Versions Compared

Old Version 2

changes.mady.by.user Charles Wernicke

Saved on

compared with

New Version 3

changes.mady.by.user Charles Wernicke

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. You must enable publish to HQ in terminal settings.

  2. Simply place following HTML code on your website:
    <div id="coin-widget" align="left" serial-number="BT300019" color-text="white" color-bg="#2557A1" show-on-map="Show ATM on Map"></div>
    <script src="https://coin.cz/widgets/atm_widget_buy.js"></script>

  3. If you have a two-way machine and you want to display also sell price use following code:
    <div id="coin-widget" align="left" serial-number="BT300019" text-buy="Buy" text-sell="Sell" color-text="white" color-bg="#2557A1" show-on-map="Show ATM on Map"></div>
    <script src="https://coin.cz/widgets/atm_widget_buy_sell.js" ></script>

  4. Please note that you should modify various attributes:

    • To specify correct serial number of your machine.

    • To specify colors of your choice.

    • If you delete show-on-map attribute link "Show on map" will not be displayed in widget.

  5. Price is updated every 15 minutes.

Installation Of Geth Ethereum Wallet

Installation of the self-provided Geth Ethereum wallet in Linux

Note: This guide is for Geth version 1.6.7-stable. Please consult Geth documentation for steps valid for different version.

There are two possibilities how to integrate Geth wallet with GENERAL BYTES Crypto Application Server (CAS). The easier (and recommended) solution is to run Geth in the same operating system CAS is running in (local setup). This way the communication between CAS and Geth wallet never leaves the corresponding OS, which means you don't have to apply aditional measures to secure the communication.

However, there might be a situation when you can't run Geth together with CAS. In such a case, you can run Geth on a separate machine that is network accessible from the CAS's operating system (networked setup). This guide describes both scenarios. In case the steps vary for the different scenarios, the guide specifically mentions the differences.

1. Install Geth on the target machine

Use the following commands to install Geth in Ubuntu on the target machine (either CAS's OS or separate machine):

sudo apt install software-properties-common
sudo add-apt-repository -y ppa:ethereum/ethereum
sudo apt update
sudo apt install ethereum

Create a new geth account (be sure to remember the entered password):

geth account new

You can verify presence of the account:

geth account list

Output of the command should be similar to this: Account #0: {a93c1a569338a8705853e680a22e86210a8b8a43} keystore:///home/rpanak/.ethereum/keystore/UTC--2017-08-31T09-58-39.303977188Z--a93c1a569338a8705853e680a22e86210a8b8a43 Note the bold string (which will be different on your computer). Later on, when we refer to your Geth account, we mean this string. By prepending "0x", you will get your Geth Ethereum wallet address (e.g. 0xa93c1a569338a8705853e680a22e86210a8b8a43).

You should now backup the created account. You will need both the backup and the password to access your wallet in case of a disaster. See official documentation for details.

2. Sync Geth

Run the following command to start Geth (don't forget to change the bold part to your geth account).

geth --rpc --unlock a93c1a569338a8705853e680a22e86210a8b8a43

Geth will start, and attempt to unlock your account. In order to do this, you will have to enter your Geth account password. After the account is unlocked, Geth will start synchronizing the transaction history. This will take a long time (hours, maybe more than a day). We recommend to wait until the synchronization is over. During normal synchronization, Geth will output lots of log messages. After the whole transaction history is imported, the process output slows down considerably, but it never stops completely. Geth is always catching up to the latest transactions as they become part of the network. This is sample process output after Geth becomes synchronized:

INFO [09-05|16:33:41] Imported new chain segment               blocks=1 txs=163 mgas=6.706 elapsed=395.874ms mgasps=16.941 number=4241306 hash=a1b098…ea2e03
INFO [09-05|16:33:46] Imported new chain segment               blocks=1 txs=155 mgas=6.686 elapsed=395.240ms mgasps=16.917 number=4241307 hash=f9ca69…8a1f66
INFO [09-05|16:33:59] Imported new chain segment               blocks=1 txs=220 mgas=4.783 elapsed=487.489ms mgasps=9.812 number=4241308 hash=fd7747…39105f
INFO [09-05|16:34:25] Imported new chain segment               blocks=1 txs=47 mgas=1.612 elapsed=56.825ms mgasps=28.376 number=4241309 hash=a79f06…2dcc20
INFO [09-05|16:34:37] Imported new chain segment               blocks=1 txs=138 mgas=6.704 elapsed=282.580ms mgasps=23.724 number=4241310 hash=e09aac…595c9b
INFO [09-05|16:34:42] Imported new chain segment               blocks=1 txs=109 mgas=6.690 elapsed=242.438ms mgasps=27.595 number=4241311 hash=90d1bd…ce8c12
INFO [09-05|16:34:50] Imported new chain segment               blocks=1 txs=188 mgas=6.668 elapsed=393.185ms mgasps=16.958 number=4241312 hash=9b09c4…90566c
INFO [09-05|16:35:24] Imported new chain segment               blocks=1 txs=57 mgas=6.693 elapsed=146.477ms mgasps=45.690 number=4241313 hash=5fb9e5…6272e7
INFO [09-05|16:35:36] Imported new chain segment               blocks=1 txs=123 mgas=6.692 elapsed=251.714ms mgasps=26.584 number=4241314 hash=931517…b44042
INFO [09-05|16:36:21] Imported new chain segment               blocks=1 txs=108 mgas=2.358 elapsed=281.030ms mgasps=8.392 number=4241315 hash=a9e8b3…80ddf2

