├── README.md ├── LICENSE ├── pgp_keys.asc ├── phoenix-server └── GUIDE.md ├── sparrow-server └── GUIDE.md ├── headless-bisq └── GUIDE.md └── public-electrum-server └── GUIDE.md /README.md: -------------------------------------------------------------------------------- 1 | # self-hosting-guide 2 | Readme guides for self-hosting 3 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2023 Ape Mithrandir 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /pgp_keys.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQINBGI+beUBEACzyqEhLvOKv5umVYCDVGgKfG2ltGspbWxSKFeVXl3XZRfUOnpz 4 | miokNTS3u6oin/Pw4ovrxe4WUwgVAfU9ucYracXLfQCmlKIr1uavjffgUo+9zSFj 5 | I3ZpI2qBJmf0g25CBMTsF9bSViLzvG7MVa7MvklVcC1JwNxuUlKp4iZNOphDapTg 6 | 1Ec4weSjiIi+mjEkqmxM5BzfwTF1amxwc840L+KXk6cqiiixFMEHffslwqYm2r6x 7 | UpWMvd4d+9nzvzOnShn/C/9zI09dxVltf1LSz9tmHkaDDvkj0vA3LX3XUGcm05RV 8 | KAO+y9BNSlQ7AB2az8NAGZMnpoYYtw9fzVWCFOA4jH+zTfjrKpBP7ov+BJhWms7j 9 | UXXEO779iFrlaQsu7pIx4Uw6FWDK/GAIQikDx3YI4YgruNtd7SnxHEEc5YbL03wY 10 | JcDt7O8MLji8oB679mFSAfxAoXtTcaVEoXLSAuFkX3vS9K+EqGFF4b9FrBSGlyDm 11 | NF0y/nzu7ooFDWa3SKYqdWtlWRk9yP4pizSygHgWE5A3/sUn8h+iCs0Pv70GprCN 12 | KLVALtiq5uBNEf+r6UbqQyMmLbi4PCVX89fgRm1MtoYmApqtTSppI8GpnVrYXMH3 13 | jdNenK6IbB4lvOL5DFUbuNKZK25OEV/XpondjnP4VPrtgwm1pBiKYCWjTwARAQAB 14 | tC1BcGUgTWl0aHJhbmRpciA8YXBlbWl0aHJhbmRpckBwcm90b25tYWlsLmNvbT6J 15 | AjYEEwEKACAECwkIBwIVCgIWAQIZAQWCYj5t5QKeAQKbAwWJIWtELQAKCRBTu+nc 16 | cCYOWISqD/0QgO2a5KB7GLmpU0QVM4rSsy0i7VJtzVp2Bf5mY2zBwkg1DBFlctjE 17 | 4GHG5ZWGtQW5TiH+Z+RGlkrkxD10eNUGeZz+McJUeRxjYTMs9/DGPaEV5gs5/U1S 18 | DmoGB31K+Z1+EHfOzlzmZyLuLTg5AI2H9QZ663gZqBF7yYIg8dAYHlFxxTnFGSgt 19 | wzO6glN65ZgB7XL3Rb7GNhW3aODNEi4HGaHEf2mDxWaW+U+Ivkfo4oMOPObq88Os 20 | 0Kv/eRFYH/swtRRV3KlxGpWfZIsXWgYgw4u3p+a3Z5F44ealnSCQoY0qtZpzxUlT 21 | 8bKJ0SKNFPjqz9CRYAiVmS9Y5cNiUHYrkiMBtquO4yMsdslPCz+yJOyIOL6M6170 22 | w6CbxomdJ+OZNNGsXmn/T1F9JycmMl0SkxlUgrgyMOhQfwdys1jQfxF9JBwPWMCp 23 | 2uab7RXirZDgZOCfWqzHa7lLB1HG6VwSceXEEwYusQKz+GNyp2z02DFN8Zl/7+01 24 | CSNr0BSMXO28MSbwWIwYqLquL+WTTIYo+QSPaXGWEaqO8AejX45X/uxwzh3BwLdK 25 | ec+6Z/awsm6zmvz4CG9ZpOHyvjvjPpxvjYsqXOtHAxfvgM9JkD7OqbYkRUOCiSED 26 | VrtBHAP/ToUi6wiHB/Ds5E6ENEN3GlYqBEx1EIby2B96f1s9XRn19rkCDQRiPm3l 27 | ARAA1D6dM3xXwk3ipd39zSIZNL6RqS87YgGC72Ru3FKm+cXRd/QS8CSScKUO2QPx 28 | z1cgqVhmQ8NfotxVeLdKFmJ5x5hEW/VvFjzhehehccpHWwypnztEPEVS9ZMdkMYs 29 | 0nxb4z47BDantOg5zzmvtDQ39BXDYJbZ1HHLncgdjjlFgUA3KxngAmVnskg8UZFE 30 | Jyp/TblxkG6fYLRMtmGkhmr4nIE2fjT0F1iUvx7BU4PjifiUGmTV6n8qVkk608uk 31 | stqxiB/ZB1fI7QmUs3LNV0k8EOG6/0f0vaebbgGt0jJO2LHd2/Zx4PkZECzQZDvC 32 | cBPZ9z8EyvOZMzeNotBqUy3G29FQ6B19GfcXE3tLjK5B7ETsF13qR9DSMcURkIpe 33 | G5BR50JaZ9EvDxiy5+qEjkOHv9DIDLQG1lQ5CiYZr1TkqGQMDLHCs3mQxCEsKlAq 34 | 546u+0hpcq7uKT+czz68clLv+FRsv3y800J3zA1milvgPE186DJjTjn/4ZzOzdJK 35 | 7R0hBfBne2f/U5s+/UkaUs82YKcbDMb8Epw/h7mOhvmcMhhlJKLFvzblC2YkyJul 36 | 6NJMfSPUFdaA3jW3X6XwHlooPk0mib9L6mhIqJhKYawVQhe8jWDltqO9qDAmsQm5 37 | VEo+4GYGDvJM9mU5B+FdalELDtYYvkXyNnAsa5BV1jIjizcAEQEAAYkCJQQYAQoA 38 | DwWCYj5t5QKbDAWJIWtEbAAKCRBTu+nccCYOWNu/D/4vXv7rPztM4AF1I1Ogg4HZ 39 | IJ2tJAKzjpUlLjwsyhHBGvpy1wq27hI9JvXFxECJs55U9acRXfMkDraJNP1xNbTS 40 | oQMDDshCTA/EnnOVZr9vF/yDpztYfOl4gyBJANNHsiwUGqBOQe9RAHWLJGMJ5DCA 41 | MXpfX9UTFOeTYufGbnmXDEf5+9RPd6y8hbwE8wwXhXjFunELfIjWGiSBq1nKRG+o 42 | cd/Cg90fl/U1Cv5IknjbeMBTY377VOuy3qyk3wDAC7MbEPwxRKMYdzWX8GbFECrt 43 | ppJAdylBEmYeLGnqREOuhnV+f6L2R3u2s0zm4/E/ndnAgxnsekI7o008JFOywAUn 44 | PeSz0KGbgV+62gs3yu5B3hhHFD8rcU3cQTn6l09LQAHiJ1ulWF7SHCufCN2df3c4 45 | sNqns0k/NWevUbxk/OjTutgRGmZXsllaRPffkmkdxmnCRjqidnpB5V8/SaqC2T0o 46 | /SOolK278DTuvf7WTVqECcVjzvGOOaObvpQlcqOAT2A1IQbJRwzOXNQsGMTpQdb1 47 | uNXOY0+gYmqwSzd+Azw/6qVT1n6FDpRlrp68x1yVlM2NK8pr15ZITa+e5MGTjI7a 48 | mz+OW55zjCGkZEDHBrO2Qc0EreurSCww+wEKqrAZxkKIAsO9Ctkl8FEosFoIC0VR 49 | KUnj0xXHrkwV8U0ZGBfpOA== 50 | =/y/p 51 | -----END PGP PUBLIC KEY BLOCK----- 52 | -------------------------------------------------------------------------------- /phoenix-server/GUIDE.md: -------------------------------------------------------------------------------- 1 | # Phoenix Server - Easy Lightning Node 2 | 3 | ## Introduction 4 | In this guide I will walk you through how to install [Phoenix Server AKA PhoenixD](https://github.com/ACINQ/phoenixd) on your headless server to give you the functionality of Phoenix LN Mobile wallet but on your server. 