doc smith

docs/user/smith.md

+# How to become a (black)smith
+
+## Publish a node
+
+### Duniter part
+- Add this docker-compose on your server :
+[docker/compose/gdev-validator.docker-compose.yml](https://git.duniter.org/nodes/rust/duniter-v2s/-/blob/master/docker/compose/gdev-validator.docker-compose.yml)
+- Edit lines 26 and 51 : `/ip4/SERVER_IP/tcp/30333/p2p/PEER_ID`
+  with your IP or domain an the PEER_ID you get using te command in comment.
+  Note: duniter-rpc PEER_ID and duniter-validator PEER_ID isn't the same.
+- If you have write access errors run in docker-compose.yml folder : `chmod o+rwX -R .`
+- `docker-compose up -d` to start your node
+### Reverse-proxy part (with Nginx)
+In `/etc/nginx/sites-enabled/gdev.YOUR_DOMAIN` put (you can probably do simpler) :
+```
+server {
+  server_name gdev.YOUR_DOMAIN.fr;
+
+  listen 443 ssl http2;
+  ssl_certificate /etc/nginx/ssl/YOUR_DOMAIN.cert;
+  ssl_certificate_key /etc/nginx/ssl/YOUR_DOMAIN.key;
+
+  root /nowhere;
+
+  add_header X-Frame-Options SAMEORIGIN;
+  add_header X-XSS-Protection "1; mode=block";
+  proxy_redirect off;
+  proxy_buffering off;
+  proxy_set_header Host $host;
+  proxy_set_header X-Real-IP $remote_addr;
+  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  proxy_set_header X-Forwarded-Proto $scheme;
+  proxy_set_header X-Forwarded-Port $server_port;
+  proxy_read_timeout 90;
+
+  location /http {
+    proxy_pass http://localhost:9933;
+    proxy_http_version 1.1;
+  }
+  location /ws {
+    proxy_pass http://localhost:9944;
+
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+    proxy_http_version 1.1;
+
+    proxy_read_timeout 1200s;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header Host $host;
+  }
+}
+```
+and replace `YOUR_DOMAIN` by your domain each time.
+
+- [generate your ssl certificates](https://github.com/acmesh-official/acme.sh) with let's encrypt
+  if you don't already have a wildcard certificate.
+- `service nginx reload`
+
+Your node is now online as a mirror node. It's fully capable for wallet use.
+
+## Join the Smith WoT
+- add polkadot webextension to be able to authentificate with your account.
+- Go to [any node with polkadotjs ui](https://gdev.1000i100.fr/dev-ui/?rpc=wss://gdev.1000i100.fr/ws)
+- Ask to join Smith WoT (you need to already be in the main WoT)
+  - developer > extrinsics > YOUR_SMITH_ACCOUNT > smithMembership > requestMemberShip(metadata)
+  - add your p2p endpoint (optional)
+  - add your session key (follow point 1 to 4 from Validate blocks > Generate and publish your session key)
+  - Send the query
+- Await smith certification : developer > extrinsics > CERTIFIER_SMITH_ACCOUNT > smithCert > addCert(receiver)
+
+When you have at least 3 certifications, your'in !
+
+
+
+## Validate blocks (blacksmith work)
+
+- Generate and publish your session keys
+  1. create an ssh bridge from your desktop/laptop to your server : `ssh -L 9945:localhost:9945 SSH_USER@YOUR_SERVER`
+  2. In your browser go to [polkadotjs : ws://localhost:9945](https://polkadot.js.org/apps/?rpc=ws%3A%2F%2Flocalhost%3A9945#/explorer)
+  3. In the UI : developer > appel RPC > author > rotateKey() and run
+  4. copy the result in clipboard
+  5. In the UI : developer > extrinsics > YOUR_SMITH_ACCOUNT > authorityMembers > setSessionKeys(keys) then copy your session keys and run the query.
+  6. **wait 48h to verify you keep sync**
+- Join
+  - In the UI : developer > extrinsics > YOUR_SMITH_ACCOUNT > authorityMembers > goOnline()
+
+If you're not able to monitor, reboot, act on your node, goOffline() to avoid penality to the blockchain and to you.