-
Notifications
You must be signed in to change notification settings - Fork 0
Config Setup
The config file is one of the most important files for users in the PHP-MPOS project. It can be found in the /public/include/config directory under the name global.inc.dist.php. In this form the file is inactive and will not affect the site. Until the config file has been activated by changing the name to global.inc.php the PHP-MPOS project will not load. By activating this file a user can gain access to many powerful tools for changing the settings on all pages of the site.
This is used in the version check to ensure you run the latest version of the configuration file. Once you upgraded your config, change the version here too.
Unless disabled will perform a simple check on your config and display the results for logged in admins.
Debug is the debug level to run the application at, 0 for disabled - 5 for most verbose.
SALT and SALTY are used to hash passwords, so longer is better!
Default Values:
DEBUG = 0
SALT = ''
SALTY = ''
The *_PATH defines are now located in bootstrap.php, in the includes folder.
Underlying coin algorithm that you are mining on. Set this to whatever your coin needs, sha256d or scrypt.
Default Values:
algorithm = 'scrypt'
algorithm
- SHA coins like Bitcoin or Scrypt based coins like Litecoin
A MySQL database backend is required for MPOS. Creating a database is covered in the [Quick Start Guide] (https://github.com/MPOS/php-mpos/wiki/Quick-Start-Guide#wiki-database-setup). Additionally a base database structure is available for importation in the /sql folder by the name of 000_base_structures. Future updates to the database are provided in individual table files. nsure the database structure is imported!
Default Values:
host = 'localhost'
port = 3306
user = 'someuser'
pass = 'somepass'
name = 'mpos'
host
- location for the database, generally on the same server as the site port
port
- which port accesses the database if hosted externally
user
- database user name
pass
- database user password
name
- name of the database used for the project, needs to match the name of the database created
MPOS uses the RPC backend to fetch transactions, blocks and various other things. They need to match your coind RPC configuration.
Default Values:
type = 'http'
host = 'localhost:19334'
username = 'testnet'
password = 'testnet'
type
- RPC connection type
host
- RPC host
username
- RPC username
password
- RPC password
Running pools, especially those with active fees, will build up a good amount of liquid assets that can be used by pool operators. If you wish to automatically send your assets to a offline wallet, set your account address, reserves and thresholds here.
Default Values:
addresss = empty
reserve = 50
threshold = 25
addresss
- The address of the wallet to the address you'd like to receive the coins in
reserve
- The amount you'd like to remain in the wallet. Recommended is at least 1 block value
threshold
- The amount of coins you'd like to send per batch minimum. Once exceeded, this is sent to the offline wallet address specified.
This is displayed on GettingStarted Page to make it more dynamic
Default Values:
coinname = 'Litecoin'
coinurl = 'http://www.litecoin.org'
stratumurl = ''
stratumport = '3333'
coinname
- The name of the coin this MPOS install is for
coinurl
- URL for more information about this coin
stratumurl
- URL used in getting started page for stratum
stratumport
- Port used in getting started page for stratum
MPOS will try to fetch the current exchange rates from this API URL/target. Currently btc-e and coinchoose are supported in MPOS. If you want to remove the trade header just set currency to an empty string.
Default Values:
btc-e.com
url = `https://btc-e.com`
target = `/api/2/ltc_usd/ticker`
currency = `USD`
coinchoose.com
url = `http://www.coinchoose.com`
target = `/api.php`
currency = `BTC`
cryptsy.com
url = `http://pubapi.cryptsy.com`
currency = `BTC`
target = `/api.php?method=marketdata`
These values define the min and max settings that can be entered by a user.
Default Values:
min = 1
max = 250
min
- Minimum amount a user can request automatic payout at
max
- Maximum amount a user can request automatic payout for
You can define a min and max values for you users donation settings here.
Default Values:
min = 1
min
- Cap the minimum donation amount at this
Invitations will allow your users to invite new members to join the pool. After sending a mail to the invited user, they can register using the token created. Invitations can be enabled and disabled through the admin panel. Sent invitations are listed on the account invitations page.
