Txhawm rau kom ob lub disks hauv daim iav kom tsuas muaj khau raj thiab / tsev partitions "qhib", qhov seem ntawm qhov chaw disk yuav raug encrypted, tab sis ntau ntxiv rau tom qab ntawd.

Kev teeb tsa ntawm lub kaw lus tshwm sim hauv tus qauv, Kuv yuav tsis nyob ntawm qhov no, kuv tsuas yog nco ntsoov tias ua ntej pib ua haujlwm nws tsim nyog tau txais kev saib xyuas. tawv tawv kev xaiv uas nws muaj bsdinstaller Thaum kawg ntawm lub installation (yog tias koj nruab qhov system koj tus kheej):

muaj cov khoom zoo ntawm lub ncauj lus no, kuv yuav luv luv rov hais dua ntawm no.

Nws tseem muaj peev xwm ua kom cov kev ntsuas saum toj no hais txog ntawm qhov system uas twb tau teeb tsa lawm. Txhawm rau ua qhov no, koj yuav tsum hloov kho cov ntaub ntawv bootloader thiab ua kom cov kernel tsis. *ee yog tus editor zoo li no hauv BSD

# ee /etc/rc.conf

...
#sec hard
clear_tmp_enable="YES"
syslogd_flags="-ss"    
sendmail_enable="NONE"

# ee /etc/sysctl.conf

...
#sec hard
security.bsd.see_other_uids=0
security.bsd.see_other_gids=0
security.bsd.unprivileged_read_msgbuf=0
security.bsd.unprivileged_proc_debug=0
kern.randompid=$(jot -r 1 9999)
security.bsd.stack_guard_page=1

Koj yuav tsum tau ua kom paub tseeb tias koj muaj qhov tseeb version ntawm qhov system ntsia, thiab ua txhua yam hloov tshiab thiab hloov kho tshiab. Hauv peb cov ntaub ntawv, piv txwv li, yuav tsum tau hloov kho mus rau qhov tseeb version, vim tias ... pre-installation dluab lag tom qab los ntawm rau lub hlis mus rau ib xyoos. Zoo, nyob ntawd peb hloov qhov chaw nres nkoj SSH rau qee yam txawv ntawm lub neej ntawd ib qho, ntxiv qhov tseem ceeb authentication thiab lov tes taw lo lus zais authentication.

Tom qab ntawd peb teeb tsa aide, saib xyuas cov xwm txheej ntawm qhov system configuration cov ntaub ntawv. Koj tuaj yeem nyeem ntxiv kom ntxaws S, SѓS,.

pkg install aide

thiab kho peb crontab

crontab -e

06 01 * * 0-6 /root/chkaide.sh

#! /bin/sh
#chkaide.sh
MYDATE=`date +%Y-%m-%d`
MYFILENAME="Aide-"$MYDATE.txt
/bin/echo "Aide check !! `date`" > /tmp/$MYFILENAME
/usr/local/bin/aide --check > /tmp/myAide.txt
/bin/cat /tmp/myAide.txt|/usr/bin/grep -v failed >> /tmp/$MYFILENAME
/bin/echo "**************************************" >> /tmp/$MYFILENAME
/usr/bin/tail -20 /tmp/myAide.txt >> /tmp/$MYFILENAME
/bin/echo "****************DONE******************" >> /tmp/$MYFILENAME

Peb suav nrog kev tshuaj xyuas qhov system

sysrc auditd_enable=YES

# service auditd start

Yuav ua li cas tswj qhov teeb meem no zoo kawg nkaus piav nyob rau hauv kev coj noj coj ua.

Tam sim no peb reboot thiab mus rau lub software ntawm lub server. Txhua lub server yog hypervisor rau ntim lossis puv tshuab virtual. Yog li ntawd, nws yog ib qho tseem ceeb uas lub processor txhawb VT-x thiab EPT yog tias peb npaj yuav siv tag nrho virtualization.

Txhawm rau tswj cov ntim khoom thiab cov tshuab virtual kuv siv cbsd ua los ntawm olevol, Kuv thov kom nws noj qab haus huv thiab foom koob hmoov rau qhov khoom siv zoo no!

Ntim? Docker dua los yog dab tsi?

Tab sis tsis muaj. FreeBSD Jails yog ib qho cuab yeej zoo heev rau containerization, tab sis cov hais cbsd mus orchestrate cov thawv, uas yog hu ua cell.

Lub tawb yog ib qho kev daws teeb meem zoo heev rau kev tsim kho vaj tse rau ntau lub hom phiaj, qhov twg ua tiav kev sib cais ntawm tus kheej cov kev pabcuam lossis cov txheej txheem yog qhov kawg. Qhov tseem ceeb, nws yog clone ntawm tus tswv system, tab sis nws tsis tas yuav tsum muaj tag nrho cov khoom siv virtualization. Thiab ua tsaug rau qhov no, cov peev txheej tsis yog siv rau ntawm "tus qhua OS", tab sis tsuas yog ntawm kev ua haujlwm. Thaum cov hlwb siv rau cov kev xav tau sab hauv, qhov no yog qhov kev daws teeb meem yooj yim heev rau kev siv cov peev txheej zoo - ib pawg ntawm cov hlwb ntawm ib tus neeg rau zaub mov kho vajtse tuaj yeem siv ib tus zuj zus siv tag nrho cov peev txheej server yog tias tsim nyog. Xav tias feem ntau sib txawv subservices xav tau ntxiv. cov peev txheej ntawm lub sijhawm sib txawv, koj tuaj yeem rho tawm qhov ua tau zoo tshaj plaws los ntawm ib tus neeg rau zaub mov yog tias koj npaj kom zoo thiab sib npaug ntawm cov hlwb ntawm cov servers. Yog tias tsim nyog, cov hlwb kuj tuaj yeem muab kev txwv rau cov peev txheej siv.