5 | 6 | ## Installing PhoenixD 7 | 8 | Grab the install files from the latest release: https://github.com/ACINQ/phoenixd/releases 9 | ```bash 10 | VERSION="0.3.2" 11 | wget "https://github.com/ACINQ/phoenixd/releases/download/v${VERSION}/phoenix-${VERSION}-linux-x64.zip" 12 | wget "https://github.com/ACINQ/phoenixd/releases/download/v${VERSION}/SHA256SUM.asc" 13 | wget https://acinq.co/pgp/drouinf.asc 14 | gpg --import drouinf.asc 15 | gpg -d SHA256SUM.asc > SHA256SUM.stripped 16 | sha256sum -c SHA256SUM.stripped --ignore-missing 17 | ``` 18 | 19 | Assuming the checksum and signature are valid you can then proceed with copying the binary files to your binary directories. 20 | ```bash 21 | VERSION="0.3.2" 22 | sudo rsync -aP "phoenix-${VERSION}-linux-x64/*" /usr/local/bin/ 23 | sudo rsync -aP "phoenix-${VERSION}-linux-x64/*" /var/lib/ 24 | ``` 25 | 26 | ## Setting up PhoenixD 27 | 28 | The setup process is very easy. Just go into your commandline and run `phoenixd`. This will initialize a folder called `~/.phoenix` which contains all the relevant files to run your PhoenixD. 29 | 30 | After you run `phoenixd` for the first time, interrupt the command with `CTRL+C` and this will shut it down. Now you just need to setup a `.service` file to make sure it remains running in the background 24/7. 31 | 32 | ### Backup Seed 33 | 34 | The 12-word seed phrase for your wallet is stored in plain text in `~/.phoenix/seed.dat`. Back up this phrase somewhere for recovery. I would probably recommend backing up the complete contents of `~/.phoenix`. 35 | 36 | ### Review Defaults 37 | You might also want to review some of the default settings and decide whether you want to override these in `~/.phoenix/phoenix.conf`. In particular you might want to set a different max mining fee. 38 | ```bash 39 | Liquidity Options: 40 | --auto-liquidity=(off|2m|5m|10m) Amount automatically requested when inbound liquidity is needed (default: 41 | 2m) 42 | --max-mining-fee= Max mining fee for on-chain operations, in satoshis (default: 1% of 43 | auto-liquidity amount) 44 | --max-fee-credit=(off|50k|100k) Max fee credit, if reached payments will be rejected (default: 100k) 45 | 46 | Options: 47 | --chain=(mainnet|testnet) Bitcoin chain to use (default: mainnet) 48 | --mempool-space-url= Custom mempool.space instance 49 | --http-bind-ip= Bind ip for the http api (default: 127.0.0.1) 50 | --http-bind-port= Bind port for the http api (default: 9740) 51 | --http-password= Password for the http api (full access) 52 | --http-password-limited-access= Password for the http api (limited access) 53 | --webhook= Webhook http endpoint for push notifications (alternative to 54 | websocket) 55 | --webhook-secret= Secret used to authenticate webhook calls 56 | --silent, --verbose Verbosity level (default: prints high-level info to the console) 57 | ``` 58 | 59 | ### Create .service file 60 | 61 | ```bash 62 | sudo vim /etc/systemd/system/phoenixd.service 63 | ``` 64 | 65 | ```bash 66 | Unit] 67 | Description=PhoenixD 68 | After=network.target 69 | 70 | [Service] 71 | ExecStart=/usr/local/bin/phoenixd 72 | User={your_username} 73 | 74 | [Install] 75 | WantedBy=multi-user.target 76 | ``` 77 | 78 | ```bash 79 | sudo systemctl daemon-reload 80 | sudo systemctl enable phoenixd.service 81 | sudo systemctl start phoenixd.service 82 | sudo systemctl status phoenixd.service 83 | ``` 84 | 85 | ## Using PhoenixD 86 | 87 | This new Phoenix instance will charge around 1% fee + mining costs, but it manages all the liquidity for you. You can LN receive payments immediately and I don't yet see a native option for sending from onchain to the wallet as you might in Phoenix mobile. 88 | 89 | To create a channel you run `phoenix-cli getoffer` and pay from another LN wallet to the static invoce. Once you do this you can do `phoenix-cli getinfo` and `phoenix-cli getbalance` to monitor your wallet. 90 | 91 | Read more about the Auto-Liquity setup [here.](https://phoenix.acinq.co/server/auto-liquidity) 92 | 93 | ## Bonus Setup - Phoenixd-Server-Ui 94 | 95 | Hodladi has setup a web-ui for interfacing with your PhoenixD instance: 96 | https://github.com/Hodladi/Phoenixd-Server-Ui 97 | 98 | You can self-host this or use his public instance: https://pwallet.app/ 99 | 100 | If you use the public instance you will have to use something like [CloudFlareD Tunnels](https://www.cloudflare.com/products/tunnel/) to forward your LAN PhoenixD http web socket located at http://localhost:9740 to your own public facing domain name. 101 | 102 | If you use a self-hosted instance then you just give it the LAN IP address in full with http:// and the port 9740 together with the `http-password` from `~/.phoenix/phoenix.conf`. 