...
Now that the configuration has been created, you must expose this URL to the world. Installation (or modification) of NGINX is described in this article: https://generalbytes.atlassian.net/wiki/x/AQBlrw
...
A working & tested NGINX server block:
| Code Block |
|---|
server {
listen 8701 ssl;
server_name wallets;
ssl_certificate /etc/letsencrypt/live/yourcasdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourcasdomain.com/privkey.pem;
location / {
proxy_pass https://10.3.2.1:7743/api/v1/crypto-wallets/;
access_log /var/log/nginx/wallets_access.log;
error_log /var/log/nginx/wallets_error.log;
}
} |
Change the
ssl_certificatesettings to point to your actual certificate files.Save the server block in a file, e.g.
/etc/nginx/conf.d/wallets.confand restart NGINX.This server block will expose the PDF wallets at https://yourcasdomain.com:8701
Open up port 8701 in your firewall, and direct your DNS record (for a subdomain) to that port.
Cloudflare
You can use Cloudflare Zero-Trust tunnels: https://generalbytes.atlassian.net/l/cp/VLSWb0XA
Point the tunnel to
HTTPS127.0.0.1:8701and make sure to use the NGINX config above (also).Enable “No TLS Verify” in Additional application settings → TLS
TURN OFF PROXY for the subdomain. This will expose your IP, but otherwise Cloudflare will sniff the wallet - and since it can only be read once - the wallet will be invalid and thereafter won’t be usable.
The
pdfWalletLinkUrlshould match the new tunnel subdomain+domain.test URL example:
cas-rest-apihttps://
api/v1/crypto-wallets/testthewallets.yourcasdomain.com/pdfWalletLinkUrlshould match your adjusted
URL (without the “test” suffix), becausethat is the link that will be sent to your customers.testYet another (undocumented) option: ngrok: https://ngrok.com/product/secure-tunnels
The URL path in any case must translate/point to: https://{master_bind_ip}:7743/api/v1/crypto-wallets
Testing
Append “/test” to the end of the exposed URL. Navigate to the URL using a web browser.
...