Yuav ua li cas yog tag nrho virtualization?

Raws li kuv paub, cbsd txhawb kev ua haujlwm bhyve thiab XEN hypervisors. Kuv yeej tsis tau siv tus thib ob, tab sis thawj tus yog tus tshiab Hypervisor los ntawm FreeBSD. Peb yuav saib ib qho piv txwv ntawm kev siv bhyve hauv qhov piv txwv hauv qab no.

Txhim kho thiab Configuring Host Environment

Peb siv FS ZFS. Qhov no yog ib qho cuab yeej muaj zog heev rau kev tswj hwm qhov chaw server. Ua tsaug rau ZFS, koj tuaj yeem tsim cov arrays ntawm ntau yam kev teeb tsa los ntawm cov disks, dynamically "kub" nthuav qhov chaw, hloov cov disks tuag, tswj snapshots, thiab ntau, ntau ntxiv, uas tuaj yeem piav qhia hauv cov kab lus tag nrho. Cia peb rov qab mus rau peb lub server thiab nws cov disks. Thaum pib ntawm qhov kev teeb tsa, peb tau tso qhov chaw dawb ntawm cov disks rau cov partitions encrypted. Yog vim li cas? Qhov no yog li ntawd lub kaw lus sawv tau txais thiab mloog ntawm SSH.

gpart add -t freebsd-zfs /dev/ada0

/dev/ada0p4 added!

ntxiv ib qho kev faib disk rau qhov chaw seem

geli init /dev/ada0p4

sau peb tus password encryption

geli attach /dev/ada0p4

Peb nkag mus rau tus password dua thiab peb muaj lub cuab yeej /dev/ada0p4.eli - qhov no yog peb qhov chaw encrypted. Tom qab ntawd peb rov ua qhov qub rau /dev/ada1 thiab seem ntawm cov disks hauv array. Thiab peb tsim ib qho tshiab ZFS laug.

zpool create vms mirror /dev/ada0p4.eli /dev/ada1p4.eli /dev/ada3p4.eli - Zoo, peb muaj cov khoom siv sib ntaus sib tua yam tsawg kawg nkaus. Ib qho mirrored array ntawm disks yog tias ib qho ntawm peb ua tsis tau.

Tsim cov ntaub ntawv tshiab ntawm "pool" tshiab

zfs create vms/jails

pkg install cbsd - Peb tau tsim ib pab neeg thiab teeb tsa kev tswj hwm rau peb lub hlwb.

Tom qab cbsd ntsia, nws yuav tsum tau pib:

# env workdir="/vms/jails" /usr/local/cbsd/sudoexec/initenv

Zoo, peb teb ib pawg ntawm cov lus nug, feem ntau nrog cov lus teb tsis raug.

* Yog tias koj siv encryption, nws tseem ceeb heev uas tus daemon cbsdd tsis tau pib kom txog thaum koj decrypt cov disks manually lossis txiav (hauv peb qhov piv txwv no ua tiav los ntawm zabbix)

** Kuv kuj tsis siv NAT los ntawm cbsd, thiab kuv configure nws tus kheej hauv pf.

# sysrc pf_enable=YES

# ee /etc/pf.conf

IF_PUBLIC="em0"
IP_PUBLIC="1.23.34.56"
JAIL_IP_POOL="192.168.0.0/24"

#WHITE_CL="{ 127.0.0.1 }"

icmp_types="echoreq"

set limit { states 20000, frags 20000, src-nodes 20000 }
set skip on lo0
scrub in all

#NAT for jails
nat pass on $IF_PUBLIC from $JAIL_IP_POOL to any -> $IP_PUBLIC

## Bitcoin network port forward
IP_JAIL="192.168.0.1"
PORT_JAIL="{8333}"
rdr pass on $IF_PUBLIC proto tcp from any to $IP_PUBLIC port $PORT_JAIL -> $IP_JAIL

# service pf start

# pfctl -f /etc/pf.conf

Kev teeb tsa firewall txoj cai kuj yog ib lub ncauj lus cais, yog li kuv yuav tsis nkag mus tob rau hauv kev teeb tsa BLOCK TAG NRHO txoj cai thiab teeb tsa cov npe dawb, koj tuaj yeem ua qhov ntawd los ntawm kev nyeem ntawv cov ntaub ntawv raug cai los yog ib qho ntawm cov xov xwm loj heev muaj nyob hauv Google.

Zoo ... peb muaj cbsd ntsia, nws yog lub sij hawm los tsim peb thawj workhorse - lub caged Bitcoin dab!

cbsd jconstruct-tui

Ntawm no peb pom cell creation dialog. Tom qab tag nrho cov txiaj ntsig tau teeb tsa, cia peb tsim!