103 | 104 | -------------------------------------------------------------------------------- /sparrow-server/GUIDE.md: -------------------------------------------------------------------------------- 1 | # Sparrow Server - 24/7 Mixing 2 | 3 | ### Introduction 4 | In this guide I will walk you through how to use [Sparrow Server](https://www.sparrowwallet.com) on your headless Bitcoin node to allow you to mix 24/7 without leaving your laptop running all night. 5 | 6 | I used [RaspiBolt's Guide](https://raspibolt.org/guide/bonus/bitcoin/sparrow-terminal.html) as the basis for this guide but modified it for a Intel/AMD Debian/Ubuntu based server. 7 | 8 | ### Pre-requisites 9 | Technically you can do this without a private Electrum server and opt to use the public Electrum servers that Sparrow offers in it's server preferences. If you want to use your own node I used @k3tan's [Ministry of Nodes Guide](https://youtube.com/playlist?list=PLCRbH-IWlcW2A_kpx2XwAMgT0rcZEZ2Cg) 01 to 05 as the basis of my home Electrum server. 10 | 11 | Setup a Local machine with +1TB SSD: 12 | - [UNB22 - 01 - Overview](https://youtu.be/9Kb7TobTNPI) 13 | - [UNB22 - 02 - Planning Preparation and Installation of Ubuntu](https://youtu.be/siCQvYD6pro) 14 | - [UNB22 - 03 - Ubuntu Familiarisation](https://youtu.be/YpRuP_X1D2s) 15 | 16 | Setup Bitcoin Core on Local machine: 17 | - [UNB22 - 04 - Bitcoin Core](https://youtu.be/fx_mLXISrfM) 18 | 19 | Setup Fulcrum Server OR ElectrumX Server on Local machine: 20 | - [UNB22 - 05 - Fulcrum Server](https://youtu.be/SpQRrbJt7cg) OR 21 | - [Running an ElectrumX Server](https://youtu.be/QiX0rR_o_fI) 22 | 23 | This guide also assumes you already have Sparrow Wallet files that are setup to use [Whirlpool](https://www.sparrowwallet.com/docs/mixing-whirlpool.html). 24 | 25 | ### Installing Sparrow Server 26 | 27 | SSH into your headless server: 28 | ```bash 29 | ssh username@{headless-ip} 30 | sudo apt update && sudo apt upgrade 31 | ### Download, verify and install Sparrow Server 32 | VERSION="1.7.6" 33 | wget https://github.com/sparrowwallet/sparrow/releases/download/$VERSION/sparrow-server_$VERSION-1_amd64.deb 34 | wget https://github.com/sparrowwallet/sparrow/releases/download/$VERSION/sparrow-$VERSION-manifest.txt.asc 35 | wget https://github.com/sparrowwallet/sparrow/releases/download/$VERSION/sparrow-$VERSION-manifest.txt 36 | ``` 37 | 38 | Verify the release: 39 | ```bash 40 | VERSION="1.7.6" 41 | curl https://keybase.io/craigraw/pgp_keys.asc | gpg --import 42 | gpg --verify sparrow-$VERSION-manifest.txt.asc 43 | sha256sum --check sparrow-$VERSION-manifest.txt --ignore-missing 44 | ``` 45 | 46 | Install Sparrow Server: 47 | ```bash 48 | VERSION="1.7.6" 49 | sudo dpkg -i sparrow-server_$VERSION-1_amd64.deb 50 | ``` 51 | 52 | Often the location of the Sparrow binary won't be in your `$PATH`. Edit your `.bashrc` (Also install vim because it kicks ass): 53 | ```bash 54 | sudo apt install vim 55 | sudo vim ~/.bashrc 56 | ### Add the end of the .bashrc include this: 57 | export PATH="/opt/sparrow/bin:$PATH" 58 | ### exit with :wq 59 | ### reload your bash script: 60 | source ~/.bashrc 61 | ``` 62 | 63 | ### Keeping Sparrow Server Running 24/7 64 | 65 | If you open `Sparrow` from your ssh session you will get a nice blue colored terminal UI. Familiarise yourself with the interface it varies in a few ways from the regular desktop GUI. Exit `Sparrow` in your ssh session. 66 | 67 | #### Optional: Connect to your local Electrum Server 68 | 69 | If you are running your own Electrum Server on the same headless server then while within `Sparrow` go to `Preferences > Server` and select `Private Electrum` and `Continue`. Set values according to your Electrum Server implementation and test connection. 