Connect to remote Cyphernode via nginx proxy

gabidi / cyphernode-js-sdk

Isomorphic Javascript Cyphernode SDK for Bitcoin, C-lightning and OTS

MIT License

9 stars 2 forks source link

Connect to remote Cyphernode via nginx proxy #24

Open xsats opened 4 years ago

xsats commented 4 years ago

We're exploring making use of this great project to connect a server (with cyphernode-js-sdk installed) to a separate Cyphernode instance via a nginx proxy.

I haven't quite figured out how to get it going yet, but I was wondering if you have any thoughts on what might be the most secure and intelligent approach in achieving this. So far I've setup and played around with a local installation of the sdk connecting to a local Cyphernode and its working great, but I haven't yet manage to get connected to the Cyphernode gatekeeper through the proxy.

Thanks for the great project @gabidi !

gabidi commented 4 years ago

Hey, My pleasure, glad it's being used.

There's two connections going on in your case, not sure which one is bugging out for you but:

Nginx Proxy to Cyphernode's Traefik/Gatekeeper: I think if you need to setup NGINX to be using Cyphernode's gatekeeper SSL certificate in it's upstream connection to the Gatekeeper/Traefik.
SDK machine to NGINX proxy: You simply need to configure the SDK to use the cert of your NGINX proxy and it should work out of the box.

If that's not working , can you give me a bit more details about the error your facing i could probably help you out a bit more..

PS Thanks for Types PR will check it this evening :)

xsats commented 3 years ago

Thanks @gabidi, ended up getting it going shortly after this - I'd misconfigured the proxy originally, which was the cause of the errors.

Is it also possible to use the cyphernode-js-sdk to connect to gatekeeper endpoints (e.g. /getbestblockhash) through the Tor Hidden Service/Gateway onion url?

If so, I'm interested in hearing your thoughts on how such a setup would compare to a vanilla proxy setup over tls (assuming iptables/ufw/fail2ban etc), specifically in terms of security.

Thanks!

gabidi commented 3 years ago

Hi, Glad you resolved the issue. The SDK has a simple example on how you would connect to a gateway endpoint using Tor: https://github.com/gabidi/cyphernode-js-sdk/blob/master/src/examples/connectingUsingTor.ts

Also Sifir's cyphernode app implements a more complicated use case where it creates it's own Tor endpoint on Traefik, you can see the docker file for some details: https://github.com/Sifir-io/cyphernode-app/blob/master/docker-compose.yaml#L36 The Sifir mobile app then uses the SDK to connect to the endpoint created above over Tor.(+ Some encryption and signing middle ware for extra protection) Hope that helps.