Thaum tsim koj thawj lub xov tooj, koj yuav tsum xaiv dab tsi siv los ua lub hauv paus rau cov hlwb. Kuv xaiv ib qho kev faib tawm los ntawm FreeBSD chaw cia khoom nrog cov lus txib repo. Qhov kev xaiv no tsuas yog thaum tsim thawj lub xovtooj ntawm ib qho tshwj xeeb version (koj tuaj yeem tuav lub hlwb ntawm txhua lub version uas laus dua tus tswv tsev).

Tom qab txhua yam raug teeb tsa, peb tso lub tawb!

# cbsd jstart bitcoind

Tab sis peb yuav tsum nruab software hauv lub tawb.

# jls

   JID  IP Address      Hostname                      Path
     1  192.168.0.1     bitcoind.space.com            /zroot/jails/jails/bitcoind

jexec bitcoind mus rau hauv lub cell console

thiab twb nyob rau hauv lub cell peb nruab software nrog nws dependencies (peb tus tswv tsev tseem huv si)

bitcoind:/@[15:25] # pkg install bitcoin-daemon bitcoin-utils

bitcoind:/@[15:30] # sysrc bitcoind_enable=YES

bitcoind:/@[15:30] # service bitcoind start

Muaj Bitcoin hauv lub tawb, tab sis peb xav tau kev qhia tsis qhia npe vim peb xav txuas rau qee lub tawb ntawm TOP network. Feem ntau, peb npaj yuav khiav feem ntau cov hlwb nrog cov software tsis txaus ntseeg tsuas yog los ntawm lub npe. Ua tsaug rau pf Koj tuaj yeem lov tes taw NAT rau qee qhov ntawm IP chaw nyob ntawm lub network hauv zos, thiab tso cai rau NAT nkaus xwb rau peb TOR node. Yog li, txawm tias malware nkag mus rau hauv lub xov tooj ntawm tes, nws feem ntau yuav tsis sib txuas lus nrog lub ntiaj teb sab nraud, thiab yog tias nws ua, nws yuav tsis qhia tus IP ntawm peb lub server. Yog li ntawd, peb tsim lwm lub xovtooj rau "xa mus" cov kev pabcuam raws li ".onion" kev pabcuam thiab ua tus tso npe rau kev nkag mus rau Is Taws Nem rau ib tus neeg lub hlwb.

# cbsd jsconstruct-tui

# cbsd jstart tor

# jexec tor

tor:/@[15:38] # pkg install tor

tor:/@[15:38] # sysrc tor_enable=YES

tor:/@[15:38] # ee /usr/local/etc/tor/torrc

Teem kom mloog ntawm qhov chaw nyob hauv zos (muaj rau txhua lub hlwb)

SOCKSPort 192.168.0.2:9050

Peb xav tau dab tsi ntxiv rau kev zoo siab? Yog, peb xav tau ib qho kev pabcuam rau peb lub vev xaib, tej zaum ntau tshaj ib qho. Cia peb pib nginx, uas yuav ua raws li tus neeg sawv cev rov qab thiab saib xyuas kev rov ua dua Let's Encrypt daim ntawv pov thawj

# cbsd jsconstruct-tui

# cbsd jstart nginx-rev

# jexec nginx-rev

nginx-rev:/@[15:47] # pkg install nginx py36-certbot

Thiab yog li peb muab 150 MB ntawm kev vam khom rau hauv lub tawb. Thiab tus tswv tsev tseem huv.

Cia peb rov qab los teeb tsa nginx tom qab, peb yuav tsum tau tsa ob lub hlwb ntxiv rau peb lub qhov rooj them nyiaj ntawm nodejs thiab xeb thiab daim ntawv thov web, uas yog vim li cas rau hauv Apache thiab PHP, thiab tom kawg kuj xav tau MySQL database.

# cbsd jsconstruct-tui

# cbsd jstart paygw

# jexec paygw

paygw:/@[15:55] # pkg install git node npm

paygw:/@[15:55] # curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

...thiab lwm 380 MB ntawm pob khoom cais

Tom ntej no, peb rub peb daim ntawv thov nrog git thiab tso nws.

# cbsd jsconstruct-tui

# cbsd jstart webapp

# jexec webapp

webapp:/@[16:02] # pkg install mariadb104-server apache24 php74 mod_php74 php74-pdo_mysql

450 MB pob. hauv ib lub tawb.

ntawm no peb muab tus tsim tawm nkag los ntawm SSH ncaj qha rau ntawm tes, lawv yuav ua txhua yam nyob ntawd lawv tus kheej:

webapp:/@[16:02] # ee /etc/ssh/sshd_config

Port 2267 - hloov SSH chaw nres nkoj ntawm lub xov tooj mus rau ib qho kev txiav txim siab

webapp:/@[16:02] # sysrc sshd_enable=YES

webapp:/@[16:02] # service sshd start

Zoo, qhov kev pabcuam tau ua haujlwm, txhua yam uas tseem tshuav yog ntxiv txoj cai rau pf firewall

Cia peb pom dab tsi IP peb lub hlwb muaj thiab peb "hauv cheeb tsam" feem ntau zoo li cas.

