diff --git a/home.admin/assets/blitzweb.conf b/home.admin/assets/blitzweb.conf deleted file mode 100644 index 43e0bbcf5..000000000 --- a/home.admin/assets/blitzweb.conf +++ /dev/null @@ -1,44 +0,0 @@ -## RaspiBlitz NGINX config: blitzweb.conf - -server { - - # localhost only - listen 127.0.0.1:443 ssl default_server; - listen [::1]:443 ssl default_server; - # any interface - #listen 443 ssl default_server; - #listen [::]:443 ssl default_server; - - server_name _; - - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_prefer_server_ciphers on; - ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED"; - - add_header Strict-Transport-Security "max-age=31536000"; - - # ToDo(frennkie) if /mnt/hdd/app-data is missing (e.g. no disk) this will cause nginx to fail! - ssl_certificate /mnt/hdd/app-data/nginx/tls.cert; - ssl_certificate_key /mnt/hdd/app-data/nginx/tls.key; - - ## - # Logging Settings - ## - - access_log /var/log/nginx/access_raspiblitz.log; - error_log /var/log/nginx/error_raspiblitz.log; - - root /var/www/blitzweb; - - location / { - # First attempt to serve request as file, then - # as directory, then fall back to displaying a 404. - try_files $uri $uri/ =404; - } - - location /info/ { - auth_basic "BlitzWeb (admin:Password B)"; - auth_basic_user_file /etc/nginx/.htpasswd; - } - -} diff --git a/home.admin/assets/nginx/sites-available/public.conf b/home.admin/assets/nginx/sites-available/public.conf index 9becc451d..2e018f325 100644 --- a/home.admin/assets/nginx/sites-available/public.conf +++ b/home.admin/assets/nginx/sites-available/public.conf @@ -4,17 +4,23 @@ server { listen 80 default_server; listen [::]:80 default_server; + root /var/www/public; + index index.html; + server_name _; + + # proxy for API + location /api/ { + proxy_pass http://127.0.0.1:11111/; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Host $host; + } + + # directory for acme challenge location ^~ /.well-known/acme-challenge/ { default_type "text/plain"; root /var/www/letsencrypt; } - root /var/www/public; - - index index.html; - - server_name _; - location / { # make sure to have https link to exact same host that was called sub_filter ' - - - - RaspiBlitz Status - - - - -
-
-

Info Dashboard (Updated: {{ datetime }})

-
- - - -
-

RaspiBlitz v{{ codeVersion }} {{ hostname }}

-

{{ network }} Fullnode + Lightning Network {{ torInfo }}

-

 

-

CPU load {{ load }}, temp {{ tempC }}°C {{ tempF }}°F

-

Free Mem {{ ram }} HDDuse {{ hddUsedInfo }}

-

{{ uptime }}

-

ssh admin@{{ local_ip }} ▼{{ network_rx }} ▲{{ network_tx }}

- {% if runningRTL == '1' %} -

web admin --> http://{{ local_ip }}:3000

- {% endif %} -

 

-

{{ network }} {{ networkVersion }} {{ chain }}net Sync OK {{ sync_percentage }}

-

{{ public_addr_pre }} {{ public_addr }} {{ networkConnections }} peers

-

 

-

LND {{ ln_version }} {{ ln_baseInfo }}

- {% if ln_version|length %} -

{{ ln_channelInfo }} {{ ln_peers }} peers

- {% endif %} -

- -
- {% if ln_version|length %} -

{{ ln_external }}

- {% endif %} -
-
- - - diff --git a/home.admin/assets/nginx/www_blitzweb/info/status.css b/home.admin/assets/nginx/www_blitzweb/info/status.css deleted file mode 100644 index e239afcc4..000000000 --- a/home.admin/assets/nginx/www_blitzweb/info/status.css +++ /dev/null @@ -1,48 +0,0 @@ -#regular { - /* The size of the LCD on shopping list */ - width: 920px; - height: 440px; -} - -.header { - grid-area: header; - text-align: center; -} - -.logo { - grid-area: logo; - text-align: center; -} - -.main { - grid-area: main; -} - -.footer { - grid-area: footer; -} - -.grid-container { - display: grid; - grid-template-areas: 'header header header header' 'logo main main main' 'footer footer footer footer'; - grid-gap: 1px; - background-color: #02192b; - padding: 1px; -} - -.grid-container > div { - background-color: rgba(0, 0, 0, 0.8); - padding: 4px 8px; - font-size: 30px; -} - -body { - background-color: black; - font-family: monospace, monospace; - color: LightSteelBlue; -} - -p { - font-size: 12px; - margin: 4px; -} diff --git a/home.admin/assets/nginx/www_public/index.html b/home.admin/assets/nginx/www_public/index.html index 5167fa05a..7d0eba5bc 100644 --- a/home.admin/assets/nginx/www_public/index.html +++ b/home.admin/assets/nginx/www_public/index.html @@ -17,9 +17,23 @@