70 | 71 | ```bash 72 | # For Electrs (default) 73 | URL: 127.0.0.1:50001 74 | Use SSL?: No 75 | 76 | # For Fulcrum 77 | URL: 127.0.0.1:50002 78 | Use SSL?: Yes 79 | ``` 80 | 81 | You are now connected to your own Electrum Server 82 | 83 | #### Copy existing Wallet files to server 84 | 85 | Install [rsync](https://www.digitalocean.com/community/tutorials/how-to-use-rsync-to-sync-local-and-remote-directories) on both your laptop and your headless server: 86 | ```bash 87 | sudo apt install rsync 88 | ssh username@{headless-ip} 89 | sudo apt install rsync 90 | exit 91 | ### copy wallet files to server 92 | rsync -aP .sparrow/wallets/* username@{headless-ip}:.sparrow/wallets/ 93 | ``` 94 | 95 | ### Keeping Sparrow Server Running 24/7 - ctd. 96 | 97 | Sparrow server doesn't come with a way to run as a `system daemon`, so you will have use something like [tmux](https://linuxhandbook.com/tmux/) to allow you to run Sparrow server and keep it running in the background on your server. 98 | 99 | While still in your ssh session install tmux: 100 | ```bash 101 | sudo apt install tmux 102 | ``` 103 | 104 | Now start a new tmux session for your Sparrow Server 105 | ```bash 106 | tmux new -s sparrowserver 107 | ### This will open a tmux terminal instance 108 | ### Run Sparrow 109 | Sparrow 110 | ``` 111 | 112 | Using Sparrow Server open the wallet files you copied across. Enter passwords and passphrases (if needed). Go to `Postmix > UTXOs > Mix To...` and set `Postmix index range` to Odd. Now lock your wallet files and exit the tmux session by using `ctrl+b` then `d`. 113 | 114 | #### Accessing your tmux session 115 | When you want to access the tmux session again use this command: 116 | ```bash 117 | tmux a -t sparrowserver 118 | ``` 119 | This will bring up your Sparrow Server instance as you left it. 120 | -------------------------------------------------------------------------------- /headless-bisq/GUIDE.md: -------------------------------------------------------------------------------- 1 | # Headless Bisq Instance 2 | 3 | ### Introduction 4 | 5 | In this guide I will walk you through how to run the [Bisq GUI](https://bisq.network/) on your headless server. If like me you love using Bisq but don't like keeping a laptop open running the GUI 24/7 to keep your offers in the orderbook then this is the guide for you. 6 | 7 | ### Pre-requisites 8 | 9 | You will need a headless server running Bitcoin Core in order to make this work. I used @k3tan's [Ministry of Nodes Guide](https://youtube.com/playlist?list=PLCRbH-IWlcW2A_kpx2XwAMgT0rcZEZ2Cg) 01 to 04 as the basis of my Bitcoin Core Server. 10 | 11 | Setup a Local machine with +1TB SSD: 12 | - [UNB22 - 01 - Overview](https://youtu.be/9Kb7TobTNPI) 13 | - [UNB22 - 02 - Planning Preparation and Installation of Ubuntu](https://youtu.be/siCQvYD6pro) 14 | - [UNB22 - 03 - Ubuntu Familiarisation](https://youtu.be/YpRuP_X1D2s) 15 | 16 | Setup Bitcoin Core on Local machine: 17 | - [UNB22 - 04 - Bitcoin Core](https://youtu.be/fx_mLXISrfM) 18 | 19 | You will also need a Laptop (or other Computer with display functionality) in order to interact with your headless instance of Bisq. 20 | 21 | ### First Backup Bisq! 22 | 23 | If you have already got a Bisq instance running on your Laptop with your wallet and payment accounts attached to it then you should [Backup your Bisq Data Directory](https://bisq.wiki/Backing_up_application_data). Basically you should close your Bisq instance and then copy the Bisq data directory to your headless server: 24 | 25 | ```bash 26 | ### make sure rsync is installed on both machines 27 | sudo apt install rsync 28 | ssh username@{headless-ip} 29 | sudo apt install rsync 30 | exit 31 | ### then sync up your folder to a backup directory 32 | rsync -aP ~/.local/share/Bisq/* username@{headless-ip}:~/BisqBackup_YYYYMMDD/ 33 | ``` 34 | 35 | ### Installing Bisq 36 | 37 | Now you will need to install Bisq on your headless server. SSH into your headless server: 38 | 39 | ```bash 40 | ssh username@{headless-ip} 41 | sudo apt update && sudo apt upgrade 42 | ### Install GUI utility 43 | sudo apt install xdg-utils 44 | ### Download, verify and install Bisq 45 | VERSION="1.9.9" 46 | wget https://bisq.network/downloads/v$VERSION/Bisq-64bit-$VERSION.deb 47 | wget https://bisq.network/downloads/v$VERSION/Bisq-64bit-$VERSION.deb.asc 48 | curl https://bisq.network/downloads/v$VERSION/E222AA02.asc | gpg --import 49 | gpg --verify Bisq-64bit-$VERSION.deb.asc 