Developers Forum for XinFin XDC Network

Raghuram Dharanipathy
Raghuram Dharanipathy

Posted on

How to configure SSL for XDC private chain on server with Nginx

This article gives step by step method to implement SSL for xdc node RPC.

We will see how we can safely expose the API to public by adding by proxing JSON-RPC traffic with NGINX.

You’ll need a domain to implement this solution. It can be a root domain or a subdomain. You have to add an A DNS record pointing to the IP of your EC2 instance. It is recommended to use an Elastic IP address so that the address would not change if you have to change the instance configuration.

Next, inside the instance, you have to install the necessary packages:

sudo apt-get install nginx apache2-utils
sudo apt-get install python3-certbot-nginx

You can now generate an SSL certificate and initial NGINX configuration by running:

sudo certbot --nginx -d <domainName>

To automatically renew your certificate add this line to /etc/crontab file:

@monthly root certbot -q renew

Once you complete these steps, you should see an NGINX welcome screen on your domain:

Image description

Now you need to edit the NGINX configuration file /etc/nginx/sites-enabled/default:

server {

        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;
    server_name <domainName>; # managed by Certbot

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
                proxy_pass http://localhost:8546;

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
server {
    if ($host = <domainName>) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

        listen 80 ;
        listen [::]:80 ;
    server_name <domainName>;
    return 404; # managed by Certbot

Enter fullscreen mode Exit fullscreen mode

The SSL certificate files are automatically generated by the certbot command

We use a proxy_pass directive to proxy traffic from an encrypted 443 HTTPS port to Geth node port 8545 on our server instance without exposing it publicly.

Now verify that the config is correct:

sudo nginx -t

and restart the NGINX process to apply changes:

sudo service nginx restart

The default welcome page should no longer be accessible. You can check if your full node is available via a secure HTTPS connection.

You can use this RPC link https://<domainName> in your XDCPay wallet to create a new profile as "private chain" and fill other details like your chainID etc., as mentioned below.

Image description

Once your new Network profile is saved, then using the Network profile deploy a simple contract using remix and check for the successfull deployment.

Discussion (0)