- Welcome + Welcome Node Operator

+

Please Wait ...

+ +

Use one the following link to access your RaspiBlitz

Please be aware about HTTPS Certificate Warning! Here is some useful information on that... diff --git a/home.admin/assets/nginx/www_blitzweb/index.html b/home.admin/assets/nginx/www_public/ui/index.html similarity index 88% rename from home.admin/assets/nginx/www_blitzweb/index.html rename to home.admin/assets/nginx/www_public/ui/index.html index 2da139ae5..f4fb2b5eb 100644 --- a/home.admin/assets/nginx/www_blitzweb/index.html +++ b/home.admin/assets/nginx/www_public/ui/index.html @@ -4,7 +4,7 @@ - RaspiBlitz Welcome + WebUI diff --git a/home.admin/config.scripts/blitz.debug.sh b/home.admin/config.scripts/blitz.debug.sh index beb5f77d3..7e44897d8 100755 --- a/home.admin/config.scripts/blitz.debug.sh +++ b/home.admin/config.scripts/blitz.debug.sh @@ -101,6 +101,17 @@ echo "--> CHECK CONFIG: sudo nginx -t" sudo nginx -t echo "" +echo "*** BLITZAPI SYSTEMD STATUS ***" +sudo systemctl status blitzapi -n2 --no-pager +echo "" + +echo "*** LAST BLITZAPI LOGS ***" +echo "sudo journalctl -u blitzapi -b --no-pager -n20" +sudo journalctl -u nginx -b --no-pager -n20 +echo "--> CHECK CONFIG: sudo nginx -t" +sudo nginx -t +echo "" + if [ "${touchscreen}" = "" ] || [ "${touchscreen}" = "0" ]; then echo "- TOUCHSCREEN is OFF by config" else diff --git a/home.admin/config.scripts/blitz.github.sh b/home.admin/config.scripts/blitz.github.sh index 575f02a8e..f010bfca8 100755 --- a/home.admin/config.scripts/blitz.github.sh +++ b/home.admin/config.scripts/blitz.github.sh @@ -163,6 +163,12 @@ sudo -u admin chmod -R +x /home/admin/config.scripts sudo -u admin chmod -R +x /home/admin/setup.scripts echo "# ******************************************" +echo "# Syncing Webcontent .." +if [ -d /var/www/public ]; then + sudo cp -a /home/admin/assets/nginx/www_public/* /var/www/public + sudo chown www-data:www-data /var/www/public +fi + echo "# Checking if the content of BlitzPy changed .." checkSumBlitzPyAfter=$(find /home/admin/raspiblitz/home.admin/BlitzPy -type f -exec md5sum {} \; | md5sum) echo "# checkSumBlitzPyBefore = ${checkSumBlitzPyBefore}" diff --git a/home.admin/config.scripts/blitz.web.api.sh b/home.admin/config.scripts/blitz.web.api.sh new file mode 100755 index 000000000..e9345ac74 --- /dev/null +++ b/home.admin/config.scripts/blitz.web.api.sh @@ -0,0 +1,190 @@ +#!/usr/bin/env bash + +# main repo: https://github.com/fusion44/blitz_api + +# restart the systemd `blitzapi` when credentials of lnd or bitcoind are changeing and it will +# excute the `update-config` automatically before restarting + +# TODO: On sd card install there might be no Bitcoin & Lightning confs - make sure backend runs without + +# command info +if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] || [ "$1" = "-help" ]; then + echo "Manage RaspiBlitz Web API" + echo "blitz.web.api.sh on [?GITHUBUSER] [?REPO] [?BRANCH]" + echo "blitz.web.api.sh update-config" + echo "blitz.web.api.sh update-code" + echo "blitz.web.api.sh off" + exit 1 +fi + +DEFAULT_GITHUB_USER="fusion44" +DEFAULT_GITHUB_REPO="blitz_api" +DEFAULT_GITHUB_BRANCH="main" + +################### +# ON / INSTALL +################### +if [ "$1" = "1" ] || [ "$1" = "on" ]; then + + if [ "$2" != "" ]; then + DEFAULT_GITHUB_USER="$2" + fi + + if [ "$3" != "" ]; then + DEFAULT_GITHUB_REPO="$3" + fi + + if [ "$4" != "" ]; then + DEFAULT_GITHUB_BRANCH="$4" + fi + + echo "# INSTALL Web API ..." + sudo apt install -y redis + sudo rm -r /home/admin/blitz_api 2>/dev/null + cd /home/admin + # git clone https://github.com/fusion44/blitz_api.git /home/admin/blitz_api + git clone https://github.com/${DEFAULT_GITHUB_USER}/${DEFAULT_GITHUB_REPO}.git /home/admin/blitz_api + cd blitz_api + git checkout ${DEFAULT_GITHUB_BRANCH} + pip install -r requirements.txt + + # TODO: check if that manual install is still needed in a future version + pip install sse_starlette + + # build the config and set unique secret (its OK to be a new secret every install/upadte) + /home/admin/config.scripts/blitz.web.api.sh update-config + secret=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 64 ; echo '') + sed -i "s/^secret=.*/secret=${secret}/g" ./.env + + # prepare systemd service + echo " +[Unit] +Description=BlitzBackendAPI +Wants=network.target +After=network.target + +[Service] +WorkingDirectory=/home/admin/blitz_api +# before every start update the config with latest credentials/settings +ExecStartPre=-/home/admin/config.scripts/blitz.web.api.sh update-config +ExecStart=sudo -admin /usr/bin/python -m uvicorn main:app --reload --port 11111 --host=0.0.0.0 --root-path /api +User=root +Group=root +Type=simple +Restart=always +StandardOutput=journal +StandardError=journal + +# Hardening measures +PrivateTmp=true +ProtectSystem=full +NoNewPrivileges=true +PrivateDevices=true + +[Install] +WantedBy=multi-user.target +" | sudo tee /etc/systemd/system/blitzapi.service + + sudo systemctl enable blitzapi + sudo systemctl start blitzapi + + # TODO: remove after experimental step + sudo ufw allow 11111 comment 'WebAPI Develop' + + # install info + echo "# the API should new be available under http://[LOCALHOST]/api and port 11111 for testing" + echo "# check for systemd: sudo systemctl status blitzapi" + echo "# check for logs: sudo journalctl -f -u blitzapi" + + exit 0 +fi + +################### +# UPDATE CONFIG +################### +if [ "$1" = "update-config" ]; then + + # prepare configs data + source /mnt/hdd/raspiblitz.conf 2>/dev/null + if [ "${network}" = "" ]; then + network="bitcoin" + chain="main" + fi + + cd /home/admin/blitz_api + dateStr=$(date) + echo "# Update Web API CONFIG (${dateStr})" + RPCUSER=$(sudo cat /mnt/hdd/${network}/${network}.conf | grep rpcuser | cut -c 9-) + RPCPASS=$(sudo cat /mnt/hdd/${network}/${network}.conf | grep rpcpassword | cut -c 13-) + if [ "${RPCUSER}" == "" ]; then + RPCUSER="raspibolt" + fi + if [ "${RPCPASS}" == "" ]; then + RPCPASS="passwordB" + fi + sed -i "s/^network=.*/network=mainnet/g" ./.env + sed -i "s/^bitcoind_ip_mainnet=.*/bitcoind_ip_mainnet=127.0.0.1/g" ./.env + sed -i "s/^bitcoind_ip_testnet=.*/bitcoind_ip_testnet=127.0.0.1/g" ./.env + sed -i "s/^bitcoind_user=.*/bitcoind_user=${RPCUSER}/g" ./.env + sed -i "s/^bitcoind_pw=.