# jls

   JID  IP Address      Hostname                      Path
     1  192.168.0.1     bitcoind.space.com            /zroot/jails/jails/bitcoind
     2  192.168.0.2     tor.space.com                 /zroot/jails/jails/tor
     3  192.168.0.3     nginx-rev.space.com           /zroot/jails/jails/nginx-rev
     4  192.168.0.4     paygw.space.com               /zroot/jails/jails/paygw
     5  192.168.0.5     webapp.my.domain              /zroot/jails/jails/webapp

thiab ntxiv ib txoj cai

# ee /etc/pf.conf

## SSH for web-Devs
IP_JAIL="192.168.0.5"
PORT_JAIL="{ 2267 }"
rdr pass on $IF_PUBLIC proto tcp from any to $IP_PUBLIC port $PORT_JAIL -> $IP_JAIL

Zoo, txij li peb nyob ntawm no, cia peb ntxiv ib txoj cai rau thim rov qab:

## web-ports for nginx-rev
IP_JAIL="192.168.0.3"
PORT_JAIL="{ 80, 443 }"
rdr pass on $IF_PUBLIC proto tcp from any to $IP_PUBLIC port $PORT_JAIL -> $IP_JAIL

# pfctl -f /etc/pf.conf

Zoo, tam sim no me ntsis txog bitcoins

Qhov peb muaj yog peb muaj daim ntawv thov web uas nthuav tawm sab nraud thiab nws hais lus hauv zos rau peb lub qhov rooj them nyiaj. Tam sim no peb yuav tsum npaj qhov chaw ua haujlwm rau kev cuam tshuam nrog Bitcoin network nws tus kheej - qhov node bitcoind nws tsuas yog ib tug daemon uas khaws cov ntawv luam hauv zos ntawm blockchain mus txog hnub tim. Cov daemon no muaj RPC thiab lub hnab nyiaj ua haujlwm, tab sis muaj cov "wrappers" yooj yim dua rau kev txhim kho daim ntawv thov. Yuav pib nrog, peb txiav txim siab tso electrum yog CLI hnab nyiaj. Lub hnab nyiaj no peb yuav siv nws li "txias cia" rau peb cov bitcoins - feem ntau, cov bitcoins uas yuav tsum tau muab khaws cia "sab nraum" lub kaw lus siv tau rau cov neeg siv thiab feem ntau nyob deb ntawm txhua tus. Nws kuj muaj GUI, yog li peb yuav siv tib lub hnab nyiaj ntawm peb
laptops. Txog tam sim no peb yuav siv Electrum nrog cov servers pej xeem, thiab tom qab ntawd peb yuav tsa nws hauv lwm lub xov tooj ElectrumXthiaj li tsis vam khom rau leej twg li.

# cbsd jsconstruct-tui

# cbsd jstart electrum

# jexec electrum

electrum:/@[8:45] # pkg install py36-electrum

lwm 700 MB ntawm software hauv peb lub tawb

electrum:/@[8:53] # adduser

Username: wallet
Full name: 
Uid (Leave empty for default): 
Login group [wallet]: 
Login group is wallet. Invite wallet into other groups? []: 
Login class [default]: 
Shell (sh csh tcsh nologin) [sh]: tcsh
Home directory [/home/wallet]: 
Home directory permissions (Leave empty for default): 
Use password-based authentication? [yes]: no
Lock out the account after creation? [no]: 
Username   : wallet
Password   : <disabled>
Full Name  : 
Uid        : 1001
Class      : 
Groups     : wallet 
Home       : /home/wallet
Home Mode  : 
Shell      : /bin/tcsh
Locked     : no
OK? (yes/no): yes
adduser: INFO: Successfully added (wallet) to the user database.
Add another user? (yes/no): no
Goodbye!
electrum:/@[8:53] # su wallet

electrum:/@[8:53] # su wallet

wallet@electrum:/ % electrum-3.6 create

{
    "msg": "Please keep your seed in a safe place; if you lose it, you will not be able to restore your wallet.",
    "path": "/usr/home/wallet/.electrum/wallets/default_wallet",
    "seed": "jealous win pig material ribbon young punch visual okay cactus random bird"
}

Tam sim no peb muaj lub hnab nyiaj tsim.

wallet@electrum:/ % electrum-3.6 listaddresses

[
    "18WEhbjvMLGRMfwudzUrUd25U5C7uZYkzE",
    "14XHSejhxsZNDRtk4eFbqAX3L8rftzwQQU",
    "1KQXaN8RXiCN1ne9iYngUWAr6KJ6d4pPas",
    ...
    "1KeVcAwEYhk29qEyAfPwcBgF5mMMoy4qjw",
    "18VaUuSeBr6T2GwpSHYF3XyNgLyLCt1SWk"
]

wallet@electrum:/ % electrum-3.6 help

Rau peb on-saw Tsuas yog cov neeg tsawg tsawg yuav tuaj yeem txuas mus rau lub hnab nyiaj txij li tam sim no. Txhawm rau kom tsis txhob qhib kev nkag mus rau lub xovtooj ntawm sab nraud, kev sib txuas ntawm SSH yuav tshwm sim los ntawm TOP (ib qho kev faib tawm ntawm VPN). Peb tso SSH hauv lub xov tooj ntawm tes, tab sis tsis txhob kov peb pf.conf ntawm tus tswv tsev.

