diff --git a/conf/system.conf b/conf/system.conf index 656e8ede..c23f40cf 100644 --- a/conf/system.conf +++ b/conf/system.conf @@ -1,90 +1,90 @@ akka { - actor { - warn-about-java-serializer-usage = off#关闭Java序列化来序列化消息时的警告,建议不要开启。如果开启,开启值=on - default-mailbox { - #akka默认邮箱的选择,默认配置是akka.dispatch.SingleConsumerOnlyUnboundedMailbox,这是一个多生产者单消费者队列。建议不要修改此参数 - mailbox-type = "akka.dispatch.SingleConsumerOnlyUnboundedMailbox" - } + actor { + warn-about-java-serializer-usage = off#关闭Java序列化来序列化消息时的警告,建议不要开启。如果开启,开启值=on + default-mailbox { + #akka默认邮箱的选择,默认配置是akka.dispatch.SingleConsumerOnlyUnboundedMailbox,这是一个多生产者单消费者队列。建议不要修改此参数 + mailbox-type = "akka.dispatch.SingleConsumerOnlyUnboundedMailbox" + } - default-dispatcher{ - #akka dispatcher 配置,采用akka的默认的fork-join-executor,建议不要修改。 - parallelism-min =10 #最小的线程数 - parallelism-factor = 4.0 #并行因子配置 - parallelism-max = 100 #最大的线程数 - throughput = 80 - } + default-dispatcher { + #akka dispatcher 配置,采用akka的默认的fork-join-executor,建议不要修改。 + parallelism-min = 10 #最小的线程数 + parallelism-factor = 4.0 #并行因子配置 + parallelism-max = 100 #最大的线程数 + throughput = 80 + } - } + } - remote { - #classic模式下的配置 - classic{ - netty.tcp { - //在单机单节点的情况下配置机器ip - #hostname=192.168.10.155 - hostname=192.168.31.155 - //在单机单节点的情况下需要配置具体的端口;在单机多节点的情况下直接配置为0 - //port = 0 - //port=8082//0,automatic assign - //internal (bind) hostname - //bind-hostname=192.168.1.129 - //bind-port=8082 - } - - netty.ssl.security { - //基础路径,证书的存放路径,建议不要修改 - base-path = "jks/" - //名称前缀,证书的名称前缀,不要修改 - base-name = "" - //证书的别名,需要跟节点的名称要保持一致 - alias = "121000005l35120456.node1" - - //用户ca文件密码 - key-store-password = "123" - //用户证书密码 - key-password = "123" - } - } - - #artery模式下的配置 - artery { - #canonical.hostname = "192.168.10.155" - canonical.hostname = "192.168.31.155" - #canonical.port = 0 - } - } - - cluster { - #种子节点的配置,在单机单节点的情况下需要配置种子节点的信息akka:// - #classic模式下的配置 - #seed-nodes = ["akka.tcp://Repchain@192.168.10.155:22522","akka.tcp://Repchain@192.168.10.155:22523","akka.tcp://Repchain@192.168.10.155:22524"] - #seed-nodes = ["akka.ssl.tcp://Repchain@192.168.31.155:22522","akka.ssl.tcp://Repchain@192.168.31.155:22523","akka.ssl.tcp://Repchain@192.168.31.155:22524"] - - #artery模式下的配置 - #seed-nodes = ["akka://Repchain@192.168.10.155:22522","akka://Repchain@192.168.10.155:22523","akka://Repchain@192.168.10.155:22524"] - seed-nodes = ["akka://Repchain@192.168.31.155:22522","akka://Repchain@192.168.31.155:22523","akka://Repchain@192.168.31.155:22526"] + remote { + #classic模式下的配置 + classic { + netty.tcp { + //在单机单节点的情况下配置机器ip + #hostname=192.168.10.155 + hostname = 192.168.31.155 + //在单机单节点的情况下需要配置具体的端口;在单机多节点的情况下直接配置为0 + //port = 0 + //port=8082//0,automatic assign + //internal (bind) hostname + //bind-hostname=192.168.1.129 + //bind-port=8082 } + netty.ssl.security { + //基础路径,证书的存放路径,建议不要修改 + base-path = "jks/" + //名称前缀,证书的名称前缀,不要修改 + base-name = "" + //证书的别名,需要跟节点的名称要保持一致 + alias = "121000005l35120456.node1" + + //用户ca文件密码 + key-store-password = "123" + //用户证书密码 + key-password = "123" + } + } + + #artery模式下的配置 + artery { + #canonical.hostname = "192.168.10.155" + canonical.hostname = "192.168.31.155" + #canonical.port = 0 + } + } + + cluster { + #种子节点的配置,在单机单节点的情况下需要配置种子节点的信息akka:// + #classic模式下的配置 + #seed-nodes = ["akka.tcp://Repchain@192.168.10.155:22522","akka.tcp://Repchain@192.168.10.155:22523","akka.tcp://Repchain@192.168.10.155:22524"] + #seed-nodes = ["akka.ssl.tcp://Repchain@192.168.31.155:22522","akka.ssl.tcp://Repchain@192.168.31.155:22523","akka.ssl.tcp://Repchain@192.168.31.155:22524"] + + #artery模式下的配置 + #seed-nodes = ["akka://Repchain@192.168.10.155:22522","akka://Repchain@192.168.10.155:22523","akka://Repchain@192.168.10.155:22524"] + seed-nodes = ["akka://Repchain@192.168.31.155:22522", "akka://Repchain@192.168.31.155:22523", "akka://Repchain@192.168.31.155:22526"] + } + } akka.http { - #akka 与http服务相关的配置 - idle-timeout = 100s#一个空闲连接超时时间配置,当空闲连接超时之后,将被自动关闭 - server { - server-header = akka-http/${akka.http.version}#http服务头,建议不要修改 - idle-timeout = 100s#空闲连接超时时间,超时将自动关闭连接 - request-timeout = 100s #请求对超时时间 - max-connections = 1024#最大对连接数 - } - client { - idle-timeout = 100s #空闲连接超时时间,超时将自动关闭 - connecting-timeout = 100s#建立连接对超时时间 - } + #akka 与http服务相关的配置 + idle-timeout = 100s#一个空闲连接超时时间配置,当空闲连接超时之后,将被自动关闭 + server { + server-header = akka-http/${akka.http.version}#http服务头,建议不要修改 + idle-timeout = 100s#空闲连接超时时间,超时将自动关闭连接 + request-timeout = 100s #请求对超时时间 + max-connections = 1024#最大对连接数 + } + client { + idle-timeout = 100s #空闲连接超时时间,超时将自动关闭 + connecting-timeout = 100s#建立连接对超时时间 + } } system { - #创世节点的名称,在系统初始化时,将根据该节点是否是创世节点进行创世块的建立 - genesis_node_name="121000005l35120456.node1" + #创世节点的名称,在系统初始化时,将根据该节点是否是创世节点进行创世块的建立 + genesis_node_name = "121000005l35120456.node1" #api是否开启 #如果是单机多节点测试模式(Repchain,则选择0,默认节点1会开启) ws_enable = 1#api 0,不开启;1,开启 @@ -94,19 +94,19 @@ system { statistic_enable = 0 # 0,unable;able #实时图的事件是否发送,如果不发送,前端实时图将收不到任何消息。 realtimegraph_enable = 1#0 unable;1 enable; default 1 - + httpServicePort = 8081#http服务的端口号,默认为8081 checkCertValidate = 0#设置是否检查证书的有效性,默认为0 0=不校验,1=校验 - + contractOperationMode = 0#设置合约的运行方式,0=debug方式,1=deploy,默认为debug方式,如果发布部署,必须使用deploy方式。 - + number_of_transProcessor = 10# - + has_preload_trans_of_api = true#API接收交易时,是否做交易的预执行检查。默认值true - + is_verify_of_endorsement = true#在出块时,背书节点是否验证交易,默认值true - + number_of_endorsement = 2#该参数确认背书比例,可选值:1,2,3;如果等于1, 表示有一个出块签名就可以了;如果等于2,表示达成共识需要大于节点的1/2;如果等于3,表示达成共识需要大于节点的2/3;默认值是2. block { @@ -124,21 +124,21 @@ system { #最低投票人数量 vote_note_min = 4 #参与共识的节点别名 - vote_node_list = ["121000005l35120456.node1","12110107bi45jh675g.node2", - "122000002n00123567.node3","921000005k36123789.node4" - #] - ,"921000006e0012v696.node5"] + vote_node_list = ["121000005l35120456.node1", "12110107bi45jh675g.node2", + "122000002n00123567.node3", "921000005k36123789.node4" + #] + , "921000006e0012v696.node5"] } - account{ - chaincodename = "ContractCert"#账户管理合约的名称 + account { + chaincodename = "ContractCert"#账户管理合约的名称 chaincodeversion = 1 #证书状态改变函数名 - CertStatusChangeFunction="UpdateCertStatus" + CertStatusChangeFunction = "UpdateCertStatus" } - diskspaceManager{ - diskspacealarm = 5000#磁盘最少空间大小,单位M ,小于这个值系统将不能启动。 - } + diskspaceManager { + diskspacealarm = 5000#磁盘最少空间大小,单位M ,小于这个值系统将不能启动。 + } transaction { #辅助自动创建交易的间隔 @@ -152,11 +152,11 @@ system { node_stable_delay = 5000 #millis } - storage{ - dbpath="/Users/jiangbuyun/repchaindata/data/leveldbdata" - blockpath="/Users/jiangbuyun/repchaindata/data/blockdata" - filemax=200000000#单位为字节 - } + storage { + dbpath = "/Users/jiangbuyun/repchaindata/data/leveldbdata" + blockpath = "/Users/jiangbuyun/repchaindata/data/blockdata" + filemax = 200000000#单位为字节 + } time { #通用稳定延迟 @@ -195,5 +195,5 @@ system { type = "CRFD" blocknumberofraft = 100 } - + } \ No newline at end of file diff --git a/src/main/resources/application.conf b/src/main/resources/application.conf index eaf6bf07..fa086743 100644 --- a/src/main/resources/application.conf +++ b/src/main/resources/application.conf @@ -4,7 +4,7 @@ akka { loglevel = "INFO" logging-filter = "akka.event.slf4j.Slf4jLoggingFilter" - cluster{ + cluster { akka.cluster.log-info = on log-info-verbose = on #jmx.enabled = on @@ -12,169 +12,167 @@ akka { #min-nr-of-members = 4 } actor { - serialize-messages = off - serialize-creators = off - enable-additional-serialization-bindings = on - allow-java-serialization = off - #provider = "akka.cluster.ClusterActorRefProvider" - provider = "cluster" - serializers { - kryo = "com.twitter.chill.akka.AkkaSerializer" - java = "akka.serialization.JavaSerializer" - proto = "akka.remote.serialization.ProtobufSerializer" - } - - serialization-bindings { - "java.lang.String" = java - "java.io.Serializable" = kryo - "com.google.protobuf.Message" = proto - "scalapb.GeneratedMessage" = proto - } + serialize-messages = off + serialize-creators = off + enable-additional-serialization-bindings = on + allow-java-serialization = off + #provider = "akka.cluster.ClusterActorRefProvider" + provider = "cluster" + serializers { + kryo = "com.twitter.chill.akka.AkkaSerializer" + java = "akka.serialization.JavaSerializer" + proto = "akka.remote.serialization.ProtobufSerializer" } + serialization-bindings { + "java.lang.String" = java + "java.io.Serializable" = kryo + "com.google.protobuf.Message" = proto + "scalapb.GeneratedMessage" = proto + } + } remote { - classic{ - netty.tcp{ - transport-class = "akka.remote.transport.netty.NettyTransport" - #mesage传输块大小配置 - send-buffer-size = 2048000b - receive-buffer-size = 2048000b - maximum-frame-size = 1024000b - enable-ssl = true - ssl-engine-provider = akka.remote.transport.netty.ConfigSSLEngineProvider - security { - key-store = "jks/121000005l35120456.node1.jks" - trust-store = "jks/mytruststore.jks" // 加载信任列表证书用的_tls1.3 - #trust-store = "jks/mytrust" // ssl用的_ca - trust-store-mm = "jks/mytruststore.jks" // 加载信任列表证书用的_origin + classic { + netty.tcp { + transport-class = "akka.remote.transport.netty.NettyTransport" + #mesage传输块大小配置 + send-buffer-size = 2048000b + receive-buffer-size = 2048000b + maximum-frame-size = 1024000b + enable-ssl = true + ssl-engine-provider = akka.remote.transport.netty.ConfigSSLEngineProvider + security { + key-store = "jks/121000005l35120456.node1.jks" + trust-store = "jks/mytruststore.jks" // 加载信任列表证书用的_tls1.3 + #trust-store = "jks/mytrust" // ssl用的_ca + trust-store-mm = "jks/mytruststore.jks" // 加载信任列表证书用的_origin - key-store-password = "123" - key-password = "123" - trust-store-password = "changeme" // 加载信任列表证书用的_tls1.3 - #trust-store-password = "changeit" // ssl用的_ca - trust-store-password-mm = "changeme" // 加载信任列表证书用的_origin + key-store-password = "123" + key-password = "123" + trust-store-password = "changeme" // 加载信任列表证书用的_tls1.3 + #trust-store-password = "changeit" // ssl用的_ca + trust-store-password-mm = "changeme" // 加载信任列表证书用的_origin - protocol = "TLSv1.3" - enabled-algorithms = [TLS_AES_128_GCM_SHA256] - require-mutual-authentication = on - random-number-generator = "SecureRandom" - } - } - netty.ssl.security { - key-store = "jks/121000005l35120456.node1.jks" - trust-store = "jks/mytruststore.jks" // 加载信任列表证书用的_tls1.3 - #trust-store = "jks/mytrust" // ssl用的_ca - trust-store-mm = "jks/mytruststore.jks" // 加载信任列表证书用的_origin - - key-store-password = "123" - key-password = "123" - trust-store-password = "changeme" // 加载信任列表证书用的_tls1.3 - #trust-store-password = "changeit" // ssl用的_ca - trust-store-password-mm = "changeme" // 加载信任列表证书用的_origin - - protocol = "TLSv1.3" - enabled-algorithms = [TLS_AES_128_GCM_SHA256] - require-mutual-authentication = on - random-number-generator = "SecureRandom" - } + protocol = "TLSv1.3" + enabled-algorithms = [TLS_AES_128_GCM_SHA256] + require-mutual-authentication = on + random-number-generator = "SecureRandom" } + } + netty.ssl.security { + key-store = "jks/121000005l35120456.node1.jks" + trust-store = "jks/mytruststore.jks" // 加载信任列表证书用的_tls1.3 + #trust-store = "jks/mytrust" // ssl用的_ca + trust-store-mm = "jks/mytruststore.jks" // 加载信任列表证书用的_origin + + key-store-password = "123" + key-password = "123" + trust-store-password = "changeme" // 加载信任列表证书用的_tls1.3 + #trust-store-password = "changeit" // ssl用的_ca + trust-store-password-mm = "changeme" // 加载信任列表证书用的_origin + + protocol = "TLSv1.3" + enabled-algorithms = [TLS_AES_128_GCM_SHA256] + require-mutual-authentication = on + random-number-generator = "SecureRandom" + } + } artery { # Disable artery with this flag enabled = on - # Select the underlying transport implementation. - # Possible values: aeron-udp, tcp, tls-tcp + # Select the underlying transport implementation. + # Possible values: aeron-udp, tcp, tls-tcp transport = tls-tcp - #log-received-messages = on - #log-sent-messages = on - advanced { + #log-received-messages = on + #log-sent-messages = on + advanced { - # Maximum serialized message size, including header data. - maximum-frame-size = 1024 KiB + # Maximum serialized message size, including header data. + maximum-frame-size = 1024 KiB - # Direct byte buffers are reused in a pool with this maximum size. - # Each buffer has the size of 'maximum-frame-size'. - # This is not a hard upper limit on number of created buffers. Additional - # buffers will be created if needed, e.g. when using many outbound - # associations at the same time. Such additional buffers will be garbage - # collected, which is not as efficient as reusing buffers in the pool. - buffer-pool-size = 512 + # Direct byte buffers are reused in a pool with this maximum size. + # Each buffer has the size of 'maximum-frame-size'. + # This is not a hard upper limit on number of created buffers. Additional + # buffers will be created if needed, e.g. when using many outbound + # associations at the same time. Such additional buffers will be garbage + # collected, which is not as efficient as reusing buffers in the pool. + buffer-pool-size = 512 - # Maximum serialized message size for the large messages, including header data. - # It is currently restricted to 1/8th the size of a term buffer that can be - # configured by setting the 'aeron.term.buffer.length' system property. - # See 'large-message-destinations'. - maximum-large-frame-size = 4 MiB + # Maximum serialized message size for the large messages, including header data. + # It is currently restricted to 1/8th the size of a term buffer that can be + # configured by setting the 'aeron.term.buffer.length' system property. + # See 'large-message-destinations'. + maximum-large-frame-size = 4 MiB - # Direct byte buffers for the large messages are reused in a pool with this maximum size. - # Each buffer has the size of 'maximum-large-frame-size'. - # See 'large-message-destinations'. - # This is not a hard upper limit on number of created buffers. Additional - # buffers will be created if needed, e.g. when using many outbound - # associations at the same time. Such additional buffers will be garbage - # collected, which is not as efficient as reusing buffers in the pool. - large-buffer-pool-size = 64 + # Direct byte buffers for the large messages are reused in a pool with this maximum size. + # Each buffer has the size of 'maximum-large-frame-size'. + # See 'large-message-destinations'. + # This is not a hard upper limit on number of created buffers. Additional + # buffers will be created if needed, e.g. when using many outbound + # associations at the same time. Such additional buffers will be garbage + # collected, which is not as efficient as reusing buffers in the pool. + large-buffer-pool-size = 64 - outbound-message-queue-size = 30720 + outbound-message-queue-size = 30720 - #inbound-lanes = 1 + #inbound-lanes = 