Run in Production

Overview

Running BitGo Express in the live environment requires additional security configurations that aren't necessary in the test environment. BitGo strongly recommends securing and authenticating your connections in the live environment with TLS and HTTPS. However, if your use case cannot use these security protocols, you can configure your own self-certificates.

Steps

1. Set Environment Variable

Set the NODE_ENV variable to production. This turns off certain debugging functionality that could potentially leak information about your system. If BitGo Express detects an unsafe configuration, a soft warning displays upon startup.

2. Enable TLS

Enable TLS by using the keyPath and crtPath configuration options. Otherwise, BitGo Express errors upon startup with the following message:

  • CLI
1 2 Fatal error: Must enable TLS when running against prod and listening on external interfaces! Error: Must enable TLS when running against prod and listening on external interfaces!

Note: If you must disable TLS, you can opt out using the disableSSL configuration option. However, we strongly recommend always enabling TLS. Disabling TLS makes you vulnerable to a man-in-the-middle attack, where a hacker can gain access to your sensitive information, as it's sent in cleartext over the Internet.

3. (Optional) Set Up Self-Signed Certificate

You can use a self-signed certificate for TLS. To generate a self-signed certificate, make a new directory in the express folder and navigate it.

  • CLI
1 2 3 mkdir certs cd certss!

Provide the your certificate details and run the following command:

  • CLI
1 openssl req -newkey rsa:2048 -nodes -keyout cert.key -x509 -days 3650 -out cert.crt

Step Result

You created a key file, cert.key, and certificate file, cert.crt.

4. Run Docker Container

Run your docker container with the following modifications:

  • CLI
1 docker run -it --volume /path/to/certs:/private -p 4000:4000 bitgo/express:latest -p 4000 -k /private/cert.key -c /private/cert.crt -e prod

5. (Optional) Build Docker Container

If you want to build the BitGo Express Docker container yourself from the source code, run the following commands from the root of your cloned BitGoJS repository.

  • CLI
1 2 3 4 5 6 7 git clone https://github.com/BitGo/BitGoJS.git cd ./BitGoJS docker build -t bitgo-express:latest . docker run -it bitgo-express:latest

6. (Optional) Create API Calls

You can execute API calls through BitGo Express by creating HTTP requests using cURL. Formatting a cURL command requires a specific URL, method, headers, and request body.

The following example uses cURL to generate a wallet:

  • CLI
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 curl -X POST 'http://localhost:4000/api/v2/{coin}/wallet' \ -H 'Content-Type: application/json' \ -H 'Authorization: Bearer {accessToken}' \ -d '{ "label": "Manual TBTC Wallet", "enterprise": "62c5ae8174ac860007aff138a2d74df7", "keys": [ "62e18649381037000872496848a7939f", "62e18e2da058d90007ccfdba7588eeb9", "62e18e4ba058d90007cd0951f74004b0" ], "multisigType": "onchain", "m": 2, "n": 3, "type": "hot" }'

See Also

Reference: Configuration Parameters