|
Title: bitcoind security best practices? Post by: Fking on November 06, 2012, 02:38:35 PM I'm thinking of running bitcoind on my dedicated server where wallet.dat will be stored in a folder not accessible from internet.
I'll get shared hosting or VPS for the actual site but was wondering where to set the mysql DB? I suppose since, the interactions with bitcoind will be only when receiving or sending money, and with the mysql DB much more often for all sort of things, would be better for usability to place it on the frontend? How do you secure the communication between both servers? If you have ssl for the communication between the frontend server and the client, can you use the same for the backdoor communication to the dedicated with bitcoind? What would you guys do and what other security precautions you like to take when using bitcoind and wallet on a server? Title: Re: bitcoind security best practices? Post by: CIYAM on November 06, 2012, 03:03:21 PM Personally I would not put bitcoind on any VPS - is it such a problem to set up your own computer to do that?
Title: Re: bitcoind security best practices? Post by: Schleicher on November 06, 2012, 06:33:56 PM It all depends on what you want to do with your Bitcoind.
Only sending Bitcoins? Or mining? Title: Re: bitcoind security best practices? Post by: Fking on November 06, 2012, 07:28:50 PM sending and receiving
i've got a dedicated anyway, so not gonna use a vps for bitcoind vps or shared i might use for the site the wallet will be encrypted, since commands to bitcoind will be sent from php script on the other server, will we need to transmit the wallet password between the servers? how is best to protect the connection between the servers? i'm gonna use ssl certificate for the site to user connection, but have no experience with backdoor server to server communications, neither with the bitcoind protocol, so excuse my newbie questions :) Title: Re: bitcoind security best practices? Post by: Insu Dra on November 06, 2012, 08:49:58 PM Quote Use a SSL rpc connection true a secure and restrictive vpn tunnel. added a nice ending the sentence. ;D Title: Re: bitcoind security best practices? Post by: Fking on November 15, 2012, 03:35:13 PM i see that bitcoind conf file has an option to use ssl
-rpcssl Use OpenSSL (https) for JSON-RPC connections -rpcsslcertificatechainfile=<file.cert> Server certificate file (default: server.cert) -rpcsslprivatekeyfile=<file.pem> Server private key (default: server.pem) -rpcsslciphers=<ciphers> Acceptable ciphers (default: TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!AH:!3DES:@STRENGTH) i suppose we don't need to buy certificates for this server to server connection, how do we generate the needed files on our own? Title: Re: bitcoind security best practices? Post by: Gavin Andresen on November 15, 2012, 07:35:18 PM i suppose we don't need to buy certificates for this server to server connection, how do we generate the needed files on our own? See: https://en.bitcoin.it/wiki/Enabling_SSL_on_original_client_daemonTitle: Re: bitcoind security best practices? Post by: kjj on November 15, 2012, 11:45:46 PM The step about copying the chaining cert to the client is very important. Without that step, an attacker can man-in-the-middle you.
|