...
Now that the configuration has been created, you must expose this URL to the world. Installation (or modification) of NGINX is described in this article: https://generalbytes.atlassian.net/wiki/x/AQBlrw
It’s also possible to do it via Cloudflare (instead): https://generalbytes.atlassian.net/l/cp/VLSWb0XA
...
A working & tested NGINX server block:
| Code Block |
|---|
server { listen 8701 ssl; server_name wallets; ssl_certificate /etc/letsencrypt/live/yourcasdomain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/yourcasdomain.com/privkey.pem; location / { proxy_pass https://10.3.2.1:7743/api/v1/crypto-wallets/ |
...
the pdfWalletLinkUrl should match your adjusted test URL (without the “test” suffix), because
...
;
access_log /var/log/nginx/wallets_access.log;
error_log /var/log/nginx/wallets_error.log;
}
} |
Save the server block in a file, e.g.
/etc/nginx/conf.d/wallets.confand restart NGINX.This server block will expose the PDF wallets at https://yourcasdomain.com:8701
Open up port 8701 in your firewall, and direct your DNS record (for a subdomain) to that port.
Cloudflare
You can use Cloudflare Zero-Trust tunnels: https://generalbytes.atlassian.net/l/cp/VLSWb0XA
Point the tunnel to
HTTPS127.0.0.1:8701and make sure to use the NGINX config above (also).Enable “No TLS Verify” in Additional application settings → TLS
TURN OFF PROXY for the subdomain. This will expose your IP, but otherwise Cloudflare will sniff the wallet - and since it can only be read once - the wallet will be invalid and thereafter won’t be usable.
The
pdfWalletLinkUrlshould match the new tunnel subdomain+domain.test URL example:
https://wallets.yourcasdomain.com/testYet another (undocumented) option: ngrok: https://ngrok.com/product/secure-tunnels
The URL path in any case must translate/point to: https://{master_bind_ip}:7743/api/v1/crypto-wallets
Testing
Append “/test” to the end of the exposed URL. Navigate to the URL using a web browser.
...