chore(mbe, awm): update docker build/docker compose

README.md

@@ -73,10 +73,10 @@ For containerized deployment, build the Docker images:
 
 ```bash
 # Build Master Express (default port 3081)
-npm run container:build
+npm run container:build:master-bitgo-express
 
 # Build Advanced Wallet Manager (port 3080)
-npm run container:build --build-arg PORT=3080
+npm run container:build:advanced-wallet-manager
 ```
 
 ## Quick Start
@@ -193,10 +193,14 @@ curl -k -X POST https://localhost:3081/ping/advancedWalletManager
 
 ```bash
 # For Master Express (default port 3081)
-npm run container:build
+npm run container:build:master-bitgo-express
 
-# For Advanced Wallet Manager (port 3080)
-npm run container:build --build-arg PORT=3080
+# For Advanced Wallet Manager (default port 3080)
+npm run container:build:advanced-wallet-manager
+
+# Or specify custom ports
+npm run container:build:master-bitgo-express -- --build-arg PORT=3081
+npm run container:build:advanced-wallet-manager -- --build-arg PORT=3082
 ```
 
 ### Run Containers
@@ -216,7 +220,7 @@ podman run -d \
   -e KMS_URL=host.containers.internal:3000 \
   -e NODE_ENV=development \
   -e CLIENT_CERT_ALLOW_SELF_SIGNED=true \
-  bitgo-onprem-express
+  advanced-wallet-manager
 
 # View logs
 podman logs -f <container_id>
@@ -236,7 +240,7 @@ podman run -d \
   -e ADVANCED_WALLET_MANAGER_URL=https://host.containers.internal:3080 \
   -e AWM_SERVER_CA_CERT_PATH=/app/certs/advanced-wallet-manager-cert.pem \
   -e CLIENT_CERT_ALLOW_SELF_SIGNED=true \
-  bitgo-onprem-express
+  master-bitgo-express
 
 # View logs
 podman logs -f <container_id>

docker-compose.yml

@@ -3,51 +3,116 @@ version: '3.8'
 services:
   # Service for advanced-wallet-manager (AWM)
   advanced-wallet-manager:
-    build: .  # Build from the Dockerfile inside the repo
+    build: . # Build from the Dockerfile inside the repo
     container_name: advanced-wallet-manager
     networks:
-      - my-internal-network  # Only part of the internal network
+      - my-internal-network # Only part of the internal network
     environment:
-      - ADVANCED_WALLET_MANAGER_PORT=3081
-      - TLS_MODE=disabled
-      - ALLOW_SELF_SIGNED=true
-      - MTLS_REQUEST_CERT=false
-      - RECOVERY_MODE=true
+      # Application mode (required)
       - APP_MODE=advanced-wallet-manager
-      - KMS_URL=http://172.20.0.1:3000
+
+      # Network settings
+      - ADVANCED_WALLET_MANAGER_PORT=3080
       - BIND=0.0.0.0
+      - TIMEOUT=305000
+      - KEEP_ALIVE_TIMEOUT=65000
+      - HEADERS_TIMEOUT=66000
+
+      # TLS settings
+      - TLS_MODE=disabled
+      - CLIENT_CERT_ALLOW_SELF_SIGNED=true
+
+      # KMS settings (required)
+      - KMS_URL=http://172.20.0.1:3000 # UPDATE TO YOUR OWN KMS URL
+      - KMS_SERVER_CERT_ALLOW_SELF_SIGNED=true
+
+      # Optional KMS TLS settings (uncomment if using mTLS with KMS)
+      # - KMS_SERVER_CA_CERT_PATH=/path/to/kms-ca-cert.pem
+      # - KMS_CLIENT_TLS_KEY_PATH=/path/to/kms-client-key.pem
+      # - KMS_CLIENT_TLS_CERT_PATH=/path/to/kms-client-cert.pem
+      # - KMS_CLIENT_TLS_KEY=<key-content>
+      # - KMS_CLIENT_TLS_CERT=<cert-content>
+
+      # Optional server TLS settings (uncomment if using mTLS)
+      # - SERVER_TLS_KEY_PATH=/path/to/server-key.pem
+      # - SERVER_TLS_CERT_PATH=/path/to/server-cert.pem
+      # - SERVER_TLS_KEY=<key-content>
+      # - SERVER_TLS_CERT=<cert-content>
+      # - MTLS_ALLOWED_CLIENT_FINGERPRINTS=ABC123,DEF456
+
+      # Logging and debug
+      - HTTP_LOGFILE=logs/http-access.log
+      - RECOVERY_MODE=true
+      - NODE_ENV=production
+      - LOG_LEVEL=info
     restart: always
-    ports: []  # No public ports exposed
+    ports: [] # No public ports exposed
+    volumes:
+      - ./logs:/app/logs # Mount logs directory
 
