Custom Hosts
ARKVault allows you to set up your own custom hosts if so desired. The following information outlines the various approaches you can use in order to set up custom hosts.
Use Your Own SSL Certificate with a Domain (Recommended #1)
Information
We recommend using both a domain and SSL certificate together with Cloudflare to allow for the most secure setup for your custom host. While Cloudflare is not a prerequisite, it gives you the benefit of free DDoS protection.
Create DNS A record (yourDomain) pointing to your node IP address. Ensure you have all CRT files (Intermediate 3, Intermediate 2, Intermediate 1 and Root Certificate) from the issuer along with your own CRT file in a single location.
1Example file names:2# Root CA Certificate - AddTrustExternalCARoot.crt3# Intermediate CA Certificate 1 - UTNAddTrustSGCCA.crt4# Intermediate CA Certificate 2 - ComodoUTNSGCCA.crt5# Intermediate CA Certificate 3 - EssentialSSLCA_2.crt6# Your SSL Certificate - yourDomain.crtCreate a bundle file that contains all of these files.
Example:
cat yourDomain.crt EssentialSSLCA_2.crt ComodoUTNSGCCA.crt UTNAddTrustSGCCA.crt AddTrustExternalCARoot.crt >> yourDomain-bundle.crt
Create a folder and copy the newly-created bundle crt and key files into it.
Example:
1sh2mkdir ~/ssl3cp /path/to/yourDomain-bundle.crt /path/to/yourDomain.key ~/sslAdd the necessary variables to your .env(/.config/ark-core/mainnet/.env) file.
Example:
1CORE_API_SSL=true2CORE_API_SSL_HOST=0.0.0.03CORE_API_SSL_PORT=4434CORE_API_SSL_KEY=~/ssl/yourDomain.key5CORE_API_SSL_CERT=~/ssl/yourDomain.crtUpon restarting Core, your logs should indicate that an HTTPS server has initialized.
Example:
INFO: Public API (HTTPS) Server started at https://0.0.0.0:443
Let’s Encrypt SSL Certificate with a Domain (Recommended #2)
Create DNS A record (yourDomain) pointing to your node IP address.
Attention
Cloudflare users need to turn off host protection/proxy during the initial setup.
Install Certbot.
sudo apt-get update && sudo apt-get install certbot
Obtain your certificate.
sudo certbot certonly --standalone --preferred-challenges http -d yourDomain
When executing the command, a prompt will appear requesting that you enter an email address and agree to the terms of service. Upon doing so, a message should appear informing you that the process completed successfully and reveal the location in which your certificates are stored. The location should resemble the following:
/etc/letsencrypt/live/yourDomain so /etc/letsencrypt/live/yourDomain/fullchain.pem is your CRT bundle file
and /etc/letsencrypt/live/yourDomain/privkey.pem is your key file.
Create a user-readable folder and copy the bundle and key files. You will then need to set the correct permissions.
1sh2mkdir ~/letsencrypt3sudo cp /etc/letsencrypt/live/yourDomain/fullchain.pem ~/letsencrypt4sudo cp /etc/letsencrypt/live/yourDomain/privkey.pem ~/letsencrypt5sudo chown -R $USER:$GROUP ~/letsencryptAdd the necessary variables to your .env (/.config/ark-core/mainnet/.env) file.
Example:
1env2CORE_API_SSL=true3CORE_API_SSL_HOST=0.0.0.04CORE_API_SSL_PORT=4435CORE_API_SSL_KEY=~/letsencrypt/privkey.pem6CORE_API_SSL_CERT=~/letsencrypt/fullchain.pemUpon restarting Core, your logs should indicate that an HTTPS server has initialized.
Example:
INFO: Public API (HTTPS) Server started at https://0.0.0.0:443
Handle automated Let’s Encrypt renewals.
Attention
You must execute the following steps as root user.
sudo -i
Create post-renew.sh using the following content:
1#!/usr/bin/env bash2DOMAIN=yourDomain #<= set your domain3CORE_USER=user #<= set the user Core runs with4CORE_GROUP=group #<= set the core user group56cp /etc/letsencrypt/live/$DOMAIN/fullchain.pem /home/$CORE_USER/letsencrypt7cp /etc/letsencrypt/live/$DOMAIN/privkey.pem /home/$CORE_USER/letsencrypt8chown -R $CORE_USER:$CORE_GROUP /home/$CORE_GROUP/letsencrypt9su - $CORE_USER -c "pm2 restart all"Move the script into your /root folder and set executable flag: chmod +x /root/post-renew.sh.
Edit the renewal config /etc/letsencrypt/renewal/yourDomain.conf by appending the following line:
renew_hook = /root/post-renew.sh
Ensure the renewal does not result in any errors by running certbot renew --dry-run.
If successful, proceed with adding a cronjob for root.
echo "0 12 * * * /usr/bin/certbot renew -q" | crontab -
Upon completing the setup, you can return to the user shell.
exit
Success
Cloudflare users can now turn host protection/proxy back on.
Self-Signed Certificates (Not Safe, Not Recommended)
Danger
Due to the security concerns associated with this setup, it is not recommended. As such, if you choose to use this approach, you do so at your own risk.
Modern Browsers do not allow communication between HTTPS and HTTP hosts since there is no means of encrypting the connection. However, you can bypass this if so desired (for example, by using the bypass phrase thisisunsafe in Chromium browsers).
If you still wish to use a self-signed certificate despite that fact modern browsers will treat it as untrusted, then use the following setup:
Create a new directory and cd into it.
1mkdir ark-ssl-core-api2cd ark-ssl-core-apiGenerate a key and certificate.
1openssl genrsa -out yourDomain.key2openssl req -new -key yourDomain.key -out yourDomain.csr3openssl x509 -req -days 365 -in yourDomain.csr -signkey yourDomain.key -out yourDomain.crtConfigure Core to use the certificate.
1CORE_API_SSL=true2CORE_API_SSL_HOST=0.0.0.03CORE_API_SSL_PORT=84434CORE_API_SSL_KEY=~/ssl/yourDomain.key5CORE_API_SSL_CERT=~/ssl/yourDomain.crt