d-bis/metamask-integration
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
25c96e210a1f038e8137e6d0541945a2fbf8fcbb
metamask-integration/DEPLOYMENT_REQUIREMENTS.md
defiQUG 25c96e210a chore: sync submodule state (parent ref update) 
Made-with: Cursor
2026-03-02 12:14:14 -08:00

12 KiB
Raw Blame History

MetaMask Integration - Complete Deployment Requirements

Date: 2026-01-26
Purpose: Comprehensive list of all requirements for deploying MetaMask integration infrastructure

📋 Table of Contents

  1. Infrastructure Requirements
  2. Software Requirements
  3. Network Requirements
  4. Security Requirements
  5. DNS & SSL Requirements
  6. Database Requirements
  7. Storage Requirements
  8. Access & Permissions
  9. External Service Requirements
  10. Configuration Requirements

🖥️ Infrastructure Requirements

Server/Compute Resources

RPC Endpoint Servers

  • Minimum: 2 servers (primary + secondary)
  • CPU: 4+ cores per server
  • RAM: 8GB+ per server
  • Storage: 50GB+ SSD per server
  • Network: 1Gbps+ connection
  • OS: Linux (Ubuntu 20.04+ or similar)

Blockscout Explorer Server

  • CPU: 4+ cores
  • RAM: 8GB+ (16GB recommended)
  • Storage: 100GB+ SSD
  • Network: 1Gbps+ connection
  • OS: Linux (Ubuntu 20.04+ or similar)

Load Balancer/Gateway (Optional)

  • Azure Application Gateway (if using Azure)
  • Nginx (if using self-hosted)
  • Cloudflare (for DNS and DDoS protection)

Container Orchestration (Optional)

Docker

  • Docker Engine: 20.10+
  • Docker Compose: 2.0+

Kubernetes (Optional)

  • Kubernetes: 1.24+
  • kubectl: Latest
  • Helm: 3.0+ (if using Helm charts)

💻 Software Requirements

System Software

Required

  • Nginx: 1.18+ (for reverse proxy)
  • PostgreSQL: 13+ (for Blockscout database)
  • OpenSSL: Latest (for SSL certificate management)
  • curl: Latest (for testing)
  • jq: Latest (for JSON processing)
  • bash: 4.4+ (for scripts)

Optional

  • certbot: Latest (for Let's Encrypt certificates)
  • Docker: 20.10+ (for containerized deployment)
  • Terraform: 1.0+ (for Azure Gateway deployment)
  • Azure CLI: Latest (for Azure deployments)

Development Tools (For Testing)

  • Node.js: 18+ (for running examples)
  • npm/pnpm: Latest
  • MetaMask Extension: Latest
  • Web Browser: Chrome/Firefox/Edge (latest)

🌐 Network Requirements

Network Configuration

RPC Endpoints

  • Primary RPC: rpc.d-bis.org → Server IP
  • Secondary RPC: rpc2.d-bis.org → Server IP
  • Internal RPC: 192.168.11.211:8545 (backend)
  • Protocol: HTTPS (443) and HTTP (80 for redirect)

Explorer

  • Explorer URL: explorer.d-bis.org → Server IP
  • Protocol: HTTPS (443) and HTTP (80 for redirect)
  • Port: 4000 (Blockscout default)

Firewall Rules

Inbound:

  • Port 80 (HTTP) - Allow from Cloudflare IPs only
  • Port 443 (HTTPS) - Allow from Cloudflare IPs only
  • Port 8545 (RPC) - Allow from internal network only
  • Port 4000 (Blockscout) - Allow from internal network only

Outbound:

  • Port 443 (HTTPS) - Allow all (for external API calls)
  • Port 80 (HTTP) - Allow all (for external API calls)
  • Port 5432 (PostgreSQL) - Allow from internal network only

Network Connectivity

  • Internet Access: Required for all servers
  • Internal Network: Required for RPC backend access
  • DNS Resolution: Required for domain names
  • SSL/TLS: Required for HTTPS endpoints

🔒 Security Requirements

SSL/TLS Certificates

Option 1: Cloudflare SSL (Recommended)

  • Cloudflare Account: Required
  • Domain: d-bis.org added to Cloudflare
  • SSL Mode: Full (strict)
  • Auto-renewal: Automatic

Option 2: Let's Encrypt

  • certbot: Installed
  • Domain Validation: DNS or HTTP validation
  • Certificate Files:
    • /etc/letsencrypt/live/rpc.d-bis.org/fullchain.pem
    • /etc/letsencrypt/live/rpc.d-bis.org/privkey.pem
  • Auto-renewal: Systemd timer configured