50 | sudo mkdir /usr/share/desktop-directories/ 51 | sudo dpkg -i Bisq-64bit-$VERSION.deb 52 | ### Often the location of the Bisq binary won't be in your $PATH 53 | ### Edit your .bashrc (Also install vim because it kicks ass): 54 | sudo apt install vim 55 | sudo vim ~/.bashrc 56 | ### Add the end of the .bashrc include this: 57 | export PATH="/opt/bisq/bin:$PATH" 58 | ### exit with :wq 59 | ### reload your bash script: 60 | source ~/.bashrc 61 | ``` 62 | 63 | ### Headless GUI Interface 64 | 65 | The _normal_ way for accessing GUI instances from a headless server is via [X11 forwarding](https://nulb.app/x4mxj). This works but you won't be able to keep your Bisq instance running in the background of your headless server as desired. Enter [XPRA](https://www.xpra.org/). This is software that allows you to keep that GUI instance running even after you stop accessing it from your headsup display. 66 | 67 | XPRA must be installed on both the client and the host. Please follow instructions on their [GitHub](https://github.com/Xpra-org/xpra) for installation. I will give instructions for Ubuntu 22.04LTS: 68 | 69 | ```bash 70 | DISTRO=jammy 71 | #install https support for apt (which may be installed already): 72 | sudo apt update 73 | sudo apt install apt-transport-https software-properties-common 74 | sudo apt install ca-certificates 75 | # add xpra GPG key: 76 | sudo wget -O "/usr/share/keyrings/xpra.asc" https://xpra.org/gpg.asc 77 | # add the xpra repository: 78 | wget -O "/etc/apt/sources.list.d/xpra.sources" https://xpra.org/repos/$DISTRO/xpra.sources 79 | # add the optional beta channel: 80 | # wget -O "/etc/apt/sources.list.d/xpra-beta.sources" https://xpra.org/repos/$DISTRO/xpra-beta.sources 81 | # install the xpra package: 82 | sudo apt update 83 | sudo apt install xpra 84 | ``` 85 | 86 | ### Getting your Headless Bisq Initialized 87 | 88 | Before you use XPRA to attach a headless GUI version of Bisq you might need to open Bisq using X11 forwarding just to initialize the Bisq data directory folders on your headless server. Log into your server via ssh and edit your your `sshd_config` file to switch any `#X11Forwarding no` to uncommented `X11Forwarding yes`. Also perform `sudo systemctl restart sshd` and/or `sudo systemctl restart ssh`. 89 | 90 | Login to your server again using trusted ssh login: 91 | ```bash 92 | ssh -Y username@{headless-ip} 93 | ### In your server now 94 | Bisq 95 | ``` 96 | 97 | This should now open Bisq GUI on your host machine. Let it boot up and sync. Then once it opens correctly and the app looks in a good state then exit the application. This should have created the directory and also hopefully give you a chance to troubleshoot any Bisq issues you might have before you copy over your Bisq data directory and setup `XPRA`. 98 | 99 | Assuming it is all setup well then let us get that data directory that you copied to your server in the _First Backup Bisq!_ section. 100 | ```bash 101 | ### Delete the files stored during the initialization of Bisq above: 102 | rm -r ~/.local/share/Bisq/* 103 | ### copy from your backup folder: 104 | sudo apt install rsync 105 | rsync -aP ~/BisqBackup_YYYYMMDD/* ~/.local/share/Bisq/ 106 | ``` 107 | Now open Bisq on your headless server again and check that your data directory is restored correctly and that you have your wallet and payment accounts preserved from the old Bisq instance. 108 | 109 | ### XPRA FTW 110 | 111 | Now assuming you got XPRA installed on both client and host. First let us ssh into the host and attach Bisq as an XPRA instance: 112 | ``` 113 | ### You can replace :10 without whatever you want just remember it for later 114 | xpra start :10 --start=Bisq 115 | xpra list 116 | ``` 117 | Now head exit from your headless client and get back into terminal for your host and run this: 118 | ``` 119 | ### Reminder the :10 must match the number used in your headless client above 120 | xpra attach ssh:username@{headless-ip}:10 121 | ``` 122 | 123 | This should hopefully make your Bisq instance pop up on the host machine in all it's glory. You can now create an offer and then keep that offer running on the server and shudown your host machine. Just use `CTRL+C` in the terminal window where you ran `xpra attach ssh:username@{headless-ip}:10`. Happy trading! 