Versions Compared

Version Old Version 15 New Version Current
Changes made by

Charles Wernicke

Charles Wernicke

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Now that the configuration has been created, you must expose this URL to the world. Installation (or modification) of NGINX is described in this article: https://generalbytes.atlassian.net/wiki/x/AQBlrw

...

A working & tested NGINX server block:

Code Block
server {
    listen       8701 ssl;
    server_name wallets;

    ssl_certificate /etc/letsencrypt/live/yourcasdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/yourcasdomain.com/privkey.pem;

    location / {
        proxy_pass https://10.3.2.1:7743/api/v1/crypto-wallets/;
        access_log /var/log/nginx/wallets_access.log;
        error_log /var/log/nginx/wallets_error.log;
    }
}

  • Change the ssl_certificate settings to point to your actual certificate files.

  • Save the server block in a file, e.g. /etc/nginx/conf.d/wallets.conf and restart NGINX.

  • This server block will expose the PDF wallets at https://yourcasdomain.com:8701

  • Open up port 8701 in your firewall, and direct your DNS record (for a subdomain) to that port.

Cloudflare

You can use Cloudflare Zero-Trust tunnels: https://generalbytes.atlassian.net/l/cp/VLSWb0XA

  • Point the tunnel to HTTPS 127.0.0.1:8701 and make sure to use the NGINX config above (also).

    • Enable “No TLS Verify” in Additional application settings → TLS

  • TURN OFF PROXY for the subdomain. This will expose your IP, but otherwise Cloudflare will sniff the wallet - and since it can only be read once - the wallet will be invalid and thereafter won’t be usable.

  • The pdfWalletLinkUrl should match the new tunnel subdomain+domain.

  • test URL example: https://

    cas-rest-api

    wallets.yourcasdomain.com

    /api/v1/crypto-wallets

    /

    testthe pdfWalletLinkUrl should match your adjusted

    test

    URL (without the “test” suffix), becausethat is the link that will be sent to your customers.

  • Yet another (undocumented) option: ngrok: https://ngrok.com/product/secure-tunnels

The URL path in any case must translate/point to: https://{master_bind_ip}:7743/api/v1/crypto-wallets

Testing

Append “/test” to the end of the exposed URL. Navigate to the URL using a web browser.

...

  1. The customer initiates a BUY.

  2. Customer selects the button “DON’T HAVE A WALLET?, or

    1. if the Travel Rule is employed, the “CREATE NEW WALLET” option may be offered.

...

  1. The Customer chooses “DOWNLOAD WALLET AS PDF”.

...

6. The Customer uses the Public Key in the PDF to receive their coin.

Example PDF:

...

...

NGINX Specific Details

Your settings should contain entries such as these.