How To - Exposing electrs and bitcoind over LAN in StartOS 0.3

Not sure what’s happening then. Looking at your output, you are still not in the chrooted environment.

Make sure to get this working first:

sudo -i
/usr/lib/startos/scripts/chroot-and-upgrade

It shows some “Syncing…” progress now

apt

Last command should show regular apt help output. If you still get the warning message, then it looks like you have a non-standard installation or something, and I don’t know anymore :slight_smile:

This command didn’t work:

sudo -i
/usr/lib/startos/scripts/chroot-and-upgrade

However if I split it in two and executed one by one:
sudo -i
and
/usr/lib/startos/scripts/chroot-and-upgrade

it works!

1 Like

Great! I updated the instructions to make this a bit clearer.

1 Like

This is awesome, thanks!

Might I suggest ,su=nobody (or some other unprivileged user) on your socat tcp-ls

Good suggestion! updated.

where is the list of services names and their ports?

Each service will list its interfaces under Services > The Service > Interfaces (and possibly under Properties).

I assume this be done for any/all other services?

This particular socat method will only work for non http(s) services.

I’m considering doing this for vaultwarden so I can port forward my router to my start9 box for non-tor access to vaultwarden on to go.

Unfortunately it’s not that simple for web services – you would need at the very least the host header that specifies the .local name of each service, necessitating a reverse proxy that can modify/add http headers, at least as things stand currently, for each service interface you want to forward that uses http(s).

Starting in StartOS v0.3.6, services are moving to IP:port to facilitate port forwarding. Currently there’s no release date yet, but it’s in development. So luckily we won’t even need this socat service much longer.

ah ok, makes sense. Thanks for the response. I set it up for electrs per your instructions and it worked beautifully. thanks!

Hi team, I’m looking for some clarity about the docker commands that are referenced in this script. Given StartOS migrated to podman as of v0.3.5, how is it that the docker commands would still support the desired behavior here?

We have a user reporting that when they attempted replacing the commands

Wants=docker.service
After=docker.service

with

Wants=podman.service
After=podman.service

Socat freezes up and is sporadic at best. Waiting to learn more about if the user attempts to use the original docker commands as laid out in @remcoros’ first post, but documenting the above for visibility/discussion. Thanks!

Hi everyone, just following up to confirm that we had a couple of team members test out & validate the original script with the docker commands rather than the podman ones.

For further context/discussion: Core Lightning with Tor AND IPv4 clearnet

I was the user. Confirm, it works with docker.service too. Seems my issue was just that it took a long time to initialize electrs

Hi guys, is there any news if and when this feature for Electrs will be implemented?

It will be an OS feature, made easier with v036, and built into the UI in v040. You can do this already using the method listed by @remcoros

We have no time estimate currently.

Thanks for posting this - ive been playing around in the ssh terminal trying to figure out how to do this for a different service.

1 Like

Thanks for this! It worked like a champ!

Would this change need to be undone/removed upon an official Start9 update that enables LAN Electrs/Bitcoin Core connections?

Probably, but it’s easy to turn off. I’m sure @remcoros will explain when the time comes.

1 Like

All changes done like this (using the ‘chroot-and-upgrade’ method) will be LOST on a system rebuild and on a StartOS update.

That’s the beauty of StartOS, a system rebuild or StartOS update will bring the ‘core operating system files’ in a clean state as if it was just installed.

So: after a system rebuild, re-install or StartOS update you have to apply this again. (or not, when 0.3.6/0.4 have this functionality)

2 Likes

So There is essentially no easy way to enable electrs Port 50002 (SSL) or am I misreading this post? (at least not using this method)
There must be a way as MyNode uses the same electrs implementation and it has 50002 enabled on the local LAN by default. Also, just saw that StartOS v0.3.6 just had a placeholder added in the repo labeled 0.3.6 alpha a couple of weeks ago… perhaps the wait is not so long now but then again there is no guarantee it would be implemented in that release anyway.

electrs does not provide SSL support out of the box. See this: electrs/doc/config.md at master · romanz/electrs · GitHub

What other node providers like Umbrel probably do, is providing a reverse proxy (like nginx) with a certificate already setup like described in that documentation. StartOS does not do this (yet).

In my homelab, I have setup nginx reverse proxy manager with a free LetsEncrypt certificate and proxy it to StartOS using the example configuration provided by electrs.

thanks for this @remcoros - been looking into enabling LAN access for bitcoind via cli and came across this. big help!

there was one change i had to make since i have both wired and wireless to your units (in case anyone else comes across this and has errors starting the service):
In the heredoc, i modified:

ExecStartPre=/bin/bash -c "/bin/systemctl set-environment IP=$(ip route | grep default | awk '{print $9}')"

to:

ExecStartPre=/bin/bash -c "/bin/systemctl set-environment IP=$(ip route | grep default | awk '{print $9}' | head -1)"

to only bind to the first IP (since i have 2 listed). great work though, thanks!

2 Likes

i suppose you could also just yolo 0.0.0.0 if you’re a maniac

2 Likes