Comments (8)
so as far right now this issue should be resolved then. thanks for the explanation and assistance given.
from laravel-bitcoinrpc.
Bitcoin Core dropped direct support for RPC over SSL since version 0.12.0. Please see changelog and consider using suggested method of securing connection through stunnel.
As for accessing bitcoind via domain, it's nothing special - you just specify following in your dot env file (first line if you want to use ssl):
BITCOIND_SCHEME=https
BITCOIND_HOST=api.example.com
Although I'm sure you already did this...
Your issue is actually probably related to cloudflare. Cloudflare blocks requests from laravel-bitcoinrpc client (or any other api client for that matter) when security features (specifically Browser Integrity Check
) are enabled, because it can't detect it as a proper browser.
You can circumvent this by delegating subdomain (i.e. api.example.com
) for api requests and configuring Page Rules for it as described in this guide.
from laravel-bitcoinrpc.
right now im adding a A record for the new subdomain via cloudflare. so if that blocks me, then ill need to add A record to the domain provider itself right?
from laravel-bitcoinrpc.
from laravel-bitcoinrpc.
one more thing, i manage to use domain and ssl for the connection and now i tried implementing ht authentication to the domain.
on web browser, whenever i put the domain on search bar it will prompt me for that username and password that ive set. but then i put the url with username and password on my configuration file, it will return the same 401 response.
Kindly assist me on this matter.
URL format that ive user :
https://username:[email protected]:rpcport
is this the correct way?
from laravel-bitcoinrpc.
External HTTP Authentication is not supported by this package.
Bitcoin Daemon already using authentication via rpcuser
and rpcpassword
parameters in bitcoin.conf
, it won't ask for you credentials when visiting through your browser since it's expects POST requests, but on proper POST it'll ask client this information.
BITCOIND_HOST MUST contain only host name without scheme or any credentials.
from laravel-bitcoinrpc.
is there any other security implementation that i need to be considered other than ssl and domain integration to bitcoin nodes?
from laravel-bitcoinrpc.
As far a network stuff concerned not really. SSL encryption via stunnel should be good enough. If you don't trust stunnel, SSH tunneling will work as well. Any of the above would be secure enough for mitigating MITM attacks.
Note that when using stunnel or SSH tunneling, requests will be coming from localhost as far as Bitcoin Core concerned, so rpcallowip
option in bitcoin.conf
will have no effect and any connecting IP will be allowed. You can use your system firewall (e. g. iptables) to restrict access to node from trusted IPs only.
You should also think of some kind of rate-limiting on your client in order to not overwhelm Bitcoin node that has no rate limiting on its own and cause DoS.
Finally, please be aware that running node and client on separate machines is no more (it's actually slightly less) secure that running both on the same, so it should be done only for easier scaling and better resource utilization, not better security.
from laravel-bitcoinrpc.
Related Issues (16)
- 'Denpa\Bitcoin\Providers\ServiceProvider' not found HOT 2
- FatalErrorException on newest release HOT 2
- JSON value is not a string as expected HOT 1
- Connection Refused HOT 7
- Does the package support omni sub-modules?
- Entity Too Large HOT 5
- Request response containing an object with multiple same key is merged and data is missing HOT 5
- How to connect with blockdaemon.com
- Can't connect to getWalletInfo HOT 1
- composer fails due to new Guzzle 7.0.1 with Laravel 7 HOT 1
- ZMQ implementation HOT 1
- Argument 1 passed to Denpa\\Bitcoin\\ClientFactory::__construct() HOT 2
- How to define two separate instance of different ports HOT 9
- Possible to use external server IP HOT 4
- JSON value is not a string as expected HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from laravel-bitcoinrpc.