Distributed Access to the BitShares Decentralized Exchange (DEX)

I hope to encourage and promote more access points and backup WebSocket (wss) gateways for BitShares. This is the logical progression from Run your own decentralized exchange post.


BitShares node setup

Run your own decentralized exchange

Once you have a full node setup, you can allow BitShares shareholders secure access to your server to trade and check their accounts by following these steps.

  • A DNS Alias (CNAME) is required to point to your server ip address.

  • See dyn.com for DNS Alias setup.

  • You may have to wait a few days for the DNS to work through the internet.

  • Please change altcap.io to your DNS alias in the examples below.

Create a New User

I recommend creating a new user on your server to run the Bitshares gui and give the user sudo access. >You can use any name - I have used bitshares in this example

sudo adduser bitshares
sudo gpasswd -a bitshares sudo
sudo gpasswd -a bitshares users

Install Nginx

Install Nginx web server

# ssh into your new user bitshares
ssh bitshares@altcap.io
sudo apt-get install nginx
# check version
nginx -v
# add user to web server group
sudo gpasswd -a bitshares www-data
# start nginx
sudo service nginx start

This will start Nginx default web server. Check it by typing the ip address of your server in a web browser or your alias altcap.io

Configure Nginx

To configure the web server, edit the default site and save as new DNS alias name using http port 80 only until you setup letsencrypt.org SSL Certificate.

Create your web folder

sudo mkdir -p /var/www/altcap.io/public_html
sudo chown -R bitshares:bitshares var/www/altcap.io/public_html
sudo chmod 755 /var/www

Configure Nginx

# edit default setup and save as altcap.io
sudo nano /etc/nginx/sites-available/default

Point to your new virtual host

###### altcap.io ######
server {
    listen 80;
    server_name altcap.io;
    #rewrite ^ https://$server_name$request_uri? permanent;
    #rewrite ^ https://altcap.io$uri permanent;
    #
    root /var/www/altcap.io/public_html;
    # Add index.php to the list if you are using PHP
    index index.html index.htm;
    #
    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
    }
}

CTRL+O to save as altcap.io (^O Write Out)

Update Virtual Host File

sudo cp altcap.io /etc/nginx/sites-available/altcap.io

Install letsencrypt

sudo apt-get install letsencrypt

Obtain your SSL certificate

sudo letsencrypt certonly --webroot -w /var/www/altcap.io/public_html -d altcap.io

Follow the instructions and add an email address

Check your certificate

sudo ls -l /etc/letsencrypt/live/altcap.io
# and check it will update
sudo letsencrypt renew --dry-run --agree-tos
sudo letsencrypt renew

Setup a renew cronjob for your new SSL certificate

sudo crontab -e

Add this line to run the job every 6 hours on the 16th minute

16 */6 * * *  /usr/bin/letsencrypt renew >> /var/log/letsencrypt-renew.log

CTRL+X to save (^X Exit)
# check your crontab
sudo crontab -l

Generate Strong Diffie-Hellman Group cert

sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

Add SSL to Nginx settings

Make a copy of altcap.io just in case.

cp altcap.io alcap.io.no.ssl

Edit altcap.io

nano altcap.io
###### altcap.io ######
server {
    listen 80;
    server_name altcap.io;
    #rewrite ^ https://$server_name$request_uri? permanent;
    rewrite ^ https://altcap.io$uri permanent;
    #
    root /var/www/altcap.io/public_html;
    # Add index.php to the list if you are using PHP
    index index.html index.htm;
    #
    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
    }
}


###### altcap.io websockets


upstream websockets {
    server localhost:8090;
}


###### altcap.io ssl
server {
    listen 443 ssl;
    #
    server_name altcap.io;
    #
    root /var/www/altcap.io/public_html;
    # Add index.php to the list if you are using PHP
    index index.html index.htm;
    #
    ssl_certificate /etc/letsencrypt/live/altcap.io/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/altcap.io/privkey.pem;
    #
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_stapling on;
    ssl_stapling_verify on;
    add_header Strict-Transport-Security max-age=15768000;
    #
    # Note: You should disable gzip for SSL traffic.
    # See: https://bugs.debian.org/773332
    #
    # Read up on ssl_ciphers to ensure a secure configuration.
    # See: https://bugs.debian.org/765782
    #
    # Self signed certs generated by the ssl-cert package
    # Don't use them in a production server!
    #
    # include snippets/snakeoil.conf;
    #
    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
    }
    location ~ /ws/? {
        access_log off;
        proxy_pass http://websockets;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}
###### altcap.io ######

CTRL+X to save (^X Exit)

You have now setup an SSL secured web server with a WebSocket connected to your local BitShares witness_node (listening on port 8090 - see this post for more information) ###Update altcap.io www virtual host

sudo cp altcap.io /etc/nginx/sites-available/altcap.io

Restart Nginx

sudo service nginx restart

Now you have setup an SSL web server. More information on SSL setup can be found here. DigitalOcean letsencrypt SSL LetsEncrypt CertBot

Install BitShares web gui

Install NVM (Node Version Manager)

curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.30.2/install.sh | bash

exit bash (terminal) and reconnect

ssh bitshares@altcap.io
nvm install v5
nvm use v5

Setup light wallet

Note

Please refer bitshares-ui installation guide.

Build light wallet

npm run build

You have now created another Access point to the BitShares Decentralised Exchange. The more the merrier. Please remember to check your firewall and SSH is up-to-date and configured correctly. DigitalOcean has firewall and Secure SSH tutorials for more help.

SSL test

You can also check how secure your new web server is compared to your bank. Add this link to a web browser and wait for the results.

https://www.ssllabs.com/ssltest/analyze.html?d=altcap.io

Now change altcap.io to your local bank’s domain name in the link and post the results below.