From e34d214ad573fd49d1b842d33961b261c1f65e82 Mon Sep 17 00:00:00 2001
From: ALsJourney <63744576+ALsJourney@users.noreply.github.com>
Date: Sat, 26 Oct 2024 23:23:14 +0200
Subject: [PATCH] Adjusted bitcoin core service, especially how to run the rpc
 in a secure manner

---
 templates/compose/bitcoin-core.yaml | 27 +++++++++++++++++++--------
 1 file changed, 19 insertions(+), 8 deletions(-)

diff --git a/templates/compose/bitcoin-core.yaml b/templates/compose/bitcoin-core.yaml
index f1a4136f1..84a73f550 100644
--- a/templates/compose/bitcoin-core.yaml
+++ b/templates/compose/bitcoin-core.yaml
@@ -5,13 +5,24 @@
 
 services:
   bitcoin-core:
-    image: ruimarinho/bitcoin-core:latest
+    image: 'ruimarinho/bitcoin-core:latest'
     environment:
-      - BITCOIN_RPCUSER=${BITCOIN_RPCUSER:-bitcoinuser}
-      - BITCOIN_RPCPASSWORD=${SERVICE_PASSWORD_PASSWORD64}
-      - BITCOIN_NETWORK=${BITCOIN_NETWORK:-mainnet}
-      - BITCOIN_PRINTTOCONSOLE=${BITCOIN_PRINTTOCONSOLE:-1}
-      - BITCOIN_TXINDEX=${BITCOIN_TXINDEX:-1}
+      - 'BITCOIN_RPCUSER=${BITCOIN_RPCUSER:-bitcoinuser}'
+      - 'BITCOIN_RPCPASSWORD=${SERVICE_PASSWORD_PASSWORD64}'
+      - 'BITCOIN_PRINTTOCONSOLE=${BITCOIN_PRINTTOCONSOLE:-1}'
+      - 'BITCOIN_TXINDEX=${BITCOIN_TXINDEX:-1}'
+      - 'BITCOIN_SERVER=1'
     volumes:
-      - bitcoin_data:/home/bitcoin/.bitcoin
-
+      - '/mnt/blockchain_data:/home/bitcoin/.bitcoin' # here use your own path, where you want to store the blockchain data
+    network_mode: "host" # use host network for secure connection only through localhost
+    command:
+      [
+        "-datadir=/home/bitcoin/.bitcoin",
+        "-rpcbind=127.0.0.1", # only allow local connections
+        "-rpcallowip=127.0.0.1",
+        "-rpcuser=${BITCOIN_RPCUSER}",
+        "-rpcpassword=${SERVICE_PASSWORD_PASSWORD64}",
+        "-printtoconsole=${BITCOIN_PRINTTOCONSOLE}",
+        "-txindex=${BITCOIN_TXINDEX}",
+        "-server=${BITCOIN_SERVER}"
+      ]