Self-Host & Verify
Don't trust us — verify. This page explains exactly how to check that what's running at monero-web.com matches the public source code, and how to run the entire stack on your own hardware.
python3 -m http.server 8080. No build step, no npm, no installs. Your keys are derived locally either way. The only thing that changes when you self-host is whose light-wallet server scans the chain with your view key.
Option 1 — Verify the live site
Every file served at monero-web.com is SHA-256 hashed in MANIFEST.txt, which is committed to GitHub. You can verify the live deployment matches the source code like this:
# 1. Fetch the MANIFEST from the live site
curl -sf https://monero-web.com/MANIFEST.txt -o live-manifest.txt
# 2. Check the commit it was generated from (line 2 of the file)
head -3 live-manifest.txt
# 3. Clone the repo and check out that exact commit
git clone https://github.com/Medtabka/monero-web.git
cd monero-web
git checkout <commit from step 2>
# 4. Compare — should return nothing if the files match
diff MANIFEST.txt ../live-manifest.txtIf diff returns nothing, the live files are byte-for-byte identical to that commit. Any difference means something on the live site doesn't match the published code.
To verify a single file (e.g. the signing module):
curl -sf https://monero-web.com/js/monero-send.js | sha256sumCompare the output against the hash in MANIFEST.txt for js/monero-send.js.
Option 2 — Run the frontend locally
The frontend has zero build dependencies. Clone and serve with any static file server:
Clone the repo
git clone https://github.com/Medtabka/monero-web.git
cd monero-webServe locally
python3 -m http.server 8080Then open http://localhost:8080 in your browser. You can't open index.html directly as a file — the WASM signing module uses absolute paths and won't load from a file:// URL.
Point at your own node (optional)
By default the dashboard calls our light-wallet server at node.monero-web.com. To use your own monero-lws instance, open the browser console on the dashboard and run:
LwsClient.setBaseUrl('https://your-lws.example.com')Your monero-lws must serve CORS headers and use HTTPS. Note: this resets on every page reload — full self-hosting (Option 3) is the permanent solution.
Option 3 — Full self-hosted stack
To eliminate all third-party trust you need to run three things: the static frontend, a Monero full node (monerod), and a light-wallet server (monero-lws).
Run monerod
Install and sync a full Monero node. The initial sync takes 1–3 days depending on your hardware. See the official Monero downloads for binaries.
monerod --detach --log-file monerod.logRun monero-lws
monero-lws is the light-wallet server that scans the chain for your outputs using your view key. Point it at your running monerod:
monero-lws-daemon \
--daemon http://127.0.0.1:18081 \
--rest-server http://127.0.0.1:8443 \
--db-path ./lws-db \
--network mainServe the frontend
Any static file server works:
python3 -m http.server 8080Open http://localhost:8080 and point the LWS URL at your local monero-lws via the browser console: LwsClient.setBaseUrl('http://127.0.0.1:8443')
What you're trusting in each setup
| Setup | Frontend | View key goes to | Spend key |
|---|---|---|---|
| monero-web.com (default) | Cloudflare CDN | Our server | Browser only |
| Local frontend + our LWS | Your machine | Our server | Browser only |
| Full self-hosted | Your machine | Your server | Browser only |
Questions or issues
If you find a discrepancy between the live site and the source code, or a security issue, please report it at security@monero-web.com or open an issue on GitHub.