From 428b0831cc47ff1f1f2d89a55bdacd5e0dee69dc Mon Sep 17 00:00:00 2001 From: openoms Date: Tue, 9 Jun 2020 08:08:31 +0100 Subject: [PATCH 01/13] thub: add nginx config, update to 0.7.4 --- .../nginx/sites-available/thub_ssl.conf | 20 +++++++ .../nginx/sites-available/thub_tor.conf | 17 ++++++ .../nginx/sites-available/thub_tor_ssl.conf | 20 +++++++ home.admin/config.scripts/bonus.thunderhub.sh | 60 +++++++++++++++---- 4 files changed, 104 insertions(+), 13 deletions(-) create mode 100644 home.admin/assets/nginx/sites-available/thub_ssl.conf create mode 100644 home.admin/assets/nginx/sites-available/thub_tor.conf create mode 100644 home.admin/assets/nginx/sites-available/thub_tor_ssl.conf diff --git a/home.admin/assets/nginx/sites-available/thub_ssl.conf b/home.admin/assets/nginx/sites-available/thub_ssl.conf new file mode 100644 index 000000000..cd6e849b7 --- /dev/null +++ b/home.admin/assets/nginx/sites-available/thub_ssl.conf @@ -0,0 +1,20 @@ +## thub_ssl.conf + +server { + listen 3011 ssl; + listen [::]:3011 ssl; + server_name _; + + include /etc/nginx/snippets/ssl-params.conf; + include /etc/nginx/snippets/ssl-certificate-app-data.conf; + + access_log /var/log/nginx/access_thub.log; + error_log /var/log/nginx/error_thub.log; + + location / { + proxy_pass http://127.0.0.1:3010; + + include /etc/nginx/snippets/ssl-proxy-params.conf; + } + +} diff --git a/home.admin/assets/nginx/sites-available/thub_tor.conf b/home.admin/assets/nginx/sites-available/thub_tor.conf new file mode 100644 index 000000000..f872ae974 --- /dev/null +++ b/home.admin/assets/nginx/sites-available/thub_tor.conf @@ -0,0 +1,17 @@ +## thub_tor.conf + +server { + listen localhost:3012; + listen [::1]:3012; + server_name _; + + access_log /var/log/nginx/access_thub.log; + error_log /var/log/nginx/error_thub.log; + + location / { + proxy_pass http://127.0.0.1:3010; + + include /etc/nginx/snippets/ssl-proxy-params.conf; + } + +} diff --git a/home.admin/assets/nginx/sites-available/thub_tor_ssl.conf b/home.admin/assets/nginx/sites-available/thub_tor_ssl.conf new file mode 100644 index 000000000..1e5f9b415 --- /dev/null +++ b/home.admin/assets/nginx/sites-available/thub_tor_ssl.conf @@ -0,0 +1,20 @@ +## thub_tor_ssl.conf + +server { + listen localhost:3013 ssl; + listen [::1]:3013 ssl; + server_name _; + + include /etc/nginx/snippets/ssl-params.conf; + include /etc/nginx/snippets/ssl-certificate-app-data.conf; + + access_log /var/log/nginx/access_thub.log; + error_log /var/log/nginx/error_thub.log; + + location / { + proxy_pass http://127.0.0.1:3010; + + include /etc/nginx/snippets/ssl-proxy-params.conf; + } + +} diff --git a/home.admin/config.scripts/bonus.thunderhub.sh b/home.admin/config.scripts/bonus.thunderhub.sh index 094844fc9..c386e291f 100644 --- a/home.admin/config.scripts/bonus.thunderhub.sh +++ b/home.admin/config.scripts/bonus.thunderhub.sh @@ -22,23 +22,26 @@ if [ "$1" = "menu" ]; then # get network info localip=$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/') toraddress=$(sudo cat /mnt/hdd/tor/thunderhub/hostname 2>/dev/null) + fingerprint=$(openssl x509 -in /mnt/hdd/app-data/nginx/tls.cert -fingerprint -noout | cut -d"=" -f2) if [ "${runBehindTor}" = "on" ] && [ ${#toraddress} -gt 0 ]; then # Info with TOR /home/admin/config.scripts/blitz.lcd.sh qr "${toraddress}" whiptail --title " ThunderHub " --msgbox "Open the following URL in your local web browser: -http://${localip}:3010 +http://${localip}:3011 +SHA1 Thumb/Fingerprint: ${fingerprint}\n Use your Password B to login.