Skip to main content
Back to scanner

Connect Your Node

Point am-i.exposed at your own mempool instance for maximum privacy. This guide covers Umbrel, Start9, Docker, and bare-metal setups.

Why Self-Host?

When you use the public mempool.bitcoin-austria.at API, their servers see your IP address and every address and transaction you query. This creates a log linking your network identity to your Bitcoin activity.

By pointing am-i.exposed at your own node, API requests never leave your local network.

Umbrel

Recommended

Install the Umbrel App

The easiest way. Install am-i.exposed directly on your Umbrel and it automatically connects to your local mempool instance. No CORS headers, no SSH tunnel, no configuration needed.

  1. 1.Open your Umbrel dashboard and go to the App Store
  2. 2.Click the three-dot menu (top right) and select Community App Stores
  3. 3.Paste the store URL and click Add:
https://github.com/Copexit/copexit-umbrel-app-store
  1. 4.Find am-i.exposed in the store and click Install

The app detects your local mempool automatically. All API requests stay on your local network and Chainalysis lookups are routed through a built-in Tor proxy.

Manual Setup

For Start9, Docker, bare-metal, or if you prefer using the am-i.exposed website with your own node instead of the Umbrel app.

Two things must be true for manual setup

  1. Your mempool instance must have CORS headers enabled (mempool does not include them by default)
  2. Your URL must end with /api (e.g., http://localhost:3006/api)

Step 1: Add CORS Headers

This is the #1 reason connections fail. Mempool's nginx config does not include CORS headers by default. Without them, your browser silently blocks every API response - even if the network connection is working perfectly.

Add these lines to your mempool nginx config, inside the existing location /api/ { } block:

# Add these lines inside your existing location /api/ { } block
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS' always;
if ($request_method = 'OPTIONS') {
  return 204;
}

After editing, reload nginx:

nginx -s reload

Where to find the nginx config depends on your platform - see the platform-specific sections below.

Step 2: SSH Tunnel

This site is served over HTTPS. Browsers block HTTP requests from HTTPS pages (called mixed content) unless the target is localhost. An SSH tunnel forwards your node's mempool port to localhost on your machine, bypassing this restriction.

Open a terminal and run:

ssh -L 3006:localhost:3006 user@your-node-ip

Replace user@your-node-ip with your node's SSH credentials. This maps port 3006 on your desktop to port 3006 on your node.

Then in the am-i.exposed settings (the gear icon), enter:

http://localhost:3006/api
Keep the terminal open while using the site. The tunnel stays active as long as the SSH session is running. You can add -N to the SSH command to skip opening a shell (e.g., ssh -N -L 3006:localhost:3006 ...).

Umbrel (Manual)

If you prefer using the am-i.exposed website instead of the Umbrel app, you can point it at your Umbrel's mempool instance. The mempool app listens on port 3006 via Umbrel's app_proxy container.

1. Add CORS headers

SSH into your Umbrel and exec into the mempool web container:

ssh umbrel@umbrel.local
docker exec -it mempool_web_1 sh
vi /etc/nginx/conf.d/nginx-mempool.conf

Find the location /api/ { block and add the CORS headers shown above. Then reload nginx inside the container:

nginx -s reload
Note: Changes inside the Docker container are lost when the container restarts (e.g., after an Umbrel update). You will need to re-apply them after updates. For a persistent solution, mount a custom nginx config.

2. SSH tunnel

From your desktop, open a terminal:

ssh -N -L 3006:localhost:3006 umbrel@umbrel.local

3. Configure am-i.exposed

Click the gear icon in the header and enter:

http://localhost:3006/api

Click Apply. You should see a green checkmark if everything is configured correctly.

Start9 / StartOS

Start9 serves mempool over HTTPS on a .local hostname with a self-signed certificate. There is no bare port to SSH tunnel to, so the approach is different from Umbrel.

1. Install the StartOS root CA

Your browser needs to trust the StartOS certificate authority. Download the CA from your StartOS dashboard and install it in your system/browser trust store. Without this, HTTPS requests to your .local address will fail.

