buzzkillb Posted November 8, 2020 Report Share Posted November 8, 2020 The idea is to run your block service node daemons from its own VLAN subnet, then setup each daemon including the service node and enterprise xrouter from Proxmox lxc containers. The main network PC's can talk to things in the BLOCK network, but the things in the BLOCK network can't talk to anything outside of the VLAN. UDM Controller is constantly changing, this will vary as they continue releasing firmware updates to fix things. Go to Settings -> Networks -> Add a New Network Name: Block VLAN ID: 100 domain name: block I let the UDM controller handle the rest, as I don't know where they did the DHCP subnet settings for this. Click Apply Changes when done. We now have a BLOCK VLAN to work with, and each hostname will be like denarius-container.block. Next we setup the firewall rules so our LAN network can see the BLOCK VLAN, but BLOCK VLAN can't see our LAN network. Settings -> Security -> Firewall -> LAN -> Create New Rule We want to allow everything so the first rule we create is Allow all Established/Related Traffic Then we want to block BLOCK to LAN With the rules setup we can now setup the Proxmox lxc containers. 1 Quote Link to comment Share on other sites More sharing options...
buzzkillb Posted November 8, 2020 Author Report Share Posted November 8, 2020 Basically on each container, setup an unpriveleged container, and at the network part change to VLAN tag: 100 This can be changed after creating the container, so no big deal. Find the IP address by going into shell and run ip a this will show something like 2: eth0@if127: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 5D:37:f3:4a:38:64 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 192.168.4.82/24 brd 192.168.4.255 scope global dynamic eth0 valid_lft 49675sec preferred_lft 49675sec inet6 fe80::5c36:f3ff:fe4a:3864/64 scope link valid_lft forever preferred_lft forever Where we see our Bitcoin local daemon will be at 192.168.4.82 This is what my bitcoin.conf looks like for block service node server=1 listen=1 rpcuser=bitcoinusername rpcpassword=bitcoinpassword rpcallowip=192.168.0.0/16 rpcbind=0.0.0.0 port=8333 rpcport=8332 txindex=1 # Legacy addresses must be used (address must begin with "1", not "3") addresstype=legacy changetype=legacy # Enable deprecated calls deprecatedrpc=signrawtransaction daemon=1 Create a block container for the main service node, and remember VLAN 100. This is what my blocknet.conf looks like server=1 listen=1 rpcuser=blocknetusername rpcpassword=blocknetpassword rpcallowip=192.168.0.0/16 port=41412 rpcbind=0.0.0.0 rpcport=41414 txindex=1 daemon=1 enableexchange=1 servicenode=1 rpcthreads=8 xrouter=1 On the block container ping the bitcoin container to make sure they can talk to each other. ping 192.168.4.82 Now setup xbridge.conf, a quick example xbridge.conf [Main] ExchangeWallets=BLOCK,BTC,LTC,DVT,D,DOGE,DASH,DGB,XZC,RVN,PHR,XVG,MONA,XSN FullLog=true LogPath= ExchangeTax=300 ShowAllOrders=false [BLOCK] Title=Blocknet Ip=192.168.4.102 Username=blocknetusername Password=blocknetpassword Port=41414 AddressPrefix=26 ScriptPrefix=28 SecretPrefix=154 COIN=100000000 MinimumAmount=0 TxVersion=1 DustAmount=0 CreateTxMethod=BTC GetNewKeySupported=true ImportWithNoScanSupported=true MinTxFee=10000 BlockTime=60 FeePerByte=20 Confirmations=0 Address= TxWithTimeField=false LockCoinsSupported=false JSONVersion= ContentType= CashAddrPrefix= [BTC] Title=Bitcoin Address= Ip=192.168.4.82 Port=8332 Username=bitcoinusername Password=bitcoinpassword AddressPrefix=0 ScriptPrefix=5 SecretPrefix=128 COIN=100000000 MinimumAmount=0 TxVersion=2 DustAmount=0 CreateTxMethod=BTC MinTxFee=12000 BlockTime=600 GetNewKeySupported=false ImportWithNoScanSupported=false FeePerByte=60 Confirmations=0 TxWithTimeField=false LockCoinsSupported=false JSONVersion= ContentType= CashAddrPrefix= I have a script called pingping.sh to reload the full xbridge xrouter setup. #!/bin/bash printf "reload xbridge\n" ./blocknet-cli dxLoadXBridgeConf printf "reload xrouter\n" ./blocknet-cli xrReloadConfigs printf "list tokens\n" ./blocknet-cli dxGetLocalTokens printf "XrStatus\n" ./blocknet-cli xrStatus printf "send service node ping\n" ./blocknet-cli servicenodesendping With that we can setup another container for xrproxy docker. With lxc container we can run nested to run docker. Create a container and at the end go to Options -> Features and checkmark Nesting Setup xrouter enterprise behind full cloudflare tls/ssl proxy like here Now edit your /xrproxy/uwsgi.ini to something like this ## SPV sample configuration file [uwsgi] processes = 8 threads = 2 # Place your Service Node private key here (this is not a wallet private key!) # Allows the XRouter Proxy to sign packets on your Service Node's behalf # DO NOT SHARE THIS KEY set-ph = SERVICENODE_PRIVKEY=YOURSUPERSECRETSERVICENODEPRIVKEY # mainnet or