Missing ssl config parameters in `electrum_server_subdomain.sh`?

Open steepdawn974 opened this issue 1 year ago • 0 comments

I could not get https://github.com/openoms/bitcoin-tutorials/blob/master/nginx/electrum_server_subdomain.sh to work, connecting to Fulcrum on my raspiblitz via zerotier.

nginx did start successfully, but connecting from Sparrow to $REDIRECT timed out. /var/log/nginx/error.log on the frontend VPS showed access errors (didnt capture the exact logs unfortunately)

My proposed fix

        # Add these lines for upstream SSL connection
        proxy_ssl on;                # Enable SSL for upstream connection
        proxy_ssl_verify off;        # Skip upstream certificate verification
        proxy_ssl_server_name on;    # Enable SNI

i.e.

stream {
    upstream electrum {
        server $REDIRECT;
    }
    
    server {
        listen 50002 ssl;
        proxy_pass electrum;
        ssl_certificate /etc/letsencrypt/live/$SUBDOMAIN/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/$SUBDOMAIN/privkey.pem;
        ssl_session_cache shared:SSL-electrum:1m;
        ssl_session_timeout 4h;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers on;

        # Add these lines for upstream SSL connection
        proxy_ssl on;                # Enable SSL for upstream connection
        proxy_ssl_verify off;        # Skip upstream certificate verification
        proxy_ssl_server_name on;    # Enable SNI
    }
}

Also, I believe there is a typo in L72: https://github.com/openoms/bitcoin-tutorials/blob/4115c60bb1930988d06e3a22965f23069d987cc6/nginx/electrum_server_subdomain.sh#L72

should be:

listen 50002 ssl;

right?

my setup (for reference)

VPS (frontend)

Debian12
nginx/1.22.1
zerotier

Raspiblitz (backend)

Debian12
Raspiblitz 1.11.3
Fulcrum
- fulcrum.conf tcp = 0.0.0.0:50021
- with ssl on 50022 handled in nginx
zerotier

Jan 01 '25 19:01 steepdawn974