DumBitcoin

DumBitcoin– Blockchain Review

How to access to your LTO node from the outside with a reverse proxy

LTO Network nodes have a cool web interface where you can check info about your node, network and even sign and send transaccions. It also serves as a Rest Api with its own Swagger documentation.

Once you have your LTO Node configured and running, you should be able to access the web interface with the following url: http://localhost:6869

Without a graphical interface, e.g in a VPS, doing a curl http://localhost:6869 serves to check if your node has the web interface enabled. If it is not, the response is connection refused error.

If your web interface is not working, the reason is that the following lines are missing from your Docker config file, so add them:

- LTO_ENABLE_REST_API=true
- LTO_API_KEY=<somestrongpassword>

The second line is optional and intended to be used solely for executing privileged actions from the web interface.

Do not forget to rebuild the image when the config file is changed

docker-compose down 
docker-compose up

 

At this point you might be wondering… How do I access this web interface from outside the network?

That is the exact purpose of this tutorial. In the following lines I will explain how to configure Nginx as a reverse proxy to access the LTO node web interface from the internet securely without opening any port. Other option could be to use Caddy Server as explained here.

First of all Nginx must be installed
sudo apt update
sudo apt install nginx

If everything is installed correctly, you should see that Nginx service is active with this command

systemctl status nginx

Also, if you paste your public IP in any browser, the Nginx default page should appear.

 

Then we move to create our reverse proxy.

We need to edit a file located in /etc/nginx/sites-available/default, delete everything and paste the following text:

server {
listen 80 ;
location / {
proxy_pass http://localhost:6869;
}
}

 

Finally, restart Nginx to apply changes

sudo systemctl restart nginx

 

At this moment, the reverse proxy should be working. Paste the public IP of your node machine in any browser and should be visible and working.

It is strongly recommended to use secure connections using a SSL/TLS certificate when managing Api keys. Continue reading to improve the security.

Adding HTTPS support to the reverse proxy

In order to do this, we need to have a registered domain name pointing to the public node IP. There are many places where you can get really cheap domains, even free. SSL certificates prohibits to be assigned directly to IP addresses, so having a domain name is a requisite here.

 

We will use the well known certificate generator Certbot. To install it:

sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update

sudo apt-get install python-certbot-nginx

 

Before executing Certbot, we must set our domain name into Nginx. At the second line in /etc/nginx/sites-available/default, insert:

server_name yourdomainforlto.com;

Then restart Nginx to apply changes

sudo systemctl restart nginx

Launch Certbot and follow the process that is short and straightforward. It will ask your email to be notified for renewals and alerts. Select the option to redirect to HTTPS if you want to use only HTTPS (recommended).

sudo certbot --nginx -d yourdomainforlto.com

In some cases, Certbot will throw a firewall error if your system has ufw firewall enabled. In order to solve this, allow Nginx with the following command

sudo ufw allow 'Nginx Full'
sudo ufw delete allow 'Nginx HTTP'

 

There is a more complete tutorial about Nginx, Certbot and Ufw here.

 

At this point, Certbot has generated a Let’s Encrypt SSL certificate for your site and also configured your Nginx secure reverse proxy. Now you should be able to enter your node web interface from your custom domain name securely through HTTPS, congratulations!

Optional: setting a login and password for your node web interface
 
This is an extra security measure, setting a login and password for your site will allow you to give access only to the people with this information. It doesn’t matters if you have configured a SSL certificate or not, it will work anyway.
 
In order to do this, enter the following commands. LTOuser is an example username. It will ask you for the password to set.
sudo sh -c "echo -n 'LTOuser:' >> /etc/nginx/.htpasswd"
sudo sh -c "openssl passwd -apr1 >> /etc/nginx/.htpasswd"
 Finally, edit again the file /etc/nginx/sites-available/defaultand add the following lines under the proxy_pass line for example
auth_basic "LTOuser";
auth_basic_user_file /etc/nginx/.htpasswd;
 Don’t forget to restart Nginx to apply changes
sudo systemctl restart nginx
 
At this moment, when someone tries to enter into your node web interface, the browser will prompt a message to enter the authentication data.
 

This is all for this tutorial, don’t hesitate to contact me in Telegram for doubts and suggestions.

Feel free to share this article to your friends if it was useful 🙂

 

Artículos relacionados

Actualizando nuestro nodo Lightning Network a la versión 0.5.2

Visitas: 900 Hace poco ha salido la nueva versión de Lightning Network 0.5.2. en este artículo vamos a explicar cómo realizar la migración de nuestro nodo, el cual montamos en el articulo con la versión 0.5.1 […]

Leer más

Crear un nodo Noia en Raspberry Pi

Visitas: 987 Hola a todos, Siguiendo la entrada creada hace unos días en el que se indicaba como crear un nodo NOIA, aquí vamos a hacerlo para la Raspberry Pi, ese aparato que muchos tenemos […]

Leer más

Cómo montar un nodo de LTO network y recibir recompensas

Visitas: 4.217 En este tutorial se explicarán los pasos a seguir para montar un nodo de LTO (Legal Things One) Network en un equipo Linux, en concreto para Ubuntu y derivados. Puesto que es un […]

Leer más

2 comentarios

Deja una respuesta

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *

Este sitio usa Akismet para reducir el spam. Aprende cómo se procesan los datos de tus comentarios.