diff --git a/README.md b/README.md index c9485b7..de64685 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ # Overview -SilentDragonLite (SDL) is a fork of Zecwallet lightwalletd, which is a fork of [lightwalletd](https://github.com/adityapk00/lightwalletd) from the ECC. +SilentDragonLite (SDL) is a fork of silentdragonlite lightwalletd, which is a fork of [lightwalletd](https://github.com/adityapk00/lightwalletd) from the ECC. -It is a backend service that provides a bandwidth-efficient interface to the Hush blockchain for the [SilentDragonLite cli](https://github.com/MyHush/zecwallet-light-cli). +It is a backend service that provides a bandwidth-efficient interface to the Hush blockchain for the [SilentDragonLite cli](https://github.com/MyHush/silentdragonlite-light-cli). ## Changes from upstream lightwalletd This version of lightwalletd extends lightwalletd and: @@ -19,13 +19,8 @@ This version of lightwalletd extends lightwalletd and: #### 0. First, install [Go >= 1.11](https://golang.org/dl/#stable). -#### 1. Generate a TLS self-signed certificate -``` -openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes -``` -Answer the certificate questions to generate the self-signed certificate - -#### 2. You need to run a full node with the following options in HUSH3.conf +#### 1. Run a zcash node. +Start a `hushd` with the following options: ``` server=1 rpcuser=user @@ -34,15 +29,45 @@ rpcbind=127.0.0.1 txindex=1 ``` +You might need to run with `-reindex` the first time if you are enabling the `txindex` or `insightexplorer` options for the first time. The reindex might take a while. + +#### 2. Get a TLS certificate +##### "Let's Encrypt" certificate using NGINX as a reverse proxy +If you running a public-facing server, the easiest way to obtain a certificate is to use a NGINX reverse proxy and get a Let's Encrypt certificate. [Instructions are here](https://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/) + +Create a new section for the NGINX reverse proxy: +``` +server { + listen 443 ssl http2; + + + ssl_certificate ssl/cert.pem; # From certbot + ssl_certificate_key ssl/key.pem; # From certbot + + location / { + # Replace localhost:9067 with the address and port of your gRPC server if using a custom port + grpc_pass grpc://localhost:9067; + } +} +``` + #### 3. Run the frontend: -You'll need to use the certificate generated from step 1 +You can run the gRPC server with or without TLS, depending on how you configured step 2. If you are using NGINX as a reverse proxy and are letting NGINX handle the TLS authentication, then run the frontend with `-no-tls` ``` -go run cmd/server/main.go -bind-addr 127.0.0.1:9067 -conf-file ~/.komodo/HUSH3/HUSH3.conf -tls-cert cert.pem -tls-key key.pem +go run cmd/server/main.go -bind-addr 127.0.0.1:9067 -conf-file ~/.komodo/HUSH3/HUSH3.conf -no-tls +``` +If you have a certificate that you want to use (either self signed, or from a certificate authority), pass the certificate to the frontend: + +``` +go run cmd/server/main.go -bind-addr 127.0.0.1:443 -conf-file ~/.komodo/HUSH3/HUSH3.conf -tls-cert /etc/letsencrypt/live/YOURWEBSITE/fullchain.pem -tls-key /etc/letsencrypt/live/YOURWEBSITE/privkey.pem ``` -#### 4. Point the `silentdragon-cli` to this server +You should start seeing the frontend ingest and cache the zcash blocks after ~15 seconds. + +#### 4. Point the `silentdragonlite-cli` to this server +Connect to your server! ``` -./silentdragon-cli --server https://127.0.0.1:9067 --dangerous +./silentdragonlite-cli -server https://lite.myhush.org ```