Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 21 Next »

This guide is designed to guide you through the installation of a BitGo Express node using Docker.

  • It is a requirement when using CAS to access your BitGo wallets (on the BitGo website).

  • BitGo Express is designed and written by BitGo for their BitGo website wallets.

IMPORTANT: you will be exposing your BitGo wallets' private keys on this server. This may be a substantial security risk. Without airtight protection, your funds might be exposed. Securing your server is of paramount importance. If you proceed, you are doing so at your own risk.

Bitgo recommends configuring SSL for Bitgo Express. CAS converses within an SSH tunnel, which is far more secure than SSL - and renders SSL irrelevant in the context used by CAS.

  • Configuring SSL on this Bitgo Express node serves no purpose, and may actually “break” it.

BitGo: holds and secures your cryptocurrency keys.

BitGo Wallet: the hot wallet option in the Crypto Application Server (CAS).

BitGo Express: a Bitgo application, the API front end to interact with BitGo from CAS.

  • CAS does not directly interact with BitGo. 

  • CAS only “talks” to Bitgo Express via the API, which then interacts with Bitgo.


This article presumes you have a bare installation of Ubuntu 24.04 LTS running on a VPS with a publicly exposed IP.

  • We recommend that you deploy a separate (from CAS) VPS server for this node.

  • These instructions are illustrated using a non-root superuser account.

    • “root” installation is discouraged (but possible).

  • We recommend Digital Ocean as your VPS provider: Create a VPS on Digital Ocean

1. Install Docker.

Install the Ubuntu dependencies:

sudo apt update && sudo apt dist-upgrade
sudo apt-get install ca-certificates curl gnupg lsb-release

Install the product signatures to verify file integrity:

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo   "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update

Install the latest stable version of Docker:

sudo apt-get install docker-ce docker-ce-cli containerd.io

Assuming Docker installation went as planned, this next command should succeed:

sudo docker run hello-world

Success looks like this:


2. Setup a secure tunnel for encrypted communication.

Your CAS server and this node must have a secure channel. Your passphrase (and other sensitive information) will be passed back & forth. Encrypt (and protect) communication by using a secure SSH tunnel (SSH).

The GB Wallet Tunnel is recommended.

General Bytes has incorporated an open-source SSH client into CAS.

Click here for instructions to install the GB Wallet Tunnel Server on this node.

Alternative (unsupported):

Build an SSH tunnel (instead of the GB Wallet Tunnel), see: https://generalbytes.atlassian.net/l/cp/b7j5AVHA

  • For those instructions, set FORWARDED_PORT=3080

  • The Crypto Setting host parameter will then need to be “http://localhost”.


3. Install & run Bitgo Express.

Navigate to your home directory. The home directory is the default login directory.

Reference: https://developers.bitgo.com/guides/get-started/express/install

cd $HOME

Install the latest version of Bitgo Express locally:

sudo docker pull bitgo/express:latest

Run BitGo Express:

sudo docker run -it -p 3080:3080 bitgo/express:latest -e prod --disablessl

This is an example of a successful start:

image-20241021-131712.png
  • To stop it (interrupt it), merely press Ctrl+C at this point. Do not do that yet - you still need to test it.


4. Test it.

Verify that your node is working properly by sending a command via another terminal window.

  1. Open a new/second Terminal window/tab.

  2. Login on on that second window (via SSH) to the same Bitgo Express node.

  3. Type the following:

curl localhost:3080/api/v2/ping

You should see something similar to this reply:

  • On the first (original) window, you’ll see confirmation that the second window said “hello”:

image-20241021-204132.png
  • This indicates that the server is running as expected, and is listening for commands.

  • You’ll also see messages from CAS as you test the Hot Wallet settings.

    • This is a great method to help diagnose any problems with CAS settings.

  • You may safely close the second window (the test window) at this point.


If anything seems to be amiss, try starting the container with the debug flag “ -D bitgo:express”:

sudo docker run -it -p 3080:3080 bitgo/express:latest -e prod --disablessl -D bitgo:express
  • the conversation will become slightly more verbose, perhaps more useful.