electrum:/@[9:00] # sysrc sshd_enable=YES

electrum:/@[9:00] # service sshd start

Tam sim no cia peb tua lub xov tooj nrog lub hnab nyiaj hauv Internet. Cia peb muab nws qhov chaw nyob IP los ntawm lwm qhov chaw subnet uas tsis yog NATed. Ua ntej cia peb hloov /etc/pf.conf ntawm tus tswv tsev

# ee /etc/pf.conf

JAIL_IP_POOL="192.168.0.0/24" cia peb hloov nws mus JAIL_IP_POOL="192.168.0.0/25", yog li txhua qhov chaw nyob 192.168.0.126-255 yuav tsis muaj kev nkag mus rau Is Taws Nem ncaj qha. Ib hom software "air-gap" network. Thiab txoj cai NAT tseem nyob li qub

nat pass on $IF_PUBLIC from $JAIL_IP_POOL to any -> $IP_PUBLIC

Overloading cov cai

# pfctl -f /etc/pf.conf

Tam sim no cia peb coj peb lub cell

# cbsd jconfig jname=electrum

jset mode=quiet jname=electrum ip4_addr="192.168.0.200"
Remove old IP: /sbin/ifconfig em0 inet 192.168.0.6 -alias
Setup new IP: /sbin/ifconfig em0 inet 192.168.0.200 alias
ip4_addr: 192.168.0.200

Hm, tab sis tam sim no lub kaw lus nws tus kheej yuav tsum tsis ua haujlwm rau peb. Txawm li cas los xij, peb tuaj yeem hais qhia qhov system npe. Tab sis muaj ib yam, ntawm TOR nws yog SOCKS5 npe, thiab kom yooj yim peb kuj xav tau HTTP npe.

# cbsd jsconstruct-tui

# cbsd jstart polipo

# jexec polipo

polipo:/@[9:28] # pkg install polipo

polipo:/@[9:28] # ee /usr/local/etc/polipo/config

socksParentProxy = "192.168.0.2:9050"
socksProxyType = socks5

polipo:/@[9:42] # sysrc polipo_enable=YES

polipo:/@[9:43] # service polipo start

Zoo, tam sim no muaj ob lub npe servers hauv peb lub cev, thiab ob qho tib si tso tawm ntawm TOR: thom khwm5: 192.168.0.2: 9050 thiab http://192.168.0.6:8123

Tam sim no peb tuaj yeem teeb tsa peb lub hnab nyiaj ib puag ncig

# jexec electrum

electrum:/@[9:45] # su wallet

wallet@electrum:/ % ee ~/.cshrc

#in the end of file proxy config
setenv http_proxy http://192.168.0.6:8123
setenv https_proxy http://192.168.0.6:8123

Zoo, tam sim no lub plhaub yuav ua haujlwm los ntawm kev tso npe. Yog tias peb xav txhim kho pob khoom, ces peb yuav tsum ntxiv rau /usr/local/etc/pkg.conf los ntawm lub hauv paus ntawm lub tawb

pkg_env: {
               http_proxy: "http://my_proxy_ip:8123",
           }

Zoo, tam sim no nws yog lub sijhawm los ntxiv TOR zais kev pabcuam raws li qhov chaw nyob ntawm peb qhov kev pabcuam SSH hauv lub hnab nyiaj.

# jexec tor

tor:/@[9:59] # ee /usr/local/etc/tor/torrc

HiddenServiceDir /var/db/tor/electrum/
HiddenServicePort 22 192.168.0.200:22

tor:/@[10:01] # mkdir /var/db/tor/electrum

tor:/@[10:01] # chown -R _tor:_tor /var/db/tor/electrum

tor:/@[10:01] # chmod 700 /var/db/tor/electrum

tor:/@[10:03] # service tor restart

tor:/@[10:04] # cat /var/db/tor/electrum/hostname

mdjus4gmduhofwcso57b3zl3ufoitguh2knitjco5cmgrokpreuxumad.onion

Nov yog peb qhov chaw nyob txuas. Cia peb kuaj los ntawm lub tshuab hauv zos. Tab sis ua ntej peb yuav tsum ntxiv peb tus yuam sij SSH:

wallet@electrum:/ % mkdir ~/.ssh

wallet@electrum:/ % ee ~/.ssh/authorized_keys

ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAG9Fk2Lqi4GQ8EXZrsH3EgSrVIQPQaAlS38MmJLBabihv9KHIDGXH7r018hxqLNNGbaJWO/wrWk7sG4T0yLHAbdQAFsMYof9kjoyuG56z0XZ8qaD/X/AjrhLMsIoBbUNj0AzxjKNlPJL4NbHsFwbmxGulKS0PdAD5oLcTQi/VnNdU7iFw== user@local

Zoo, los ntawm lub tshuab siv Linux

user@local ~$ nano ~/.ssh/config

#remote electrum wallet
Host remotebtc
        User wallet
        Port 22
        Hostname mdjus4gmduhofwcso57b3zl3ufoitguh2knitjco5cmgrokpreuxumad.onion
        ProxyCommand /bin/ncat --proxy localhost:9050 --proxy-type socks5 %h %p

Wb sib txuas (Rau qhov no los ua haujlwm, koj xav tau lub zos TOR daemon uas mloog ntawm 9050)

user@local ~$ ssh remotebtc

The authenticity of host 'mdjus4gmduhofwcso57b3zl3ufoitguh2knitjco5cmgrokpreuxumad.onion (<no hostip for proxy command>)' can't be established.
ECDSA key fingerprint is SHA256:iW8FKjhVF4yyOZB1z4sBkzyvCM+evQ9cCL/EuWm0Du4.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'mdjus4gmduhofwcso57b3zl3ufoitguh2knitjco5cmgrokpreuxumad.onion' (ECDSA) to the list of known hosts.
FreeBSD 12.1-RELEASE-p1 GENERIC 
To save disk space in your home directory, compress files you rarely
use with "gzip filename".
        -- Dru <[email protected]>
wallet@electrum:~ % logout

Kev vam meej!

