Bitcoin + Development Best Practices

[chalbersma]

Relatively new to bitcoin but wondering if there is a specifc set of bitcoin best practices when dealing with web servers and bitcoind?

[gweedo]

If your asking this you probably should hire someone, there is so much to say on this. Do you have any basic linux security? Should probably learn that first.

[chalbersma]

Yes I manage Linux web servers for a living. I'm more specifically asking about hardening bitcoind. I know the website suggests things like firewalling the RPC port to only allow access from where it suppose to. For example if you've got a webserver and a dedicated bitcoind box only allow connection to the bitcoind box from the webserver. Stuff like that I understand. But what other general tips on locking down bitcoind are there. It's always easier to miss the little things when you don't have a checklist.

[gweedo]

I save all my JSON RPC connection information into memory, it makes it harder for hackers to get to it. I would get a frontend web server and a dedicate bitcoind. Again there is so much to say on this topic.

[chalbersma]

Right now I've got a basic lamp + bitcoin (lampcoin machine setup in SUSE studio. Haven't published yet but was figuring before publishing I should make sure there's no obvious mistakes I'm making.
What you're saying is good advice and before I'd launch a website of any sizable amount I'd be sure to follow them. But I was hoping to create a small box that will allow people to  develop their web apps but develop them in a reasonably secure manner. If you've got some time I'd be more than happy to have your thoughts on the build.

[gweedo]

If your developing a hosting system to allow them to use your bitcoind, then I would for sure have your bitcoind behind a script that does a lot of the heavy lifting and more security checks.

[chalbersma]

Not so much a hosting system a development image. I'll publish and thow up a link.

If your developing a hosting system to allow them to use your bitcoind, then I would for sure have your bitcoind behind a script that does a lot of the heavy lifting and more security checks.

[gweedo]

Not so much a hosting system a development image. I'll publish and thow up a link.

If your developing a hosting system to allow them to use your bitcoind, then I would for sure have your bitcoind behind a script that does a lot of the heavy lifting and more security checks.

ohh a server image, ok yea throw it up I would take a look at it.

[chalbersma]

And here she is.
http://susestudio.com/a/UUzOnb/lampcoin-server-64bit

She's still rough around the edges so be gentle with her.

Just threw up a new version so don't be afraid to redownload. Also let me know if a different virtual format would be better.

[gweedo]

Yea a VMDK would work better, qcow2 is kinda hard to get it working without converting it. I just try to use it in virtualbox on a mac OSX 10.8 and I couldn't get it to boot.

[SRoulette]

From our own experience the best advice we can give is do not host your wallet on a server you do not trust.
There have been cases of hosting company admins stealing the bitcoins from the site their supposed to admin, ala trade hill.

Hello Gweedo, nice to see you helping out.

[chalbersma]

From our own experience the best advice we can give is do not host your wallet on a server you do not trust.
There have been cases of hosting company admins stealing the bitcoins from the site their supposed to admin, ala trade hill.

Hello Gweedo, nice to see you helping out.

Hmm not sure how to accomplish that part.

But I am changing the default format to vmdk which should work with VirtualBox no problem.

[chalbersma]

Default format is now vmdk. Should work with virtual box.

[chalbersma]

Updated has both vmdk and kvm images.