LTO Network
  • Getting started
  • What is LTO Network?
  • Tutorials
    • Buying and staking LTO
      • Exchanges
        • Binance
        • AscendEX (Bitmax)
        • Uniswap
        • PancakeSwap
        • Other exchanges
      • Creating your LTO web wallet
      • Using the LTO token bridge
      • Staking LTO tokens
    • Mining
      • Setup your node wallets
      • Node management
      • Public community nodes
    • Anchoring
      • Hashing
    • LetsFlow
  • Wallets
    • LTO Web Wallet
      • Using Ledger
    • Universal Wallet
    • LTO CLI
    • Third-Party Wallets
      • Stakely.io wallet
        • Web wallet
        • Commandline
    • ERC20 Token Swap
  • Running a node
    • Public node
      • Installation Guide
        • Mainnet & Testnet
        • Requirements
        • Configuration
        • (Virtual) Machine
        • Nginx reverse proxy (optional)
        • Troubleshooting FAQ
      • Cloud installation
        • Alibaba Cloud
        • AWS Elastic Beanstalk
        • Google Cloud
        • IBM Cloud
        • Microsoft Azure
        • OKD (OpenShift)
        • Raspberry Pi (Expert)
        • Ubuntu Linux with Container
        • Windows with Container
      • REST API
        • Address
        • Wallet
        • Lease Transactions
        • Peers
        • Blocks
        • Utils
        • FAQ
      • Security Notes
      • FAQ
      • Exchange integration guide
    • Anchor node
      • Installation Guide
        • Linux
        • MacOS
        • Windows
      • REST API
    • Identity node
      • Installation guide
        • Linux
        • MacOs
        • Windows
      • Configuration
        • Trust network
      • REST API
    • Workflow node
      • Installation Guide
        • MacOS
        • Windows
        • Ubuntu Linux
      • REST API
  • Ownables
    • What are Ownables?
    • Making your first ownable
    • Ownables SDK
      • Prerequisites
      • Setup
    • Ownables Architecture
      • Smart Contract
      • Widget
    • Ownables Bridge
  • Libraries
    • JavaScript
      • Accounts
      • Transactions
      • Event chain
      • Messages
      • Identities
      • HTTP Authentication
    • Python
      • Accounts
      • Public layer
    • PHP
      • Accounts
      • Identities
      • Public layer
      • Private layer
      • HTTP Authentication
      • Commandline scripts
    • Java
  • Protocol
    • Cryptography
    • Accounts
      • ED25519
      • secp256k1
      • secp256r1
    • Identities
      • Decentralized identifiers (DID)
      • Trust network
      • Verifiable credentials
    • Public layer
      • Transactions
        • Transfer
        • Lease
        • Cancel Lease
        • Mass Transfer
        • Set Script
        • Data
        • Anchor
        • Association
        • Revoke Association
        • Sponsorship
        • Cancel Sponsorship
        • Register
        • Burn
        • Mapped Anchor
        • Statement
      • Transaction fees
      • Consensus protocol
      • Activation Protocol
      • Data Structures
    • Private layer
      • Event chain
        • Event
      • Messaging
        • Sending messages
Powered by GitBook
On this page
  • Step 1: Setup our Nginx reverse proxy
  • Step 2: Adding HTTPS support to the reverse proxy
  • Optional: Setting a login and password for your node web interface
  1. Running a node
  2. Public node
  3. Installation Guide

Nginx reverse proxy (optional)

This page shows the steps required to setup an Nginx reverse proxy to securely access your node's API remotely.

Previous(Virtual) MachineNextTroubleshooting FAQ

Last updated 5 years ago

LTO Network nodes have a cool web interface where you can check info about your node, network and even sign and send transactions. It also serves as a REST API with its own Swagger documentation.

Once you have your LTO Node configured and running, you should be able to access the web interface with the following url:

Without a graphical interface, e.g in a VPS, doing a curl serves to check if your node has the web interface enabled. If it is not, the response is a connection refused error.

If your web interface is not working, the reason is that the following lines are missing from your Docker config file. Add them to enable the API:

- LTO_ENABLE_REST_API=true
- LTO_API_KEY=<somestrongpassword>

The second line is optional and intended to be used solely for executing privileged actions from the web interface.

Do not forget to rebuild the image when the config file is changed

$ docker-compose down 
$ docker-compose up

At this point you might be wondering: How do I access this web interface from outside the network?

That is the exact purpose of this tutorial. The following paragraph shows how to configure Nginx as a reverse proxy to access the LTO node web interface from the internet securely without opening any port.

Step 1: Setup our Nginx reverse proxy

First of all Nginx must be installed

$ sudo apt update
$ sudo apt install nginx

If everything is installed correctly, you should see that Nginx service is active with this command

$ systemctl status nginx

Also, if you paste your public IP in any browser, the Nginx default page should appear.

Now w move to create our reverse proxy.

We need to edit a file located in /etc/nginx/sites-available/default, delete everything and paste the following text:

server {
    listen 80 ;
    location / {
        proxy_pass http://localhost:6869;
    }
}

Finally, restart Nginx to apply changes

$ sudo systemctl restart nginx

At this moment, the reverse proxy should be working. Paste the public IP of your node machine in any browser and should be visible and working.

It is strongly recommended to use secure connections using a SSL/TLS certificate when managing API keys. Continue reading to improve the security.

Step 2: Adding HTTPS support to the reverse proxy

In order to do this, we need to have a registered domain name pointing to the public node IP. There are many places where you can get really cheap domains, even free. SSL certificates prohibits to be assigned directly to IP addresses, so having a domain name is a requisite here.

We will use the well known certificate generator Certbot. To install it:

$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx

Before executing Certbot, we must set our domain name into Nginx. At the second line in /etc/nginx/sites-available/default, insert:

server_name yourdomainforlto.com;

Then restart Nginx to apply changes

$ sudo systemctl restart nginx

Launch Certbot and follow the process that is short and straightforward. It will ask your email to be notified for renewals and alerts. Select the option to redirect to HTTPS if you want to use only HTTPS (recommended).

$ sudo certbot --nginx -d yourdomainforlto.com

In some cases, Certbot will throw a firewall error if your system has ufw firewall enabled. In order to solve this, allow Nginx with the following command

$ sudo ufw allow 'Nginx Full'
$ sudo ufw delete allow 'Nginx HTTP'

At this point, Certbot has generated a Let’s Encrypt SSL certificate for your site and also configured your Nginx secure reverse proxy. Now you should be able to enter your node web interface from your custom domain name securely through HTTPS, congratulations!

Optional: Setting a login and password for your node web interface

This is an extra security measure, setting a login and password for your site will allow you to give access only to the people with this information. It doesn’t matters if you have configured a SSL certificate or not, it will work anyway. In order to do this, enter the following commands. LTOuser is an example username. It will ask you for the password to set.

$ sudo sh -c "echo -n 'LTOuser:' >> /etc/nginx/.htpasswd"
$ sudo sh -c "openssl passwd -apr1 >> /etc/nginx/.htpasswd"

Finally, edit again the file /etc/nginx/sites-available/defaultand add the following lines under the proxy_pass line for example

auth_basic "LTOuser";
auth_basic_user_file /etc/nginx/.htpasswd;

Don’t forget to restart Nginx to apply changes

$ sudo systemctl restart nginx

At this moment, when someone tries to enter into your node web interface, the browser will prompt a message to enter the authentication data.

There is a more complete tutorial about Nginx, Certbot and Ufw .

here
http://localhost:6869
http://localhost:6869