search

janoside / btc-rpc-explorer

Database-free, self-hosted Bitcoin explorer, via RPC to Bitcoin Core.
https://bitcoinexplorer.org
MIT License
1.52k stars 1.14k forks source link

[Help needed] How can my web page use https? #134

Closed Relaxo143 closed 5 years ago

Relaxo143 commented 5 years ago

I see that the demo site has a secure connection, but mine doesn't. How could I make this work? Also, when trying to open the rpc explorer I get a message that the function is disabled and I can enable it in the config.js file. However, I don't see anything there which I could change to modify this. I want no login prompts, but the safe RPCs to be accessible, Just like on the demo site. Helps would be appreciated.

tyzoo commented 5 years ago

I think this should help: Rename the '.env-sample' file to '.env'. Uncomment out the '#' on the following variables and add your credentials where applicable:

Host/Port to bind to

BTCEXP_HOST=0.0.0.0 BTCEXP_PORT=3002

Bitcoin RPC Credentials (URI -OR- HOST/PORT/USER/PASS)

BTCEXP_BITCOIND_URI=bitcoin://rpcusername:rpcpassword@127.0.0.1:8332?timeout=10000

BTCEXP_BITCOIND_HOST=localhost BTCEXP_BITCOIND_PORT=8333 BTCEXP_BITCOIND_USER= BTCEXP_BITCOIND_PASS=

Whether public-demo aspects of the site are active

BTCEXP_DEMO=true

Privacy mode disables:

Exchange-rate queries, IP-geolocation queries

BTCEXP_PRIVACY_MODE=false

Don't request currency exchange rates

BTCEXP_NO_RATES=false

Relaxo143 commented 5 years ago

I think this should help: Rename the '.env-sample' file to '.env'. Uncomment out the '#' on the following variables and add your credentials where applicable:

Host/Port to bind to

BTCEXP_HOST=0.0.0.0 BTCEXP_PORT=3002

Bitcoin RPC Credentials (URI -OR- HOST/PORT/USER/PASS)

BTCEXP_BITCOIND_URI=bitcoin://rpcusername:rpcpassword@127.0.0.1:8332?timeout=10000

BTCEXP_BITCOIND_HOST=localhost BTCEXP_BITCOIND_PORT=8333 BTCEXP_BITCOIND_USER= BTCEXP_BITCOIND_PASS=

Whether public-demo aspects of the site are active

BTCEXP_DEMO=true

Privacy mode disables:

Exchange-rate queries, IP-geolocation queries

BTCEXP_PRIVACY_MODE=false

Don't request currency exchange rates

BTCEXP_NO_RATES=false

All of this is helpful but not in my case. I already have it set up. I just want to use rpcs without auth and to utilize https

janoside commented 5 years ago

@Relaxo143 The demo site is actually reverse-proxied to serve via HTTPS. I recommend you do the same if you'd like your site to be served securely. I recommend either apache or nginx as your reverse proxy and for both there should be many tutorials for setting this tool up for HTTPS. If you have your own domain, many modern tutorials will also step you through how to get your certificate automatically via Lets' Encrypt. I hope this helps. Feel free to let me know if you hit any specific snags.

janoside commented 5 years ago

Happy to re-open if further discussion is needed.

mooleshacat commented 4 years ago

FWIW;

Leave the default config, scroll to the bottom, paste in at bottom and edit:

upstream explorer-servers {
    ip_hash;
    server srv1.example.com:3000 max_fails=1 weight=4;  
    server srv2.example.com:3000 max_fails=1 weight=2;
    server srv3.example.com:3000 max_fails=1 weight=1;      
}
server {

    server_name explorer.example.com; # managed by Certbot

    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Ssl on;

    location / {

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;

        proxy_pass http://explorer-servers;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        listen 80 default_server;
        listen [::]:80 default_server;

    }

Done :)

lucidprojects commented 3 years ago

Sorry to revive an old thread but I'm trying to get a reverse proxy set up and can't seem to get the nginx set up correct.

I took the above but changed explorer-servers to srv1.MYDOMAIN.io:3000 etc

added to nginx default config

upstream explorer-servers {
        ip_hash;
        server srv1.MYDOMAIN.io:3000 max_fails=1 weight=4;
        server srv2.MYDOMAIN.io:3000 max_fails=1 weight=2;
        server srv3.MYDOMAIN.io:3000 max_fails=1 weight=1;
}

server {
        server_name explorer.MYDOMAIN.io; # managed by Certbot

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Ssl on;

        location / {

                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $host;

                proxy_pass http://explorer-servers;

                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";

                listen 80 default_server;
                listen [::]:80 default_server;

        }

when I try to restart nginx after enabling, it fails and systemctl status nginx.service shows

node0 systemd[1]: Starting A high performance web server and a reverse proxy server...
node0 nginx[12865]: nginx: [emerg] host not found in upstream "srv1.MYDOMAIN.io:3000" in /etc/nginx/sites-enabled/default:95
node0 nginx[12865]: nginx: configuration file /etc/nginx/nginx.conf test failed
node0 systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
node0 systemd[1]: nginx.service: Failed with result 'exit-code'.
node0 systemd[1]: Failed to start A high performance web server and a reverse proxy server.

If I comment all that out nginx starts without issue and I can see the nginx start page on MYDOMAIN.io

Also not sure if this has any relevance but I am trying to run this on a headless pi. npm start of btc-rpc-explorer seems to work fine and shows the proper block height in logs etc

Any help appreciated.

lucidprojects commented 3 years ago

Ok I got it sorted by simplifying the above.

I'm adding what I ended up with in my default config here incase anyone else lands here and has issues.

server {
        server_name explorer.MYDOMAIN.io

        location / {
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $host;

                proxy_pass http://127.0.0.1:3002/;

                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
        }

   listen 80 default_server;
   listen [::]:80 default_server;

}

that passed nginx -t config test and the running the certbot set up worked without issue.

Thanks for the initial how to @leshacat

janoside commented 3 years ago

@lucidprojects Glad you figured this out and thanks for posting your solution for future searchers!