*/bitcoind_pw=${RPCPASS}/g" ./.env + + # configure LND + if [ "${lightning}" == "lnd" ]; then + + echo "# CONFIG Web API Lightning --> LND" + tlsCert=$(sudo xxd -ps -u -c 1000 /mnt/hdd/lnd/tls.cert) + adminMacaroon=$(sudo xxd -ps -u -c 1000 /mnt/hdd/lnd/data/chain/bitcoin/mainnet/admin.macaroon) + sed -i "s/^ln_node=.*/ln_node=lnd/g" ./.env + sed -i "s/^lnd_grpc_ip=.*/lnd_grpc_ip=127.0.0.1/g" ./.env + sed -i "s/^lnd_macaroon=.*/lnd_macaroon=${adminMacaroon}/g" ./.env + sed -i "s/^lnd_cert=.*/lnd_cert=${tlsCert}/g" ./.env + + # configure CLN + elif [ "${lightning}" == "cln" ]; then + + echo "# CONFIG Web API Lightning --> CLN" + sed -i "s/^ln_node=.*/ln_node=cln/g" ./.env + + # TODO: ADD C-Lightning config as soon as available + echo "# MISSING CLN CONFIG YET" + + else + echo "# CONFIG Web API Lightning --> OFF" + sed -i "s/^ln_node=.*/ln_node=/g" ./.env + fi + + echo "# '.env' config updates - blitzapi maybe needs to be restarted" + exit 0 + +fi + +################### +# UPDATE CODE +################### +if [ "$1" = "update-code" ]; then + + echo "# Update Web API CODE" + sudo systemctl stop blitzapi + cd /home/admin/blitz_api + git fetch + git pull + pip install -r requirements.txt + sudo systemctl start blitzapi + echo "# blitzapi updates and restarted" + exit 0 + +fi + +################### +# OFF / UNINSTALL +################### +if [ "$1" = "0" ] || [ "$1" = "off" ]; then + + echo "# UNINSTALL Web API" + sudo systemctl stop blitzapi + sudo systemctl disable blitzapi + sudo rm /etc/systemd/system/blitzapi.service + sudo rm -r /home/admin/blitz_api + exit 0 + +fi diff --git a/home.admin/config.scripts/blitz.web.sh b/home.admin/config.scripts/blitz.web.sh index 1891cee86..fc42418d6 100755 --- a/home.admin/config.scripts/blitz.web.sh +++ b/home.admin/config.scripts/blitz.web.sh @@ -1,5 +1,7 @@ #!/usr/bin/env bash +# TODO: later on this script will be run on build sdcard - make sure that the self-signed tls cert get created fresh on every new RaspiBlitz + source /mnt/hdd/raspiblitz.conf # command info @@ -8,98 +10,9 @@ if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] || [ "$1" = "-help" ]; printf "blitz.web.sh check \t\tprint operational nginx listen status (lsof)\n" printf "blitz.web.sh on \t\tturn on\n" printf "blitz.web.sh off \t\tturn off\n" - printf "blitz.web.sh listen localhost \tset port 443 to localhost only\n" - printf "blitz.web.sh listen any \tset port 443 to any\n" exit 1 fi -# using ${APOST} is a workaround to be able to use sed with ' -APOST=\' # close tag for linters: ' - - -################### -# FUNCTIONS -################### -function set_nginx_blitzweb_listen() { - # first parameter to function should be either "localhost" or "any" - listen_to=${1} - - if [ -f "/etc/nginx/sites-available/blitzweb.conf" ]; then - if ! grep -Eq '^\s*#?\s*listen 127.0.0.1:443 ssl default_server;$' /etc/nginx/sites-available/blitzweb.conf; then - echo "Error: missing expected line for: lo:v4 https" - exit 1 - else - if grep -Eq '^\s*#\s*listen 127.0.0.1:443 ssl default_server;$' /etc/nginx/sites-available/blitzweb.conf; then - #echo "found: lo:v4 https (disabled line)" - if [ ${listen_to} = "localhost" ]; then - sudo sed -i -E 's/#\s*(listen 127.0.0.1:443 ssl default_server;)/\1/g' /etc/nginx/sites-available/blitzweb.conf - fi - else - #echo "found: lo:v4 https (enabled line)" - if [ ${listen_to} = "any" ]; then - sudo sed -i -E 's/(listen 127.0.0.1:443 ssl default_server;)/#\1/g' /etc/nginx/sites-available/blitzweb.conf - fi - fi - - fi - - if ! grep -Eq '^\s*#?