additional integrations: electrs and btc-rpc-explorer

[dcod3d]

Is it possible to add these as optional fragments:

1. electrs rust based electrum server that can run on a pi

2. btc-rpc-explorer may as well host blockchain explorer too

[NicolasDorier]

If @maltokyo feel up to the task? :p

[maltokyo]

I've never used electrs but I can give it a try ;)

How much interest is there in this?

On Wed, 26 Feb 2020, 06:26 Nicolas Dorier, notifications@github.com wrote:

If @maltokyo https://github.com/maltokyo feel up to the task? :p

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/btcpayserver/btcpayserver-docker/issues/271?email_source=notifications&email_token=AAKS7W6JX3JHASNJBEOTHGTREX4OXA5CNFSM4KYWKR5KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEM63DAQ#issuecomment-591245698, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAKS7W43Z2VRIE7I7HTETC3REX4OXANCNFSM4KYWKR5A .

[NicolasDorier]

I would say a lot.ElectrumX is old and clunky. Electrs is better maintained.

[maltokyo]

Ok. Wish someone mentioned it while we did ElectrumX ;)

I'll give it a try. Always nice to learn something new.

On Wed, 26 Feb 2020, 07:45 Nicolas Dorier, notifications@github.com wrote:

I would say a lot.ElectrumX is old and clunky. Electrs is better maintained.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/btcpayserver/btcpayserver-docker/issues/271?email_source=notifications&email_token=AAKS7WY7XGVLX2PDGDPCRF3REYFZNA5CNFSM4KYWKR5KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEM7AL2A#issuecomment-591267304, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAKS7WZID5A3ZLLHTKXSSPDREYFZNANCNFSM4KYWKR5A .

[maltokyo]

I see two issues with electrs docker, it runs on host network and uses port 50001 (which is not encrypted) for connections with Electrum client. It also doesnt have a proper docker hub image available... all of this will not play nicely with BTCPay server. The 50001 concerns me the most, I would not want all my transactions being shared over that port over the internet.. (am I mistaken?)

https://github.com/romanz/electrs/blob/master/Dockerfile

[peleion]

Electrumx is actively maintained by @kyuupichan and is the standard for public servers - it's what I ran when mine was public - and has extensive DDOS protection without which Electrum would have been unusable after the ongoing sybil attacks that began last year. It also supports multiple altcoins.

I share @maltokyo's concerns regarding unencrypted communications - I would not use it over the public internet. When I ran a public server I did not even accept unencrypted (50001) connections - it is really nothing but DDOS and bots now as Electrum uses encryption by default. Electrs database has a somewhat smaller storage requirement and the initial sync is faster but not significantly so to make it preferable over Electrumx - I don't see any other performance/resource advantages for BTCPay server users either way once running. At the end of the day it's what the users want - is there really that much demand now that you have 2 working Electrum servers to put the time and effort into adding and maintaining a third?

btc-rpc-explorer should be straighforward to use under docker with node-js as it uses environment variables for configuration.

I can help package either one that you can then fork as we did with EPS. I would suggest setting up a github repo for new containers that can then be autobuilt on dockerhub as I have done with my eps-docker image - makes releasing and maintaining them much more straightforward.

[dcod3d]

Mainly suggested electrs since the ElectrumX fragment isn't available on the pi.

[maltokyo]

EPS is available on Pi though, why not just use that? Electrumx is resource-intensive, Pi could not handle it. For the reasons above, I do not think Electrs integration is a good thing, and hence won't work on it myself.

[dcod3d]

The EPS fragment allows for only one x/y/zpub wallet and I have several wallets that I use. As far as the insecure port, I would not expose it to the internet for my two use cases - Electrum clients on my local network and to host my own block server via btc-rpc-explorer.

[Kixunil]

Hi, I'm an active contributor to electrs and randomly came across this issue, so I can shed some light on it.

