rostrum 10.1.0

An efficient implementation of Electrum Server with token support
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101

# SSL Support

In order to use a secure connection, you can also use [NGINX as an SSL endpoint](https://docs.nginx.com/nginx/admin-guide/security-controls/terminating-ssl-tcp/#) by placing the following block in `nginx.conf`.

## Configuration example
### For Bitcoin Cash

This configures SSL and WSS (websocket ssl) for Bitcoin Cash mainnet. For
other networks, find the correct port in [default ports document](ports.md)

```nginx
stream {
        upstream rostrum {
                server 127.0.0.1:50001;
        }

        server {
                listen 50002 ssl;
                proxy_pass rostrum;

                ssl_certificate /path/to/example.crt;
                ssl_certificate_key /path/to/example.key;
                ssl_session_cache shared:SSL:1m;
                ssl_session_timeout 4h;
                ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
                ssl_prefer_server_ciphers on;
        }

        upstream rostrum_ws {
            server 127.0.0.1:50003;
        }
        server {
                listen 50004 ssl;
                proxy_pass rostrum_ws;

                ssl_certificate /path/to/example.crt;
                ssl_certificate_key /path/to/example.key;
                ssl_session_cache shared:SSL:1m;
                ssl_session_timeout 4h;
                ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
                ssl_prefer_server_ciphers on;
        }
}
```

### For Nexa

This configures SSL and WSS (websocket ssl) for Nexa mainnet. For
other networks, find the correct port in [default ports document](ports.md)

```nginx
stream {
        upstream rostrum {
                server 127.0.0.1:20001;
        }

        server {
                listen 20002 ssl;
                proxy_pass rostrum;

                ssl_certificate /path/to/example.crt;
                ssl_certificate_key /path/to/example.key;
                ssl_session_cache shared:SSL:1m;
                ssl_session_timeout 4h;
                ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
                ssl_prefer_server_ciphers on;
        }

        upstream rostrum_ws {
            server 127.0.0.1:20003;
        }
        server {
                listen 20004 ssl;
                proxy_pass rostrum_ws;

                ssl_certificate /path/to/example.crt;
                ssl_certificate_key /path/to/example.key;
                ssl_session_cache shared:SSL:1m;
                ssl_session_timeout 4h;
                ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
                ssl_prefer_server_ciphers on;
        }
}
```

## Running and testing

```bash
$ sudo systemctl restart nginx
$ electron-cash --oneserver --server=example:50002:s
```

##  SSL cerficiate
Note: If you are connecting to rostrum a client which does not allow self-signed SSL certificates, you can obtain a free SSL certificate as follows:

1. Follow the instructions at https://certbot.eff.org/ to install the certbot on your system.
2. When certbot obtains the SSL certificates for you, change the SSL paths in the nginx template above as follows:
```
ssl_certificate /etc/letsencrypt/live/<your-domain>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<your-domain>/privkey.pem;
```