Default Values:
count = 5
count
- Maximum invitations a user is able to send
Shorthand name for currency used by this pool
Default Values:
currency = 'LTC'
currency
- Shorthand name for the currency used
Target time for coins to be generated
Fastcoin: 12 seconds Litecoin: 2,5 minutes = 150 seconds Feathercoin: 2,5 minutes = 150 seconds Bitcoin: 10 minutes = 600 seconds
Default Values:
cointarget = 150
Amount of Blocks until Difficulty change
Fastcoin: 300 Blocks Litecoin: 2016 Blocks Bitcoin: 2016 Blocks
Default Values:
coindiffchangetarget = 2016
cointarget
- Time in seconds for coins to be generated for this coin
The coin daemon applies transaction fees to young coins. Since we are unable to find out what the exact fee was we set a default value here which is applied to both manual and auto payouts. If this is not set, no fee is applied in the transactions history but the user might still see them when the coins arrive. You can set two different transaction fees for manual and auto payouts.
Default Values:
txfee_auto = 0.1
txfee_manual = 0.1
txfee_auto
- Setting for auto payout TX fee
txfee_manual
- Setting for auto payout TX fee
Payout a block bonus to block finders, this bonus is paid by the pool operator, it is not deducted from the block payout! 0 = disabled
Default Values:
block_bonus = 0
block_bonus
- This bonus is paid by the pool operator, not from the block!
This will modify some templates and activate the appropriate crons. Only ONE payout system at a time is supported!
prop: Proportional payout system
pps : Pay Per Share payout system
pplns : Pay Per Last N Shares payout system
Default Values:
payout_system = 'prop'
payout_system
- The payout system chosen, prop pps or pplns
As soon as a round is finished, shares of that rate are archived (see below) and deleted from the shares table. Due to a large amount of shares in a single round, this can take a very long time. To reduce server load and allow other systems to access the DB during this high-load time, the DELETE calls are being limited to a number of rows. Then the process sleeps and continues to delete shares until all shares have been purged.
You can adjust some purging settings here in order to improve your overall site performance during round ends. Keep in mind that decreasing shares/time will make the cron run longer but at least keeps your site active. Vice versa higher numbers allow for a faster deletion but might affect the live site. This system is also used when purging archived shares.
Default Values:
sleep = 1
shares = 25000
sleep
- Time to sleep between delete calls
shares
- How many shares to delete at one time
By default, we don't need to archive for a long time. PPLNS and Hashrate calculations rely on this archive, but all shares past a certain point can safely be deleted.
To ensure we have enough shares on stack for PPLNS, this is set to the past 10 rounds. Even with lucky ones in between those should fit the PPLNS target. On top of that, even if we have more than 10 rounds, we still keep the last maxage shares to ensure we can calculate hashrates. Both conditions need to be met in order for shares to be purged from archive.
Proportional mode will only keep the past 24 hours. These are required for hashrate calculations to work past a round, hence 24 hours was selected as the default. You may want to increase the time for debugging, then add any integer reflecting minutes of shares to keep.
Default Values:
maxrounds = 10
maxage = 60 * 24 (24h)
maxrounds
- PPLNS, keep shares for maxrounds
maxage
- PROP and PPLNS, delete shares older than maxage minutes
Fees applied to users in percent, disabled = 0
Default Values:
fees = 0
PPLNS can run on two different payouts: fixed and blockavg. Each one defines a different PPLNS target.
Fixed means we will be looking at the shares setup in the default setting. There is no automatic adjustments to the PPLNS target, all users will be paid out proportionally to that target.
Blockavg will look at the last blockcount blocks shares and take the average as the PPLNS target. This will be automatically adjusted when difficulty changes and more blocks are available. This keeps the target dynamic but still traceable.