Option 3: Custom Certificate

  • Certificate: PFX or PEM format
  • Private Key: Securely stored
  • Certificate Chain: Full chain included
  • Validity: Not expired

Security Headers

  • CORS Headers: Configured for MetaMask domains
  • HSTS: Enabled
  • X-Frame-Options: Configured
  • X-Content-Type-Options: Configured
  • Rate Limiting: Configured

Access Control

  • SSH Keys: Configured (no password auth)
  • Firewall: Configured (UFW/iptables)
  • User Permissions: Least privilege
  • Secret Management: Secure storage for passwords/keys

🌍 DNS & SSL Requirements

DNS Configuration

Required DNS Records

  1. Primary RPC:

    • Type: A
    • Name: rpc
    • Value: Server IP address
    • TTL: 300 (or Auto)
    • Proxy: Enabled (Cloudflare)

  2. Secondary RPC:

    • Type: A
    • Name: rpc2
    • Value: Server IP address
    • TTL: 300 (or Auto)
    • Proxy: Enabled (Cloudflare)

  3. Explorer:

    • Type: A
    • Name: explorer
    • Value: Server IP address
    • TTL: 300 (or Auto)
    • Proxy: Enabled (Cloudflare)

  4. RPC Core Alias (Optional):

    • Type: CNAME
    • Name: rpc-core
    • Value: rpc.d-bis.org
    • TTL: 300 (or Auto)
    • Proxy: Enabled (Cloudflare)

DNS Provider Requirements

  • Cloudflare Account: Required
  • Domain: d-bis.org registered
  • Nameservers: Updated to Cloudflare
  • DNS API Access: For automated configuration (optional)

SSL/TLS Requirements

  • HTTPS: Required for all public endpoints
  • TLS Version: 1.2 minimum, 1.3 preferred
  • Certificate Validity: Not expired
  • Certificate Chain: Complete chain
  • Auto-renewal: Configured

🗄️ Database Requirements

PostgreSQL Database (For Blockscout)

Minimum Requirements

  • Version: PostgreSQL 13+
  • Storage: 50GB+ (grows with chain data)
  • RAM: 4GB+ allocated
  • CPU: 2+ cores
  • Connections: 100+ max connections

Database Configuration

  • Database Name: blockscout
  • User: blockscout
  • Password: Secure password (stored securely)
  • Encoding: UTF-8
  • Extensions: Required extensions installed

Backup Requirements

  • Backup Strategy: Daily backups
  • Retention: 30+ days
  • Recovery: Tested recovery procedure

💾 Storage Requirements

Blockscout Storage

  • Database: 50GB+ (grows with chain data)
  • Logs: 10GB+ (rotated)
  • Static Files: 5GB+ (token logos, images)
  • Total: 100GB+ recommended

RPC Server Storage

  • Logs: 10GB+ (rotated)
  • Configuration: 1GB
  • Total: 20GB+ recommended

Token Logo Storage

  • Logo Files: 1GB+ (PNG files, multiple sizes)
  • CDN: Optional (for better performance)

🔑 Access & Permissions

Server Access

  • SSH Access: Required
  • Root/Sudo Access: Required for deployment
  • User Account: Non-root user with sudo
  • SSH Keys: Configured

Cloudflare Access

  • Account: Cloudflare account
  • API Token: For automated DNS configuration (optional)
  • Zone ID: For API operations (optional)

Azure Access (If Using Azure Gateway)

  • Azure Subscription: Required
  • Azure CLI: Installed and authenticated
  • Terraform: Installed (for infrastructure as code)
  • Resource Group: Created or existing
  • Permissions: Contributor or Owner role

Database Access

  • PostgreSQL Access: Local or network access
  • Database Credentials: Secure storage
  • Connection String: Configured

🌐 External Service Requirements

Required Services

Cloudflare

  • Account: Free tier or higher
  • Domain: d-bis.org added
  • DNS: Configured
  • SSL/TLS: Enabled

RPC Backend

  • Besu Node: Running at 192.168.11.211:8545
  • WebSocket: Available at 192.168.11.211:8546
  • Accessibility: Network accessible

Optional Services

GitHub (For Token List Hosting)

  • GitHub Account: Required
  • Repository: Created or existing
  • GitHub Pages: Enabled

IPFS (For Token List Hosting)

  • IPFS Node: Running (optional)
  • Pinning Service: Pinata/Infura (optional)

Monitoring Services

  • Uptime Monitoring: UptimeRobot/Pingdom (optional)
  • Error Tracking: Sentry (optional)
  • Analytics: Google Analytics (optional)