1 - #outbound-lanes = 1 + #outbound-lanes = 1 + } + # SSL configuration that is used when transport=tls-tcp. + ssl { + # Factory of SSLEngine. + # Must implement akka.remote.artery.tcp.SSLEngineProvider and have a public + # constructor with an ActorSystem parameter. + # The default ConfigSSLEngineProvider is configured by properties in section + # akka.remote.artery.ssl.config-ssl-engine + + ssl-engine-provider = akka.remote.artery.tcp.ConfigSSLEngineProvider + + # Config of akka.remote.artery.tcp.ConfigSSLEngineProvider + config-ssl-engine { + base-path = "jks/" + key-store = "jks/121000005l35120456.node1.jks" + trust-store = "jks/mytruststore.jks" // 加载信任列表证书用的_tls1.3 + #trust-store = "jks/mytrust" // ssl用的_ca + trust-store-mm = "jks/mytruststore.jks" // 加载信任列表证书用的_origin + + key-store-password = "123" + key-password = "123" + trust-store-password = "changeme" // 加载信任列表证书用的_tls1.3 + #trust-store-password = "changeit" // ssl用的_ca + trust-store-password-mm = "changeme" // 加载信任列表证书用的_origin + + protocol = "TLSv1.2" + #enabled-algorithms = [TLS_AES_128_GCM_SHA256] + enabled-algorithms = [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256] + #require-mutual-authentication = on + random-number-generator = "SecureRandom" + + # Require mutual authentication between TLS peers + # + # Without mutual authentication only the peer that actively establishes a connection (TLS client side) + # checks if the passive side (TLS server side) sends over a trusted certificate. With the flag turned on, + # the passive side will also request and verify a certificate from the connecting peer. + # + # To prevent man-in-the-middle attacks this setting is enabled by default. + require-mutual-authentication = on + + # Set this to `on` to verify hostnames with sun.security.util.HostnameChecker + hostname-verification = off } - - # SSL configuration that is used when transport=tls-tcp. - ssl { - # Factory of SSLEngine. - # Must implement akka.remote.artery.tcp.SSLEngineProvider and have a public - # constructor with an ActorSystem parameter. - # The default ConfigSSLEngineProvider is configured by properties in section - # akka.remote.artery.ssl.config-ssl-engine - - ssl-engine-provider = akka.remote.artery.tcp.ConfigSSLEngineProvider - - # Config of akka.remote.artery.tcp.ConfigSSLEngineProvider - config-ssl-engine { - base-path = "jks/" - key-store = "jks/121000005l35120456.node1.jks" - trust-store = "jks/mytruststore.jks" // 加载信任列表证书用的_tls1.3 - #trust-store = "jks/mytrust" // ssl用的_ca - trust-store-mm = "jks/mytruststore.jks" // 加载信任列表证书用的_origin - - key-store-password = "123" - key-password = "123" - trust-store-password = "changeme" // 加载信任列表证书用的_tls1.3 - #trust-store-password = "changeit" // ssl用的_ca - trust-store-password-mm = "changeme" // 加载信任列表证书用的_origin - - protocol = "TLSv1.2" - #enabled-algorithms = [TLS_AES_128_GCM_SHA256] - enabled-algorithms = [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256] - #require-mutual-authentication = on - random-number-generator = "SecureRandom" - - # Require mutual authentication between TLS peers - # - # Without mutual authentication only the peer that actively establishes a connection (TLS client side) - # checks if the passive side (TLS server side) sends over a trusted certificate. With the flag turned on, - # the passive side will also request and verify a certificate from the connecting peer. - # - # To prevent man-in-the-middle attacks this setting is enabled by default. - require-mutual-authentication = on - - # Set this to `on` to verify hostnames with sun.security.util.HostnameChecker - hostname-verification = off - } - } - } - } + } + } + } //创世块