Cyphernode

Overview

Cyphernode is a modular Bitcoin full-node microservices API server architecture and utilities toolkit to build scalable, secure and featureful apps and services without trusted third parties.
Note: The project is in heavy development - they are currently looking for reviews, new features, user feedback and contributors to their roadmap.

Setup

System requirements:

    250 GB of storage
    2GB of RAM.
    Docker

Installation instructions can also be found here:

Create a directory called cyphernode
$ mkdir cyphernode && cd cyphernode
Use the quick install
1
$ curl -fsSL https://raw.githubusercontent.com/SatoshiPortal/cyphernode/master/dist/setup.sh -o setup_cyphernode.sh && chmod +x setup_cyphernode.sh && ./setup_cyphernode.sh
Copied!
Follow the configuration process. Below is an example:
1
? Cyphernode: Enable help? Yes
2
? Cyphernode: What features do you want to add to your cyphernode?
3
4
What optional features do you want me to activate?
5
6
Lightning node
7
? Cyphernode: What net do you want to run on?
8
9
Which Bitcoin network do you want Cyphernode to run on?
10
11
Testnet
12
? Cyphernode: Run as different user?
13
14
I recommend running Cyphernode as a different user when possible. Using your
15
current user would give Cyphernode your current access rights, which could be a
16
security issue especially if you are a sudoer. Please note that this feature is
17
not supported on OSX at runtime, but you will be fine activating it in case you
18
want to use the configuration file on another machine.
19
20
No
21
? Cyphernode: Use a default xpub key to watch or generate adresses?
22
23
Cyphernode can derive Bitcoin addresses from an xPub and the derivation path you
24
want. If you want, you can provide your xPub and derivation path right now and
25
call 'derive' with only the index instead of having to pass your xPub and
26
derivation path on each call.
27
28
No
29
? Gatekeeper: Enter a password to protect your client keys with
30
31
The Gatekeeper checks all the incoming requests for the right permissions before
32
delegating them to the proxy. Following the JWT standard, it uses HMAC signature
33
verification to allow or deny access. Signatures are created and verified using
34
secret keys. I am going to generate the secret keys and keep them in an encrypted
35
file. You will be able to download this encrypted file later. Please provide the
36
encryption passphrase.
37
38
[hidden]
39
? Gatekeeper: Confirm your client keys password.
40
41
42
43
[hidden]
44
? Gatekeeper: Gatekeeper cert CNS (ips, domains, wildcard domains seperated by com
45
ma)?
46
47
I use domain names and/or IP addresses to create valid TLS certificates. For
48
example, if https://cyphernodehost/getbestblockhash and
49
https://192.168.7.44/getbestblockhash will be used, enter cyphernodehost,
50
192.168.7.44 as a possible domains. 127.0.0.1, localhost, gatekeeper will be
51
automatically added to your list. Make sure the provided domain names are in your
52
DNS or client's hosts file and is reachable.
53
54
localhost
55
? Gatekeeper: Edit API properties?
56
57
If you know what you are doing, it is possible to manually edit the API
58
endpoints/groups authorization. (Not recommended)
59
60
No
61
? Bitcoin: Where is your bitcoin full node running?
62
63
Cyphernode can spawn a new Bitcoin Core full node for its own use. But if you
64
already have a Bitcoin Core node running, Cyphernode can use that.
65
66
Nowhere! I want cyphernode to run one.
67
? Bitcoin: Name of bitcoin rpc user?
68
69
Bitcoin Core's RPC username used by Cyphernode when calling the node.
70
71
bitcoin
72
? Bitcoin: Password of bitcoin rpc user?
73
74
Bitcoin Core's RPC password used by Cyphernode when calling the node.
75
76
[hidden]
77
? Bitcoin: Run bitcoin node in prune mode?
78
79
If you don't have at least 350GB of disk space, you should run Bitcoin Core in
80
prune mode. NOTE: when running Bitcoin Core in prune mode, the incoming
81
transactions' fees cannot be computed by Cyphernode and won't be part of the
82
addresses watching's callbacks payload.
83
84
No
85
? Bitcoin: Any UA comment?
86
87
User Agent string used by Bitcoin Core. (Optional)
88
89
90
? Lightning: What name has your lightning node?
91
92
LN nodes have names. Choose the name you want for yours.
93
94
myLnNode
95
? Lightning: What color has your lightning node?
96
97
LN nodes have colors. Choose the color you want for yours in RGB format (RRGGBB).
98
For example, pure red would be ff0000.
99
100
101
? Installer: Where do you want to install cyphernode?
102
103
Only one installation mode is supported, right now: local docker (self-hosted).
104
Choose wisely ;-)
105
106
Docker
107
? Installer: Where do you want to store your gatekeeper data?
108
109
The Gatekeeper's files (TLS certs, HMAC keys, Groups/API) will be stored in a
110
container's mounted directory. Please provide the local mounted path to that
111
directory. If running on OSX, check mountable directories in Docker's File Sharing
112
113
configs.
114
115
/Users/leon/Desktop/cyphernode/cyphernode/gatekeeper
116
? Installer: Where do you want to store your proxy data?
117
118
The Cyphernode proxy container, which routes all the requests to the right
119
services uses a sqlite3 database to keep track of some things. This DB will be
120
mounted from a local path, easy to back up from outside Docker. If running on OSX,
121
122
check mountable directories in Docker's File Sharing configs.
123
124
/Users/leon/Desktop/cyphernode/cyphernode/proxy
125
? Installer: Where do you want to store your bitcoin full node data?
126
127
Path name to where Bitcoin Core's data files (blockchain data, wallets, configs,
128
etc.) are stored. This directory will be mounted into the Bitcoin node's
129
container. If you already have a sync'ed node, you can copy data there to be used
130
by the node, instead of resyncing everything. NOTE: only copy chainstate/ and
131
blocks/ contents. If running on OSX, check mountable directories in Docker's File
132
Sharing configs.
133
134
/Users/leon/Desktop/cyphernode/cyphernode/bitcoin
135
? Installer: Where do you want to store your lightning node data?
136
137
Path name to where LN's data files are stored. This directory will be mounted into
138
139
the LN node's container. If running on OSX, check mountable directories in
140
Docker's File Sharing configs.
141
142
/Users/leon/Desktop/cyphernode/cyphernode/lightning
143
? Installer: Expose bitcoin full node outside of the docker network?
144
145
By default, Bitcoin node ports (RPC and protocol) won't be published outside of
146
Docker. Do you want to expose them so that your node can be accessed from outside
147
of the Docker network?
148
149
Yes
150
? Installer: Expose lightning node outside of the docker network?
151
152
By default, LN node port will be published outside of Docker. Do you want to hide
153
it so that your node can't be accessed from outside of the Docker network?
154
155
No
156
? Installer: What docker mode: docker swarm or docker-compose?
157
158
Cyphernode Docker services can be run using Docker Swarm
159
(https://docs.docker.com/engine/swarm/) or docker-compose
160
(https://docs.docker.com/compose/overview/). Both will work, some users prefer one
161
162
to another depending on deployment types, scalability, current framework, etc.
163
164
docker-compose
165
? Installer: Cleanup installer after installation?
166
167
Do you want to remove this configurator Docker image after installation? This
168
would free about 150MB of disk space.
169
170
Yes
Copied!
Starting the containers
$ ./start.sh
Once everything is finished, you'll see:
1
Depending on your current location and DNS settings, point your favorite browser to one of the following URLs to access Cyphernode's status page:
2
3
https://localhost/status/
4
https://127.0.0.1/status/
5
https://localhost/status/
6
https://gatekeeper/status/
7
8
Use 'admin' as the username with the configuration password you selected at the beginning of the configuration process.
Copied!
Go to your browser and enter the url. If this is deployed on the cloud, then make sure port 443 is open.
Download API ID's and keys. Use an unzipping tool to unzip client.7z which contains cacert.pem and keys.txt
The keys.txt has the id and keys. Each label has roles assigned. 001 has the least permissions while 003 is admin.
1
001=9c7d3e23d5d720f1d75db9142fbe2f5e38347b6b44025d0f564f9bc15372d7b2
2
002=27720fb1993a410c3ecd295d3599ff0a721435704fd700c6d095a9b30be0fb49
3
003=ef7bf0c0ce5a68aafdf07210a58c74a7f1cf85e697451bcaa07f4b5bc868426a
Copied!