\n -Hidden Service address for TOR Browser (QR see LCD):\n${toraddress} -" 12 67 +Hidden Service address for TOR Browser (see LCD for QR):\n${toraddress} +" 14 67 /home/admin/config.scripts/blitz.lcd.sh hide else # Info without TOR whiptail --title " ThunderHub " --msgbox "Open the following URL in your local web browser: -http://${localip}:3010 +http://${localip}:3011 +SHA1 Thumb/Fingerprint: ${fingerprint}\n Use your Password B to login.\n Activate TOR to access the web interface from outside your local network. -" 12 57 +" 13 57 fi echo "please wait ..." exit 0 @@ -76,7 +79,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then sudo -u thunderhub git clone https://github.com/apotdevin/thunderhub.git /home/thunderhub/thunderhub cd /home/thunderhub/thunderhub # https://github.com/apotdevin/thunderhub/releases - sudo -u thunderhub git reset --hard v0.7.1 + sudo -u thunderhub git reset --hard v0.7.4 echo "Running npm install and run build..." sudo -u thunderhub npm install sudo -u thunderhub npm run build @@ -110,9 +113,9 @@ LOG_LEVEL='debug' # Interface Configs # ----------- THEME='dark' -# CURRENCY='sat' -# FETCH_PRICES=false -# FETCH_FEES=false +CURRENCY='sat' +FETCH_PRICES=false +FETCH_FEES=false # ----------- # Account Configs @@ -143,7 +146,31 @@ EOF sudo mv /home/admin/thubConfig.yaml /home/thunderhub/thubConfig.yaml sudo chown thunderhub:thunderhub /home/thunderhub/thubConfig.yaml sudo chmod 600 /home/thunderhub/thubConfig.yaml | exit 1 - + + ################## + # NGINX + ################## + # setup nginx symlinks + if ! [ -f /etc/nginx/sites-available/thub_ssl.conf ]; then + sudo cp /home/admin/assets/nginx/sites-available/thub_ssl.conf /etc/nginx/sites-available/thub_ssl.conf + fi + if ! [ -f /etc/nginx/sites-available/thub_tor.conf ]; then + sudo cp /home/admin/assets/nginx/sites-available/thub_tor.conf /etc/nginx/sites-available/thub_tor.conf + fi + if ! [ -f /etc/nginx/sites-available/thub_tor_ssl.conf ]; then + sudo cp /home/admin/assets/nginx/sites-available/thub_tor_ssl.conf /etc/nginx/sites-available/thub_tor_ssl.conf + fi + sudo ln -sf /etc/nginx/sites-available/thub_ssl.conf /etc/nginx/sites-enabled/ + sudo ln -sf /etc/nginx/sites-available/thub_tor.conf /etc/nginx/sites-enabled/ + sudo ln -sf /etc/nginx/sites-available/thub_tor_ssl.conf /etc/nginx/sites-enabled/ + sudo nginx -t + sudo systemctl reload nginx + + # open the firewall + echo "*** Updating Firewall ***" + sudo ufw allow from any to any port 3010 comment 'allow ThunderHub' + echo "" + ################## # SYSTEMD SERVICE ################## @@ -176,9 +203,6 @@ EOF sudo systemctl enable thunderhub echo "OK - the ThunderHub service is now enabled" - # open the firewall - sudo ufw allow from any to any port 3010 comment 'allow ThunderHub' - # setting value in raspiblitz config sudo sed -i "s/^thunderhub=.