5. Ensure continuity.

BitGo Express MUST be running at all times to be available as a Hot Wallet for CAS. If the program terminates for any reason, the Hot Wallet will cease to function. If the server goes down, so does your Hot Wallet. You need the server up & Bitgo Express operating continuously for proper operation.

The best way to ensure that Bitgo Express is always running is to implement Docker’s detached mode:

sudo docker run -p 3080:3080 -d bitgo/express:latest -p 3080 -e prod --disablessl
  • This command is only slightly different from that in Step 3; it includes the “-d” detached mode flag.

This is an example of BitGo Express successfully started in the background (detached mode):

image-20241021-204415.png
  • the cryptic reply indicates that Bitgo Express was successfully started, and assigned an identifier. That ID will vary every time - and it’s not very important unless you wish to stop the program. Normally you will only stop the program during maintenance or troubleshooting.

  • To stop Bitgo Express, simply re-attach the container (use the first 12 characters of the identifier):

sudo docker attach a2be980a8ef9
  • you can now close Bitgo Express by pressing Ctrl-C, or

  • watch incoming test messages from CAS (or from CURL in another window, as described above).

  • If you don’t know the container ID, use this command to list all Docker containers: sudo docker ps


6. Firewall the node.

The node only needs to expose ports 22 (SSH) and 22222 (GB Wallet Tunnel).

  • Block off all other access to avoid having malicious actors abuse/attack your node.

UFW, or Uncomplicated FireWall, is a simplified firewall management interface. UFW is included (by default) with Ubuntu.

Check to see if UFW is already enabled and running:

sudo ufw status

If UFW is enabled and working, it will report the active rules of allowed connections to your server - otherwise you'll see something like this:

  • Fresh/new systems will normally be inactive (unprotected).

  • If it is not installed, install it now using: sudo apt update && sudo apt install ufw

  • If UFW is active, then this procedure will erase that previous configuration and rewrite the rules.

Reset & deny all incoming connections by default:

sudo ufw reset
  • This will erase any/all previous UFW configuration.

Deny all public access to all ports:

sudo ufw default deny incoming
  • Now we’re left to specify the exceptions (the “rules”).

Allow incoming TCP connections on ports 22 and 22222:

sudo ufw allow 22/tcp
sudo ufw allow 22222/tcp

Finally, enable & reload UFW to apply the new rules:

sudo ufw enable
sudo ufw reload

If your system complied with your commands, your node should now be protected by UFW.


7. Create a new Crypto Setting for use with this node.

  • The “node” is now done, and you can create a new Crypto Setting to access your Bitgo wallets.

  • The Crypto Setting will require 2 pieces of information from the procedure you performed in this article.

    • The “host” is typically “http://” + the IP address of this node (e.g. http://123.231.123.231), and

    • the port is “3080” (unless you changed it).

  • See: BitGo Express Parameters


Additional references:

https://developers.bitgo.com/guides/get-started/express/install

https://hub.docker.com/r/bitgo/express/tags


More Hot Wallet & Exchange guides:

TitleCreatorModified
BitGo Express via DockerCharles WernickeOct 24, 2024
Create a VPS on Digital OceanCharles WernickeOct 24, 2024
GB Wallet Tunnel ServerCharles WernickeOct 17, 2024
Lightning on Bitcoin Core (lnd)Charles WernickeSep 20, 2024
Bitcoin Core (BTC) Node for CASCharles WernickeAug 14, 2024
Geth Ethereum Node for CASCharles WernickeJun 24, 2024
Node Tutorial (Generic)Charles WernickeJun 24, 2024
DOGE Node for CASCharles WernickeJun 24, 2024
Cardano Node InstallationCharles WernickeJun 24, 2024
Bitcoin Cash (BCH) Node for CASCharles WernickeJun 12, 2023
Monerod (XMR) Node for CASCharles WernickeMar 21, 2023
DASH Core Node for CASCharles WernickeJun 11, 2021

  • No labels