BitGo Express via Docker
- Charles Wernicke
This guide is designed to guide your through the installation of BitGo Express node, to enable CAS to use your BitGo wallet (on the BitGo website) after you’ve created your BitGo account (on their website).
BitGo Express is designed and written by BitGo for their BitGo website wallet.
IMPORTANT: you will be exposing your BitGo wallet's private keys on this server. This may be a substantial security risk. Without airtight protection, your funds might be exposed. Securing your server is of paramount importance. If you proceed, you are doing so at your own risk.
BitGo holds and secures your cryptocurrency keys.
BitGo Wallet is a hot wallet option in the Crypto Application Server (CAS).
BitGo Express is used to interface with BitGo. CAS does not interact with BitGo directly.
This article presumes you have a bare installation of Ubuntu 20.04 LTS running on a VPS with a publicly exposed IP.
We recommend you deploy a separate VPS server (from CAS).
These instructions are illustrated using a non-root account. “root” installation & usage will be different and is not recommended.
We recommend Digital Ocean as your VPS provider: Create a VPS on Digital Ocean
1. Install Docker.
Install the Ubuntu dependencies:
sudo apt update && sudo apt dist-upgrade
sudo apt-get install ca-certificates curl gnupg lsb-releaseInstall the product signatures to verify file integrity:
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get updateInstall the latest stable version of Docker:
sudo apt-get install docker-ce docker-ce-cli containerd.ioAssuming the installation went as planned, this next command should succeed:
Success looks like this:
2. Setup a secure tunnel for encrypted communication.
Your CAS server and this node must have a secure line. Your passphrase and other sensitive information will be passed back & forth. Encrypt (and protect) this communication by using a secure SSH tunnel.
The GB Wallet Tunnel is recommended.
General Bytes has incorporated an open-source SSH client into CAS.
Click here for instructions to install the GB Wallet Tunnel Server on this node.
3. Install & run Bitgo Express.
Navigate to your home directory (~). The home directory is the default login directory.
Run BitGo Express:
This is an example of a successful start:
4. Test it.
Verify that your node is working properly by sending a command via another terminal window.
Open a new Terminal window/tab.
Login on the second window via SSH to the Bitgo Express node.
Type the following:
You should see something similar to this reply:
On the first window, you’ll see confirmation that the second window said “hello”:
Great, everything seems to be working with that! You can close the second window, we’re done there.
5. Ensure continuity.
BitGo Express MUST be running at all times to be available as a Hot Wallet for CAS. If the program terminates for any reason, the Hot Wallet will fail to function. If the server goes down, so does your Hot Wallet. You need the server up & Bitgo Express operating constantly for proper operation.
The best way to ensure that Bitgo Express is always running is to implement Docker’s detached mode:
This is an example of BitGo Express successfully started in the background (detached mode):
the reply indicates that Bitgo Express was successfully started, and assigned an identifier. That number will vary every time - and it’s not very important unless you wish to stop the program. Normally you won’t stop the program.
To stop Bitgo Express, simply re-attach the container (use the first 12 characters of the identifier):
you can now close Bitgo Express by pressing Ctrl-C, or
watch incoming test messages from CAS (or another window, as described above).
6. Firewall the node.
The node only needs to expose ports 22 (SSH) and 22222 (GB Wallet Tunnel).
Block off all other access to avoid having malicious actors abuse/attack your node.
UFW, or Uncomplicated FireWall, is a simplified firewall management interface. UFW is included (by default) with Ubuntu.
Check to see if UFW is already enabled and running:
If UFW is enabled and working, it will report the active rules of allowed connections to your server - otherwise you'll see something like this:
Fresh/new systems will normally be inactive (unprotected).
If it is not installed, install it now using:
sudo apt update && sudo apt install ufwIf UFW is active, then this procedure will erase that previous configuration and rewrite the rules.
Reset & deny all incoming connections by default:
This will erase any/all previous UFW configuration.
Deny all public access to all ports:
Now we’re left to specify the exceptions (the “rules”).
Allow incoming TCP connections on ports 22 and 22222:
Finally, enable & reload UFW to apply the new rules:
7. Create a new Crypto Setting for use with this node.
More Hot Wallet & Exchange guides:
| Title | Creator | Modified |
|---|---|---|
| Create a VPS on Digital Ocean | Charles Wernicke | Oct 01, 2024 |
| Lightning on Bitcoin Core (lnd) | Charles Wernicke | Sep 20, 2024 |
| BitGo Express via Docker | Charles Wernicke | Sep 18, 2024 |
| GB Wallet Tunnel Server | Charles Wernicke | Sep 18, 2024 |
| Bitcoin Core (BTC) Node for CAS | Charles Wernicke | Aug 14, 2024 |
| Geth Ethereum Node for CAS | Charles Wernicke | Jun 24, 2024 |
| Node Tutorial (Generic) | Charles Wernicke | Jun 24, 2024 |
| DOGE Node for CAS | Charles Wernicke | Jun 24, 2024 |
| Cardano Node Installation | Charles Wernicke | Jun 24, 2024 |
| Bitcoin Cash (BCH) Node for CAS | Charles Wernicke | Jun 12, 2023 |
| Monerod (XMR) Node for CAS | Charles Wernicke | Mar 21, 2023 |
| DASH Core Node for CAS | Charles Wernicke | Jun 11, 2021 |
Copyright © 2020-2024 General Bytes USA LLC