jahway603
/
hush-docs
1
0
Fork 1
Code Issues 5 Pull Requests Projects Releases Wiki Activity
Hush Documentation for all levels of users
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
145 Commits
6 Branches
0 Tags
27 MiB
 
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
hush-docs/hush-lite-server.md

7.0 KiB
Raw Permalink Blame History

Running your own hush lite server

You have to call me dragon

This write up will explain how to setup your own light (lite) wallet server to use with Hush's SilentDragonLite wallet or CLI version.

Install & Setup your Linux server or VPS

Install your preferred distro. In this example I am using a VPS running Ubuntu 20.04, so these instructions should be very similar for any Debian-based distro. This setup requires a VPS with at least 2 vCPUs and 4GB of RAM to compile and run the software.

Pre Steps

  1. Install GNU screen

    sudo apt install screen

  2. Install the Go language and NGINX.

    sudo apt install golang nginx

  3. Enable nginx thru your firewall and open port 443 (HTTPS). Look up more info on ufw if needed.

    ufw help
sudo ufw status
sudo ufw allow 443
Setup Hushd

  1. Setup hushd by following these instructions and make sure to grant the hush user sudo access.

  2. Start a screen session and change to user hush with sudo -u hush -s. If you are not familiar with GNU screen or need a refresher, then check out this short video or check out this article.

  3. Open hushd port in the firewall.

    sudo ufw allow 18030
sudo ufw status

  4. Run hushd at the command line. You should see a bunch of text scrolling.

  5. Then check if the Hush blockchain is downloading by noticing if the blockchain directory is increasing.

    du -h ~/.hush/HUSH3/blocks/

  6. The blockchain download will take some time, so feel free to take a break and wait or open another terminal (or GNU screen) and continue to install Hush lightwalletd.

Setup Lightwalletd

  1. Then as user hush sudo -u hush -s download the Hush Lightwalletd

    git clone https://git.hush.is/hush/lightwalletd

  2. Install these packages for certbot

    sudo apt install certbot python3-certbot-nginx

  3. Get a TLS certificate. If you running a public-facing server, the easiest way to obtain a certificate is to use a NGINX reverse proxy and get a Let's Encrypt certificate. Since we're using Ubuntu here I SUGGEST YOU DO NOT USE SNAPD and just sudo apt install certbot and then start on Step 7 of these instructions by the EFF and most users would run the following command and follow the prompts:

    sudo certbot --nginx

  4. Open up your web browser and see that the https template site is working before moving forward. It will appear with the lock icon in your web browser and you can click on it and see that it is valid certificate in your web browser.

  5. Make a backup of the nginx's default file located under /etc/nginx/sites-available/default.

  6. Modify the above default file to contain only the following (if not using 443, then change that to which port you are using too):

    server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name your_host.net;

    ssl_certificate /etc/letsencrypt/live/your_host.net/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/your_host.net/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    location / {
        # Replace your_host.net:9067 with the address and port of your gRPC server if using a custom port
        grpc_pass grpc://your_host.net:9067;
    }

    # Originally posted by Duke in /hush/hush3/issues/102#issuecomment-1651

    # Get the fuck off my lawn motherfuckerz

    if ($request_method !~ ^(GET|HEAD|POST)$ ) { return 444; }

    # fuck these bots
   if ($http_user_agent ~* "Googlebot|YandexBot|bingbot|applebot|Mojeekbot|ICC-Crawler|SemrushBot|xforce-security.com|TestBot|MauiBot|CCBot|SummalyBot|PetalBot|BLEXBot|expanseinc.com|clark-crawler|AhrefsBot|mj12bot|YisouSpider|opensiteexplorer|seznambot|dataforseo|Adsbot|Neevabot") {
             return 444;
   }

    location ~* .(display_errors|set_time_limit|allow_url_include.*disable_functions.*open_basedir|set_magic_quotes_runtime|webconfig.txt.php|file_put_contentssever_root|wlwmanifest) {
            return 444;
    }

    location ~* ^/wp-content/.*$ {
             return 444;
    }

}

    You might also need these 20.04 specific instructions to setup your tls certificate with Nginx

  7. Restart nginx to enable the new configuration.

    sudo systemctl restart nginx.service

  8. Open lightwalletd port in the firewall.

    sudo ufw allow 9067
sudo ufw status

  9. Run the lightwalletd frontend with the following and your server's hostname:

    go run cmd/server/main.go -bind-addr your_host.net:9067 -conf-file /home/YOUR_USERNAME_Running_Hushd/.komodo/HUSH3/HUSH3.conf -no-tls

    Note: Above we use the "-no-tls" option as we are using NGINX as a reverse proxy and letting it handle the TLS authentication for us.

    Note: You can configure lightwalletd to handle its own TLS authentication, but you will have to consult the lightwalletd documentation for that setup.

  10. It will first begin downloading golang dependencies. After that is complete then you should start seeing the frontend ingest and cache the Hush blocks after ~15 seconds. Success!

Testing your SDL server
Option 1: Point the SilentDragonLite GUI Desktop wallet to this server

  1. Download and install the SilentDragonLite (SDL) wallet.

  2. After opening the SDL wallet, go into the Edit -> Settings toolbar.

  3. Enter your https://your_host.net into the Lightwallet Server field.

  4. Close SDL and then re-open it.

  5. Success!

Option 2: Point the command line silentdragonlite-cli to this server

  1. Ubuntu only has version 1.43.0 or Rustc, so we want to install a newer version. I used the defaults in the script.

    curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
rustc --version
rustc 1.47.0 (18bf6b4f0 2020-10-07)

  2. Now to test if it's working with a client by connecting to your server! Substitute your server below:

    git clone https://git.hush.is/hush/silentdragonlite-cli
cd silentdragonlite-cli
cargo build --release
./target/release/silentdragonlite-cli --server https://lite.hush.is

  3. Success!