Enabling SSL port 50002 in electrs (TOR)

Hi … I love StartOS… I came from the MyNode world where I was used to running electrs over port 50002 that enables SSL over Lan and TOR to preclude man in the middle attacks from your local network and gives greater privacy on local LAN. Are there any plans to add this (it’s pretty common). Also on the topic of electrs… is it possible to setup a more modern Fulcrum GitHub - cculianu/Fulcrum: A fast & nimble SPV Server for BCH, BTC, and LTC instead on the more powerful 2024 Model One? I don’t see it anywhere… the current romanz electrs is not bad (most node setups use it for low end devices) but some address lookups timeout occasionally.

For those that want to readup on the performance of several electrum based server implementations Sparrow has a good writeup here Server Performance - Sparrow Wallet

The current Electrs networking capacities/exposed interfaces are currently limited to what they are, but this will eventually change as we move into StartOS v036 and v040.

You can rig something up yourself until then by using this guide: [DIY] Exposing electrs and bitcoind over LAN in StartOS 0.3

For Fulcrum, yes, but we’re waiting for them to fix a bug and release the fix in v2.0. Currently if the initial DB build is interrupted the entire DB gets corrupted. So until they fix that bug, it’s a nonstarter for us.

2 Likes

Ok thanks for the reply. Don’t really care about LAN as mucb as using port 50002 (tls) I don’t see anythong on that in that link

If you’re able to provide access to Electrs over LAN, you should then be able to port forward and expose over the internet, no? (Unless I’m completely misunderstanding what you’re asking for)

To do TLS you need a certificate that is trusted. I already trust my local cert for my startOS server so if I add 50002 as a port and expose it TLS will just work?

UPDATE: (I do not recommend exposing non SSL services over the internet)… I was just talking about using it locally on my LAN for speed. The method used for exposing the local LAN wsocat method will only work for non http(s) services only which still exposes you on your local LAN to man in the middle just like non https TOR does, so other than for speed of connectivity locally there is little or no security benefit to doing this over LAN locally if you cannot enable SSL on port 50002 in any case.

FWIW, you can get a TLS cert from the non-profit Let’s Encrypt: https://letsencrypt.org/

@ chimerical Nah, you don’t need a Let’s Encrypt cert as StartOS already created a cert for us that has to be trusted anyway.

1 Like

See also my comment about electrs + SSL here: [DIY] Exposing electrs and bitcoind over LAN in StartOS 0.3 - #28 by remcoros

2 Likes