   # Service for master-bitgo-express (MBE) - both internal and publicly accessible
   master-bitgo-express:
-    build: .  # Build from the Dockerfile inside the repo
+    build: . # Build from the Dockerfile inside the repo
     container_name: master-bitgo-express
     networks:
-      - my-internal-network  # Connect to the internal network for internal communication
-      - my-public-network  # Connect to the public network for external access
+      - my-internal-network # Connect to the internal network for internal communication
+      - my-public-network # Connect to the public network for external access
     environment:
+      # Application mode (required)
       - APP_MODE=master-express
+
+      # Network settings
+      - MASTER_EXPRESS_PORT=3081
+      - BIND=0.0.0.0
+      - TIMEOUT=305000
+      - KEEP_ALIVE_TIMEOUT=65000
+      - HEADERS_TIMEOUT=66000
+
+      # BitGo API settings
       - BITGO_ENV=test
-      - TLS_KEY_PATH=test-ssl-key.pem
-      - TLS_CERT_PATH=test-ssl-cert.pem
-      - ADVANCED_WALLET_MANAGER_URL=http://advanced-wallet-manager:3081
-      - ENCLAVED_EXPRESS_CERT=./test-ssl-cert.pem
-      - MTLS_REQUEST_CERT=false
-      - ALLOW_SELF_SIGNED=true
+      - BITGO_DISABLE_ENV_CHECK=true
+      - BITGO_AUTH_VERSION=2
+      # - BITGO_CUSTOM_ROOT_URI=https://custom-bitgo-api.com
+      # - BITGO_CUSTOM_BITCOIN_NETWORK=testnet
+
+      # Advanced Wallet Manager connection (required)
+      - ADVANCED_WALLET_MANAGER_URL=http://advanced-wallet-manager:3080
+      - AWM_SERVER_CERT_ALLOW_SELF_SIGNED=true
+
+      # Optional AWM TLS settings (uncomment if using mTLS with AWM)
+      # - AWM_SERVER_CA_CERT_PATH=/path/to/awm-ca-cert.pem
+      # - AWM_CLIENT_TLS_KEY_PATH=/path/to/awm-client-key.pem
+      # - AWM_CLIENT_TLS_CERT_PATH=/path/to/awm-client-cert.pem
+      # - AWM_CLIENT_TLS_KEY=<key-content>
+      # - AWM_CLIENT_TLS_CERT=<cert-content>
+
+      # TLS settings
       - TLS_MODE=disabled
+      - CLIENT_CERT_ALLOW_SELF_SIGNED=true
+
+      # Optional server TLS settings (uncomment if using mTLS)
+      # - SERVER_TLS_KEY_PATH=/path/to/server-key.pem
+      # - SERVER_TLS_CERT_PATH=/path/to/server-cert.pem
+      # - SERVER_TLS_KEY=<key-content>
+      # - SERVER_TLS_CERT=<cert-content>
+      # - MTLS_ALLOWED_CLIENT_FINGERPRINTS=ABC123,DEF456
+
+      # Logging and debug
+      - HTTP_LOGFILE=logs/http-access.log
       - RECOVERY_MODE=true
-      - MASTER_EXPRESS_PORT=3081
-      - BIND=0.0.0.0
+      - NODE_ENV=production
+      - LOG_LEVEL=info
     restart: always
     ports:
-      - "3081:3081"  # Expose MBE publicly on port 3081
+      - '3081:3081' # Expose MBE publicly on port 3081
+    volumes:
+      - ./logs:/app/logs # Mount logs directory
 
 # Networks section
 networks:
   my-internal-network:
-    driver: bridge  # Internal communication network, no access to the internet
-    internal: true  # Ensures this network is not accessible from outside
-  
+    driver: bridge # Internal communication network, no access to the internet
+    internal: true # Ensures this network is not accessible from outside
+
   my-public-network:
-    driver: bridge  # Public network, allowing external access to MBE
+    driver: bridge # Public network, allowing external access to MBE

package.json

@@ -18,7 +18,8 @@
     "lint:fix": "eslint --quiet --ignore-pattern scripts/bump-version.ts . --fix",
     "generate-test-ssl": "openssl req -x509 -newkey rsa:2048 -keyout demo.key -out demo.crt -days 365 -nodes -subj '/CN=localhost'",
     "generate:openapi:masterExpress": "npx @api-ts/openapi-generator --name @bitgo/master-bitgo-express ./src/api/master/routers/index.ts > masterBitgoExpress.json",
-    "container:build": "podman build -t bitgo-onprem-express .",
+    "container:build:master-bitgo-express": "podman build --build-arg PORT=3081 -t master-bitgo-express .",
+    "container:build:advanced-wallet-manager": "podman build --build-arg PORT=3080 -t advanced-wallet-manager .",
     "bump-versions": "ts-node scripts/bump-version.ts"
   },
   "dependencies": {