Zebra Connections

  1. I’m trying to limit a zebra node peer connections. Meaning, with a zcash node I can limit or isolate a node --connect in the zcash.conf or directly on the command line. I’ve tried using this in the zcash.conf file for zebra but maybe its in zebra’s .toml file where I must place these peer ip addresses I want to connect too??

  2. I’m currently trying to sync a zebra node to be a prune node, again I’ve placed the prune configurations in the zcash.conf that zebra requires or should I be placing the prune configurations in the .toml file for zebra? Any examples?


1 Like

Correct, Zebrad does not use a zcash.conf file at all. The zebrad.toml is the configuration file and where any edits might go. You can set initial_mainnet_peers under ‘network’ but theres is currently no prune option.

If you run ‘zebrad generate’, it will output a sample file where you can see where that goes
(Maybe if you set your initial_mainnet_peers and then set peerset_initial_target_size to that number then it may limit the actual connections(?), really not sure.)


Hi @Autotunafish , thanks in advance.

I’ve got a fully synced zebra node & fully sync lightwalletd.

Goal: Private / Personal lightwalletd server.

I have a domain pointing to my zebra node, have acquired a letsencrypt ssl for the lightwalletd and domain, can you walk me through where the ssl cert (not for the domain) but for the lightwalletd to receive private connections.
I think the cert has to be in the lightwalletd directory? When I start the lightwalletd I use a flag --cert /path/to/cert ?

Aim1: ?
curl --user zebra99:894-2857 --data-binary ‘{“jsonrpc”: “1.0”, “id”:“curltest”, “method”: “getblockchaininfo”, “params”: }’ -H ‘content-type: text/plain;’ https://zec.me:8232/

I open port 8232 for the instance security group 8232 to my private ip address

Aim 2:
What am I missing or overlooking in order to have my zashi / zingo app be able to use my private zebra node for transacting? @pacu @zancas

The LWD production server instructions will explain how to use your Certificate when launching lightwalletD and opening up the proper port. If your wallet is on the same machine as your server (i.e. the easy way) then a SSL cert isn’t strictly necessary. After that, it’s simply a matter of setting the IP of the LWD server in the wallet settings.

When you mean private is “publicly available but for my own use” or “usable only from a subnet of mine”?

I don’t think Zashi is currently allowing custom servers (you could build from source and do it) but as long as your server can be pinged from the wallet and has a valid certificate. It should be good.

1 Like

That would seem like the production server method would be the goal and then basically only allow priveledged access to the server. I’m not immediately sure how you would rope that. If it was behind a home router it would not be advisable, even with a valid ssl cert, because it would require opening a port in your home firewall and port forwarding.
There are other ways like with wormhole but idk of any implementations for lwd.

Goal: Private / Personal lightwalletd server
Background motivation: (I have & shared this concern)

sarahjamielewis: jan, 2021
“I’ll put it out there that my main concern with the current batch of lightwallet infrastructure grant requests is that I think the future needs to ere towards enabling hundreds of low cost, low trusted options rather than *tens of well maintained options with expensive maintenance costs”
source: 2 years of Lightwalletd Infra hosting & maintenance - #7 by chris-remus

When you mean private is “publicly available but for my own use” or “usable only from a subnet of mine”?
Yes. basically I want to run an ec2 instance, zebrad, lightwalletd, install the required certs, open the required security group ports to allow, zingo, ywallet (not sure nighthawk) (zashi not yet) to connect to the ip of the mobile device running the above apps.
My pain points:
Which ports do I need to open in the ec2 instance security groups? For the outside mobile device / apps to connect.
Best location for the lightwalletd ssl cert?
Lightwalletd start up script any additional --flags?
Any other suggestions welcome?

The run command for production lwd server sort of implies that the cert.pem and key.pem are in the local directory. I don’t have any experience with EC2 AWS so I don’t know if adjusting the security group settings is a particular requirement for it because you otherwise don’t have to do that. Outside traffic will only ever call (default) 9067, which requires your SSL cert (because https everywhere now).

You must mean adding the particular wallet devices to this security group. I don’t really have any intuition on that. This is another deployment guide. It might provide some insight with what you’re doing

Aws Security groups are a sets of firewall rules. In this case, you just need to allow incoming tcp on port 9067. You could also add an IP filter.

Unfortunately, lwd does not support user/password or oauth

1 Like