Closed qertoip closed 3 years ago
Mirobit
commented
3 years ago I am sorry but I don't really understand how this works.
One way to do it is to expose Bitcoin RPC as onion with client authentication.
What do you mean with expose as onion?
CURLOPT_PROXYTYPE => CURLPROXY_SOCKS5_HOSTNAME, CURLOPT_PROXY => '127.0.0.1:9050'
Wouldn't 127.0.0.1:9050 be type CURLPROXY_SOCKS5?
What is with the authentication of the proxy?
qertoip
commented
3 years ago The easiest for you would be to directly allow setting CURLOPT_PROXYTYPE and CURLOPT_PROXY in your config file. By default they should be not set at all. This is the current behavior.
To understand the full picture you would need to get familiar with using Tor onion services. In short, the Tor daemon allows you to wrap any service in an onion.
Additional benefit of Tor onion is that it (optionally) facilitates strong authentication. So you can wrap your Bitcoin Core RPC in an onion and require that client authenticate. This is all done by the Tor daemon and unrelated to BNM.
The only thing missing from BNM is the ability to configure curl so it goes through the local Tor socks proxy. The Tor proxy customary runs on 127.0.0.1:9050 after you install Tor.
Mirobit
commented
3 years ago I added the option to add a proxy (7bfd901). I couldn't fully test it, since I don't have a proxy setup. So please let me know if it works.
github-actions[bot]
commented
3 years ago This issue is stale because it has been open 30 days with no activity. With no activity this will be closed in 60 days.
github-actions[bot]
commented
3 years ago This issue was closed because it has been stalled for 60 days with no activity.
Security conscious users may want to run BNM on a separate, remote machine so that Bitcoin Node is not endangered by the PHP stack and app.
One way to do it is to expose Bitcoin RPC as onion with client authentication.
The good news is this almost works with BNM already.
The only thing missing is:
...in
jsonRPCClient.php, obviously subject to user config setting.