This applies only if you do not use some other automated systems such as Debian packages. If you use automated systems, refer to their documentation first!
Pruning must be turned off for electrs to work.
txindex is allowed but unnecessary for electrs.
However, you might still need it if you run other services (e.g.eclair).
The option maxconnections (if used) should be set to 12 or more for bitcoind to accept inbound p2p connections.
Note that setting maxuploadtarget may cause p2p-based sync to fail - so consider using -whitelist=download@127.0.0.1 to disable the limit for local p2p connections.
The highly recommended way of authenticating electrs is using cookie file.
It's the most secure and robust method.
Set rpccookiefile option of bitcoind to a file within an existing directory which it can access.
You can skip it if you're running both daemons under the same user and with the default directories.
electrs will wait for bitcoind to sync, however, you will be unabe to use it until the syncing is done.
Example command for running bitcoind (assuming same user, default dirs):
$ bitcoind -server=1 -txindex=0 -prune=0Electrs can be configured using command line, environment variables and configuration files (or their combination). It is highly recommended to use configuration files for any non-trivial setups since it's easier to manage. If you're setting password manually instead of cookie files, configuration file is the only way to set it due to security reasons.
Important: you must configure db_dir to be either an empty directory or previously used by electrs!
The contents of this directory is considered internal to electrs and any tampering that is not explicitly allowed by documentation
can lead to serious problems! Currently the only permitted operation is deleting whole mainnet subdirectory when upgrading to version 0.9.0 - see the upgrading section.
The Toml-formatted config files (an example here) are (from lowest priority to highest): /etc/electrs/config.toml, ~/.electrs/config.toml, ./electrs.toml.
The options in highest-priority config files override options set in lowest-priority config files.
Environment variables override options in config files and finally arguments override everythig else.
There are two special arguments --conf which reads the specified file and --conf-dir, which read all the files in the specified directory.
The options in those files override everything that was set previously, including arguments that were passed before these two special arguments.
In general, later arguments override previous ones. It is a good practice to use these special arguments at the beginning of the command line in order to avoid confusion.
Naming convention
For each command line argument an environment variable of the same name with ELECTRS_ prefix, upper case letters and underscores instead of hypens exists
(e.g. you can use ELECTRS_ELECTRUM_RPC_ADDR instead of --electrum-rpc-addr).
Similarly, for each such argument an option in config file exists with underscores instead of hypens (e.g. electrum_rpc_addr).
You need to use true value in case of flags (e.g. timestamp = true).
Authentication
In addition, config files support auth option to specify username and password.
This is not available using command line or environment variables for security reasons (other applications could read it otherwise).
Important note: auth is different from cookie_file, which points to a file containing the cookie instead of being the cookie itself!
If you are using -rpcuser=USER and -rpcpassword=PASSWORD of bitcoind for authentication, please use auth="USER:PASSWORD" option in one of the config files.
Otherwise, ~/.bitcoin/.cookie will be used as the default cookie file,
allowing this server to use bitcoind JSONRPC interface.
Note: there was a cookie option in the version 0.8.7 and below, it's now deprecated - do not use, it will be removed.
Please read upgrade notes if you're upgrading to a newer version.
In order to use a secure connection, you can also use NGINX as an SSL endpoint
by placing the following block in nginx.conf.
stream {
upstream electrs {
server 127.0.0.1:50001;
}
server {
listen 50002 ssl;
proxy_pass electrs;
ssl_certificate /path/to/example.crt;
ssl_certificate_key /path/to/example.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 4h;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
}
}$ sudo systemctl restart nginx
$ electrum --oneserver --server=example:50002:sNote: If you are connecting to electrs from Eclair Mobile or another similar client which does not allow self-signed SSL certificates, you can obtain a free SSL certificate as follows:
- Follow the instructions at https://certbot.eff.org/ to install the certbot on your system.
- When certbot obtains the SSL certificates for you, change the SSL paths in the nginx template above as follows:
ssl_certificate /etc/letsencrypt/live/<your-domain>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<your-domain>/privkey.pem;
Tor hidden service
Install Tor on your server and client machines (assuming Ubuntu/Debian):
$ sudo apt install tor
Add the following config to /etc/tor/torrc:
HiddenServiceDir /var/lib/tor/electrs_hidden_service/
HiddenServiceVersion 3
HiddenServicePort 50001 127.0.0.1:50001
If you use the beta Debian repository,
it is cleaner to install tor-hs-patch-config using apt and then placing the configuration into a file inside /etc/tor/hidden-services.d.
Restart the service:
$ sudo systemctl restart tor
Note: your server's onion address is stored under:
$ sudo cat /var/lib/tor/electrs_hidden_service/hostname
<your-onion-address>.onion
On your client machine, run the following command (assuming Tor proxy service runs on port 9050):
$ electrum --oneserver --server <your-onion-address>.onion:50001:t --proxy socks5:127.0.0.1:9050
For more details, see http://docs.electrum.org/en/latest/tor.html.
If you use the beta Debian repository, you should skip this section, as the appropriate systemd unit file is installed automatically.
You may wish to have systemd manage electrs so that it's "always on".
Here is a sample unit file (which assumes that the bitcoind unit file is bitcoind.service):
[Unit]
Description=Electrs
After=bitcoind.service
[Service]
WorkingDirectory=/home/bitcoin/electrs
ExecStart=/home/bitcoin/electrs/target/release/electrs --log-filters INFO --db-dir ./db --electrum-rpc-addr="127.0.0.1:50001"
User=bitcoin
Group=bitcoin
Type=simple
KillMode=process
TimeoutSec=60
Restart=always
RestartSec=60
[Install]
WantedBy=multi-user.target