If you want to have access to your wallet outside of your local network you can either use Tor, or make a reverse proxy from your node to a cheap VPS somewhere.
Here we will describe how to set up your VPS server to forward all requests to your Bitcoin node.
You can either have both Specter and Bitcoin Core on the same node and forward Specter interface to remote server, or you can only do it for Bitcoin Core and keep Specter on your laptop. The following guide assumes the first option, however, if you want to go with the second one just change the port from 25441 to 8334 or whatever port your Core is using.
Update your remote server:
apt update && apt upgradeInstall nginx:
apt install nginxAdd a new server to your nginx configuration /etc/nginx/sites-enabled/default:
server {
listen 80 default_server;
listen [::]:80 default_server;
# optinaly configure domain name
server_name specter.mydomain.com;
# set proxy pass
location / {
proxy_pass http://127.0.0.1:25441;
}
}Restart nginx:
nginx -s reloadOn your local computer (where Specter is running) start a reverse proxy:
ssh -nN -R 25441:localhost:25441 [email protected]Check in your browser - when you navigate to http://specter.mydomain.com you should see Specter already.
HTTPS is very important, not only because it is secure, but also because without HTTPS we can't use camera to scan QR codes. We need to get secure connection.
Letsencrypt issues certificates for free, they just need to check that you control the domain. So it doesn't work for local network or for Tor addresses. In these cases you would need to create a self-signed certificate. But domains are cheap and probably everyone has a dozen that is not used. So we assume you have one.
Install certbot to issue certificate for us:
apt install software-properties-common
add-apt-repository universe
add-apt-repository ppa:certbot/certbot
apt update
apt install certbot python-certbot-nginxRun certbot and answer it's questions:
certbot --nginxNow Specter should be available over HTTPS: https://specter.mydomain.com
We don't want random people to have access to our wallet, so we want to protect it with login and password. Specter has two methods of authentication built in.
You can configure the authentication method used by Specter at https://specter.mydomain.com/settings/auth
When authentication is enabled Specter rate limits attempts to login to frustrate brute force password guessing.
User defined password is used by Specter to login (default: admin).
The Bitcoin Core RPC password is used by Specter to login.
With this method you can choose the username and password of the Specter admin user. You can also invite other (limited) users to register also.
Note: This part is only required if you do not want to use one of the built in Specter authentication methods. If you use Nginx basic authentication you should also think about rate limiting brute force attacks via software like fail2ban.
Nginx has a nice documentation on the topic, but I will copy-paste main commands here.
Verify that apache2-utils (Debian, Ubuntu) or httpd-tools (RHEL/CentOS/Oracle Linux) is installed.
apt install apache2-utilsCreate your user (let's call it specter) and type the password:
htpasswd -c /etc/nginx/.htpasswd specterAdd two lines to the server block in the nginx config (/etc/nginx/sites-enabled/default):
server {
# ...
auth_basic "You shall not pass!";
auth_basic_user_file /etc/nginx/.htpasswd;
location / {
proxy_pass http://127.0.0.1:25441;
}
# ...
}Restart nginx:
nginx -s reloadNow when you try to access the server it will ask for credentials.