EagleTM

cd /usr/src
wget https://raw.githubusercontent.com/bauerj/electrumx-installer/master/bootstrap.sh
chmod 755 bootstrap.sh
./bootstrap.sh --leveldb --dbdir /home/electrumx/db/
cd /root/.electrumx-installer
./install.sh --update-python --leveldb --dbdir /home/electrumx/db/


cd /usr/src/
git clone https://github.com/EagleTM/electrumx.git

EagleTM

lncli listchaintxns | grep total_fees | awk -F'\"' '{ SUM += $4; print $4} END { print SUM }'
lncli listchannels | grep commit_fee | awk -F'\"' '{ SUM += $4; print $4} END { print SUM }'

EagleTM

#!/bin/sh
lncli listchannels --inactive_only  --public_only | grep -v incoming | grep -B 18 "\"initiator\"\: true" | grep -A 2 "\"active\": false," | grep -v false | grep -v "\-\-" \
| grep -v 02fa1ed11358b95d710bbcab5aa7a5e586fe6ba7e8477ed81d13341d5e8835c934 \
| grep -A 1 remote_pubkey | grep -v "\-\-"

#| grep -v 02fa1ed11358b95d710bbcab5aa7a5e586fe6ba7e8477ed81d13341d5e8835c934 # Baltazar

EagleTM

#!/bin/sh

lncli listchannels > /tmp/listchannels.tmp
echo Bitrefill
cat /tmp/listchannels.tmp | grep -A 16 030c3f19d742ca294a55c00376b3b355c3c90d61c6b6b39554dbc7ac19b141c14f | grep -v remote_pubkey  | grep -iE "(capacity|sent|received|local|remote)"
echo Bitrefill 2nd
cat /tmp/listchannels.tmp | grep -A 16 024a2e265cd66066b78a788ae615acdc84b5b0dec9efac36d7ac87513015eaf6ed | grep -v remote_pubkey  | grep -iE "(capacity|sent|received|local|remote)"
echo ACINQ
cat /tmp/listchannels.tmp | grep -A 16 03864ef025fde8fb587d989186ce6a4a186895ee44a926bfc370e2c366597a3f8f | grep -v remote_pubkey  | grep -iE "(capacity|sent|received|local|remote)"
echo Bitstamp

EagleTM

ip route add default dev wg0 table 200
# ip route add default gw 192.168.21.1 table 200  # alternative state a static gateway
ip rule add from 192.168.2.3 table 200
ip route list table 200
ip rule show table 200

EagleTM

 # Short howto / codelisting to run a second (or multiple) electrumx instances 
 # on the same server as a different user
 # systemd based setups

electrumx_rpc stop
adduser electrumx2 --disabled-password
cp -a /home/electrumx/db /home/electrumx2
chown -R electrumx2:electrumx2 /home/electrumx2
cp -a /etc/electrumx.conf /etc/electrumx2.conf

EagleTM

# make sure openvpn is set up and ip forwarding is set like
sysctl net.ipv4.ip_forward net.ipv4.ip_forward = 1

## add (!) to /etc/rc.local and either reboot or set rules on console once

----- snip -------

#selectively allow a certain source address for passing traffic upstream through the VPN tunnel
iptables -t nat -A POSTROUTING -s 192.168.1.15 -o tun0 -j MASQUERADE

EagleTM

* Notes:

- OVH has exceptionally good DDoS protection for network level volumetric attacks
- You can get their cheapest OVH offer for ~3,50 EUR/month to get you 100 Mbps of clean traffic. It will defend well against most attacks,
  UDP/ICMP/TCP SYN and AH/ESP/GRE floods however it won't cover TCP ACK floods to the electrumx port
- If you get TCP ACK floods and want to protect against it, you need to get a server from their gaming product line starting at 90 EUR/month with two-way mitigation. 
- You can set the firewall / DDOS protection to permanent mitigation see https://docs.ovh.com/gb/en/dedicated/firewall-network/
- Notes about IPv6: 
        * They do *not* have mitigation for IPv6 (most other providers don't either), so don't expose your IPv6 address to the public

EagleTM

Motivation / Notes:
* This guide assumes Ubuntu 18.04. Should work with 16.04 too
* Download global blacklist add a local blacklist to block attackers on your electrumx box
* The latter part is integral to keep servers under resource attack up and running
* The local blacklist takes around half an hour of "warm-up-time" to show effects as attacking clients are triggering the limit
* If your server still cannot take the load feel free to lower the RESOURCE_USAGE_LIMIT (30k is default) and other parameters found below
* If you're having trouble with network level DDoS (volumetric attack) see the gist at the end about setting up an OVH frontend for DDoS mitigation

Pre-requisite:
* bitcoind up and running (user bitcoin for example)