Title: Need to host Bitcoin Core RPC server over SSL/TLS [SOLVED] Post by: NotATether on November 24, 2021, 10:38:05 AM I am trying to host bitcoin core over an SSL connection, because it is by default only accessible over HTTP (there used to be an option to configure SSL for the RPC but it was removed back in 0.12).
However, I am finding it difficult to make requests using stunnel (https://stunnel.org) software that encapsulates the connection over HTTPS. This is what I'm trying so far (on a testnet connection): Code: # curl --data-binary '{"jsonrpc":"1.0","id":"curltext","method":"getblockchaininfo","params":[]}' -H 'content-type:text/plain;' https://user:pass@127.0.0.1:28332 -v My stunnel.conf: Code: pid=/var/run/stunnel/stunnel.pid As you can see, by default Bitcoind only binds to localhost and not to the other interfaces (I think there is an option "rpcserver" that configures this or similarly named). I need to get Bitcoind hosted on my public interface (0.0.0.0) over HTTPS because its running on a different machine than the one that has the rest of the API that's calling it, and I don't like exposing the username and password over HTTP. It is being used for non-wallet functionality. Changing client = yes to client = no changes the output to this: Code: * Trying 127.0.0.1:28332... As you can see, I am using a self-signed certificate, I need to figure out a way to make CURL stop complaining about this warning so that RPC calls can be made. Title: Re: Need to host Bitcoin Core RPC server over SSL/TLS Post by: DaveF on November 25, 2021, 12:56:21 AM Take a look at: https://www.cyberciti.biz/faq/how-to-curl-ignore-ssl-certificate-warnings-command-option/
I have used the insecure options with varying levels of success. I have still gotten odd failures but then it starts working again, never really figured out why. And at other times it just complained about other cert issues. -Dave Title: Re: Need to host Bitcoin Core RPC server over SSL/TLS Post by: NotATether on November 25, 2021, 04:08:18 PM Take a look at: https://www.cyberciti.biz/faq/how-to-curl-ignore-ssl-certificate-warnings-command-option/ I have used the insecure options with varying levels of success. I have still gotten odd failures but then it starts working again, never really figured out why. And at other times it just complained about other cert issues. -Dave Yeah, that seemed to do the trick. Since I was making production requests through NodeJS, I had to create an httpAgent that had rejectUnauthorized set to false, to perform the equivalent behavior of CURL (ignoring certificate verification errors) like this: Code: const https = require('https'); |