If you use the fixed type it will use $config['pplns']['shares']['default'] for target calculations, if you use blockavg type it will use $config['pplns']['blockavg']['blockcount'] blocks average for target calculations.
default : Default target shares for PPLNS
type : Payout type used in PPLNS
blockcount : Amount of blocks to check for avg shares
Available Options:
default : amount of shares, integeger
type : blockavg or fixed
blockcount : amount of blocks, any integer
Default Values:
default = 4000000
type = 'blockavg'
blockcount = 10
For pushpoold, see the FAQ
Proportional + PPLNS Payout System
When running a pool on fixed mode, each block will be paid out as defined in reward. If you wish to pass transaction fees inside discovered blocks on to user, set this to block. This is really helpful for altcoins with dynamic block values!
PPS Payout System
If set to fixed, all PPS values are based on the reward setting. If you set it to block you will calculate the current round based on the previous block value. The idea is to pass the block of the last round on to the users. If no previous block is found, PPS value will fall back to the fixed value set in reward. Ensure you don't overpay users in the first round!
Default Values:
reward_type = 'block'
reward = 50
Available Values:
reward_type:
fixed : Fixed value according to `reward` setting
block : Dynamic value based on block amount
reward:
float value : Any value of your choice but should reflect base block values
Confirmations per block required to credit transactions, default: 120 Do NOT touch this unless you know what you are doing! Please check your coin for the appropriate value here, but most should work with this.
Default Values:
confirmations = 120
confirmations
- Number of confirmations per block required to credit transactions
Confirmations per block required in network to confirm its transactions, default: 120 Do NOT touch this unless you know what you are doing! Please check your coin for the appropriate value here, but most should work with this.
Default Values:
network_confirmations = 120
network_confirmations
- Number of confirmations in network to confirm transactions
Pay per share settings
Default Values:
pps_reward_type = `fixed` default $config['pps']['reward']['default']
reward = 50
Available Options:
reward_type:
fixed : Fixed value according to `reward` setting
blockavg : Dynamic value based on average of x number of block rewards
block : Dynamic value based on LAST block amount
reward:
float value : Any value of your choice but should reflect base block values
blockcount : amount of blocks to average, any integer
After disabling memcache, installation of memcache is not required. Please note that a memcache is greatly increasing performance when combined with the statistics.php cronjob. Disabling this is not recommended in a live environment!
Default Values:
enabled = true
host = 'localhost'
port = 11211
keyprefix = 'mpos_'
expiration = 90
splay = 15
enabled
- Disable (false) memcache for debugging or enable (true) it
host
- Host IP or hostname
port
- memcache port
keyprefix
- Must be changed for multiple MPOS instances on one host
expiration
- Default expiration time in seconds of all cached keys. Increase if caches expire too fast.
splay
- Default randomizer for expiration times. This will spread expired keys across
splayseconds.
You can configure the cookie behaviour to secure your cookies more than the PHP defaults. For multiple installations of MPOS on the same domain you must change the cookie path.
Default Values:
duration = '1440'
domain = ''
path = '/'
httponly = true
secure = false
duration the amount of time, in seconds, that a cookie should persist in the users browser. 0 = until closed; 1440 = 24 minutes. Check your php.ini 'session.gc_maxlifetime' value and ensure that it is at least the duration specified here.
domain
- the only domain name that may access this cookie in the browser
path
- the highest path on the domain that can access this cookie; i.e. if running two pools from a single domain you might set the path /ltc/ and /ftc/ to separate user session cookies between the two.
httponly
- marks the cookie as accessible only through the HTTP protocol. The cookie can't be accessed by scripting languages, such as JavaScript. This can help to reduce identity theft through XSS attacks in most browsers.
secure
- marks the cookie as accessible only through the HTTPS protocol. If you have a SSL certificate installed on your domain name then this will stop a user accidentally accessing the site over a HTTP connection, without SSL, exposing their session cookie.
Smarty implements a file based cache for all HTML output generated from dynamic scripts. It can be enabled to cache the HTML data on disk, future request are served from those cache files.
