Skip to content
R4SAS edited this page Apr 20, 2019 · 61 revisions

The Config File

The config file is one of the most important files for users in the PHP-MPOS project. It can be found in the /public/include/config directory under the name global.inc.dist.php. In this form the file is inactive and will not affect the site. Until the config file has been activated by changing the name to global.inc.php the PHP-MPOS project will not load. By activating this file a user can gain access to many powerful tools for changing the settings on all pages of the site.

Configuration Options

Config Version

This is used in the version check to ensure you run the latest version of the configuration file. Once you upgraded your config, change the version here too.

Config Check

Unless disabled will perform a simple check on your config and display the results for logged in admins.

Check for valid Wallet Address

Enables/Disables Registration with Wallet Address

Defines & salts

Debug is the debug level to run the application at, 0 for disabled - 5 for most verbose.

SALT and SALTY are used to hash passwords, so longer is better!

Default Values:

DEBUG = 0
SALT  = ''
SALTY = ''

The *_PATH defines are now located in bootstrap.php, in the includes folder.

Algorithm

Underlying coin algorithm that you are mining on. Set this to whatever your coin needs, sha256d, scrypt, scryptn or x11.

Default Values:

algorithm    =    'scrypt'

algorithm

  • sha256d: Bitcoin and similar ones.
  • scrypt: Litecoin and most of the all-coins.
  • scryptn: Vertcoin and similar ones.
  • x11: Darkcoin and similar ones.

Getbalance API Calls

Some Coins have a bad implementation of getbalance. In Some cases, Coindaemon did not return Balance with unconfirmed Blocks. If your Coindaemone returns the same values when you run ./coindaemon getbalance and ./coindaemon getbalance '', you have to set this to false.

$config['getbalancewithunconfirmed'] = true;

Database Configuration

A MySQL database backend is required for MPOS. Creating a database is covered in the [Quick Start Guide] (https://github.com/MPOS/php-mpos/wiki/Quick-Start-Guide#wiki-database-setup). Additionally a base database structure is available in sql/000_base_structure.sql. If a database update is required, MPOS will disable the cronjobs and notify the admins of the website via popup notification. Please run the upgrade/run_upgrades.php script to migrate your database to the latest version.

Default Values:

host = 'localhost'
port = 3306
user = 'someuser'
pass = 'somepass'
name = 'mpos'

Explanations

host

  • location for the database, generally on the same server as the site port

port

  • which port accesses the database if hosted externally

user

  • database user name

pass

  • database user password

name

  • name of the database used for the project, needs to match the name of the database created

shared

  • this is a special variable that will allow advanced users to setup a Single Sign On setup for MPOS

Local Wallet RPC

MPOS uses the RPC backend to fetch transactions, blocks and various other things. They need to match your coind RPC configuration.

Default Values:

type      =  'http'
host      =  'localhost:19334'
username  =  'testnet'
password  =  'testnet'

type

  • RPC connection type

host

  • RPC host

username

  • RPC username

password

  • RPC password

Swiftmailer

You can configure how MPOS is sending mail via Swiftmailer here. Please be aware that we recommend running a local MTA as relay to your actual mail provider. Using SMTP will add the connection overhead when sending mail, that may result in very long runtimes when sending a lot of mails out.

SMTP can still be used. Please configure it using the smtp options in this configuration block. For newsletters, we added the option to enable throttle mode, which will only send 100 message per minute! Use an MTA if you have a large volume of users!

Default Values:

type               =  sendmail
sendmail path      =  /usr/sbin/sendmail
sendmail options   =  -bs
smtp host          =  your.mail-relay.com
smtp port          =  587
smtp encryption    =  tls
smtp username      =  ''
smtp password      =  ''
smtp throttle      =  100

Getting Started

This is displayed on GettingStarted Page to make it more dynamic

Default Values:

coinname    =  'Litecoin'
coinurl     =  'http://www.litecoin.org'
stratumurl  =  ''
stratumport =  '3333'

coinname

  • The name of the coin this MPOS install is for

coinurl

  • URL for more information about this coin

stratumurl

  • URL used in getting started page for stratum

stratumport

  • Port used in getting started page for stratum

Ticker API

MPOS will try to fetch the current exchange rates from this API URL/target. Currently btc-e and coinchoose are supported in MPOS. If you want to remove the trade header just set currency to an empty string.

