Run SPV-wallet behind a proxy (haproxy)

[Klar]

I would like to run the spv-wallet behind a proxy i.e haproxy.

My idea was to disable the "ports" in the docker-compose.yml file (as I am running already another redis on port 6379) and make a haproxy configuration where I catch the urls (admin, api, headers, wallet) and forward it to spv traefik container (where I changed the listening ports to

    ports:
      - "8080:80"
      - "4433:443"

I think my problem is now that as I am listening via haproxy on 80 and 443 (where I have other certs configured, and also certbot .well-known/acme-challenge) it does to many redirects and not really forward to the trafic container.

Also traefik seems unable to generate the certs.

How do other people run spv-wallet on a server in the internet? anyone also got a proxy before the spv-wallet i.e nginx / haproxy etc.?

Do i need the traefik container or can I just manage via the haproxy? if so what are the forwarding paths and which certs do I need to generate?

[dorzepowski]

I'm assuming that you're using start.sh script to run spv-wallet (like described here: https://docs.bsvblockchain.org/network-topology/spv-wallet/quickstart)

1. revert the changes in the docker-compose.yaml (or whole spv-wallet repository)
2. run start.sh
3. answer the questions accordingly except the questions mentioned below
4. on question "select your cache storage" answer: 1 (so the freecache) -> this will solve your problem with redis port - unfortunately start.sh doesn't support using redis outside of this docker-compose (yet))
5. on question "do you want to expose the services on ..." answer: n - this will prevent running the traefik
6. setup your HAproxy to point to the services accordingly - minimum is to proxy pass requests on port 443 on the paymail domain to spv-wallet (so to the localhost:3003 )
7. when starting again ./start.sh, you can omit the setup phase (all those questions) by running it with flag -l (so the ./start.sh -l)

[Klar]

Thanks for you answer. While testing / trying out I might have found another issue:

# ./start.sh -l
Welcome in SPV Wallet!
File .env.config does not exist, but you choose to load from it.
Select your database:
1. postgresql
2. sqlite
>2
Select your cache storage:
1. freecache
2. redis
>1
Do you want to run spv-wallet? [Y/n]
>
Do you want to run spv-wallet-admin? [Y/n]
>
Do you want to run block-headers-service? [Y/n]
>
Do you want to run spv-wallet-web-frontend? [Y/n]
>
Do you want to run spv-wallet-web-backend? [Y/n]
>
Define admin xPub (Leave empty to use the default one)
>
To login to the admin panel, you will need to provide the admin xPriv.
You choose to use default admin xPub, so you can use the following xPriv:
<keyhere>
What PayMail domain should be configured in applications?
>domain.com
Do you want to expose the services on domain.com and its subdomains? [y/N]
>
Do you want to run everything in the background? [y/N]
>y
File .env.config updated!
[+] Running 5/5
 ✔ wallet-frontend Pulled                                                                                                                                                                                                                2.1s 
 ✔ spv-wallet-admin Pulled                                                                                                                                                                                                               2.1s 
 ✔ spv-wallet Pulled                                                                                                                                                                                                                     2.1s 
 ✔ wallet-backend Pulled                                                                                                                                                                                                                 2.1s 
 ✔ block-headers-service Pulled                                                                                                                                                                                                          2.1s 
[+] Running 5/6
 ⠇ Container spv-wallet-wallet-postgresql-1      Starting                                                                                                                                                                                0.8s 
 ✔ Container spv-wallet-wallet-frontend-1        Started                                                                                                                                                                                 0.8s 
 ✔ Container spv-wallet-block-headers-service-1  Started                                                                                                                                                                                 0.8s 
 ✔ Container spv-wallet-spv-wallet-1             Started                                                                                                                                                                                 0.7s 
 ✔ Container spv-wallet-spv-wallet-admin-1       Started                                                                                                                                                                                 0.7s 
 ✔ Container spv-wallet-wallet-backend-1         Created                                                                                                                                                                                 0.0s 
Error response from daemon: driver failed programming external connectivity on endpoint spv-wallet-wallet-postgresql-1 (756516646d33e513be04ac2b9327631b898f845824f1ee9ad82c292aa29c6e41): failed to bind port 127.0.0.1:5432/tcp: Error starting userland proxy: listen tcp4 127.0.0.1:5432: bind: address already in use

I don't get the error for redis which is good, but while selecting "sqlite" because I already run another conainer with "postgresql" I still get the error:

Error response from daemon: driver failed programming external connectivity on endpoint spv-wallet-wallet-postgresql-1 (756516646d33e513be04ac2b9327631b898f845824f1ee9ad82c292aa29c6e41): failed to bind port 127.0.0.1:5432/tcp: Error starting userland proxy: listen tcp4 127.0.0.1:5432: bind: address already in use

[sirdeggen]

How do other people run spv-wallet on a server in the internet?

The intention is to make this available on AWS Marketplace (although the process has been very cumbersome to get right) so that anyone can "one click" install it on their AWS account. For now a cloud formation template and setup guide is available here: https://docs.bsvblockchain.org/network-topology/spv-wallet/aws/installation

What you're doing right now is still appropriate for alternative cloud providers.

[dorzepowski]

Thanks for you answer. While testing / trying out I might have found another issue:
(...)
I don't get the error for redis which is good, but while selecting "sqlite" because I already run another conainer with "postgresql" I still get the error:

Error response from daemon: driver failed programming external connectivity on endpoint spv-wallet-wallet-postgresql-1 (756516646d33e513be04ac2b9327631b898f845824f1ee9ad82c292aa29c6e41): failed to bind port 127.0.0.1:5432/tcp: Error starting userland proxy: listen tcp4 127.0.0.1:5432: bind: address already in use

1. Choosing sqlite as database is only affecting spv-wallet.
2. Because you choose to run spv-wallet-web-backend which is only supporting postgres, start.sh is trying to start the postgres for it.
3. spv-wallet-web-frontend and spv-wallet-web-backend are parts of reference custodial web wallet (that isn't meant to be used on production) so eventually if you really want to skip the postgres, then probably you should not run those components and instead use js-client or go-client or the spv-wallet-admin (which you also select to start) to communicate with spv-wallet