After Geth becomes synchronized, leave the process running and continue with the rest of the guid in a new terminal window. Geth process needs to be running for the CAS integration to work.

To verify Geth synchronization, execute the following command (remember, from now on you work in different window, while the Geth process is still running in the old window):

geth attach

You should get output similar to this:

Welcome to the Geth JavaScript console!

instance: Geth/v1.6.7-stable-ab5646c5/linux-amd64/go1.8.1
coinbase: 0xa93c1a569338a8705853e680a22e86210a8b8a43
at block: 4241335 (Tue, 05 Sep 2017 16:44:49 CEST)
datadir: /home/rpanak/.ethereum
modules: admin:1.0 debug:1.0 eth:1.0 miner:1.0 net:1.0 personal:1.0 rpc:1.0 txpool:1.0 web3:1.0

>

The command started Geth interactive JavaScript console. Note the last known block number in bold. Go to Etherscan to verify this is the latest block available on the Ethereum network. If your and Etherscan's last block numbers match, your Geth is synchronized.

The Geth interactive JavaScript console is a good way to test your account (wallet). Send a small amount of ETH to your Geth wallet. Next you can use the console to verify your wallet balance and make a test transaction (e.g. send some ETH to a different wallet). Here is a sample command needed to send a transaction. Note that you should change the addresses and transfer amount accordingly. See documentation for details.

eth.sendTransaction({from: "0xa93c1a569338a8705853e680a22e86210a8b8a43", to: "0xdb2e27ed07344826002efa848c0e08d0da4ebaad", value: web3.toWei("0.001", "ether")})

After you have finished verifying your Geth setup, you can exit from the interactive console:

exit

3. Install and configure reverse proxy (networked setup only)

For local setup, you can skip to the next step.

For the networked setup, you'll have CAS nad Geth communicating over network. Geth doesn't encrypt control channel communication nor does it authenticate the user, so you need a reverse proxy that will handle this for Geth. The proxy will run in the same OS as Geth. CAS will connect to the proxy using TLS, so the communication will be encrypted. Furthermore, proxy will handle client authentication so that no one else can control your wallet. Proxy will relay the communication to Geth over Geth's unencrypted unauthenticated channel. However, this part of the communication doesn't leave the confines of the operating system and therefore is unaccessible to the potential attackers on the network. In the next steps you will generate a TLS certificate and configure nginx to act as the reverse proxy (using the generated certificate).

3.1. Install nginx

Use the following command to install nginx:

sudo apt install nginx apache2-utils

Now prepare a directory to store our proxy configuration:

sudo mkdir /etc/nginx/geth-proxy
sudo chmod 755 /etc/nginx/geth-proxy

3.2. Generate X.509 TLS certificates

First you need to prepare an openssl configuration file:

sudo gedit /etc/nginx/geth-proxy/geth-proxy.cnf

Paste the following content into the editor:

[req]
distinguished_name = dn
req_extensions = v3_san
x509_extensions = v3_san
prompt = yes

[dn]
countryName = "Country Name (2 letter code)"
state = "State or Province Name (full name)"
localityName = "Locality Name (eg, city)"
organizationName = "Organization Name (eg, company)"
organizationalUnitName = "Organizational Unit Name (eg, section)"
commonName = "Common Name (e.g. server FQDN or IP address)"
emailAddress = "Email Address"

[v3_san]
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
<SAN>

Note the last line in bold. You will need to replace <SAN> with subject alternative name specification for the certificate you're about to generate. In order for CAS to communicate with Geth, you will later need to configure CAS and specify the host Geth is running on. There are two ways to do it. You can either use an IP address directly (e.g. 172.217.23.238), or you can specify a resolvable DNS name (e.g. google.com). Depending on how you're planning to specify the Geth's host, you need to replace <SAN> with either IP.1 = 172.217.23.238 (in case you chose to specify an IP address and 172.217.23.238 is the IP address of Geth's host OS) or DNS.1 = google.com (in case you chose to specify a DNS name and google.com is DNS name you can use to contact Geth's host OS). Note that the actual replacement string should contain your IP address or your domain name, not the ones given in our examples. After you are finished editing the last line, save the file and exit the editor.