Txhawm rau ua haujlwm nrog kev them nyiaj tam sim thiab micro, peb kuj xav tau lub node Xob Laim Network, qhov tseeb, qhov no yuav yog peb lub luag haujlwm tseem ceeb nrog Bitcoin. U*c- xobuas peb yuav siv raws li ib tug daemon yog Sparko plugin, uas yog tag nrho-fledged HTTP (REST) ​​​​interface thiab tso cai rau koj ua hauj lwm nrog ob qho tib si off-chain thiab on-chain muas. c-lightning xav tau kev ua haujlwm bitcoind tab sis yog.

*Muaj ntau qhov kev siv ntawm Lightning Network raws tu qauv hauv ntau hom lus. Ntawm cov uas peb tau sim, c- xob laim (sau hauv C) zoo li qhov ruaj khov tshaj plaws thiab muaj txiaj ntsig zoo

# cbsd jsconstruct-tui

# cbsd jstart cln

# jexec cln

lightning:/@[10:23] # adduser

Username: lightning
...

lightning:/@[10:24] # pkg install git

lightning:/@[10:23] # su lightning

cd ~ && git clone https://github.com/ElementsProject/lightning

lightning@lightning:~ % exit

lightning:/@[10:30] # cd /home/lightning/lightning/

lightning:/home/lightning/lightning@[10:31] # pkg install autoconf automake gettext git gmp gmake libtool python python3 sqlite3 libsodium py36-mako bash bitcoin-utils

lightning:/home/lightning/lightning@[10:34] # ./configure && gmake && gmake install

Thaum txhua yam tsim nyog tau muab tso ua ke thiab teeb tsa, cia peb tsim tus neeg siv RPC rau lightningd в bitcoind

# jexec bitcoind

bitcoind:/@[10:36] # ee /usr/local/etc/bitcoin.conf

rpcbind=192.168.0.1
rpcuser=test
rpcpassword=test
#allow only c-lightning
rpcallowip=192.168.0.7/32

bitcoind:/@[10:39] # service bitcoind restart

Kuv chaotic hloov ntawm cov hlwb hloov tawm mus yuav tsis chaotic yog tias koj nco txog cov nqi hluav taws xob tmux, uas tso cai rau koj los tsim ntau lub davhlau ya nyob twg sub-sessions hauv ib zaug. Analogue: screen

Yog li, peb tsis xav qhia tus IP tiag tiag ntawm peb cov node, thiab peb xav ua txhua yam kev lag luam nyiaj txiag los ntawm TOP. Yog li ntawd, lwm .dos tsis xav tau.

# jexec tor

tor:/@[9:59] # ee /usr/local/etc/tor/torrc

HiddenServiceDir /var/db/tor/cln/
HiddenServicePort 9735 192.168.0.7:9735

tor:/@[10:01] # mkdir /var/db/tor/cln

tor:/@[10:01] # chown -R _tor:_tor /var/db/tor/cln

tor:/@[10:01] # chmod 700 /var/db/tor/cln

tor:/@[10:03] # service tor restart

tor:/@[10:04] # cat /var/db/tor/cln/hostname

en5wbkavnytti334jc5uzaudkansypfs6aguv6kech4hbzpcz2ove3yd.onion

Tam sim no cia peb tsim ib qho config rau c- xob laim

lightning:/home/lightning/lightning@[10:31] # su lightning

lightning@lightning:~ % mkdir .lightning

lightning@lightning:~ % ee .lightning/config

alias=My-LN-Node
bind-addr=192.168.0.7:9735
rgb=ff0000
announce-addr=en5wbkavnytti334jc5uzaudkansypfs6aguv6kech4hbzpcz2ove3yd.onion:9735
network=bitcoin
log-level=info
fee-base=0
fee-per-satoshi=1
proxy=192.168.0.2:9050
log-file=/home/lightning/.lightning/c-lightning.log
min-capacity-sat=200000

# sparko plugin
# https://github.com/fiatjaf/lightningd-gjson-rpc/tree/master/cmd/sparko

sparko-host=192.168.0.7
sparko-port=9737

sparko-tls-path=sparko-tls

#sparko-login=mywalletusername:mywalletpassword

#sparko-keys=masterkey;secretread:+listchannels,+listnodes;secretwrite:+invoice,+listinvoices,+delinvoice,+decodepay,+waitpay,+waitinvoice
sparko-keys=masterkey;secretread:+listchannels,+listnodes;ultrawrite:+invoice,+listinvoices,+delinvoice,+decodepay,+waitpay,+waitinvoice
# for the example above the initialization logs (mixed with lightningd logs) should print something like

lightning@lightning:~ % mkdir .lightning/plugins

lightning@lightning:~ % cd .lightning/plugins/

lightning@lightning:~/.lightning/plugins:% fetch https://github.com/fiatjaf/sparko/releases/download/v0.2.1/sparko_full_freebsd_amd64

