Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to run Fulcrum with bchd, using HTTPS-only JSON-RPC #43

Closed
cculianu opened this issue Jul 27, 2020 · 0 comments
Closed

How to run Fulcrum with bchd, using HTTPS-only JSON-RPC #43

cculianu opened this issue Jul 27, 2020 · 0 comments
Labels
bchd Issues related to bchd interoperability documentation Improvements or additions to documentation

Comments

@cculianu
Copy link
Owner

cculianu commented Jul 27, 2020
edited

@cculianu Indeed! I'm running bchd with TLS enabled for the gRPC API and that enables TLS for the RPC API as well. Fulcrum expect the RPC API to be plain HTTP so I was using nginx proxy_pass https://127.0.0.1:8334/ to strip the TLS encryption. However nginx adds a new header automatically - Connection: keep-alive - that you cannot hide even with proxy_hide_header. So I tried patching Fulcrum to ignore it, which mitigated the issue. However nginx would still send a Connection: close header after a while. At which point I said fuck nginx then tried with socat which worked perfectly!

So if anyone is running bchd with TLS enabled and wants to point Fulcrum to it, you can use socat TCP-LISTEN:1337,fork,reuseaddr ssl:127.0.0.1:8334,verify=0 then set bitcoind = 127.0.0.1:1337 in fulcrum.conf.

Originally posted by @infertux in #28 (comment)

Update

As of this commit: ce4b969, you can now just give Fulcrum the --bitcoind-tls option on the CLI or specify bitcoind-tls = true in the conf file to use Fulcrum with bchd HTTPS.
@cculianu cculianu added the documentation Improvements or additions to documentation label Jul 27, 2020
@cculianu cculianu pinned this issue Jul 27, 2020
@cculianu cculianu added the bchd Issues related to bchd interoperability label Jul 27, 2020
cculianu added a commit that referenced this issue Jul 27, 2020
@cculianu
bchd support: added --bitcoind-tls option
ce4b969 
This option can be specified on the CLI as `--bitcoind-tls` or in the conf
file as `bitcoind-tls = true`.  If enabled, then we will connect to the
remote bitcoind using TLS (https) rather than a bare TCP socket (http).
This allows Fulcrum to work flawlessly with default bchd setups, which
enable TLS for all HTTP connections by default (unless the `notls` option
is given to bchd).

See issues #43 and #28.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bchd Issues related to bchd interoperability documentation Improvements or additions to documentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cculianu