124 | 125 | ### Troubleshooting 126 | #### XPRA folder Permissions 127 | If you run into weird permissions errors around where `xpra` wants to keep it's logs on your headless server then you might need to do this: 128 | ```bash 129 | ### I'm not very sure about these steps, so if you spot an error let me know: 130 | sudo mkdir /run/user/1000 131 | sudo chown {username} /run/user/1000 132 | sudo mkdir /run/user/1000/xpra 133 | sudo chown {username} /run/user/1000/xpra/ 134 | ``` 135 | #### Usability Quirks 136 | Small quirks to be aware of, you won't easily be able to copy and paste from the XPRA Bisq GUI to your host machine (or at least I haven't figured that out yet). This can make paying from an external wallet a bit cumbersome. Similarly the open in external wallet link _won't work_, in the sense that it is trying to open a wallet on your server. Now maybe you could also run Sparrow Wallet via XPRA and that would work but I haven't tested that yet. 137 | 138 | #### Bisq Double Instances 139 | Bisq doesn't especially like if you run multiple instances of the same data directory, so if for some reason you want to stop running the server instance and go back to your Laptop instance I would recommend the following: 140 | ```bash 141 | ### Open your XPRA instance on your host 142 | xpra attach ssh:username@{headless-ip}:10 143 | ### Now rather than CTRL+C escape you must actually shutdown the GUI properly first 144 | ### then CTRL+C escape from the xpra attachment. 145 | ### Now enter your server: 146 | ssh username@{headless-ip} 147 | ### Check XPRA is still running 148 | xpra list 149 | ### Stop XPRA for that Bisq process running at :10 150 | xpra stop :10 151 | ### It is good practice to backup your current Bisq data directory folder on your server first: 152 | rsync -aP ~/.local/share/Bisq/ ~/BisqBackup_YYYYMMDD 153 | ### Now exit your server 154 | exit 155 | ### sync up your host machine's Bisq directory with your servers: 156 | rsync -aP username@{headless-ip}:~/.local/share/Bisq/ ~/.local/share/Bisq/ 157 | ``` 158 | 159 | Now you should be able to open your Bisq on your host machine without causing you any issues with open offers and trades. Though I would advise against doing this when you are in the middle of a trade settlement just to err on the side of caution. 160 | 161 | Similarily if you are now going back to your server instance you should close that GUI instance down and now copy your host machine's Bisq directory back to your server: 162 | ```bash 163 | ### It is good practice to backup your current Bisq data directory folder on your server first: 164 | rsync -aP ~/.local/share/Bisq/ ~/BisqBackup_YYYYMMDD 165 | ### sync up your server's Bisq directory with your host machine: 166 | rsync -aP ~/.local/share/Bisq/ username@{headless-ip}:~/.local/share/Bisq/ 167 | ssh username@{headless-ip} 168 | xpra start :10 --start=Bisq 169 | xpra list 170 | exit 171 | xpra attach ssh:username@{headless-ip}:10 172 | ``` 173 | -------------------------------------------------------------------------------- /public-electrum-server/GUIDE.md: -------------------------------------------------------------------------------- 1 | # Public Bitcoin Electrum Server 2 | 3 | ### Introduction 4 | In this guide I will walk you through how you make your locally hosted Bitcoin Electrum Server accessible via the public domain without exposing your home IP address. 5 | 6 | ### Pre-requisites 7 | I used @k3tan's [Ministry of Nodes Guide](https://youtube.com/playlist?list=PLCRbH-IWlcW2A_kpx2XwAMgT0rcZEZ2Cg) 01 to 05 as the basis of my setup 8 | 9 | Setup a Local machine with +1TB SSD: 10 | - [UNB22 - 01 - Overview](https://youtu.be/9Kb7TobTNPI) 11 | - [UNB22 - 02 - Planning Preparation and Installation of Ubuntu](https://youtu.be/siCQvYD6pro) 12 | - [UNB22 - 03 - Ubuntu Familiarisation](https://youtu.be/YpRuP_X1D2s) 13 | 14 | Setup Bitcoin Core on Local machine: 15 | - [UNB22 - 04 - Bitcoin Core](https://youtu.be/fx_mLXISrfM) 16 | 17 | Setup Fulcrum Server OR ElectrumX Server on Local machine: 18 | - [UNB22 - 05 - Fulcrum Server](https://youtu.be/SpQRrbJt7cg) OR 19 | - [Running an ElectrumX Server](https://youtu.be/QiX0rR_o_fI) 20 | 21 | In addition to the above you will also need a remote server: 22 | - [Host4Coins](https://host4coins.net/) 23 | - [1984Hosting](https://1984.hosting/) 24 | 25 | ### Local Machine Setup 26 | 27 | This guide assumes you have a local machine running Debian-based Linux Distro with a fully sync-ed Bitcoin Node and Bitcoin indexer either ElectrumX or Fulcrum (ElectRS is another option ElectrumX is many times faster than this). 