Default Values:

btc-e.com
  url       =  `https://btc-e.com`
  target    =  `/api/2/ltc_usd/ticker`
  currency  =  `USD`

coinchoose.com
  url       =  `http://www.coinchoose.com`
  target    =  `/api.php`
  currency  =  `BTC`

cryptsy.com
  url       =  `http://pubapi.cryptsy.com`
  currency  =  `BTC`
  target    =  `/api.php?method=singlemarketdata&marketid={MARKET_ID}`

cryptorush.in
  url       =  `https://cryptorush.in`
  currency  =  `BTC`
  target    =  `/api.php?get=market&m={YOUR_COIN}&b={TARGET_COIN}&key={YOUR_API_KEY}&id={YOUR_ID}`

cryptopia.co.nz
  url       =  `https://www.cryptopia.co.nz`
  currenty  =  `BTC`
  target    =  `/api/GetMarket/{MARKET_ID}`

mintpal.com
  url       =  `https://api.mintpal.com`
  currency  =  `BTC`
  target    =  `/market/stats/LTC/BTC`

bittrex.com
  url       =  `https://bittrex.com`
  currency  =  `BTC`
  target    =  `/api/v1.1/public/getticker?market=BTC-{YOUR_COIN}`

Automatic Payout Thresholds

These values define the min and max settings that can be entered by a user.

Default Values:

min  = 1
max  = 250

min

  • Minimum amount a user can request automatic payout at

max

  • Maximum amount a user can request automatic payout for

Minimum Manual Payout Threshold

These value defines the min manual payout that can be entered by a user.

Default Values:

1

Maximum Coins per Payout

These value defines the max payout that can be entered by a user. This should be set to the value, Coin Daemon can handle as max for one Transaction to a single user.

Default Values:

20000

Donation Thresholds

You can define a min and max values for you users donation settings here.

Default Values:

min = 1

min

  • Cap the minimum donation amount at this

Account Specific Settings

Invitations will allow your users to invite new members to join the pool. After sending a mail to the invited user, they can register using the token created. Invitations can be enabled and disabled through the admin panel. Sent invitations are listed on the account invitations page.

Default Values:

count  =  5

count

  • Maximum invitations a user is able to send

Currency

Shorthand name for currency used by this pool

Default Values:

currency = 'LTC'

currency

  • Shorthand name for the currency used

Coin Target

Target time for coins to be generated

Fastcoin: 12 seconds Litecoin: 2,5 minutes = 150 seconds Feathercoin: 2,5 minutes = 150 seconds Bitcoin: 10 minutes = 600 seconds

Default Values:

cointarget = 150

Coin Diff Change

Amount of Blocks until Difficulty change

Fastcoin: 300 Blocks Litecoin: 2016 Blocks Bitcoin: 2016 Blocks

Default Values:

coindiffchangetarget = 2016

cointarget

  • Time in seconds for coins to be generated for this coin

TX Fees

The coin daemon applies transaction fees to young coins. Since we are unable to find out what the exact fee was we set a default value here which is applied to both manual and auto payouts. If this is not set, no fee is applied in the transactions history but the user might still see them when the coins arrive. You can set two different transaction fees for manual and auto payouts.

Default Values:

txfee_auto     =  0.1
txfee_manual   =  0.1

txfee_auto

  • Setting for auto payout TX fee

txfee_manual

  • Setting for auto payout TX fee

Block Bonus

Payout a block bonus to block finders, this bonus is paid by the pool operator, it is not deducted from the block payout! 0 = disabled

Default Values:

block_bonus  =  0  

block_bonus

  • This bonus is paid by the pool operator, not from the block!

