Missing ssl config parameters in electrum_server_subdomain.sh? #59
Description
- I could not get https://github.com/openoms/bitcoin-tutorials/blob/master/nginx/electrum_server_subdomain.sh to work, connecting to Fulcrum on my raspiblitz via zerotier.
nginx did start successfully, but connecting from Sparrow to $REDIRECT timed out. /var/log/nginx/error.log on the frontend VPS showed access errors (didnt capture the exact logs unfortunately)
My proposed fix
# Add these lines for upstream SSL connection
proxy_ssl on; # Enable SSL for upstream connection
proxy_ssl_verify off; # Skip upstream certificate verification
proxy_ssl_server_name on; # Enable SNI
i.e.
stream {
upstream electrum {
server $REDIRECT;
}
server {
listen 50002 ssl;
proxy_pass electrum;
ssl_certificate /etc/letsencrypt/live/$SUBDOMAIN/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$SUBDOMAIN/privkey.pem;
ssl_session_cache shared:SSL-electrum:1m;
ssl_session_timeout 4h;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
# Add these lines for upstream SSL connection
proxy_ssl on; # Enable SSL for upstream connection
proxy_ssl_verify off; # Skip upstream certificate verification
proxy_ssl_server_name on; # Enable SNI
}
}
- Also, I believe there is a typo in L72:
should be:
listen 50002 ssl;
right?
my setup (for reference)
VPS (frontend)
- Debian12
- nginx/1.22.1
- zerotier
Raspiblitz (backend)
- Debian12
- Raspiblitz 1.11.3
- Fulcrum
- fulcrum.conf
tcp = 0.0.0.0:50021 - with ssl on 50022 handled in nginx
- fulcrum.conf
- zerotier