28 | 29 | The way we are going to expose our Bitcoin indexer to the public is via a [Reverse SSH tunnel](https://youtu.be/N8f5zv9UUMI) from our local machine to a remote server. 30 | 31 | This [guide](https://openoms.github.io/bitcoin-tutorials/ssh_tunnel.html) from @openoms covers some of this but not specifically from the perspective of tunnelling your Electrum Server. 32 | 33 | You should have [ssh keys setup](https://www.cyberciti.biz/faq/how-to-set-up-ssh-keys-on-linux-unix/) and copied over to your remote server. For this ssh tunnel daemon to work smoothly you will need ssh keys without a passphrase. 34 | 35 | First install autossh which is a wrapper on ssh: 36 | ```bash 37 | sudo apt-get update 38 | sudo apt-get upgrade 39 | sudo apt-get install autossh 40 | ``` 41 | 42 | Then create a `.service` file to run your ssh tunnel daemon: 43 | ```bash 44 | sudo vim /etc/systemd/system/ssh-tunnel.service 45 | ``` 46 | 47 | Here is a template of this `.service` file: 48 | ```service 49 | [Unit] 50 | Description=Remote SSH tunnel for Electrum Server 51 | After=network.target 52 | 53 | [Service] 54 | User=localuser 55 | Group=localusergroup 56 | Environment="AUTOSSH_GATETIME=0" 57 | ExecStart=/usr/bin/autossh -C -M 0 -v -N -o "ServerAliveInterval=60" -R :localhost:50001 @ 58 | Restart=always 59 | RestartSec=60 60 | StandardOutput=journal 61 | 62 | [Install] 63 | WantedBy=multi-user.target 64 | ``` 65 | _Note: Remote port should not be equal to 50001 or 50002 to avoid potential binding issues on your remote server._ 66 | 67 | The port you are tunneling should be the regular TCP port 50001 and not the SSL 68 | port 50002. This is because the remote server will be performing the SSL 69 | encryption via nginx when exposing the data to the public. You want to edit the config file for your Electrum Server and make sure 70 | the line relating to enabling tcp is uncommented. In `fulcrum.conf` this is 71 | near line ~120 `tcp = 0.0.0.0:50001`. 72 | 73 | Once the daemon file `ssh-tunnel.service` has been created you will need to 74 | reload, enable and start: 75 | ```bash 76 | sudo systemctl daemon-reload 77 | sudo systemctl enable ssh-tunnel.service 78 | sudo systemctl start ssh-tunnel.service 79 | ``` 80 | 81 | You should then check the status: 82 | ```bash 83 | sudo systemctl status ssh-tunnel.service 84 | ``` 85 | or logs: 86 | ```bash 87 | journalctl -fu ssh-tunnel.service 88 | ``` 89 | 90 | This important line in the logs you should be looking for is this: 91 | ```bash 92 | autossh[]: debug1: remote forward success for: listen , connect localhost:50001 93 | ``` 94 | 95 | ### Remote Server Setup 96 | 97 | The remote server should be running a debian-based headless distro. You will need 98 | [nginx 99 | installed](https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-open-source/). 100 | If you got your server from [1984Hosting](https://1984.hosting/) they have the 101 | option to pre-install some packages including nginx. 102 | 103 | As per [@openoms guide](https://openoms.github.io/bitcoin-tutorials/ssh_tunnel.html) you should login as root or run: 104 | ``` 105 | sudo su 106 | ``` 107 | edit the sshd config: 108 | ```bash 109 | vim /etc/ssh/sshd_config 110 | ``` 111 | Make sure the following entries are active. You can search for them in the config and remove the # to activate them or if they are not included just paste them on the end of the file: 112 | ``` 113 | RSAAuthentication yes 114 | PubkeyAuthentication yes 115 | GatewayPorts yes 116 | AllowTcpForwarding yes 117 | ClientAliveInterval 60 118 | ``` 119 | 120 | Restart the sshd service (WARNING: you can lose access at this point if the config is wrong): 121 | ``` 122 | systemctl restart sshd 123 | ``` 124 | 125 | Log back onto your remote server and check that the reverse ssh-tunnel is working: 126 | ```bash 127 | lsof -i : 128 | ``` 129 | This should return: 130 | ```bash 131 | COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME 132 | sshd root 7u IPv4 00000000 