Now you have the configuration file for OpenSSL, so you can generate the X.509 certificate. Before you execute the command, let's explain what it actually does. The openssl command will use our previously created configuration file to generate a new 4096bit RSA private key (stored as /etc/nginx/geth-proxy/geth-proxy.key) and a self-signed X.509 certificate (stored as /etc/nginx/geth-proxy/geth-proxy.crt). Before the files are created, you will be presented with a set of prompts to fill in data for the certificate. For the value of Common Name, use the same IP address or domain name you chose when editing the configuration file. The resulting certificate will be valid for 3650 days (i.e. ~10 years) and won't be password-protected so that nginx can use it without your intervention. Make sure all copies of the generated keyfile are stored securely. Anyone with access to the keyfile could use it for a man-in-the-middle attack to ultimately gain control of your Geth wallet. To proceed, execute the following command:

sudo openssl req -x509 -days 3650 -newkey rsa:4096 -nodes -sha256 -keyout /etc/nginx/geth-proxy/geth-proxy.key -out /etc/nginx/geth-proxy/geth-proxy.crt -config /etc/nginx/geth-proxy/geth-proxy.cnf

Restrict file access for your newly generated private key:

sudo chmod 600 /etc/nginx/geth-proxy/geth-proxy.key

You should now obtain the 64 characters long fingerprint of your newly generated certificate. You'll need it later to configure CAS:

openssl x509 -in /etc/nginx/geth-proxy/geth-proxy.crt -noout -fingerprint -sha256 | cut -d= -f2 | tr -d :

3.3. Configure nginx

Use the following commands to prepare a password file (to store users and passwords) for nginx:

sudo touch /etc/nginx/geth-proxy/.htpasswd
sudo chown www-data:www-data /etc/nginx/geth-proxy/.htpasswd
sudo chmod 600 /etc/nginx/geth-proxy/.htpasswd

Create an user that will be able to access Geth through nginx proxy. Substitute <username> in the command with your chosen username. The command will prompt you for a password for the new user. You'll need the username and password later to configure CAS. We'll later refer to these values as nginx user and nginx password. In order to proceed, execute:

sudo htpasswd /etc/nginx/geth-proxy/.htpasswd <username>

Prepare nginx configuration file:

sudo gedit /etc/nginx/sites-available/geth-proxy

Paste the following content into the editor, then save the file and exit the editor:

server {
    listen 8546 ssl;
    ssl_certificate /etc/nginx/geth-proxy/geth-proxy.crt;
    ssl_certificate_key /etc/nginx/geth-proxy/geth-proxy.key;
    location / {
        auth_basic "Restricted";
        auth_basic_user_file /etc/nginx/geth-proxy/.htpasswd;
        proxy_pass http://localhost:8545;
    }
}

Link your proxy configuration into nginx enabled configurations:

sudo ln -s /etc/nginx/sites-available/geth-proxy /etc/nginx/sites-enabled/geth-proxy

Reload nginx configurations:

sudo service nginx reload

Now use your browser to test nginx setup. Enter https://<HOST>:8546/ into your browser address bar, substituting <HOST> for the chosen host identification (IP address or DNS name). You'll need to confirm a security exception in your browser (in Chrome, click on ADVANCED, then click on Proceed). This is just your browser warning you about an unknown self-signed certificate. After proceeding you should be presented with a username/password prompt. Entering invalid data shouldn't let you pass, while entering the nginx user and nginx password should give you a blank page.

4. Configure CAS

When configuring Crypto Setting in CAS administration console, choose Self-Provided Geth Ethereum Wallet as your hot wallet. You will now need to specify parameters for Geth. The format for the parameters is host:port:username:password:cert_fingerprint:wallet_address. In case of local setup, only host, port and wallet_address are needed. You can leave the rest blank, but you have to follow the format. In case you haven't diverged from the application defaults, your host value will be localhost and port will be 8545. For wallet_address use your geth wallet address, e.g.: localhost:8545::::0xa93c1a569338a8705853e680a22e86210a8b8a43.

For networked setup the values will be as follows. Host will be the chosen host identification (IP address or DNS name). Port will be 8546. Username and password should be set to nginx user and nginx password respectively. Cert_fingerprint should be you 64 character long certificate fingerprint and wallet_address (of course) your Geth wallet address. Example parameters value for networked setup using IP address for host identification:172.217.23.238:8546:nginxuser:unh4ck4bl3P455W0RD:1F8F21446D7D8E44FFAC70558956F763AB8BF5613B9036E552D50DB9B071DA06:0xa93c1a569338a8705853e680a22e86210a8b8a43

Configure the rest of the crypto settings as usual and assign crypto settings to terminals. Now you should be ready to use Geth as your hot wallet.