*/thunderhub=on/g" /mnt/hdd/raspiblitz.conf @@ -199,6 +223,16 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then sudo rm -f /etc/systemd/system/thunderhub.service # delete user and home directory sudo userdel -rf thunderhub + # close port on firewall + sudo ufw deny 3010 + + # setup nginx symlinks + sudo rm -f /etc/nginx/sites-enabled/thub_ssl.conf + sudo rm -f /etc/nginx/sites-enabled/thub_tor.conf + sudo rm -f /etc/nginx/sites-enabled/thub_tor_ssl.conf + sudo nginx -t + sudo systemctl reload nginx + echo "OK ThunderHub removed." # setting value in raspi blitz config From 857beb35e43c43f55a16c66418cdaf6ad9c932db Mon Sep 17 00:00:00 2001 From: openoms Date: Tue, 9 Jun 2020 08:09:14 +0100 Subject: [PATCH 02/13] rtl: improve uninstall, close ufw when off --- home.admin/config.scripts/bonus.rtl.sh | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/home.admin/config.scripts/bonus.rtl.sh b/home.admin/config.scripts/bonus.rtl.sh index 80e3b244a..5446831c1 100755 --- a/home.admin/config.scripts/bonus.rtl.sh +++ b/home.admin/config.scripts/bonus.rtl.sh @@ -31,7 +31,7 @@ if [ "$1" = "menu" ]; then https://${localip}:3001 SHA1 Thumb/Fingerprint: ${fingerprint}\n Use your Password B to login.\n -Hidden Service address for TOR Browser (QR see LCD):\n${toraddress} +Hidden Service address for TOR Browser (QRcode on LCD):\n${toraddress} " 14 67 /home/admin/config.scripts/blitz.lcd.sh hide else @@ -233,15 +233,18 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then isInstalled=$(sudo ls /etc/systemd/system/RTL.service 2>/dev/null | grep -c 'RTL.service') if [ ${isInstalled} -eq 1 ]; then echo "*** REMOVING RTL ***" - sudo systemctl stop RTL sudo systemctl disable RTL sudo rm /etc/systemd/system/RTL.service - sudo rm -rf /home/rtl/RTL + # delete user and home directory + sudo userdel -rf rtl echo "OK RTL removed." else echo "RTL is not installed." fi + # close port on firewall + sudo ufw deny 3000 + echo "needs reboot to activate new setting" exit 0 fi From ddbf9bc076e54e1cd08016041d456267cb886617 Mon Sep 17 00:00:00 2001 From: openoms Date: Tue, 9 Jun 2020 11:05:20 +0100 Subject: [PATCH 03/13] blitz.web: fix install of dhparam.pem and jinja2 --- home.admin/config.scripts/blitz.web.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/home.admin/config.scripts/blitz.web.sh b/home.admin/config.scripts/blitz.web.sh index d15bc8a92..c91827bc0 100755 --- a/home.admin/config.scripts/blitz.web.sh +++ b/home.admin/config.scripts/blitz.web.sh @@ -121,11 +121,11 @@ elif [ "$1" = "1" ] || [ "$1" = "on" ]; then echo "Turning ON: Web" # install - sudo apt-get update >/dev/null - sudo apt-get install -y nginx apache2-utils >/dev/null + sudo apt-get update + sudo apt-get install -y nginx apache2-utils # make sure that it is enabled and started - sudo systemctl enable nginx >/dev/null + sudo systemctl enable nginx sudo systemctl start nginx # general nginx settings @@ -134,7 +134,7 @@ elif [ "$1" = "1" ] || [ "$1" = "on" ]; then sudo sed -i -E '/^.