Setup SSL GEXP Nginx - expanse-org/go-expanse GitHub Wiki
How To Setup SSL GEXP / GETH Node Ubuntu
Requirements
- Server
- Domain
- SSL Cert
Server Requirements
- CPU with 2+ cores.
- 2GB RAM (4GB Recommended)
- 60GB free storage space to sync the Mainnet.
- 8 MBit/sec download Internet service.
Install Ubuntu Dependencies
sudo apt-get install curl git mercurial make binutils bison gcc build-essential
Setup GEXP Guild Environment
Install GVM (Go Version Manager)
bash < <(curl -s -S -L https://raw.githubusercontent.com/moovweb/gvm/master/binscripts/gvm-installer)
Build GVM
gvm install go1.14 -B
gvm use go1.14 --default
Build GEXP
git clone https://www.github.com/expanse-org/go-expanse.git
cd go-expanse
git checkout v1.9.x
make gexp
Launch GEXP In Second Screen
screen -S gexp
./build/bin/gexp --http --http.addr="0.0.0.0" --http.vhosts="*" --ws --ws.origins="*" console
To exit the screen and keep gexp running hold CTRL then press "A" then "D" (CTRL+ A -> D)
SSL
Generate SSL Key and CSR
openssl req -new -newkey rsa:2048 -nodes -keyout exp.node.key -out exp.node.csr
Fill in the prompt accordingly
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:NC
Locality Name (eg, city) []:Greenville
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Eggswap
Organizational Unit Name (eg, section) []:nodes
Common Name (e.g. server FQDN or YOUR name) []:node.yourdomain.com
Email Address []:[email protected]
Buy SSL From Namecheap or wherever
Notes
Sometimes certs come debundled from the bundle, and if that is the case then you will have to combine them with the unix cmd below.
cat your_domain.crt your_domain.ca-bundle >> ssl-bundle.crt
Setup Nginx
Install Nginx
sudo apt-get update
sudo apt-get install nginx
Setup Nginx
sudo mv /etc/nginx/sites-available/default /etc/nginx/sites-available/default.backup
sudo nano /etc/ngnix/sites-available/default
Copy & Paste
upstream rpc {
server 127.0.0.1:9656;
}
upstream ws {
server 127.0.0.1:9657;
}
server {
listen 443 ssl;
server_name default_server;
# change these paths!
ssl_certificate /root/ssl-bundle.cert;
ssl_certificate_key /root/eggswap.node.key;
# enables all versions of TLS, but not SSLv2 or 3 which are weak and now deprecated.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# disables all weak ciphers
ssl_ciphers 'AES128+EECDH:AES128+EDH';
ssl_prefer_server_ciphers on;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://rpc;
}
location ^~ /ws {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://ws;
}
location ^~ /rpc {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://rpc;
}
}
Restart Nginx
sudo /etc/init.d/nginx restart