Fix for JoinMarket web UI (#2987)

* Fix for JoinMarket web UI
The SSL file permissions didn't work, hence we generate them on our own now. Also removed a leftover nginx file for the superfluous http version.
* Assume clean install state, overwrite potentially outdated nginx configs
* Remove potentially existing SSL directory, create fresh certificate files

home.admin/assets/nginx/sites-available/joinmarket_webui.conf

@@ -1,34 +0,0 @@
-## joinmarket_webui.conf
-
-server {
-    listen 7500;
-    listen [::1]:7500;
-    server_name _;
-
-    access_log /var/log/nginx/access_joinmarket_webui.log;
-    error_log /var/log/nginx/error_joinmarket_webui.log;
-
-    gzip on;
-    gzip_types application/javascript application/json text/css image/svg+xml;
-
-    root /home/joinmarket/webui/build;
-    index index.html;
-
-    location /api/ {
-        include /etc/nginx/snippets/proxy-params.conf;
-        proxy_pass https://127.0.0.1:28183;
-    }
-
-    location /ws/ {
-        include /etc/nginx/snippets/proxy-params.conf;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection $http_connection;
-        proxy_pass https://127.0.0.1:28183;
-    }
-
-    location / {
-        include /etc/nginx/snippets/proxy-params.conf;
-        try_files $uri $uri/ /index.html;
-        add_header Cache-Control no-cache;
-    }
-}

home.admin/config.scripts/bonus.joinmarket-webui.sh

@@ -95,15 +95,9 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
     # NGINX
     ##################
     # setup nginx symlinks
-    if ! [ -f /etc/nginx/sites-available/joinmarket_webui_ssl.conf ]; then
     sudo cp -f /home/admin/assets/nginx/sites-available/joinmarket_webui_ssl.conf /etc/nginx/sites-available/joinmarket_webui_ssl.conf
-    fi
+    sudo cp -f /home/admin/assets/nginx/sites-available/joinmarket_webui_tor.conf /etc/nginx/sites-available/joinmarket_webui_tor.conf
-    if ! [ -f /etc/nginx/sites-available/joinmarket_webui_tor.conf ]; then
+    sudo cp -f /home/admin/assets/nginx/sites-available/joinmarket_webui_tor_ssl.conf /etc/nginx/sites-available/joinmarket_webui_tor_ssl.conf
-       sudo cp /home/admin/assets/nginx/sites-available/joinmarket_webui_tor.conf /etc/nginx/sites-available/joinmarket_webui_tor.conf
-    fi
-    if ! [ -f /etc/nginx/sites-available/joinmarket_webui_tor_ssl.conf ]; then
-       sudo cp /home/admin/assets/nginx/sites-available/joinmarket_webui_tor_ssl.conf /etc/nginx/sites-available/joinmarket_webui_tor_ssl.conf
-    fi
     sudo ln -sf /etc/nginx/sites-available/joinmarket_webui_ssl.conf /etc/nginx/sites-enabled/
     sudo ln -sf /etc/nginx/sites-available/joinmarket_webui_tor.conf /etc/nginx/sites-enabled/
     sudo ln -sf /etc/nginx/sites-available/joinmarket_webui_tor_ssl.conf /etc/nginx/sites-enabled/
@@ -117,17 +111,14 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
     echo ""
 
     # SSL
-    if ! [ -d $HOME_DIR/.joinmarket/ssl ]; then
+    if [ -d $HOME_DIR/.joinmarket/ssl]; then
-      sudo -u $USERNAME mkdir -p $HOME_DIR/.joinmarket/ssl
+      sudo -u $USERNAME rm -rf $HOME_DIR/.joinmarket/ssl
-    fi
-    if ! [ -f $HOME_DIR/.joinmarket/ssl/cert.pem ]; then
-      sudo ln -sf /mnt/hdd/app-data/nginx/tls.cert $HOME_DIR/.joinmarket/ssl/cert.pem
-      sudo chown $USERNAME:$USERNAME $HOME_DIR/.joinmarket/ssl/cert.pem
-    fi
-    if ! [ -f $HOME_DIR/.joinmarket/ssl/key.pem ]; then
-      sudo ln -sf /mnt/hdd/app-data/nginx/tls.key $HOME_DIR/.joinmarket/ssl/key.pem
-      sudo chown $USERNAME:$USERNAME $HOME_DIR/.joinmarket/ssl/key.pem
     fi
+    subj="/C=US/ST=Utah/L=Lehi/O=Your Company, Inc./OU=IT/CN=example.com"
+    sudo -u $USERNAME mkdir -p $HOME_DIR/.joinmarket/ssl/ \
+      && pushd "$_" \
+      && sudo -u $USERNAME openssl req -newkey rsa:4096 -x509 -sha256 -days 3650 -nodes -out cert.pem -keyout key.pem -subj "$subj" \
+      && popd
 
     ##################
     # SYSTEMD SERVICE
@@ -139,7 +130,6 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
 
 [Unit]
 Description=JoinMarket API daemon
-# Make sure lnd starts after bitcoind is ready
 Requires=bitcoind.service
 After=bitcoind.service