2. Add CORS headers

SSH into your Start9 and edit the mempool nginx config to add the CORS headers shown above. The process is similar to Umbrel - find the running mempool container and edit its nginx config.

3. Configure am-i.exposed

Use your mempool's LAN address in the settings:

https://<your-mempool-hostname>.local/api

Replace <your-mempool-hostname> with the hostname shown in your StartOS dashboard for the mempool service.

Docker / Bare Metal

If you run the official mempool/mempool Docker image or a bare-metal installation:

Docker

The default Docker setup maps the frontend nginx to port 80 (or whichever port you configured). To persist CORS headers, mount a custom nginx config:

# Copy the default config out of the container
docker cp mempool_frontend_1:/etc/nginx/conf.d/nginx-mempool.conf ./nginx-mempool.conf

# Edit it to add CORS headers (see Step 1 above)

# Restart with the custom config mounted
docker run -v $(pwd)/nginx-mempool.conf:/etc/nginx/conf.d/nginx-mempool.conf ...

Bare metal

Edit your mempool nginx config directly. The default location is typically /etc/nginx/conf.d/nginx-mempool.conf or wherever you placed it during installation.

Remote access

If your node is on the same machine, use http://localhost:<port>/api directly. If it is on another machine on your network, use an SSH tunnel as described above.

Alternative: Local CORS Proxy

If you cannot or do not want to modify your node's nginx config, you can run a small reverse proxy on your desktop that adds CORS headers. This sits between your browser and the SSH tunnel.

Using Caddy

Caddy is a single-binary web server. Create a file called Caddyfile:

:8090 {
  reverse_proxy localhost:3006
  header Access-Control-Allow-Origin *
  header Access-Control-Allow-Methods "GET, OPTIONS"
  @options method OPTIONS
  respond @options 204
}

Then run caddy run in the same directory. In am-i.exposed settings, enter:

http://localhost:8090/api

The flow: browser -> Caddy (:8090, adds CORS) -> SSH tunnel (:3006) -> your node's mempool.

Alternative: Tor Browser + .onion

If both am-i.exposed and your mempool instance are accessed via .onion addresses in Tor Browser, there is no mixed-content blocking (both are HTTP) and Tor Browser relaxes CORS restrictions for .onion-to-.onion requests.

This requires a .onion mirror of am-i.exposed. If one is available, use Tor Browser to visit the .onion URL, then enter your mempool's .onion address in the settings.

You still need CORS headers on your mempool nginx if the .onion addresses differ (which they will, since they are separate hidden services).

Troubleshooting

"Connection failed" after setting up SSH tunnel

Cause: Missing CORS headers

This is the #1 issue. Your SSH tunnel works at the network level, but your browser blocks the response because mempool's nginx does not include CORS headers. Add the CORS headers from Step 1 and reload nginx.

"Blocked: HTTP from HTTPS page"

Cause: Mixed content

You are entering an HTTP URL that is not localhost (e.g., http://umbrel.local:3006). Use an SSH tunnel to forward the port to localhost, then use http://localhost:3006/api.

Health check passes but analysis returns no results

Cause: Missing /api suffix

Make sure your URL ends with /api. For example, http://localhost:3006/api - not http://localhost:3006. The app will warn you about this if it detects a missing suffix.

"Timeout (10s)"

Cause: No connection

Check that your SSH tunnel is still running (the terminal session must stay open). Verify the port number matches your mempool instance. Check firewall rules on your node.

"HTTP 502" or "HTTP 503"

Cause: Backend not ready

Your mempool frontend (nginx) is reachable, but the backend is not responding. This usually means the mempool backend is still syncing the blockchain. Wait for it to finish and try again.

CORS changes lost after Umbrel restart

Cause: Docker container recreated

Umbrel recreates containers on updates. You need to re-apply CORS headers after each restart, or mount a persistent custom nginx config via Docker volume.

Verifying It Works

  1. 1.Click the gear icon in the header and enter your URL (e.g., http://localhost:3006/api)
  2. 2.Click Apply - you should see a green checkmark and "Connected. Using custom endpoint."
  3. 3.Run an analysis on any transaction or address - results should load normally
  4. 4.The gear icon shows an orange dot when a custom endpoint is active
Back to scanner