Exposing a Chia daemon to the network is an advanced configuration. This allows other computers to communicate with the Chia daemon, including the ability to create transactions and send XCH.

If you do not know how to configure and properly secure a computer network do not use a remote daemon.

Never expose the Chia daemon to the internet.

Setup

The following instructions are for a Linux-based farmer (daemon host) and Windows GUI (main node). The same concept applies to other OS combinations.

On the daemon host

Expose the daemon to the network

In config.yaml, change self_hostname from localhost to 0.0.0.0. This binds the daemon to all IPv4 addresses on the local machine.

Next, open the port that the daemon is listening on (55400 by default). The UI assumes that the daemon is already running and it will not attempt to start a remote daemon. Using ufw and restricting traffic to just the UI's host:

sudo ufw allow from <IP of UI machine> to any port 55400 proto tcp

Copy the daemon's cert files

To secure their connection, the GUI will need the daemon's certificates. Copy these files to the Windows machine:

~/.chia/mainnet/config/ssl/daemon/private_daemon.crt
~/.chia/mainnet/config/ssl/daemon/private_daemon.key

On the GUI host

Reference the daemon's cert files

Place the daemon's cert files, copied earlier, in the following location:

~/.chia/mainnet/config/ssl/ui/
~/.chia/mainnet/config/ssl/ui/

Find the ui section in config.yaml and specify the following settings:

daemon_host: <name or IP of the daemon host>
daemon_port: 55400
daemon_ssl:
  private_crt: config/ssl/ui/private_daemon.crt
  private_key: config/ssl/ui/private_daemon.key

Troubleshooting

GUI Client

Can the GUI find the config folder?

The first thing to check is that the daemon's websocket URI shows up on the title bar. It should look like this:

Make sure there isn't a syntax error in config.yaml.

Can the GUI find the remote daemon's certs?

Double check that in the ui section the crt and key paths are correct. It shouldn't point to the folder where the local certs are stored. It has to point to the folder where you copied the daemon's certs.

Connectivity

Has the daemon been bound to a routable IP address?

On the daemon host run sudo netstat -tulpn | grep 55400 or your OS's equivalent. It should show something similar to tcp 0 0 0.0.0.0:55400 0.0.0.0:* LISTEN 2925/chia_daemon.

If you see 127.0.0.1 it means you haven't changed the daemon's bind IP address. The loopback address is not routable on the network. Double check that self_hostname: 0.0.0.0 is correct in the config. Also, make sure you have fully restarted the daemon:

chia stop all -d
chia start farmer

Is the daemon's port opened on the firewall?

Run sudo ufw status | grep 55400 or your OS and firewall equivalent. You should see something like 55400/tcp ALLOW.

Is VMWare Plugin Service bound to daemon port?

Verify that the default port 55400 is not bound to VMWare Plugin or other service on the daemon host. If pre-bound, stop that other service or change the daemon_port value in config.yaml. netstat -tulpn includes the process name of listeners. It should be chia_daemon.

Setup

On the daemon host​

Expose the daemon to the network​

Copy the daemon's cert files​

On the GUI host​

Reference the daemon's cert files​

Troubleshooting

GUI Client​

Can the GUI find the config folder?​

Can the GUI find the remote daemon's certs?​

Connectivity​

Has the daemon been bound to a routable IP address?​

Is the daemon's port opened on the firewall?​

Is VMWare Plugin Service bound to daemon port?​