⚙️ Configuration Requirements

Environment Variables

Blockscout Environment Variables

DATABASE_URL=postgresql://blockscout:password@localhost:5432/blockscout
ETHEREUM_JSONRPC_HTTP_URL=http://192.168.11.211:8545
ETHEREUM_JSONRPC_WS_URL=ws://192.168.11.211:8546
CHAIN_ID=138
SECRET_KEY_BASE=<generated-secret>
CORS_ALLOWED_ORIGINS=https://portfolio.metamask.io,https://metamask.io
ENABLE_CORS=true

Nginx Configuration

  • Config File: /etc/nginx/sites-available/rpc.d-bis.org
  • SSL Certificates: Configured
  • CORS Headers: Configured
  • Rate Limiting: Configured

Configuration Files

Required Files

  • nginx-rpc.conf - Nginx RPC configuration
  • docker-compose.yml - Blockscout Docker Compose
  • blockscout-deployment.yaml - Kubernetes deployment (if using K8s)
  • .env - Environment variables (secure)

Optional Files

  • terraform/main.tf - Azure Gateway Terraform config
  • cloudflare-dns-config.json - DNS records config

📦 Application Requirements

Blockscout

  • Image: blockscout/blockscout:latest
  • Version: Latest stable
  • Port: 4000
  • Health Check: /api/v2/health
  • Database: PostgreSQL 13+

RPC Backend

  • Besu Node: Running and accessible
  • RPC Port: 8545
  • WebSocket Port: 8546
  • Network: ChainID 138

🔧 Deployment Tools

Required Tools

  • bash: 4.4+ (for deployment scripts)
  • git: Latest (for version control)
  • curl: Latest (for API testing)
  • jq: Latest (for JSON processing)

Optional Tools

  • Docker: 20.10+ (for containerized deployment)
  • Docker Compose: 2.0+ (for multi-container setup)
  • kubectl: Latest (for Kubernetes deployment)
  • Terraform: 1.0+ (for infrastructure as code)
  • Azure CLI: Latest (for Azure deployments)

Pre-Deployment Checklist

Infrastructure

  • Servers provisioned and accessible
  • Network connectivity verified
  • Firewall rules configured
  • DNS records configured
  • SSL certificates obtained

Software

  • Required software installed
  • Docker/Kubernetes configured (if using)
  • Database server running
  • Nginx installed and configured

Security

  • SSH keys configured
  • Firewall rules applied
  • SSL certificates installed
  • Security headers configured
  • Secrets stored securely

Configuration

  • Environment variables set
  • Configuration files created
  • Database initialized
  • CORS headers configured

Testing

  • RPC endpoints tested
  • Explorer tested
  • SSL certificates verified
  • CORS headers verified
  • MetaMask connection tested

📊 Resource Summary

Minimum Requirements (Small Deployment)

  • Servers: 2 (RPC + Explorer)
  • Total CPU: 8 cores
  • Total RAM: 16GB
  • Total Storage: 150GB
  • Network: 1Gbps

Recommended Requirements (Production)

  • Servers: 3+ (RPC Primary, RPC Secondary, Explorer)
  • Total CPU: 16+ cores
  • Total RAM: 32GB+
  • Total Storage: 500GB+
  • Network: 10Gbps
  • Load Balancer: Yes
  • Backup: Automated

🚀 Deployment Order

  1. Infrastructure Setup

    • Provision servers
    • Configure network
    • Set up firewall

  2. DNS Configuration

    • Add DNS records
    • Configure Cloudflare
    • Verify DNS resolution

  3. SSL Certificate Setup

    • Obtain certificates
    • Install certificates
    • Configure auto-renewal

  4. Database Setup

    • Install PostgreSQL
    • Create database
    • Configure access

  5. RPC Deployment

    • Configure nginx
    • Deploy RPC proxy
    • Test endpoints

  6. Blockscout Deployment

    • Deploy Blockscout
    • Configure CORS
    • Test explorer

  7. Token List Hosting

    • Choose hosting method
    • Deploy token list
    • Test accessibility

  8. Verification

    • Test all endpoints
    • Verify CORS headers
    • Test MetaMask connection
    • Monitor performance

📝 Notes

  • All requirements assume Linux-based deployment
  • Windows deployment possible but not documented
  • Cloud-specific requirements (Azure, AWS, GCP) may vary
  • Some requirements are optional depending on deployment method
  • All scripts and configurations are provided in the repository

Last Updated: 2026-01-26

Reference in New Issue View Git Blame Copy Permalink