-
Notifications
You must be signed in to change notification settings - Fork 147
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add documentation for watchtower, ssl, lightning
- Loading branch information
Showing
5 changed files
with
231 additions
and
100 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
JSONRPC interface | ||
================= | ||
|
||
|
||
Commands to the Electrum daemon can be sent using JSONRPC. This is | ||
useful if you want to use electrum in a PHP script. | ||
|
||
Note that the daemon uses a random port number by default. In order to | ||
use a stable port number, you need to set the 'rpcport' configuration | ||
variable (and to restart the daemon): | ||
|
||
.. code-block:: bash | ||
electrum setconfig rpcport 7777 | ||
Further, starting with Electrum 3.0.5, the JSON-RPC interface is | ||
authenticated using `HTTP basic auth`_. | ||
|
||
.. _`HTTP basic auth`: https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication#Basic_authentication_scheme | ||
|
||
The username and the password are config variables. | ||
When first started, Electrum will initialise both; | ||
the password will be set to a random string. You can of course | ||
change them afterwards (the same way as the port, and then restart | ||
the daemon). To simply look up their value: | ||
|
||
.. code-block:: bash | ||
electrum getconfig rpcuser | ||
electrum getconfig rpcpassword | ||
Note that HTTP basic auth sends the username and the password unencrypted as | ||
part of the request. While using it on localhost is fine in our opinion, | ||
using it across an untrusted LAN or the Internet is not secure. | ||
Hence, you should take further measures in such cases, such as wrapping the | ||
connection in a secure tunnel. For further details, `read this`_. | ||
|
||
.. _`read this`: https://bitcoin.org/en/release/v0.12.0#rpc-ssl-support-dropped | ||
|
||
After setting a static port, and configuring authentication, | ||
we can perform queries using curl or PHP. Example: | ||
|
||
.. code-block:: bash | ||
curl --data-binary '{"jsonrpc":"2.0","id":"curltext","method":"getbalance","params":[]}' http://username:password@127.0.0.1:7777 | ||
Query with named parameters: | ||
|
||
.. code-block:: bash | ||
curl --data-binary '{"jsonrpc":"2.0","id":"curltext","method":"listaddresses","params":{"funded":true}}' http://username:password@127.0.0.1:7777 | ||
Create a payment request: | ||
|
||
.. code-block:: bash | ||
curl --data-binary '{"jsonrpc":"2.0","id":"curltext","method":"addrequest","params":{"amount":"3.14","memo":"test"}}' http://username:password@127.0.0.1:7777 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
How to configure SSL with Electrum | ||
================================== | ||
|
||
This page was written for Electrum 4.0 (currently in development_) | ||
|
||
You should have a TLS/SSL private key and a public certificate for | ||
your domain set up already (signed by a CA, for example free Letsencrypt_) | ||
|
||
|
||
.. _Letsencrypt: | ||
https://letsencrypt.org/ | ||
|
||
.. _development: | ||
https://github.com/spesmilo/electrum#development-version-git-clone | ||
|
||
Add your SSL private key | ||
------------------------ | ||
|
||
Create a file that contains only the private key: | ||
|
||
.. code-block:: openssl | ||
-----BEGIN PRIVATE KEY----- | ||
your private key | ||
-----END PRIVATE KEY----- | ||
Please note that this is not your wallet key but a private key for the | ||
matching TLS/SSL certificate. | ||
|
||
Set the path to your the SSL private key file with setconfig: | ||
|
||
.. code-block:: bash | ||
electrum -o setconfig ssl_keyfile /path/to/ssl/privkey.pem | ||
Add your SSL certificate bundle | ||
------------------------------- | ||
|
||
Create another file, file that contains your certificate, | ||
and the list of certificates it depends on, up to the root | ||
CA. Your certificate must be at the top of the list, and | ||
the root CA at the end. | ||
|
||
.. code-block:: openssl | ||
-----BEGIN CERTIFICATE----- | ||
your cert | ||
-----END CERTIFICATE----- | ||
-----BEGIN CERTIFICATE----- | ||
intermediate cert | ||
-----END CERTIFICATE----- | ||
-----BEGIN CERTIFICATE----- | ||
root cert | ||
-----END CERTIFICATE----- | ||
Set the ssl_chain path with setconfig: | ||
|
||
.. code-block:: bash | ||
electrum -o setconfig ssl_certfile /path/to/ssl/fullchain.pem | ||
Check that your certificate was accepted by Electrum | ||
---------------------------------------------------- | ||
|
||
Check that your SSL certificate correctly configured: | ||
|
||
.. code-block:: bash | ||
electrum -o get_ssl_domain | ||
This should return the Common Name of your certificate. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
How to setup a watchtower | ||
========================= | ||
|
||
This tutorial will show you how to configure your Electrum daemon as a | ||
watchtower for your lightning wallet. It is written for Electrum 4.0 | ||
(currently in development_) | ||
|
||
.. _development: | ||
https://github.com/spesmilo/electrum#development-version-git-clone | ||
|
||
Add your SSL certificate to Electrum | ||
------------------------------------ | ||
|
||
To protect against MITM attacks, add a SSL certificate: | ||
|
||
.. code-block:: bash | ||
electrum -o setconfig ssl_keyfile /path/to/ssl/privkey.pem | ||
electrum -o setconfig ssl_certfile /path/to/ssl/fullchain.pem | ||
For details see `How to add SSL <ssl.html>`_ | ||
|
||
|
||
Configure your Watchtower | ||
------------------------- | ||
|
||
Configure your watchtower address and password: | ||
|
||
.. code-block:: bash | ||
electrum setconfig -o run_local_watchtower true | ||
electrum setconfig -o watchtower_user myusername | ||
electrum setconfig -o watchtower_password mypassword | ||
electrum setconfig -o watchtower_address example.com:12345 | ||
Then start the daemon: | ||
|
||
.. code-block:: bash | ||
electrum daemon -d | ||
The watchtower database contains presigned transactions, and is in | ||
~/.electrum/watchtower_db If you open the GUI you can see hown many | ||
channels and transactions are in the database. | ||
|
||
|
||
Configure the watchtower in your client | ||
--------------------------------------- | ||
|
||
In your client preferences, tick 'use a remote watchtower' and enter the url: | ||
|
||
.. code-block:: bash | ||
https://myusername:mypassword@example.com:12345 |