Testing

Manually test your installation through the Gatekeeper:
Replace k="2df1eeea3..." with the key from keys.txt
1
$ id="001";h64=$(echo -n "{\"alg\":\"HS256\",\"typ\":\"JWT\"}" | base64);p64=$(echo -n "{\"id\":\"$id\",\"exp\":$((`date +"%s"`+10))}" | base64);k="2df1eeea370eacdc5cf7e96c2d82140d1568079a5d4d87006ec8718a98883b36";s=$(echo -n "$h64.$p64" | openssl dgst -hmac "$k" -sha256 -r | cut -sd ' ' -f1);token="$h64.$p64.$s";curl -v -H "Authorization: Bearer $token" -k https://127.0.0.1/v0/getbestblockhash
2
3
{"result":"000000004c5d9ac49571b1772b48600113fe24f9c158416c9db5239792cec1a6","error":null,"id":null}
Copied!

Development

Cyphernode has a list of endpoints. There's a go and javascript implementation. Below will help you get started:
1
const CryptoJS = require("crypto-js");
2
const request = require('request')
3
4
// allow self signed certificates
5
process.env["NODE_TLS_REJECT_UNAUTHORIZED"] = 0;
6
7
// from keys.txt
8
const api = {
9
id: '002',
10
key: '27720fb1993a410c3ecd295d3599ff0a721435704fd700c6d095a9b30be0fb49'
11
}
12
13
// echo -n "{\"alg\":\"HS256\",\"typ\":\"JWT\"}" | base64
14
const h64 = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9Cg=='
15
16
// set expiration time
17
const exp = Math.round(new Date().getTime()/1000) + 10
18
19
// create message
20
const p = {
21
exp,
22
id: api.id
23
}
24
const p64 = Buffer.from(JSON.stringify(p)).toString('base64')
25
const msg = h64 + '.' + p64
26
27
// hash message + key to create token
28
const s = CryptoJS.HmacSHA256(msg, api.key).toString()
29
const token = msg + '.' + s
30
31
// use token to request data
32
request({
33
method: 'GET',
34
url: 'https://127.0.0.1/v0/getnewaddress',
35
headers: {
36
Authorization: `Bearer ${token}`
37
},
38
}, (err, res, body) => {
39
// {"address":"2N3e4VzKqrEkwmdJ51ETeyuxpzt9bqMHyRB"}
40
console.log(body)
41
})
42
Copied!

Future

Note that cyphernode is currently in development. Version 0.2.0 will be out soon.
Last modified 2yr ago