lightning@lightning:~/.lightning/plugins % mkdir ~/.lightning/sparko-tls

lightning@lightning:~/.lightning/sparko-tls % cd ~/.lightning/sparko-tls

lightning@lightning:~/.lightning/sparko-tls % openssl genrsa -out key.pem 2048

lightning@lightning:~/.lightning/sparko-tls % openssl req -new -x509 -sha256 -key key.pem -out cert.pem -days 3650

lightning@lightning:~/.lightning/plugins % chmod +x sparko_full_freebsd_amd64

lightning@lightning:~/.lightning/plugins % mv sparko_full_freebsd_amd64 sparko

lightning@lightning:~/.lightning/plugins % cd ~

koj kuj yuav tsum tau tsim cov ntaub ntawv configuration rau bitcoin-cli, cov khoom siv hluav taws xob sib txuas lus nrog bitcoind

lightning@lightning:~ % mkdir .bitcoin

lightning@lightning:~ % ee .bitcoin/bitcoin.conf

rpcconnect=192.168.0.1
rpcuser=test
rpcpassword=test

kuaj

lightning@lightning:~ % bitcoin-cli echo "test"

[
  "test"
]

tso tawm lightningd

lightning@lightning:~ % lightningd --daemon

Nws tus kheej lightningd koj tuaj yeem tswj cov khoom siv hluav taws xob lightning-cli, piv txwv:

lightning-cli newaddr tau qhov chaw nyob rau kev them nyiaj tuaj tshiab

{
   "address": "bc1q2n2ffq3lplhme8jufcxahfrnfhruwjgx3c78pv",
   "bech32": "bc1q2n2ffq3lplhme8jufcxahfrnfhruwjgx3c78pv"
}

lightning-cli withdraw bc1jufcxahfrnfhruwjgx3cq2n2ffq3lplhme878pv all xa tag nrho cov nyiaj hauv hnab nyiaj mus rau qhov chaw nyob (tag nrho cov chaw nyob hauv-chain)

Kuj commands rau off-chain operations lightning-cli invoice, lightning-cli listinvoices, lightning-cli pay lwm.

Zoo, rau kev sib txuas lus nrog daim ntawv thov peb muaj REST Api

curl -k https://192.168.0.7:9737/rpc -d '{"method": "pay", "params": ["lnbc..."]}' -H 'X-Access masterkey'

Cia li muab cov ntsiab lus los sib piv

# jls

   JID  IP Address      Hostname                      Path
     1  192.168.0.1     bitcoind.space.com            /zroot/jails/jails/bitcoind
     2  192.168.0.2     tor.space.com                 /zroot/jails/jails/tor
     3  192.168.0.3     nginx-rev.space.com           /zroot/jails/jails/nginx-rev
     4  192.168.0.4     paygw.space.com               /zroot/jails/jails/paygw
     5  192.168.0.5     webapp.my.domain              /zroot/jails/jails/webapp
     7  192.168.0.200   electrum.space.com            /zroot/jails/jails/electrum
     8  192.168.0.6     polipo.space.com              /zroot/jails/jails/polipo
     9  192.168.0.7     lightning.space.com           /zroot/jails/jails/cln

Peb muaj cov thawv ntim khoom, txhua tus nrog nws tus kheej qib nkag tau ob qho tib si los ntawm thiab mus rau lub network hauv zos.

# zfs list

NAME                    USED  AVAIL  REFER  MOUNTPOINT
zroot                   279G  1.48T    88K  /zroot
zroot/ROOT             1.89G  1.48T    88K  none
zroot/ROOT/default     1.89G  17.6G  1.89G  /
zroot/home               88K  1.48T    88K  /home
zroot/jails             277G  1.48T   404M  /zroot/jails
zroot/jails/bitcoind    190G  1.48T   190G  /zroot/jails/jails-data/bitcoind-data
zroot/jails/cln         653M  1.48T   653M  /zroot/jails/jails-data/cln-data
zroot/jails/electrum    703M  1.48T   703M  /zroot/jails/jails-data/electrum-data
zroot/jails/nginx-rev   190M  1.48T   190M  /zroot/jails/jails-data/nginx-rev-data
zroot/jails/paygw      82.4G  1.48T  82.4G  /zroot/jails/jails-data/paygw-data
zroot/jails/polipo     57.6M  1.48T  57.6M  /zroot/jails/jails-data/polipo-data
zroot/jails/tor        81.5M  1.48T  81.5M  /zroot/jails/jails-data/tor-data
zroot/jails/webapp      360M  1.48T   360M  /zroot/jails/jails-data/webapp-data

Raws li koj tuaj yeem pom, bitcoind siv tag nrho 190 GB ntawm qhov chaw. Yuav ua li cas yog tias peb xav tau lwm qhov rau kev sim? Qhov no yog qhov uas ZFS los ua ke. Nrog kev pab cbsd jclone old=bitcoind new=bitcoind-clone host_hostname=clonedbtc.space.com koj tuaj yeem tsim ib qho snapshot thiab txuas lub xov tooj tshiab rau qhov snapshot no. Lub xov tooj tshiab yuav muaj nws qhov chaw, tab sis tsuas yog qhov sib txawv ntawm lub xeev tam sim no thiab tus thawj yuav raug coj mus rau hauv tus account hauv cov ntaub ntawv kaw lus (peb yuav txuag tsawg kawg 190 GB)

Txhua lub xov tooj yog nws tus kheej cais ZFS dataset, thiab qhov no yooj yim heev. ZFS kuj tso cai ua ntau lwm yam txias, xws li xa snapshots ntawm SSH. Peb yuav tsis piav nws, muaj ntau heev lawm.

