Electrum Server Question want to make it "private"

[DaveF]

So I setup a server for my own use and all was good.
I opened the ports so I could use my phone wallet and laptop wallet in the real world.

Outside of a few people I told about it nobody should have been using it.
Other then nonstandard ports / just not telling others is there a way to make it private?

No VPN or anything else to make it complicated have to connect is there a way to make it non accessible to the world.

I'm assuming the answer is no, but figured I would ask anyway.

Thanks,
Dave

[1715310174]

1715310174

[1715310174]

1715310174

[1715310174]

1715310174

[o_e_l_e_o]

I saw a thread on the Electrum subreddit about this just yesterday. I'll link to it rather than just regurgitating the information. It might answer some of your questions: https://www.reddit.com/r/Electrum/comments/fa194o/making_electrumx_server_more_private/

You'll also find some more information in the ElectrumX Documentation here: https://readthedocs.org/projects/electrumx/downloads/pdf/stable/. The bottom of page 24 talks about setting PEER_DISCOVERY to self.

Beyond that, you would probably be looking at using Electrum Personal Server rather than ElectrumX, which only allows a single instance of Electrum to connect at a time.

[DireWolfM14]

Bitcointalk user mocacinno set up a private Electrum server for forum users only.  He white-listed the IP addresses of those who asked for access.  I don't know how he did it, but he may be willing to share the information.

https://bitcointalk.org/index.php?topic=5130661.msg50557530#msg50557530

[DaveF]

White listing is simple if you are only connecting from 1 place but for mobile it's going to be impossible.

The PEER_DISCOVERY & PEER_ANNOUNCE was what I was looking for but it does not seem to work.
However, I have no idea if it's because it was already announced and discovered that it's still out there.

Going to shut it down for a while and see if connections show up again after it's been down for a bit.

-Dave

[DaveF]

So I shut it off at about 6:00 PM EST yesterday and turned it back on at 9:00 AM today.
It's been an hour (yeah not much) but nobody has connected yet. Will leave it up though tomorrow and see.
Will update post if people connect.

Side note: I know I have said it before but it's so much nicer asking questions here then on github or reddit. Just get answers no condescension.

Thanks,
Dave

[DireWolfM14]

White listing is simple if you are only connecting from 1 place but for mobile it's going to be impossible.

I don't know if you use a VPN, but my service allows me a dedicated IP address.  You could white list that address, and always use vpn to connect from your phone.

[pooya87]

I know I have said it before but it's so much nicer asking questions here then on github or reddit.

FWIW github is not a place to ask questions, it is a place to share code and the issue section is for issues with code such as bugs, feature improvement,... questions should be asked in forums such as this and reddit.
reddit is good too although i have used it mainly for programming related questions nothing bitcoin related.

[DaveF]

So after close to a day with the new settings there are no connections except for the ones I made.

I know I have said it before but it's so much nicer asking questions here then on github or reddit.

FWIW github is not a place to ask questions, it is a place to share code and the issue section is for issues with code such as bugs, feature improvement,... questions should be asked in forums such as this and reddit.
reddit is good too although i have used it mainly for programming related questions nothing bitcoin related.

Although not so much with crypto related stuff there are some projects that don't have telegram / discord / reddit etc. places to discuss or ask so you are sort of forced to use github. Or email one of the programmers if possible.

Thanks,
Dave

[mocacinno]

Bitcointalk user mocacinno set up a private Electrum server for forum users only.  He white-listed the IP addresses of those who asked for access.  I don't know how he did it, but he may be willing to share the information.

https://bitcointalk.org/index.php?topic=5130661.msg50557530#msg50557530

Only a handfull of people ever asked to whitelist their ip, and allmost nobody connected to the node, so i shut that project down... However, the setup was pretty simple. I setup everything to run as a service and start in the correct sequence, however, i have only documented how to start the daemons in the foreground... I hope i didn't miss anything

I installed + sync'ed a full node with following config (https://github.com/bitcoin/bitcoin)

Code:

daemon=1
server=1
rpcuser=myuser
rpcpassword=mypassword
maxmempool=50
mempoolexpiry=2
dbcache=1024
zmqpubrawblock=tcp://127.0.0.1:28332
zmqpubrawtx=tcp://127.0.0.1:28332

Then i setup electrs with following config (https://github.com/romanz/electrs/)

Code:

cargo run --release -- -vvv --timestamp --db-dir ./db --electrum-rpc-addr="127.0.0.1:50001" --cookie="myuser:mypassword" --server-banner="donation address 1MocACiWLM8bYn8pCrYjy6uHq4U3CkxLaa . This is a private server, if you did not receive explicit permission by Mocacinno to use this server, please disconnect immediately!" --txid-limit 0

As you can see, electrs is only listening on 127.0.0.1 (port 50001)

Then i setup nginx as a reverse proxy (http://nginx.org/en/download.html)

Code:

load_module /usr/lib/nginx/modules/ngx_stream_module.so;
user www-data;
worker_processes auto;
pid /run/nginx.pid;
error_log /var/log/nginx/electrum_error.log;
events {
    worker_connections  1024;
}

stream {
       upstream electrs {
                server 127.0.0.1:50001;
        }
                log_format upstream_time '[$time_local] [$connection] $remote_addr:$remote_port => $server_addr:$server_port bytes in/out $bytes_received/$bytes_sent [$status]';
        server {

                access_log /var/log/nginx/electrum_access.log upstream_time;
                listen 50002 ssl;
                proxy_pass electrs;
                ssl_certificate /etc/letsencrypt/live/electrum.mocacinno.com/fullchain.pem;
                ssl_certificate_key /etc/letsencrypt/live/electrum.mocacinno.com/privkey.pem;
                ssl_session_cache shared:SSL:1m;
                ssl_session_timeout 4h;
                ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
                ssl_prefer_server_ciphers on;
                include blockips.conf;
        }
}

and then, finally, the blockips.conf

Code:

allow 94.110.92.129;
allow 174.0.253.77;
allow 2a02:2c40:100:b210:0:0:1:84ea;
allow 134.58.253.56;
allow 36.83.82.24;
deny all;