Pool Bonus

Payout a general bonus to all your miners. By default, this is based on their payouts and will pay out an additional percentage to their income. This will be covered from your liquid assets! As a payout time, you can either chose payout or block. Block will payout the same percentage based on the block value to all miners! So setting this to 1% on a 50 block reward pays 5 coins per user from your liquid assets! Payout based bonuses only pay a bonus total to the block values percentage.

Default Values:

pool_bonus       =  0  
pool_bonus_type  =  payout

Payout System

This will modify some templates and activate the appropriate crons. Only ONE payout system at a time is supported!

prop: Proportional payout system
pps : Pay Per Share payout system
pplns : Pay Per Last N Shares payout system

Default Values:

payout_system  =  'prop'

payout_system

  • The payout system chosen, prop pps or pplns

Sendmany Support

By default we try to detect sendmany in the RPC but disable the use of it. If you are sure that your RPC does support sendmany properly, you can enable it here and speed up your payouts significantly.

sendmany enabled : Enable/Disable sendmany support.

Default Values:

sendmany enabled  =  false

Payouts

We are only running a certain amount of payouts per run to not overload the RPC with transactions per run. You can set a limit for manual and auto-payouts.

You can also enable our own getrealbalance RPC wrapper that will try to get an accurate display of your wallets balance for those coins that require to pay from the default wallet. Symptoms that you may need this includes payout runs bailing with error 500 from the RPC but payments did indeed succeed. Try enabling the getrealbalance option and see if your payouts run smoother. Most coins won't need this.

Default Values:

txlimit_manual = 500
txlimit_auto   = 500
getrealbalance = false

Round Purging

As soon as a round is finished, shares of that rate are archived (see below) and deleted from the shares table. Due to a large amount of shares in a single round, this can take a very long time. To reduce server load and allow other systems to access the DB during this high-load time, the DELETE calls are being limited to a number of rows. Then the process sleeps and continues to delete shares until all shares have been purged.

You can adjust some purging settings here in order to improve your overall site performance during round ends. Keep in mind that decreasing shares/time will make the cron run longer but at least keeps your site active. Vice versa higher numbers allow for a faster deletion but might affect the live site. This system is also used when purging archived shares.

Default Values:

sleep  = 1
shares = 25000

sleep

  • Time to sleep between delete calls

shares

  • How many shares to delete at one time

Archiving

By default, we don't need to archive for a long time. PPLNS and Hashrate calculations rely on this archive, but all shares past a certain point can safely be deleted.

To ensure we have enough shares on stack for PPLNS, this is set to the past 10 rounds. Even with lucky ones in between those should fit the PPLNS target. On top of that, even if we have more than 10 rounds, we still keep the last maxage shares to ensure we can calculate hashrates. Both conditions need to be met in order for shares to be purged from archive.

Proportional mode will only keep the past 24 hours. These are required for hashrate calculations to work past a round, hence 24 hours was selected as the default. You may want to increase the time for debugging, then add any integer reflecting minutes of shares to keep.

Default Values:

maxrounds  =  10
maxage     =  60 * 24   (24h)

maxrounds

  • PPLNS, keep shares for maxrounds

maxage

  • PROP and PPLNS, delete shares older than maxage minutes

Pool Fees

Fees applied to users in percent, disabled = 0

Default Values:

fees = 0

PPLNS Settings

PPLNS can run on two different payouts: fixed and blockavg. Each one defines a different PPLNS target.

Fixed means we will be looking at the shares setup in the default setting. There is no automatic adjustments to the PPLNS target, all users will be paid out proportionally to that target.

Blockavg will look at the last blockcount blocks shares and take the average as the PPLNS target. This will be automatically adjusted when difficulty changes and more blocks are available. This keeps the target dynamic but still traceable.

