I just checked, it seems in the last 0.3 update, the location of the script changed.
Execute “/usr/lib/startos/scripts/chroot-and-upgrade” first. I updated the instructions in the first post.
Thanks.
I did this:
**start9@xxx-yyy**:**~**$ sudo -i
/usr/lib/startos/scripts/chroot-and-upgrade
root@xxx-yyy:~# apt install socat -y
cat > /lib/systemd/system/socat.electrs.service <<'EOL'
[Unit]
Description=socat electrs forward
Wants=docker.service
After=docker.service
[Service]
Type=simple
Restart=always
RestartSec=3
ExecStartPre=/bin/bash -c "/bin/systemctl set-environment IP=$(ip route | grep default | awk '{print $9}')"
ExecStart=/usr/bin/socat -dd tcp-l:50001,fork,reuseaddr,bind=${IP} tcp:electrs.embassy:50001
[Install]
WantedBy=multi-user.target
EOL
cat > /lib/systemd/system/socat.bitcoind.service <<'EOL'
[Unit]
Description=socat bitcoind rpc forward
Wants=docker.service
After=docker.service
[Service]
Type=simple
Restart=always
RestartSec=3
ExecStartPre=/bin/bash -c "/bin/systemctl set-environment IP=$(ip route | grep default | awk '{print $9}')"
ExecStart=/usr/bin/socat -dd tcp-l:8332,fork,reuseaddr,bind=${IP} tcp:bitcoind.embassy:8332
[Install]
WantedBy=multi-user.target
EOL
systemctl enable socat.bitcoind
systemctl enable socat.electrs
THIS IS NOT A STANDARD DEBIAN SYSTEM
USING apt COULD CAUSE IRREPARABLE DAMAGE TO YOUR START9 SERVER
PLEASE TURN BACK NOW!!!
If you are SURE you know what you are doing, and are willing to accept the DIRE CONSEQUENCES of doing so, you can run the following command to disable this protection:
sudo rm /usr/local/bin/apt
Otherwise, what you probably want to do is run:
sudo /usr/lib/startos/scripts/chroot-and-upgrade
You can run apt in this context to add packages to your system.
When you are done with your changes, type "exit" and the device will reboot into a system with the changes applied.
This is still NOT RECOMMENDED if you don't know what you are doing, but at least isn't guaranteed to break things.
Created symlink /etc/systemd/system/multi-user.target.wants/socat.bitcoind.service → /lib/systemd/system/socat.bitcoind.service.
Created symlink /etc/systemd/system/multi-user.target.wants/socat.electrs.service → /lib/systemd/system/socat.electrs.service.
root@xxx-yyy:~# exit
logout
Must be run as root
After that rebooted manually and still cannot connect to the server locally.
Not sure what’s happening then. Looking at your output, you are still not in the chrooted environment.
Make sure to get this working first:
sudo -i
/usr/lib/startos/scripts/chroot-and-upgrade
It shows some “Syncing…” progress now
apt
Last command should show regular apt help output. If you still get the warning message, then it looks like you have a non-standard installation or something, and I don’t know anymore 
This command didn’t work:
sudo -i
/usr/lib/startos/scripts/chroot-and-upgrade
However if I split it in two and executed one by one:
sudo -i
and
/usr/lib/startos/scripts/chroot-and-upgrade
it works!
1 Like
Great! I updated the instructions to make this a bit clearer.
1 Like
This is awesome, thanks!
Might I suggest ,su=nobody (or some other unprivileged user) on your socat tcp-ls
Good suggestion! updated.
where is the list of services names and their ports?
Each service will list its interfaces under Services > The Service > Interfaces (and possibly under Properties).
I assume this be done for any/all other services?
This particular socat method will only work for non http(s) services.
I’m considering doing this for vaultwarden so I can port forward my router to my start9 box for non-tor access to vaultwarden on to go.
Unfortunately it’s not that simple for web services – you would need at the very least the host header that specifies the .local name of each service, necessitating a reverse proxy that can modify/add http headers, at least as things stand currently, for each service interface you want to forward that uses http(s).
Starting in StartOS v0.3.6, services are moving to IP:port to facilitate port forwarding. Currently there’s no release date yet, but it’s in development. So luckily we won’t even need this socat service much longer.
ah ok, makes sense. Thanks for the response. I set it up for electrs per your instructions and it worked beautifully. thanks!
Hi team, I’m looking for some clarity about the docker commands that are referenced in this script. Given StartOS migrated to podman as of v0.3.5, how is it that the docker commands would still support the desired behavior here?
We have a user reporting that when they attempted replacing the commands
Wants=docker.service
After=docker.service
with
Wants=podman.service
After=podman.service
Socat freezes up and is sporadic at best. Waiting to learn more about if the user attempts to use the original docker commands as laid out in @remcoros’ first post, but documenting the above for visibility/discussion. Thanks!
Hi everyone, just following up to confirm that we had a couple of team members test out & validate the original script with the docker commands rather than the podman ones.
For further context/discussion: Core Lightning with Tor AND IPv4 clearnet
I was the user. Confirm, it works with docker.service too. Seems my issue was just that it took a long time to initialize electrs
Hi guys, is there any news if and when this feature for Electrs will be implemented?
It will be an OS feature, made easier with v036, and built into the UI in v040. You can do this already using the method listed by @remcoros
We have no time estimate currently.
Thanks for posting this - ive been playing around in the ssh terminal trying to figure out how to do this for a different service.
1 Like
Thanks for this! It worked like a champ!
Would this change need to be undone/removed upon an official Start9 update that enables LAN Electrs/Bitcoin Core connections?
All changes done like this (using the ‘chroot-and-upgrade’ method) will be LOST on a system rebuild and on a StartOS update.
That’s the beauty of StartOS, a system rebuild or StartOS update will bring the ‘core operating system files’ in a clean state as if it was just installed.
So: after a system rebuild, re-install or StartOS update you have to apply this again. (or not, when 0.3.6/0.4 have this functionality)
2 Likes
So There is essentially no easy way to enable electrs Port 50002 (SSL) or am I misreading this post? (at least not using this method)
There must be a way as MyNode uses the same electrs implementation and it has 50002 enabled on the local LAN by default. Also, just saw that StartOS v0.3.6 just had a placeholder added in the repo labeled 0.3.6 alpha a couple of weeks ago… perhaps the wait is not so long now but then again there is no guarantee it would be implemented in that release anyway.
electrs does not provide SSL support out of the box. See this: electrs/doc/config.md at master · romanz/electrs · GitHub
What other node providers like Umbrel probably do, is providing a reverse proxy (like nginx) with a certificate already setup like described in that documentation. StartOS does not do this (yet).
In my homelab, I have setup nginx reverse proxy manager with a free LetsEncrypt certificate and proxy it to StartOS using the example configuration provided by electrs.