forked from ethereum/go-ethereum
-
Notifications
You must be signed in to change notification settings - Fork 19
Setup SSL GEXP Nginx
Christopher Franko edited this page Oct 28, 2020
·
3 revisions
- Server
- Domain
- SSL Cert
- CPU with 2+ cores.
- 2GB RAM (4GB Recommended)
- 60GB free storage space to sync the Mainnet.
- 8 MBit/sec download Internet service.
sudo apt-get install curl git mercurial make binutils bison gcc build-essential
bash < <(curl -s -S -L https://raw.githubusercontent.com/moovweb/gvm/master/binscripts/gvm-installer)
gvm install go1.14 -B
gvm use go1.14 --default
git clone https://www.github.com/expanse-org/go-expanse.git
cd go-expanse
git checkout v1.9.x
make gexp
screen -S gexp
./build/bin/gexp --http --http.addr="0.0.0.0" --http.vhosts="*" --ws --ws.origins="*" console
To exit the screen and keep gexp running hold CTRL then press "A" then "D" (CTRL+ A -> D)
openssl req -new -newkey rsa:2048 -nodes -keyout exp.node.key -out exp.node.csr
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:NC
Locality Name (eg, city) []:Greenville
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Eggswap
Organizational Unit Name (eg, section) []:nodes
Common Name (e.g. server FQDN or YOUR name) []:node.yourdomain.com
Email Address []:[email protected]
Sometimes certs come debundled from the bundle, and if that is the case then you will have to combine them with the unix cmd below.
cat your_domain.crt your_domain.ca-bundle >> ssl-bundle.crt
sudo apt-get update
sudo apt-get install nginx
sudo mv /etc/nginx/sites-available/default /etc/nginx/sites-available/default.backup
sudo nano /etc/ngnix/sites-available/default
upstream rpc {
server 127.0.0.1:9656;
}
upstream ws {
server 127.0.0.1:9657;
}
server {
listen 443 ssl;
server_name default_server;
# change these paths!
ssl_certificate /root/ssl-bundle.cert;
ssl_certificate_key /root/eggswap.node.key;
# enables all versions of TLS, but not SSLv2 or 3 which are weak and now deprecated.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# disables all weak ciphers
ssl_ciphers 'AES128+EECDH:AES128+EDH';
ssl_prefer_server_ciphers on;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://rpc;
}
location ^~ /ws {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://ws;
}
location ^~ /rpc {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://rpc;
}
}
sudo /etc/init.d/nginx restart