If you use the fixed type it will use $config['pplns']['shares']['default'] for target calculations, if you use blockavg type it will use $config['pplns']['blockavg']['blockcount'] blocks average for target calculations.

default     :  Default target shares for PPLNS
type        :  Payout type used in PPLNS
blockcount  :  Amount of blocks to check for avg shares

Available Options:
default     :  amount of shares, integeger
type        :  blockavg or fixed
blockcount  :  amount of blocks, any integer

Default Values:

default     =  4000000
type        =  'blockavg'
blockcount  =  10

Pool Target Difficulty

For pushpoold, see the FAQ

Reward Settings

Proportional + PPLNS Payout System When running a pool on fixed mode, each block will be paid out as defined in reward. If you wish to pass transaction fees inside discovered blocks on to user, set this to block. This is really helpful for altcoins with dynamic block values!

PPS Payout System If set to fixed, all PPS values are based on the reward setting. If you set it to block you will calculate the current round based on the previous block value. The idea is to pass the block of the last round on to the users. If no previous block is found, PPS value will fall back to the fixed value set in reward. Ensure you don't overpay users in the first round!

Default Values:

reward_type  = 'block'
reward       = 50

Available Values:

reward_type:
  fixed       : Fixed value according to `reward` setting
  block       : Dynamic value based on block amount
  blockavg    : Dynamic values based on average of last N blocks
reward:
  float value : Any value of your choice but should reflect base block values
blockavg blockcount :
  integer value : Amount of N blocks to use for block average rewards

Confirmations

Confirmations per block required to credit transactions to users, default: 120 Do NOT touch this unless you know what you are doing! Please check your coin for the appropriate value here, but most should work with this.

If you set this wrong, you may confirm a users MPOS transaction for a block before the actual block found with that transaction has confirmed and added to your wallet balance. You may pay out orphaned blocks to users if this is not set properly.

Default Values:

confirmations = 120

confirmations

  • Number of confirmations per block required to credit transactions

Network Confirmations

Confirmations per block required in network to confirm its block value in your wallet, default: 120 Do NOT touch this unless you know what you are doing! Please check your coin for the appropriate value here, but most should work with this.

Usually, you should keep both confirmations and network_confirmations at the same setting to not cause any payout issues in your pool!

Default Values:

network_confirmations = 120

network_confirmations

  • Number of confirmations in network to confirm transactions

PPS Settings

Pay per share settings

Default Values:

pps_reward_type  = `fixed` default $config['pps']['reward']['default']
reward       = 50

Available Options:

reward_type:
  fixed       : Fixed value according to `reward` setting
  blockavg    : Dynamic value based on average of x number of block rewards
  block       : Dynamic value based on LAST block amount
reward:
  float value : Any value of your choice but should reflect base block values
  blockcount  : amount of blocks to average, any integer

Memcache

After disabling memcache, installation of memcache is not required. Please note that a memcache is greatly increasing performance when combined with the statistics.php cronjob. Disabling this is not recommended in a live environment!

Default Values:

enabled               =  true
host                  =  'localhost'
port                  =  11211
keyprefix             =  'mpos_'
expiration            =  90
splay                 =  15
force contrib_shares  = false

enabled

  • Disable (false) memcache for debugging or enable (true) it

host

  • Host IP or hostname

port

  • memcache port

keyprefix

  • Must be changed for multiple MPOS instances on one host

expiration

  • Default expiration time in seconds of all cached keys. Increase if caches expire too fast.

splay

  • Default randomizer for expiration times. This will spread expired keys across splay seconds.

force.contrib_shares

  • Enforce using caches will cause Top 15 Contributor Shares to NOT fall back to SQL. Useful on high hashrate pools (>3 GHash).

Cookies

You can configure the cookie behaviour to secure your cookies more than the PHP defaults. For multiple installations of MPOS on the same domain you must change the cookie path.

