|
|
|
@ -27,6 +27,36 @@ Then, to tunnel a SSL connection on 28332 to a RPC server bound on localhost on |
|
|
|
|
|
|
|
|
|
|
|
It can also be set up system-wide in inetd style. |
|
|
|
It can also be set up system-wide in inetd style. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Another way to re-attain SSL would be to setup a httpd reverse proxy. This solution |
|
|
|
|
|
|
|
would allow the use of different authentication, loadbalancing, on-thy-fly compressing and |
|
|
|
|
|
|
|
caching. A sample config for apache2 could look like: |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Listen 443 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
NameVirtualHost *:443 |
|
|
|
|
|
|
|
<VirtualHost *:443> |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
SSLEngine On |
|
|
|
|
|
|
|
SSLCertificateFile /etc/apache2/ssl/server.crt |
|
|
|
|
|
|
|
SSLCertificateKeyFile /etc/apache2/ssl/server.key |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<Location /bitcoinrpc> |
|
|
|
|
|
|
|
ProxyPass http://127.0.0.1:8332/ |
|
|
|
|
|
|
|
ProxyPassReverse http://127.0.0.1:8332/ |
|
|
|
|
|
|
|
# optional enable digest auth |
|
|
|
|
|
|
|
# AuthType Digest |
|
|
|
|
|
|
|
# ... |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# optional bypass bitcoind rpc basic auth |
|
|
|
|
|
|
|
# RequestHeader set Authorization "Basic <hash>" |
|
|
|
|
|
|
|
# get the <hash> from the shell with: base64 <<< bitcoinrpc:<password> |
|
|
|
|
|
|
|
</Location> |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Or, balance the load: |
|
|
|
|
|
|
|
# ProxyPass / balancer://balancer_cluster_name |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</VirtualHost> |
|
|
|
|
|
|
|
|
|
|
|
Random-cookie RPC authentication |
|
|
|
Random-cookie RPC authentication |
|
|
|
--------------------------------- |
|
|
|
--------------------------------- |
|
|
|
|
|
|
|
|
|
|
|
|
Jonas Schnelli
9 years ago