Ctrl+K

Run in Production

Overview

Running BitGo Express in the production environment requires additional security configurations that aren't necessary in the test environment. BitGo strongly recommends securing and authenticating your connections in the production environment with Transport Layer Security (TLS) and HTTPS. However, if your use case cannot use these security protocols, you can configure your own self-certificates.

Note: If you must disable TLS, you can opt out using the disableSSL configuration option. However, BitGo strongly recommends always enabling TLS. Disabling TLS makes you vulnerable to a man-in-the-middle attack, where a hacker can gain access to your sensitive information, as it's sent in cleartext over the Internet.

Prerequisites

Install BitGo Express

1. Generate TLS Key and Certificate

You can generate a TLS key and certificate using a trusted certificate authority (CA) or you can generate a self-signed certificate.

  • Use Certificate Authority (CA)
  • Use Self-Signed Certificate

1.1. Generate Key

  • CLI
1
openssl genrsa -out private.key 2048

Step Result

You generated a 2048-bit RSA private key and saved it to a file named private.key.

  • CLI
1
2
3
Generating RSA private key, 2048 bit long modulus
.......+++++
.......................+++++

1.2 Generate Certificate Signing Request (CSR)

If using a CA, you must generate a certificate signing request (CSR) and send it to the CA. To generate a CSR, run the following command and answer the questions that appear in your terminal:

  • CLI
1
openssl req -new -key private.key -out request.csr

Step Result

You generated a CSR and saved it to a file named request.csr.

1.3 Submit CSR to CA

Submit your CSR file, request.csr, to a trusted CA for signing. Follow the instructions outlined by your preferred CA.

Step Result

Once the CA processes your CSR and completes any necessary verification, you're issued a signed certificate for your domain. Save the signed certificate to a file, with a .crt extension.

2. Pull the Latest Docker Container

  • CLI
1
docker pull bitgo/express:latest

3. Run Docker Container

Run the Docker container with the following modifications to enable TLS:

  • CLI
1
2
3
4
5
docker run -it -e NODE_ENV=production --volume /path/to/certs:/private -p 4000:4000 bitgo/express:latest -p 4000 -k /private/cert.key -c /private/cert.crt -e BITGO_ENV=prod

# The prefix `NODE_ENV=production` turns off certain debugging functionality that could potentially leak information about your system
# Replace `/path/to` with the full path to your `certs` folder
# The `keyPath` and `crtPath` configuration options enable TLS

Step Result

  • CLI
1
2
3
BitGo-Express running
Environment: BITGO_ENV=prod
Base URI: https://0.0.0.0:4000

4. (Optional) Build Docker Container

If you want to build the BitGo Express Docker container yourself from the source code, run the following commands from the root of your cloned BitGoJS repository.

  • CLI
1
2
3
4
5
6
7
git clone https://github.com/BitGo/BitGoJS.git

cd ./BitGoJS

docker build -t bitgo-express:latest .

docker run -it bitgo-express:latest

Next Steps

Get started making Express calls in the production environment. For more details, see Wallets Overview.

See Also