hush
/
lightwalletd
8
0
Fork 5
Code Issues 8 Pull Requests Projects Releases 4 Wiki Activity
Browse Source

Update docs; add start-tls.sh and remove darkside from showing up in --help

deb-pkg-changes
Duke Leto 1 year ago
parent
4d5b2e5e3d
commit
753e716d5d
4 changed files with 36 additions and 20 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      .gitignore
  2. 35
      README.md
  3. 12
      cmd/root.go
  4. 8
      start-tls.sh

1
.gitignore
View File

@ -4,3 +4,4 @@ cert.pem
key.pem key.pem
lightwalletd lightwalletd
.sw? .sw?
server.log

35
README.md
View File

@ -51,7 +51,7 @@ Then start `hushd` in your command window. You might need to run with `-reindex`
Run the build script. Run the build script.
``` ```
make build make
``` ```
#### 3. Get a TLS certificate and run the Lightwalletd frontend #### 3. Get a TLS certificate and run the Lightwalletd frontend
@ -86,17 +86,20 @@ server {
} }
``` ```
Then run the lightwalletd frontend with the following (Note: we use the "-no-tls" option as we are using NGINX as a reverse proxy and letting it handle the TLS authentication for us instead): Then run the lightwalletd frontend with the following:
``` ```
./lightwalletd -bind-addr localhost:9067 -conf-file ~/.hush/HUSH3/HUSH3.conf -no-tls ./start.sh
``` ```
Note: we use the "--no-tls" option as we are using NGINX as a reverse proxy and letting it handle the TLS authentication for us instead. If you want to do TLS directly with lightwalletd with no reverse proxy, see the next section.
##### Option B: "Let's Encrypt" certificate just using lightwalletd without NGINX ##### Option B: "Let's Encrypt" certificate just using lightwalletd without NGINX
The other option is to configure lightwalletd to handle its own TLS authentication. Once you have a certificate that you want to use (from a certificate authority), pass the certificate to the frontend as follows: The other option is to configure lightwalletd to handle its own TLS authentication. Once you have a certificate that you want to use (from a certificate authority), pass the certificate to the frontend as follows:
``` ```
./lightwalletd -bind-addr 127.0.0.1:9067 -conf-file ~/.hush/HUSH3/HUSH3.conf -tls-cert /etc/letsencrypt/live/YOURWEBSITE/fullchain.pem -tls-key /etc/letsencrypt/live/YOURWEBSITE/privkey.pem ./start-tls.sh -tls-cert /etc/letsencrypt/live/YOURWEBSITE/fullchain.pem -tls-key /etc/letsencrypt/live/YOURWEBSITE/privkey.pem
``` ```
#### 4. Point the `silentdragonlite-cli` to this server #### 4. Point the `silentdragonlite-cli` to this server
@ -114,18 +117,22 @@ cargo build --release
## Lightwalletd Command-line Options ## Lightwalletd Command-line Options
These are the current different command line options for lightwalletd: These are some of the most used command line options for lightwalletd:
| CLI option | Default | What it does | | CLI option | Default | What it does |
|------------|:--------------:|------------------------------:| |------------|:--------------:|------------------------------:|
| -bind-addr | 127.0.0.1:9067 | address and port to listen on | | --grpc-bind-addr | 127.0.0.1:9067 | address and port to listen on |
| -tls-cert | blank | the path to a TLS certificate | | --tls-cert | blank | the path to a TLS certificate |
| -tls-key | blank | the path to a TLS key file | | --tls-key | blank | the path to a TLS key file |
| -no-tls | false | Disable TLS, serve un-encrypted traffic | | --no-tls | false | Disable TLS, serve un-encrypted traffic |
| -log-file | blank | log file to write to | | --log-file | blank | log file to write to |
| -log-level | logrus.InfoLevel | log level 1 thru 7 (something from logrus)| | --log-level | logrus.InfoLevel | log level 1 thru 7 (something from logrus)|
| -conf-file | blank | conf file to pull RPC creds from | | --hush-conf-path | blank | conf file to pull RPC creds from |
| -cache-size| 40000 | number of blocks to hold in the cache | | --cache-size| 40000 | number of blocks to hold in the cache |
Run `./lightwalletd --help` to see all options.
## Developing ## Developing

12
cmd/root.go
View File

@ -335,8 +335,8 @@ func init() {
rootCmd.Flags().Int("sync-from-height", -1, "re-fetch blocks from hushd start at this height") rootCmd.Flags().Int("sync-from-height", -1, "re-fetch blocks from hushd start at this height")
rootCmd.Flags().String("data-dir", "/var/lib/lightwalletd", "data directory (such as db)") rootCmd.Flags().String("data-dir", "/var/lib/lightwalletd", "data directory (such as db)")
rootCmd.Flags().Bool("ping-very-insecure", false, "allow Ping GRPC for testing") rootCmd.Flags().Bool("ping-very-insecure", false, "allow Ping GRPC for testing")
rootCmd.Flags().Bool("darkside-very-insecure", false, "run with GRPC-controllable mock hushd for integration testing (shuts down after 30 minutes)") // rootCmd.Flags().Bool("darkside-very-insecure", false, "run with GRPC-controllable mock hushd for integration testing (shuts down after 30 minutes)")
rootCmd.Flags().Int("darkside-timeout", 30, "override 30 minute default darkside timeout") // rootCmd.Flags().Int("darkside-timeout", 30, "override 30 minute default darkside timeout")
viper.BindPFlag("grpc-bind-addr", rootCmd.Flags().Lookup("grpc-bind-addr")) viper.BindPFlag("grpc-bind-addr", rootCmd.Flags().Lookup("grpc-bind-addr"))
viper.SetDefault("grpc-bind-addr", "127.0.0.1:9067") viper.SetDefault("grpc-bind-addr", "127.0.0.1:9067")
@ -370,10 +370,10 @@ func init() {
viper.SetDefault("data-dir", "/var/lib/lightwalletd") viper.SetDefault("data-dir", "/var/lib/lightwalletd")
viper.BindPFlag("ping-very-insecure", rootCmd.Flags().Lookup("ping-very-insecure")) viper.BindPFlag("ping-very-insecure", rootCmd.Flags().Lookup("ping-very-insecure"))
viper.SetDefault("ping-very-insecure", false) viper.SetDefault("ping-very-insecure", false)
viper.BindPFlag("darkside-very-insecure", rootCmd.Flags().Lookup("darkside-very-insecure")) // viper.BindPFlag("darkside-very-insecure", rootCmd.Flags().Lookup("darkside-very-insecure"))
viper.SetDefault("darkside-very-insecure", false) // viper.SetDefault("darkside-very-insecure", false)
viper.BindPFlag("darkside-timeout", rootCmd.Flags().Lookup("darkside-timeout")) // viper.BindPFlag("darkside-timeout", rootCmd.Flags().Lookup("darkside-timeout"))
viper.SetDefault("darkside-timeout", 30) // viper.SetDefault("darkside-timeout", 30)
logger.SetFormatter(&logrus.TextFormatter{ logger.SetFormatter(&logrus.TextFormatter{
//DisableColors: true, //DisableColors: true,

8
start-tls.sh
View File

@ -0,0 +1,8 @@
#!/bin/bash
# Copyright 2020-2022 The Hush Developers
# Released under GPLv3
# Description: This script would be used with a NGINX reverse proxy
./lightwalletd --grpc-bind-addr localhost:9067 --hush-conf-path ~/.hush/HUSH3/HUSH3.conf $@
Write Preview
Loading…
Cancel
Save