Default Values:

duration = '1440'
domain   = ''
path     = '/'
httponly = true
secure   = false

duration the amount of time, in seconds, that a cookie should persist in the users browser. 0 = until closed; 1440 = 24 minutes. Check your php.ini 'session.gc_maxlifetime' value and ensure that it is at least the duration specified here.

domain

  • the only domain name that may access this cookie in the browser

path

  • the highest path on the domain that can access this cookie; i.e. if running two pools from a single domain you might set the path /ltc/ and /ftc/ to separate user session cookies between the two.

httponly

  • marks the cookie as accessible only through the HTTP protocol. The cookie can't be accessed by scripting languages, such as JavaScript. This can help to reduce identity theft through XSS attacks in most browsers.

secure

  • marks the cookie as accessible only through the HTTPS protocol. If you have a SSL certificate installed on your domain name then this will stop a user accidentally accessing the site over a HTTP connection, without SSL, exposing their session cookie.

Smarty Cache

Smarty implements a file based cache for all HTML output generated from dynamic scripts. It can be enabled to cache the HTML data on disk, future request are served from those cache files.

This may or may not work as expected, in general Memcache is used to cache all data so rendering the page should not take too long anyway.

You can test this out and enable (1) this setting but it's not guaranteed to work with MPOS.

Ensure that the folder templates/cache is writeable by the web server!

0 = disabled

Default Values:

cache           =  0
cache_lifetime  =  30

cache

  • Use Smarty Caching

cache_lifetime

  • Length in seconds to keep files in cache

System Load

This will disable loading of some API calls in case the system loads exceeds the defined max setting. Useful to temporarily suspend live statistics on a server that is too busy to deal with requests.

Default Values:

max    =  10.0

max

  • Float, maximum system load

If you have your MySQL on a different server and/or use Master/Slave setup:

Setup a simple apache+php service on the database server, and put the file scripts/loadavg.php on the documentroot.

Check the config file for the following parameters:

$config['system']['load']['remote'] = false;
$config['system']['load']['remote_url'] = "http://sqlhost/loadavg.php";

Security Configuration Options

By default, we will use the security settings from the dist config

If you want to apply your own settings you should create a new copy of the security dist config without the 'dist,' as it will override the values automatically.

Memcache Rate Limiting

Because bots/angry users can just fire away at pages or f5 us to death, we can attempt to rate limit requests using Nemcache.

Default Values:

enabled              =   true
protect_ajax         =   true
ajax_hits_additive   =   false
flush_seconds_api    =   60
rate_limit_api       =   20
flush_seconds_site   =   60
rate_limit_site      =   30
ignore_admins        =   true
error_push_page      =   array('page' => 'error', 'action' => 'ratelimit');

enabled

  • Whether or not we will try to rate limit requests

protect_ajax

  • If enabled, we will also watch the ajax calls for rate limiting and kill bad requests

ajax_hits_additive

  • If enabled, ajax hits will count towards the site counter as well as the ajax counter

flush_seconds_api

  • Number of seconds between each flush of user/ajax counter

rate_limit_api

  • Number of api requests allowed per flush_seconds_api

flush_seconds_site

  • Number of seconds between each flush of user/site counter

rate_limit_site

  • Number of site requests allowed per flush_seconds_site

ignore_admins

  • Ignores the rate limit for admins

error_push_page

  • Page/action array to push users to a specific page, look in the URL! Empty = 'You are sending too many requests too fast!' on a blank page

CSRF Protection

To help protect against CSRF, we can generate a hash that changes every minute and is unique for each user/IP and page or use, and check against that when a form is submitted.

Default Values:

enabled    =    true

enabled

  • Whether or not to generate and check for valid CSRF Tokens

E-mail Confirmations

To increase security for users, account detail changes can require an e-mail confirmation prior to performing certain actions.

Default Values:

enabled   =  true
details   =  true
withdraw  =  true
changepw  =  true

enabled

  • Whether or not to require e-mail confirmations

details

  • Require confirmation to change account details

withdraw

  • Require confirmation to manually withdraw/payout

changepw

  • Require confirmation to change password

Lock accounts after failed logins

To avoid accounts being hacked by brute force attacks, set a maximum amount of failed login or pin entry attempts before locking the account. They will need to contact site support to re-enable the account.

login  =  3
pin    =  3

login

  • Number of attempts invalid login attempts before locking

pin

  • Number of invalid pin attempts before locking
Clone this wiki locally