This write up will explain how to setup your own light (lite) wallet server to use with [Hush's SilentDragonLite wallet](https://git.hush.is/hush/SilentDragonLite) or [CLI version](https://git.hush.is/hush/silentdragonlite-cli).
Install your preferred distro. In this example I am using a VPS running Ubuntu 20.04, so these instructions should be very similar for any Debian-based distro. This setup requires a VPS with at least 2 vCPUs and 4GB of RAM to compile and run the software.
1. Start a screen session and change to user hush with ```sudo -u hush -s```. If you are not familiar with GNU screen or need a refresher, then [check out this short video](https://www.youtube.com/watch?v=HomIzLB-HBc) or [check out this article](https://linuxize.com/post/how-to-use-linux-screen/).
1. The blockchain download will take some time, so feel free to take a break and wait or open another terminal (or GNU screen) and continue to install Hush lightwalletd.
1. Get a TLS certificate. If you running a public-facing server, the easiest way to obtain a certificate is to use a NGINX reverse proxy and get a Let's Encrypt certificate. Since we're using Ubuntu here **I SUGGEST YOU DO NOT USE SNAPD** and just ```sudo apt install certbot``` and then start on [Step 7 of these instructions by the EFF](https://certbot.eff.org/instructions) and most users would run the following command and follow the prompts:
1. Open up your web browser and see that the https template site is working before moving forward. It will appear with the lock icon in your web browser and you can click on it and see that it is valid certificate in your web browser.
1. Make a backup of the nginx's default file located under /etc/nginx/sites-available/default.
# Originally posted by Duke in /hush/hush3/issues/102#issuecomment-1651
# Get the fuck off my lawn motherfuckerz
if ($request_method !~ ^(GET|HEAD|POST)$ ) { return 444; }
# fuck these bots
if ($http_user_agent ~* "Googlebot|YandexBot|bingbot|applebot|Mojeekbot|ICC-Crawler|SemrushBot|xforce-security.com|TestBot|MauiBot|CCBot|SummalyBot|PetalBot|BLEXBot|expanseinc.com|clark-crawler|AhrefsBot|mj12bot|YisouSpider|opensiteexplorer|seznambot|dataforseo|Adsbot|Neevabot") {
You might also need these [20.04 specific instructions to setup your tls certificate with Nginx](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04)
Note: Above we use the "-no-tls" option as we are using NGINX as a reverse proxy and letting it handle the TLS authentication for us.
Note: You can configure lightwalletd to handle its own TLS authentication, but you will have to consult the [lightwalletd documentation](https://git.hush.is/hush/lightwalletd) for that setup.
1. It will first begin downloading golang dependencies. After that is complete then you should start seeing the frontend ingest and cache the Hush blocks after ~15 seconds. Success!