testnet set-ph = BLOCKNET_CHAIN=mainnet # Handle XRouter payments set-ph = HANDLE_PAYMENTS=true set-ph = HANDLE_PAYMENTS_RPC_HOSTIP=192.168.4.102 set-ph = HANDLE_PAYMENTS_RPC_PORT=41414 set-ph = HANDLE_PAYMENTS_RPC_USER=blocknetusername set-ph = HANDLE_PAYMENTS_RPC_PASS=blocknetpassword set-ph = HANDLE_PAYMENTS_RPC_VER=2.0 # Sample SPV RPC configuration set-ph = RPC_BLOCK_HOSTIP=192.168.4.102 set-ph = RPC_BLOCK_PORT=41414 set-ph = RPC_BLOCK_USER=blocknetusername set-ph = RPC_BLOCK_PASS=blocknetpassword set-ph = RPC_BLOCK_VER=2.0 set-ph = RPC_BLOCK_METHOD=getblockcount #Bitcoin set-ph = RPC_BTC_HOSTIP=192.168.4.82 set-ph = RPC_BTC_PORT=8332 set-ph = RPC_BTC_USER=bitcoinusername set-ph = RPC_BTC_PASS=bitcoinpassword set-ph = RPC_BTC_VER=2.0 set-ph = RPC_BTC_METHOD=getblockcount set-ph = RPC_BTC_METHOD=getblock set-ph = RPC_BTC_METHOD=getblocks Then port forward your enterprise xrouter port. Settings -> Advanced Features -> Advanced Gateway Settings -> Create New Port Forwarding. I used ports 443 and 80 since I am testing some stuff. I think you just need 443, but could be wrong. Its a bit of figuring stuff out to sync it all together with more than just Blocknet and Bitcoin daemons, but now your Proxmox block service node is running in its own VLAN, the daemons only talk to themselves, and I am taking a wild guess very hard to break out of this monstrosity. Also since docker container is the one touching the internet behind a cloudflare proxy, someone would first have to breakout of the docker container, then the vlan, which the firewall stops the vlan from talking to anything else on your network. Quote Link to comment Share on other sites More sharing options...
buzzkillb Posted November 8, 2020 Author Report Share Posted November 8, 2020 Current guide is for Ubiquiti UDM Beta firmware 1.8.2-10, Controller Version 6.0.3. 1 Quote Link to comment Share on other sites More sharing options...
buzzkillb Posted November 8, 2020 Author Report Share Posted November 8, 2020 An example of it all put together using the enterprise xrouter, get block count call. https://api.denarius.pro/xr/BTC/xrGetBlockCount https://api.denarius.pro/xr/D/xrGetBlockCounthttps://api.denarius.pro/xr/LTC/xrGetBlockCount 1 Quote Link to comment Share on other sites More sharing options...
Ghost Posted November 8, 2020 Report Share Posted November 8, 2020 4 minutes ago, buzzkillb said: An example of it all put together using the enterprise xrouter, get block count call. https://api.denarius.pro/xr/BTC/xrGetBlockCount https://api.denarius.pro/xr/D/xrGetBlockCounthttps://api.denarius.pro/xr/LTC/xrGetBlockCount https://api.denarius.pro/xr/D/xrGetBlockCount doesnt seem to return anything Quote Founder of BlockForums.org - PM me for any help - Join our Discord Server: https://discord.gg/UPpQy3n Link to comment Share on other sites More sharing options...
buzzkillb Posted November 8, 2020 Author Report Share Posted November 8, 2020 6 minutes ago, Ghost said: https://api.denarius.pro/xr/D/xrGetBlockCount doesnt seem to return anything Forgot to change denarius.conf, denarius is slightly different than the current Bitcoin daemon. Example denarius.conf below, including how tor onion hidden service is behind this particular daemon. Have to allow 2 ip's, 1 for the block service node and 1 for the xrproxy docker container. Both inside their lxc containers. rpcuser=denariususername rpcpassword=denariuspassword rpcport=32369 rpcallowip=192.168.4.102 rpcallowip=192.168.4.157 port=33369 daemon=1 listen=1 server=1 txindex=1 externalip=iuby4liuvnsh5fqp.onion tor=127.0.0.1:9050 discover=1 1 Quote Link to comment Share on other sites More sharing options...
Ghost Posted November 8, 2020 Report Share Posted November 8, 2020 8 minutes ago, buzzkillb said: Forgot to change denarius.conf, denarius is slightly different than the current Bitcoin daemon. Example denarius.conf below, including how tor onion hidden service is behind this particular daemon. Have to allow 2 ip's, 1 for the block service node and 1 for the xrproxy docker container. Both inside their lxc containers. rpcuser=denariususername rpcpassword=denariuspassword rpcport=32369 rpcallowip=192.168.4.102 rpcallowip=192.168.4.157 port=33369 daemon=1 listen=1 server=1 txindex=1 externalip=iuby4liuvnsh5fqp.onion tor=127.0.0.1:9050 discover=1 Confirmed working now....sweet 1 Quote Founder of BlockForums.org - PM me for any help - Join our Discord Server: https://discord.gg/UPpQy3n Link to comment Share on other sites More sharing options...
buzzkillb Posted November 11, 2020 Author Report Share Posted November 11, 2020 Ubiquiti's new controller is confusing, but once the settings are found its more intuitive setting up a VLAN. To adjust the DHCP subnet, range and DNS settings go into the VLAN itself, disable Auto Scale Network and then DHCP Name Server to Manual. 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.