Nws tseem tsim nyog sau cia qhov xav tau rau kev saib xyuas cov chaw taws teeb ntawm tus tswv tsev, rau cov hom phiaj no peb muaj Zabbix.

B - kev nyab xeeb

Hais txog kev ruaj ntseg, cia peb pib los ntawm cov hauv paus ntsiab lus tseem ceeb hauv cov ntsiab lus ntawm infrastructure:

Kev zais siab - Cov cuab yeej txheem ntawm UNIX-zoo li tshuab ua kom muaj kev ua raws li txoj cai no. Peb logically cais nkag mus rau txhua qhov kev sib cais ntawm qhov system - ib lub xovtooj. Kev nkag tau yog muab los ntawm tus qauv siv kev lees paub siv tus neeg siv tus kheej tus yuam sij. Tag nrho cov kev sib txuas lus ntawm thiab mus rau qhov kawg hlwb tshwm sim nyob rau hauv daim ntawv encrypted. Ua tsaug rau disk encryption, peb tsis tas yuav txhawj xeeb txog kev nyab xeeb ntawm cov ntaub ntawv thaum hloov disk lossis tsiv mus rau lwm lub server. Qhov tsuas yog qhov tseem ceeb yog nkag mus rau tus tswv system, txij li qhov kev nkag mus no feem ntau muab kev nkag mus rau cov ntaub ntawv hauv cov thawv.

Kev ncaj ncees “Kev ua raws li txoj cai no tshwm sim nyob rau ntau theem sib txawv. Ua ntej, nws yog ib qho tseem ceeb uas yuav tsum nco ntsoov tias nyob rau hauv cov ntaub ntawv ntawm server hardware, ECC nco, ZFS twb "tawm ntawm lub thawv" saib xyuas cov ntaub ntawv ncaj ncees ntawm cov ntaub ntawv cov khoom. Instant snapshots tso cai rau koj ua thaub qab txhua lub sijhawm ntawm ya. Yooj yim ntawm tes export / ntshuam cov cuab yeej ua cell replication yooj yim.

Muaj Txaus - Qhov no twb yog xaiv tau. Nyob ntawm seb koj lub koob meej thiab qhov tseeb tias koj muaj cov neeg ntxub. Hauv peb qhov piv txwv, peb tau xyuas kom meej tias lub hnab nyiaj siv tau tshwj xeeb los ntawm TOP network. Yog tias tsim nyog, koj tuaj yeem thaiv txhua yam ntawm firewall thiab tso cai rau kev nkag mus rau tus neeg rau zaub mov tshwj xeeb los ntawm tunnels (TOR lossis VPN yog lwm qhov teeb meem). Yog li, tus neeg rau zaub mov yuav raug txiav tawm ntawm lub ntiaj teb sab nraud kom ntau li ntau tau, thiab tsuas yog peb tus kheej yuav muaj peev xwm cuam tshuam nws qhov muaj.

Kev tsis lees paub - Thiab qhov no nyob ntawm kev ua haujlwm ntxiv thiab ua raws li cov cai kom raug rau cov neeg siv txoj cai, nkag mus, thiab lwm yam. Tab sis nrog txoj hauv kev zoo, txhua tus neeg siv cov kev ua tau raug tshuaj xyuas, thiab ua tsaug rau cov kev daws teeb meem cryptographic nws muaj peev xwm los txheeb xyuas tsis meej leej twg ua qee yam ua thiab thaum twg.

Ntawm chav kawm, qhov kev piav qhia configuration tsis yog ib qho piv txwv ntawm yuav ua li cas nws yuav tsum ib txwm ua, nws yog ib qho piv txwv ntawm yuav ua li cas nws yuav ua tau, thaum tuav tau yooj yim scaling thiab customization muaj peev xwm.

Yuav ua li cas yog tag nrho virtualization?

Txog tag nrho virtualization siv cbsd koj tuaj yeem ua tau nyeem ntawm no. Kuv mam li ntxiv qhov ntawd rau kev ua haujlwm bhyve Koj yuav tsum tau qhib qee cov kev xaiv kernel.

# cat /etc/rc.conf

...
kld_list="vmm if_tap if_bridge nmdm"
...

# cat /boot/loader.conf

...
vmm_load="YES"
...

Yog li yog tias koj dheev xav pib docker, tom qab ntawd nruab qee qhov debian thiab mus tom ntej!

Yog tag nrho

Kuv xav tias yog txhua yam kuv xav qhia. Yog tias koj nyiam tsab xov xwm, ces koj tuaj yeem xa kuv ib co bitcoins - bc1qu7lhf45xw83ddll5mnzte6ahju8ktkeu6qhttc. Yog tias koj xav sim cov hlwb hauv kev nqis tes ua thiab muaj qee qhov bitcoins, koj tuaj yeem mus rau kuv tsiaj-project.

Tau qhov twg los: www.hab.com