Ok. Wish someone mentioned it while we did ElectrumX ;)

I believe I mentioned it on Twitter but was dismissed. :man_shrugging: No hard feelings. :)

it runs on host network and uses port 50001 (which is not encrypted) for connections with Electrum client

Thanks God electrs doesn't attempt to include everything but a kitchen sink. The intent is that you encrypt the traffic using the method which is most appropriate for your use case. People use Tor, TLS or SSH tunnel. This is properly documented in Usage. In case you didn't read it: please do not integrate any Bitcoin software without reading documentation, it's dangerous and you will experience problems.

Port being unencrypted or being specifically 50001 doesn't have any effect on security. At worst a malware running on same host under different user could impersonate electrs in case of race condition but I'm not aware of BTCPayServer having security requirement to be safe against these attacks. I actually plan to resolve this issue by allowing Unix sockets to be used but it'll take some time. Meanwhile feel free to try ip2unix and LMK if there's any problem with it.

It also doesnt have a proper docker hub image available

Neither me nor Romanz are experts in Docker. The Docker file provided is only for development/testing/demonstration purposes and it's not meant for production. Feel free to make your own production-ready Docker file if needed.

I would not want all my transactions being shared over that port over the internet.. (am I mistaken?)

This is not how the Electrum protocol works. An attacker connected to electrs can't know which transactions are yours because electrs (and also ElectrumX) indexes all transactions regardless of the client. Obviously the attacker can learn it by observing unencrypted traffic but as mentioned above, you're responsible for encryption. However it's still not recommended to keep the port open as electrs is specifically optimized for small scale use.

Note that EPS breaks this as the attacker could enumerate whole UTXO set. As such EPS must never be exposed to the Internet - it'd be a major privacy break. The client must be authenticated somehow. The same applies to BWT.

I would not use it over the public internet.

Correct, electrs was never designed to be a public server. It's suitable for personal or family/community use and optimized for this use case. This is in line with Bitcoin decentralization and "Don't trust, verify" ethos.

Electrs database has a somewhat smaller storage requirement and the initial sync is faster but not significantly so to make it preferable over Electrumx - I don't see any other performance/resource advantages for BTCPay server users either way once running.

This is absolutely not true. ElectrumX took a month to sync for me while electrs took a few hours. That's a big difference. (TBH maybe I did something wrong, it was a long time ago.) I also believe the size is significantly different but maybe something has changed?

Being written in strongly and statically typed language producing native code has strong security, correctness and performance advantages that can not be dismissed.

On top of this, electrs has one more RPC method that can be used by to-be-released btc-rpc-explorer to work as with txindex without having txindex enabled, which saves space. Sure it could be added to ElectrumX, feel free to do it.

EPS is available on Pi though, why not just use that?

Because EPS has a terrible UX. It requires users to edit configuration files every time they add a wallet. If you forget it and happen to have pruning enabled, you're screwed. If you don't have pruning enabled you're not screwed too much but will waste some time waiting for resync. I witnessed these problems first hand and would not recommend EPS to any Bitcoin newbie.

Electrumx is resource-intensive, Pi could not handle it.

Correct, and electrs runs on Pi 4 or Pi-like SBC Renegade Elite just fine. I've been using it for a while and don't remember ever having an issue. This is actually an argument that electrs is more optimized. There were some bugs in general, they were fixed and some other issues are being worked on but it works anyway.

For the reasons above, I do not think Electrs integration is a good thing, and hence won't work on it myself.

Obviously feel free to do whatever you like. :) Just reconsider your choice since the reasons were based on incomplete information.

Feel free to ask for more details if you have more questions. I'm also willing to do small patches if needed.

A tip for the future: don't hesitate to ask the developers of projects you want to integrate directly. :) At worst they will tell you to GTFO, in which case you'd know to not integrate it (but in reality, the worst that ever happened to me was ignorance).

[maltokyo]

Really nice insights. Thanks for sharing this.

Recently my day job and private stuff have taken away all the time to work on these small enhancements. I would love to and still looking forward to getting back into it.