0t0 TCP *: (LISTEN) 133 | sshd root 8u IPv6 00000000 0t0 TCP *: (LISTEN) 134 | ``` 135 | You can also use: 136 | ```bash 137 | netstat -tulpn | grep 138 | ``` 139 | which should return: 140 | ```bash 141 | tcp 0 0 0.0.0.0: 0.0.0.0:* LISTEN /sshd: 142 | tcp6 0 0 ::: :::* LISTEN /sshd: 143 | ``` 144 | 145 | Now you will need to edit your nginx config (use sudo if not logged in as root): 146 | ```bash 147 | vim /etc/nginx/nginx.conf 148 | ``` 149 | Then add this section before the `http{}` part of the config: 150 | ```conf 151 | stream { 152 | server { 153 | listen [::]:50002 ssl; 154 | listen 50002 ssl; 155 | proxy_pass localhost:; 156 | ssl_certificate /etc/ssl//server.crt; 157 | ssl_certificate_key /etc/ssl//server.key; 158 | error_log /var/log/nginx/error.log; 159 | } 160 | } 161 | ``` 162 | _Note: If you run into issues with stream and get the error `unknown directive "stream" in /etc/nginx/nginx.conf:` after adding the above and running `nginx -t`. Then you should try installing `libnginx-mod-stream` via `apt install libnginx-mod-stream` ([link](https://www.server-world.info/en/note?os=Ubuntu_22.04&p=nginx&f=12))._ 163 | #### HTTPS Certificates 164 | *Update: Due to restrictions in BDK you should try to obtain a certificate via Let's Encrypty versus using a self-signed certificate as described below. You can follow this guide if you already have nginx and certbot installed on your VPS: https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04* 165 | 166 | Now you might be wondering where to get the `ssl_certificate` and 167 | `ssl_certificate_key`. If you already setup ssl on your Electrum server on your 168 | local machine then you can use 169 | [scp](https://www.freecodecamp.org/news/scp-linux-command-example-how-to-ssh-file-transfer-from-remote-to-local/) 170 | to copy those certificate and keys to your remote server and reuse them. 171 | 172 | Otherwise you can create a fresh set of keys (add sudo if not logged in as 173 | root): 174 | ```bash 175 | apt install openssl 176 | mkdir /etc/ssl/ 177 | cd /etc/ssl// 178 | openssl genrsa -des3 -out server.pass.key 2048 179 | openssl rsa -in server.pass.key -out server.key 180 | rm server.pass.key 181 | openssl req -new -key server.key -out server.csr 182 | openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt 183 | rm server.csr 184 | ``` 185 | 186 | Now you need to check that you haven't messed up your `nginx.conf` by running: 187 | ```bash 188 | nginx -t 189 | ``` 190 | This should return: 191 | ```bash 192 | nginx: the configuration file /etc/nginx/nginx.conf syntax is ok 193 | nginx: configuration file /etc/nginx/nginx.conf test is successful 194 | ``` 195 | 196 | Now reload the daemon and restart nginx: 197 | ```bash 198 | systemctl daemon-reload 199 | systemctl restart nginx 200 | ``` 201 | Now you should check the status of nginx: 202 | ```bash 203 | systemctl status nginx 204 | ``` 205 | 206 | If you get something like this: 207 | ``` 208 | nginx: [emerg] bind() to 0.0.0.0:50002 failed (98: Address already in use) 209 | ``` 210 | 211 | Then it means you are re-using one of your ports. Stop nginx and have a look 212 | at: 213 | ``` 214 | lsof -i :50002 215 | ``` 216 | with nginx stopped there shouldn't be anything running on your remote server 217 | over that port. If there is then you might need to change the listen port in your 218 | stream nginx config. 219 | 220 | Now in order for someone to use your public facing Electrum server they will 221 | need to enter use `:50002`. This means that you will need 222 | to open traffic over port 50002: 223 | ```bash 224 | apt install ufw 225 | ufw status 226 | ufw allow 50002 227 | ufw status 228 | ``` 229 | You will also want to look into some basic server security: 230 | - [How to disable ssh password login](https://www.cyberciti.biz/faq/how-to-disable-ssh-password-login-on-linux/) 231 | - [Fail2Ban](https://github.com/fail2ban/fail2ban) 232 | 233 | ### Acknowledgements 234 | Thanks to [wiz](https://github.com/wiz) and [emzy](https://github.com/Emzy) for helping me when I was setting this up for myself. 235 | 236 | ### Issues 237 | 238 | If you need help with this guide you can create an issue on the repo and I will help you there. 239 | --------------------------------------------------------------------------------