*server_names_hash_bucket_size [0-9]*;$/a \\tserver_names_hash_bucket_size 128;' /etc/nginx/nginx.conf fi - if [ -f /etc/ssl/certs/dhparam.pem ]; then + if [ ! -f /etc/ssl/certs/dhparam.pem ]; then #can take 5-10+ minutes on a Raspberry Pi 3 echo "Running \"sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048\" next." echo "This can take 5-10 minutes on a Raspberry Pi 3 - please be patient!" @@ -152,7 +152,7 @@ elif [ "$1" = "1" ] || [ "$1" = "on" ]; then fi if ! [ -d /var/www/letsencrypt/.well-known/acme-challenge ]; then - sudo mkdir -p /var/www/letsencrypt/.well-known/acme-challenge >/dev/null + sudo mkdir -p /var/www/letsencrypt/.well-known/acme-challenge fi # make sure admin can write here even without sudo @@ -175,7 +175,7 @@ elif [ "$1" = "1" ] || [ "$1" = "on" ]; then fi # make sure jinja2 is installed and install j2cli - sudo apt-get install python3-jinja2 >/dev/null + sudo apt-get install -y python3-jinja2 sudo -H python3 -m pip install j2cli # create nginx app-data dir and use LND cert by default From 0ff39e262c93246500876f98987de9b437c0136e Mon Sep 17 00:00:00 2001 From: openoms Date: Tue, 9 Jun 2020 11:24:53 +0100 Subject: [PATCH 04/13] btcrpcexp:move port to 3020, clean, close port on remove --- .../config.scripts/bonus.btc-rpc-explorer.sh | 22 +++++++++++-------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/home.admin/config.scripts/bonus.btc-rpc-explorer.sh b/home.admin/config.scripts/bonus.btc-rpc-explorer.sh index 3d8ad2524..8ec8f5945 100644 --- a/home.admin/config.scripts/bonus.btc-rpc-explorer.sh +++ b/home.admin/config.scripts/bonus.btc-rpc-explorer.sh @@ -39,7 +39,7 @@ This can take multiple hours. # TOR /home/admin/config.scripts/blitz.lcd.sh qr "${toraddress}" whiptail --title " BTC-RPC-Explorer " --msgbox "Open the following URL in your local web browser: -http://${localip}:3002 +http://${localip}:3020 Login is 'admin' with your Password B\n Hidden Service address for TOR Browser (QR see LCD): ${toraddress} @@ -49,7 +49,7 @@ ${toraddress} # IP + Domain whiptail --title " BTC-RPC-Explorer " --msgbox "Open the following URL in your local web browser: -http://${localip}:3002 +http://${localip}:3020 Login is 'admin' with your Password B\n Activate TOR to access the web block explorer from outside your local network. " 12 54 @@ -127,7 +127,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then # Host/Port to bind to # Defaults: shown BTCEXP_HOST=0.0.0.0 -BTCEXP_PORT=3002 +BTCEXP_PORT=3020 # Bitcoin RPC Credentials (URI -OR- HOST/PORT/USER/PASS) # Defaults: # - [host/port]: 127.0.0.1:8332 @@ -156,7 +156,7 @@ EOF # open firewall echo "*** Updating Firewall ***" - sudo ufw allow 3002 comment 'btc-rpc-explorer' + sudo ufw allow 3020 comment 'btc-rpc-explorer' echo "" # install service @@ -204,8 +204,8 @@ EOF source /mnt/hdd/raspiblitz.conf if [ "${runBehindTor}" = "on" ]; then # correct old Hidden Service with port - sudo sed -i "s/^HiddenServicePort 3002 127.0.0.1:3002/HiddenServicePort 80 127.0.0.1:3002/g" /etc/tor/torrc - /home/admin/config.scripts/internet.hiddenservice.sh btc-rpc-explorer 80 3002 + sudo sed -i "s/^HiddenServicePort 80 127.0.0.1:3002/HiddenServicePort 80 127.0.0.1:3020/g" /etc/tor/torrc + /home/admin/config.scripts/internet.hiddenservice.sh btc-rpc-explorer 80 3020 fi exit 0 fi @@ -219,15 +219,19 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then isInstalled=$(sudo ls /etc/systemd/system/btc-rpc-explorer.service 2>/dev/null | grep -c 'btc-rpc-explorer.service') if [ ${isInstalled} -eq 1 ]; then echo "*** REMOVING BTC-RPC-explorer ***" - sudo systemctl stop btc-rpc-explorer sudo systemctl disable btc-rpc-explorer sudo rm /etc/systemd/system/btc-rpc-explorer.service - sudo rm -rf /home/btcrpcexplorer/btc-rpc-explorer - sudo rm -f /home/btcrpcexplorer/.config/btc-rpc-explorer.env + # delete user and home directory + sudo userdel -rf btcrpcexplorer + # close firewall + sudo ufw deny 3020 echo "OK BTC-RPC-explorer removed." else echo "BTC-RPC-explorer is not installed." fi + + # close port on firewall + sudo ufw deny 3020 exit 0 fi From 3f9f8b5fe868939c61992ff0b2ca184e9bb1d204 Mon Sep 17 00:00:00 2001 From: openoms Date: Tue, 9 Jun 2020 11:44:39 +0100 Subject: [PATCH 05/13] rtl, thub: extend dialog status window --- home.admin/config.scripts/bonus.rtl.sh | 10 ++++++---- home.admin/config.scripts/bonus.thunderhub.sh | 10 ++++++---- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/home.admin/config.scripts/bonus.rtl.sh b/home.admin/config.scripts/bonus.rtl.sh index 5446831c1..157478d6a 100755 --- a/home.admin/config.scripts/bonus.rtl.sh +++ b/home.admin/config.scripts/bonus.rtl.sh @@ -29,19 +29,21 @@ if [ "$1" = "menu" ]; then /home/admin/config.scripts/blitz.lcd.sh qr "${toraddress}" whiptail --title " Ride The Lightning (RTL) " --msgbox "Open the following URL in your local web browser: https://${localip}:3001 -SHA1 Thumb/Fingerprint: ${fingerprint}\n +SHA1 Thumb/Fingerprint: +${fingerprint}\n Use your Password B to login.\n Hidden Service address for TOR Browser (QRcode on LCD):\n${toraddress} -" 14 67 +" 15 67 /home/admin/config.scripts/blitz.lcd.sh hide else # Info without TOR whiptail --title " Ride The Lightning (RTL) " --msgbox "Open the following URL in your local web browser: https://${localip}:3001 -SHA1 Thumb/Fingerprint: ${fingerprint}\n +SHA1 Thumb/Fingerprint: +${fingerprint}\n Use your Password B to login.\n Activate TOR to access the web interface from outside your local network. -" 13 57 +" 14 57 fi echo "please wait ..." exit 0 diff --git a/home.admin/config.scripts/bonus.thunderhub.sh b/home.admin/config.scripts/bonus.thunderhub.sh index c386e291f..7034f39d9 100644 --- a/home.admin/config.scripts/bonus.thunderhub.sh +++ b/home.admin/config.scripts/bonus.thunderhub.sh @@ -29,19 +29,21 @@ if [ "$1" = "menu" ]; then /home/admin/config.scripts/blitz.lcd.sh qr "${toraddress}" whiptail --title " ThunderHub " --msgbox "Open the following URL in your local web browser: http://${localip}:3011 -SHA1 Thumb/Fingerprint: ${fingerprint}\n +SHA1 Thumb/Fingerprint: +${fingerprint}\n Use your Password B to login.\n Hidden Service address for TOR Browser (see LCD for QR):\n${toraddress} -" 14 67 +" 15 67 /home/admin/config.scripts/blitz.lcd.sh hide else # Info without TOR whiptail --title " ThunderHub " --msgbox "Open the following URL in your local web browser: http://${localip}:3011 -SHA1 Thumb/Fingerprint: ${fingerprint}\n +SHA1 Thumb/Fingerprint: +${fingerprint}\n Use your Password B to login.\n Activate TOR to access the web interface from outside your local network. -" 13 57 +" 14 57 fi echo "please wait ..." exit 0 From 7e093473afc22a7953dd9107e45755c0c04446c9 Mon Sep 17 00:00:00 2001 From: openoms Date: Tue, 9 Jun 2020 21:13:47 +0100 Subject: [PATCH 06/13] hiddenservice: fix showing the 2nd port --- home.admin/config.scripts/internet.hiddenservice.