Bitcointalk user mocacinno set up a private Electrum server for forum users only. He white-listed the IP addresses of those who asked for access. I don't know how he did it, but he may be willing to share the information.
https://bitcointalksearch.org/topic/m.50557530
https://bitcointalksearch.org/topic/m.50557530
Only a handfull of people ever asked to whitelist their ip, and allmost nobody connected to the node, so i shut that project down... However, the setup was pretty simple. I setup everything to run as a service and start in the correct sequence, however, i have only documented how to start the daemons in the foreground... I hope i didn't miss anything
I installed + sync'ed a full node with following config (https://github.com/bitcoin/bitcoin)
Code:
daemon=1
server=1
rpcuser=myuser
rpcpassword=mypassword
maxmempool=50
mempoolexpiry=2
dbcache=1024
zmqpubrawblock=tcp://127.0.0.1:28332
zmqpubrawtx=tcp://127.0.0.1:28332
server=1
rpcuser=myuser
rpcpassword=mypassword
maxmempool=50
mempoolexpiry=2
dbcache=1024
zmqpubrawblock=tcp://127.0.0.1:28332
zmqpubrawtx=tcp://127.0.0.1:28332
Then i setup electrs with following config (https://github.com/romanz/electrs/)
Code:
cargo run --release -- -vvv --timestamp --db-dir ./db --electrum-rpc-addr="127.0.0.1:50001" --cookie="myuser:mypassword" --server-banner="donation address 1MocACiWLM8bYn8pCrYjy6uHq4U3CkxLaa . This is a private server, if you did not receive explicit permission by Mocacinno to use this server, please disconnect immediately!" --txid-limit 0
As you can see, electrs is only listening on 127.0.0.1 (port 50001)Then i setup nginx as a reverse proxy (http://nginx.org/en/download.html)
Code:
load_module /usr/lib/nginx/modules/ngx_stream_module.so;
user www-data;
worker_processes auto;
pid /run/nginx.pid;
error_log /var/log/nginx/electrum_error.log;
events {
worker_connections 1024;
}
stream {
upstream electrs {
server 127.0.0.1:50001;
}
log_format upstream_time '[$time_local] [$connection] $remote_addr:$remote_port => $server_addr:$server_port bytes in/out $bytes_received/$bytes_sent [$status]';
server {
access_log /var/log/nginx/electrum_access.log upstream_time;
listen 50002 ssl;
proxy_pass electrs;
ssl_certificate /etc/letsencrypt/live/electrum.mocacinno.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/electrum.mocacinno.com/privkey.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 4h;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
include blockips.conf;
}
}
user www-data;
worker_processes auto;
pid /run/nginx.pid;
error_log /var/log/nginx/electrum_error.log;
events {
worker_connections 1024;
}
stream {
upstream electrs {
server 127.0.0.1:50001;
}
log_format upstream_time '[$time_local] [$connection] $remote_addr:$remote_port => $server_addr:$server_port bytes in/out $bytes_received/$bytes_sent [$status]';
server {
access_log /var/log/nginx/electrum_access.log upstream_time;
listen 50002 ssl;
proxy_pass electrs;
ssl_certificate /etc/letsencrypt/live/electrum.mocacinno.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/electrum.mocacinno.com/privkey.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 4h;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
include blockips.conf;
}
}
and then, finally, the blockips.conf
Code:
allow 94.110.92.129;
allow 174.0.253.77;
allow 2a02:2c40:100:b210:0:0:1:84ea;
allow 134.58.253.56;
allow 36.83.82.24;
deny all;
allow 174.0.253.77;
allow 2a02:2c40:100:b210:0:0:1:84ea;
allow 134.58.253.56;
allow 36.83.82.24;
deny all;
