Skip to content
LightwalletD is the light wallet client server for Zcash
Branch: master
Clone or download
Pull request Compare This branch is 47 commits ahead, 149 commits behind zcash:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


Zecwallet lightwalletd is a fork of lightwalletd from the ECC.

It is a backend service that provides a bandwidth-efficient interface to the Zcash blockchain for the Zecwallet light wallet.

Changes from upstream lightwalletd

This version of Zecwallet lightwalletd extends lightwalletd and:

  • Adds support for transparent addresses
  • Adds several new RPC calls for lightclients
  • Lots of perf improvements
    • Replaces SQLite with in-memory cache for Compact Blocks
    • Replace local Txstore, delegating Tx lookups to Zcashd
    • Remove the need for a separate ingestor

Running your own zeclite lightwalletd

0. First, install Go >= 1.11.

1. Run a zcash node.

Start a zcashd with the following options:


You might need to run with -reindex the first time if you are enabling the txindex or insightexplorer options for the first time. The reindex might take a while.

2. Get a TLS certificate

a. Self-signed certificate if you are running a private instance just for yourself:

Generate a TLS self-signed certificate

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes

Answer the certificate questions to generate the self-signed certificate

b. "Let's Encrypt" certificate using NGINX as a reverse proxy

If you running a public-facing server, the easiest way to obtain a certificate is to use a NGINX reverse proxy and get a Let's Encrypt certificate. Instructions are here

Create a new section for the NGINX reverse proxy:

server {
    listen 443 ssl http2;
    ssl_certificate     ssl/cert.pem; # From certbot
    ssl_certificate_key ssl/key.pem;  # From certbot
    location / {
        # Replace localhost:9067 with the address and port of your gRPC server if using a custom port
        grpc_pass grpc://localhost:9067;
c. Use your own TLS certificate

If you have your own TLS certificate issued by a certificate authority, you can use it directly with the GRPC frontend, as described in the next section

3. Run the frontend:

You can run the gRPC server with or without TLS, depending on how you configured step 2. If you are using NGINX as a reverse proxy and are letting NGINX handle the TLS authentication, then run the frontend with -no-tls

go run cmd/server/main.go -bind-addr -conf-file ~/.zcash/zcash.conf -no-tls

If you have a certificate that you want to use (either self signed, or from a certificate authority), pass the certificate to the frontend:

go run cmd/server/main.go -bind-addr -conf-file ~/.zcash/zcash.conf  -tls-cert cert.pem -tls-key key.pem

You should start seeing the frontend ingest and cache the zcash blocks after ~15 seconds.

4. Point the zecwallet-cli to this server

Connect to your server!

./zecwallet-cli -server

If you are using a self-signed certificate, then zecwallet will reject the connection by default (because the certificate isn't from a valid certificate authority. To override this, pass the --dangerous flag. Obviously, this is dangerous, so please only use if you are connecting to your own server.

./zecwallet-cli --server --dangerous
You can’t perform that action at this time.