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/home.admin/config.scripts/internet.hiddenservice.sh b/home.admin/config.scripts/internet.hiddenservice.sh index 2144a00ae..bb8f31ebc 100644 --- a/home.admin/config.scripts/internet.hiddenservice.sh +++ b/home.admin/config.scripts/internet.hiddenservice.sh @@ -92,6 +92,7 @@ HiddenServicePort $toPort 127.0.0.1:$fromPort" | sudo tee -a /etc/tor/torrc echo "use with the port: $toPort" echo "" if [ ${#toPort2} -gt 0 ]; then + alreadyThere=$(sudo cat /etc/tor/torrc 2>/dev/null | grep -c "\b127.0.0.1:$fromPort2\b") if [ ${alreadyThere} -eq 0 ]; then echo "or the port: $toPort2" else From ae37e654d94ce77c4a8877d351cddaf268390fb0 Mon Sep 17 00:00:00 2001 From: openoms Date: Tue, 9 Jun 2020 21:16:32 +0100 Subject: [PATCH 07/13] rtl: correct old hiddenservice port --- home.admin/config.scripts/bonus.rtl.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/home.admin/config.scripts/bonus.rtl.sh b/home.admin/config.scripts/bonus.rtl.sh index 157478d6a..0f20cd2d7 100755 --- a/home.admin/config.scripts/bonus.rtl.sh +++ b/home.admin/config.scripts/bonus.rtl.sh @@ -214,6 +214,7 @@ EOF # Hidden Service for RTL if Tor is active if [ "${runBehindTor}" = "on" ]; then # correct old Hidden Service with port + sudo sed -i "s/^HiddenServicePort 80 127.0.0.1:3000/HiddenServicePort 80 127.0.0.1:3002/g" /etc/tor/torrc /home/admin/config.scripts/internet.hiddenservice.sh RTL 80 3002 443 3003 fi exit 0 From 3db8c41552364dfdede4f1eb0f03444370acf2a6 Mon Sep 17 00:00:00 2001 From: openoms Date: Tue, 9 Jun 2020 21:17:10 +0100 Subject: [PATCH 08/13] thub: correct old hiddenservice port --- home.admin/config.scripts/bonus.thunderhub.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/home.admin/config.scripts/bonus.thunderhub.sh b/home.admin/config.scripts/bonus.thunderhub.sh index 7034f39d9..22c94c605 100644 --- a/home.admin/config.scripts/bonus.thunderhub.sh +++ b/home.admin/config.scripts/bonus.thunderhub.sh @@ -210,7 +210,9 @@ EOF # Hidden Service for thunderhub if Tor is active if [ "${runBehindTor}" = "on" ]; then - /home/admin/config.scripts/internet.hiddenservice.sh thunderhub 80 3010 + # correct old Hidden Service with port + sudo sed -i "s/^HiddenServicePort 80 127.0.0.1:3001/HiddenServicePort 80 127.0.0.1:3012/g" /etc/tor/torrc + /home/admin/config.scripts/internet.hiddenservice.sh thunderhub 80 3012 443 3013 fi fi exit 0 From df38331df3befe62527334e465635c860dc5eb4a Mon Sep 17 00:00:00 2001 From: openoms Date: Tue, 9 Jun 2020 21:18:47 +0100 Subject: [PATCH 09/13] btcrpcexplorer: nginx integration --- .../sites-available/btcrpcexplorer_ssl.conf | 20 +++++++++++ .../sites-available/btcrpcexplorer_tor.conf | 17 +++++++++ .../btcrpcexplorer_tor_ssl.conf | 20 +++++++++++ .../config.scripts/bonus.btc-rpc-explorer.sh | 35 ++++++++++++++++--- 4 files changed, 88 insertions(+), 4 deletions(-) create mode 100644 home.admin/assets/nginx/sites-available/btcrpcexplorer_ssl.conf create mode 100644 home.admin/assets/nginx/sites-available/btcrpcexplorer_tor.conf create mode 100644 home.admin/assets/nginx/sites-available/btcrpcexplorer_tor_ssl.conf diff --git a/home.admin/assets/nginx/sites-available/btcrpcexplorer_ssl.conf b/home.admin/assets/nginx/sites-available/btcrpcexplorer_ssl.conf new file mode 100644 index 000000000..51ec38ca6 --- /dev/null +++ b/home.admin/assets/nginx/sites-available/btcrpcexplorer_ssl.conf @@ -0,0 +1,20 @@ +## btcrpcexplorer_ssl.conf + +server { + listen 3021 ssl; + listen [::]:3021 ssl; + server_name _; + + include /etc/nginx/snippets/ssl-params.conf; + include /etc/nginx/snippets/ssl-certificate-app-data.conf; + + access_log /var/log/nginx/access_thub.log; + error_log /var/log/nginx/error_thub.log; + + location / { + proxy_pass http://127.0.0.1:3020; + + include /etc/nginx/snippets/ssl-proxy-params.conf; + } + +} diff --git a/home.admin/assets/nginx/sites-available/btcrpcexplorer_tor.conf b/home.admin/assets/nginx/sites-available/btcrpcexplorer_tor.conf new file mode 100644 index 000000000..5f30cb12e --- /dev/null +++ b/home.admin/assets/nginx/sites-available/btcrpcexplorer_tor.conf @@ -0,0 +1,17 @@ +## btcrpcexplorer_tor.conf + +server { + listen localhost:3022; + listen [::1]:3022; + server_name _; + + access_log /var/log/nginx/access_thub.log; + error_log /var/log/nginx/error_thub.log; + + location / { + proxy_pass http://127.0.0.1:3020; + + include /etc/nginx/snippets/ssl-proxy-params.conf; + } + +} diff --git a/home.admin/assets/nginx/sites-available/btcrpcexplorer_tor_ssl.conf b/home.admin/assets/nginx/sites-available/btcrpcexplorer_tor_ssl.conf new file mode 100644 index 000000000..93f8d6d5c --- /dev/null +++ b/home.admin/assets/nginx/sites-available/btcrpcexplorer_tor_ssl.conf @@ -0,0 +1,20 @@ +## btcrpcexplorer_tor_ssl.conf + +server { + listen localhost:3023 ssl; + listen [::1]:3023 ssl; + server_name _; + + include /etc/nginx/snippets/ssl-params.conf; + include /etc/nginx/snippets/ssl-certificate-app-data.conf; + + access_log /var/log/nginx/access_thub.log; + error_log /var/log/nginx/error_thub.log; + + location / { + proxy_pass http://127.0.0.1:3020; + + include /etc/nginx/snippets/ssl-proxy-params.conf; + } + +} diff --git a/home.admin/config.scripts/bonus.btc-rpc-explorer.sh b/home.admin/config.scripts/bonus.btc-rpc-explorer.sh index 8ec8f5945..9b6aafb2b 100644 --- a/home.admin/config.scripts/bonus.btc-rpc-explorer.sh +++ b/home.admin/config.scripts/bonus.btc-rpc-explorer.sh @@ -159,6 +159,26 @@ EOF sudo ufw allow 3020 comment 'btc-rpc-explorer' echo "" + + ################## + # NGINX + ################## + # setup nginx symlinks + if ! [ -f /etc/nginx/sites-available/btcrpcexplorer_ssl.conf ]; then + sudo cp /home/admin/assets/nginx/sites-available/btcrpcexplorer_ssl.conf /etc/nginx/sites-available/btcrpcexplorer_ssl.conf + fi + if ! [ -f /etc/nginx/sites-available/btcrpcexplorer_tor.conf ]; then + sudo cp /home/admin/assets/nginx/sites-available/btcrpcexplorer_tor.conf /etc/nginx/sites-available/btcrpcexplorer_tor.conf + fi + if ! [ -f /etc/nginx/sites-available/btcrpcexplorer_tor_ssl.conf ]; then + sudo cp /home/admin/assets/nginx/sites-available/btcrpcexplorer_tor_ssl.conf /etc/nginx/sites-available/btcrpcexplorer_tor_ssl.conf + fi + sudo ln -sf /etc/nginx/sites-available/btcrpcexplorer_ssl.conf /etc/nginx/sites-enabled/ + sudo ln -sf /etc/nginx/sites-available/btcrpcexplorer_tor.conf /etc/nginx/sites-enabled/ + sudo ln -sf /etc/nginx/sites-available/btcrpcexplorer_tor_ssl.conf /etc/nginx/sites-enabled/ + sudo nginx -t + sudo systemctl reload nginx + # install service echo "*** Install btc-rpc-explorer systemd ***" cat > /home/admin/btc-rpc-explorer.service <