This may or may not work as expected, in general Memcache is used to cache all data so rendering the page should not take too long anyway.
You can test this out and enable (1) this setting but it's not guaranteed to work with MPOS.
Ensure that the folder templates/cache is writeable by the web server!
0 = disabled
Default Values:
cache = 0
cache_lifetime = 30
cache
- Use Smarty Caching
cache_lifetime
- Length in seconds to keep files in cache
This will disable loading of some API calls in case the system loads exceeds the defined max setting. Useful to temporarily suspend live statistics on a server that is too busy to deal with requests.
Default Values:
max = 10.0
max
- Float, maximum system load
By default, we will use the security settings from the dist config
If you want to apply your own settings you should create a new copy of the security dist config without the 'dist,' as it will override the values automatically.
Extra security options that can help protect against a few different types of attacks.
Default Values:
strict = true
strict__https_only = false
strict__mysql_filter = true
strict__verify_client = true
strict__verify_client_ip = true
strict__verify_client_useragent = true
strict__verify_client_sessionid = true
strict__verify_client_fails = 0
strict__verify_server = false
strict__bind_protocol = 'https'
strict__bind_host = ''
strict__bind_port = 443
strict
- Whether or not to use strict mode
__https_only
- Requires/pushes to https
__mysql_filter
- Uses a mysqli shim to use php filters on all incoming data
__verify_client
- Verifies the client using specified settings
__verify_client_ip
- If the client request suddenly switches IP, trigger a failure**
__verify_client_useragent
- If the client request suddenly switches Useragent, trigger a failure
__verify_client_sessionid
- If the client request suddenly switches SessionID, trigger a failure
__verify_client_fails
- Maximum number of client-side inconsistencies to accept before revoking sessions
__verify_server
- Verifies the server is valid for this request
__bind_protocol
- Server validate protocol; http or https
__bind_host
- Server validate host; ie. your domain or subdomain
__bind_port
- Server validate port; 80 / 443 / something else
Because bots/angry users can just fire away at pages or f5 us to death, we can attempt to rate limit requests using Nemcache.
Default Values:
enabled = true
protect_ajax = true
ajax_hits_additive = false
flush_seconds_api = 60
rate_limit_api = 20
flush_seconds_site = 60
rate_limit_site = 30
ignore_admins = true
error_push_page = array('page' => 'error', 'action' => 'ratelimit');
enabled
- Whether or not we will try to rate limit requests
protect_ajax
- If enabled, we will also watch the ajax calls for rate limiting and kill bad requests
ajax_hits_additive
- If enabled, ajax hits will count towards the site counter as well as the ajax counter
flush_seconds_api
- Number of seconds between each flush of user/ajax counter
rate_limit_api
- Number of api requests allowed per flush_seconds_api
flush_seconds_site
- Number of seconds between each flush of user/site counter
rate_limit_site
- Number of site requests allowed per flush_seconds_site
ignore_admins
- Ignores the rate limit for admins
error_push_page
- Page/action array to push users to a specific page, look in the URL! Empty = 'You are sending too many requests too fast!' on a blank page
To help protect against CSRF, we can generate a hash that changes every minute and is unique for each user/IP and page or use, and check against that when a form is submitted.
Default Values:
enabled = true
enabled
- Whether or not to generate and check for valid CSRF Tokens
To increase security for users, account detail changes can require an e-mail confirmation prior to performing certain actions.
Default Values:
enabled = true
details = true
withdraw = true
changepw = true
enabled
- Whether or not to require e-mail confirmations
details
- Require confirmation to change account details
withdraw
- Require confirmation to manually withdraw/payout
changepw
- Require confirmation to change password
To avoid accounts being hacked by brute force attacks, set a maximum amount of failed login or pin entry attempts before locking the account. They will need to contact site support to re-enable the account.
login = 3
pin = 3
login
- Number of attempts invalid login attempts before locking
pin
- Number of invalid pin attempts before locking