BitGo Express

BitGo Express runs as a service in your own Server, and handles the client-side operations involving your own keys, such as partially signing transactions before submitting to BitGo.

Root SSH Access is required to proceed. You should contact your server provider on how to obtain the root ssh credentials. For cPanel users, check the SSH Access (root) section

Running BitGo Express

Docker

To install the latest version of docker on your server, see the Docker section

For most users, we recommend running BitGo Express as a docker container, since this is the most secure way to run BitGo Express.

Run the following code to quickly start BitGo Express in the Test Environment

docker run -it -p 3080:3080 bitgosdk/express:latest --port 3080

You should see this output from the container:

BitGo-Express running
Environment: test
Base URI: http://0.0.0.0:3080

0.0.0.0 means any IP that directly links to your server and make sure the right protocol (http or https) is used

If the above command returns a command not found output, it implies that docker is not bundled by default with your server. You will need to manually install its latest version

If you get a permission denied error, try running the command as root user. It can also be run by a user in the docker group, which is automatically created during the installation of Docker

From the output the BitGo Host will be listening on all interfaces under the Port: 3080. In the event that you want the Port otherwise, you should change it from the parameters in the command.

When running BitGo Express in production, we strongly recommended using HTTPS to secure your connections, which requires a valid SSL certificate.

Docker in Production (SSL)

You need to obtain a valid SSL certificate credentials for your domain or generate a self-signed one:

Generating Self-signed Certificate (optional)

First make a directory and navigate into it:

$ cd ~
$ mkdir certs
$ cd certs

Then run the following command and complete the prompted information:

$ openssl req -newkey rsa:2048 -nodes -keyout cert.key -x509 -days 3650 -out cert.crt

This will output a key file cert.key and certificate file cert.crt in the current directory

Running Command:

Take note of the path to your SSL certificate credentials folder which contains key file say cert.key and certificate file say cert.crt Replace /path/to/cert in the following command with the full qualified path to the above folder

docker run -it --volume /path/to/certs:/private -p 3080:3080 bitgosdk/express:latest --env prod --port 3080 --keypath /private/cert.key --crtpath /private/cert.crt

If the certificate files are saved with a different name, you should update the parameters in the command accordingly.

You should see this output from the container:

BitGo-Express running
Environment: prod
Base URI: https://0.0.0.0:3080

Now Bitgo Express is listening to all interfaces, under the BitGo Port: 3080

The following is the information you will need to integrate with the script:

  • Host/Domain: The domain of the server it is running on

  • Port: 3080 or otherwise as specified in the setup from above.

  • Long Lived Access Token: This can be obtained from your BitGo Dashboard, please use the following guide.

Now to keep BitGo Express running in the background you may add the --detach option along with the --restart unless-stopped to automatically restart upon failure which returns a container ID. i.e docker run --detach --restart unless-stopped -it...

You may use any of the following commands to interact with a running container

  • Stop a specific container.

$ docker stop [container id]
  • List all running containers

$ docker ps
  • Display logs of a container.

$ docker logs [container id]

Docker in Production (without SSL)

Run the following if you want to start Bitgo Express without SSL safely.

docker run -it -p 3080:3080 -e DISABLE_SSL="1" bitgosdk/express:latest --env prod --port 3080

You should see this output from the container:

BitGo-Express running
Environment: prod
Base URI: http://0.0.0.0:3080

You must block the port 3080 (or otherwise) from inbound traffic using Firewall. This will prevent external access to the running instance and avoid eavesdropper on your local network. Contact your service provider on how to achieve this. As long as you are able to open http://domain.com:3080 on your browser, where domain.com is your server domain or IP address, you are not secure!

Then you can access the running instance with http://localhost as BitGo Host and 3080 as BitGo Port

Generate Long Lived Access Token

1. Login to the appropriate BitGo dashboard based on the environment you want to setup on. Test: Uses testnet chain. Sign up & Login Here Production: Uses main chain. Sign up & Login Here‚Äč

2. Click your account name at the top right, click User Settings.

3. Under Developer Options tab, click on Create Access Token.

4. Generate a long lived token for your installation on this page.

1. (Required) Set the label & live time of your token. You have ten years entered by default. 2. (Required) Set the Lifetime Spending Limits of the token. You may set a maximum of 100000000 for all coins. 3. (Required) Enter the unique IP address of your server where the BitGo Express has been installed. (see above) 4. (Required) Grant the token all permissions as shown below