\s*listen \[::1\]:443 ssl default_server;$' /etc/nginx/sites-available/blitzweb.conf; then - echo "Error: missing expected line for: lo:v6 https" - exit 1 - else - if grep -Eq '^\s*#\s*listen \[::1\]:443 ssl default_server;$' /etc/nginx/sites-available/blitzweb.conf; then - #echo "found: lo:v6 https (disabled line)" - if [ ${listen_to} = "localhost" ]; then - sudo sed -i -E 's/#\s*(listen \[::1\]:443 ssl default_server;)/\1/g' /etc/nginx/sites-available/blitzweb.conf - fi - else - #echo "found: lo:v6 https (enabled line)" - if [ ${listen_to} = "any" ]; then - sudo sed -i -E 's/(listen \[::1\]:443 ssl default_server;)/#\1/g' /etc/nginx/sites-available/blitzweb.conf - fi - fi - - fi - - if ! grep -Eq '^\s*#?\s*listen 443 ssl default_server;$' /etc/nginx/sites-available/blitzweb.conf; then - echo "Error: missing expected line for: any:v4 https" - exit 1 - else - if grep -Eq '^\s*#\s*listen 443 ssl default_server;$' /etc/nginx/sites-available/blitzweb.conf; then - #echo "found: any:v4 https (disabled line)" - if [ ${listen_to} = "any" ]; then - sudo sed -i -E 's/#\s*(listen 443 ssl default_server;)/\1/g' /etc/nginx/sites-available/blitzweb.conf - fi - else - #echo "found: any:v4 https (enabled line)" - if [ ${listen_to} = "localhost" ]; then - sudo sed -i -E 's/(listen 443 ssl default_server;)/#\1/g' /etc/nginx/sites-available/blitzweb.conf - fi - fi - - fi - - if ! grep -Eq '^\s*#?\s*listen \[::\]:443 ssl default_server;$' /etc/nginx/sites-available/blitzweb.conf; then - echo "Error: missing expected line for: any:v6 https" - exit 1 - else - if grep -Eq '^\s*#\s*listen \[::\]:443 ssl default_server;$' /etc/nginx/sites-available/blitzweb.conf; then - #echo "found: any:v6 https (disabled line)" - if [ ${listen_to} = "any" ]; then - sudo sed -i -E 's/#\s*(listen \[::\]:443 ssl default_server;)/\1/g' /etc/nginx/sites-available/blitzweb.conf - fi - else - #echo "found: any:v6 https (enabled line)" - if [ ${listen_to} = "localhost" ]; then - sudo sed -i -E 's/(listen \[::\]:443 ssl default_server;)/#\1/g' /etc/nginx/sites-available/blitzweb.conf - fi - fi - fi - fi -} - - - ################### # CHECK ################### @@ -145,6 +58,7 @@ EOF sudo sed -i -E '/^.*server_names_hash_bucket_size [0-9]*;$/a \\tserver_names_hash_bucket_size 128;' /etc/nginx/nginx.conf fi + echo "# Checking dhparam.pem ..." if [ ! -f /etc/ssl/certs/dhparam.pem ]; then # check if there is a user generated dhparam.pem on the HDD to use @@ -162,6 +76,8 @@ EOF sudo cp /mnt/hdd/app-data/nginx/dhparam.pem /etc/ssl/certs/dhparam.pem fi + else + echo "# skip - dhparam.pem exists" fi sudo cp /home/admin/assets/nginx/snippets/* /etc/nginx/snippets/ @@ -171,7 +87,10 @@ EOF sudo rm -f /var/www/html/index.nginx-debian.html if ! [ -f /etc/nginx/sites-available/public.conf ]; then + echo "# copy /etc/nginx/sites-available/public.conf" sudo cp /home/admin/assets/nginx/sites-available/public.conf /etc/nginx/sites-available/public.conf + else + echo "# exists /etc/nginx/sites-available/public.conf" fi if ! [ -d /var/www/letsencrypt/.well-known/acme-challenge ]; then @@ -183,32 +102,38 @@ EOF # copy webroot if ! [ -d /var/www/public ]; then + echo "# copy /var/www/public" sudo cp -a /home/admin/assets/nginx/www_public/ /var/www/public sudo chown www-data:www-data /var/www/public + else + echo "# exists /var/www/public" fi sudo ln -sf /etc/nginx/sites-available/public.conf /etc/nginx/sites-enabled/public.conf ### RaspiBlitz Webserver on HTTPS 443 - # copy webroot - if ! [ -d /var/www/blitzweb ]; then - sudo cp -a /home/admin/assets/nginx/www_blitzweb/ /var/www/blitzweb - sudo chown www-data:www-data /var/www/blitzweb + # copy compiled webUI (TODO: do later) + if ! [ -d /var/www/public/ui ]; then + echo "# copy precompiled webui TODO: implement" + sudo cp -a /home/admin/blitz_web_compiled /var/www/public/ui + sudo chown www-data:www-data /var/www/public/ui + else + echo "# exists /var/www/public/ui" fi - # make sure jinja2 is installed and install j2cli - sudo apt-get install -y python3-jinja2 - sudo -H python3 -m pip install j2cli + if ! [ -f /mnt/hdd/app-data/nginx/tls.cert ];then - if [ -f /mnt/hdd/app-data/nginx/tls.cert ];then if [ -f /mnt/hdd/lnd/tls.cert ]; then # use LND cert by default + echo "# use LND cert for: /mnt/hdd/app-data/nginx/tls.cert" sudo ln -sf /mnt/hdd/lnd/tls.cert /mnt/hdd/app-data/nginx/tls.cert sudo ln -sf /mnt/hdd/lnd/tls.key /mnt/hdd/app-data/nginx/tls.key sudo ln -sf /mnt/hdd/lnd/tls.cert /mnt/hdd/app-data/nginx/tor_tls.cert sudo ln -sf /mnt/hdd/lnd/tls.key /mnt/hdd/app-data/nginx/tor_tls.key else + echo "# exists /mnt/hdd/app-data/nginx/tls.cert" + # create a self-signed cert if the LND cert is not present /home/admin/config.scripts/internet.selfsignedcert.sh @@ -221,21 +146,8 @@ EOF sudo ln -sf /mnt/hdd/app-data/selfsignedcert/selfsigned.key \ /mnt/hdd/app-data/nginx/tor_tls.key fi - fi - - # config - sudo cp /home/admin/assets/blitzweb.conf /etc/nginx/sites-available/blitzweb.conf - sudo ln -sf /etc/nginx/sites-available/blitzweb.conf /etc/nginx/sites-enabled/ - - if ! [ -f /etc/nginx/.htpasswd ]; then - PASSWORD_B=$(sudo cat /mnt/hdd/${network}/${network}.conf | grep rpcpassword | cut -c 13-) - echo "${PASSWORD_B}" | sudo htpasswd -c -i /etc/nginx/.htpasswd admin - sudo chown www-data:www-data /etc/nginx/.htpasswd - sudo chmod 640 /etc/nginx/.htpasswd - else - sudo chown www-data:www-data /etc/nginx/.htpasswd - sudo chmod 640 /etc/nginx/.htpasswd + echo "# exists /mnt/hdd/app-data/nginx/tls.cert" fi # restart NGINX @@ -252,19 +164,6 @@ elif [ "$1" = "0" ] || [ "$1" = "off" ]; then sudo systemctl stop nginx sudo systemctl disable nginx >/dev/null - -################### -# LISTEN -################### -elif [ "$1" = "listen" ]; then - - if [ "$2" = "localhost" ] || [ "$2" = "any" ]; then - echo "Setting NGINX to listen on: ${2}" - set_nginx_blitzweb_listen "${2}" - else - echo "# FAIL: parameter not known - run with -h for help" - fi - else echo "# FAIL: parameter not known - run with -h for help" fi diff --git a/home.admin/config.scripts/blitz.web.ui.sh b/home.admin/config.scripts/blitz.web.ui.sh new file mode 100755 index 000000000..ecda65cef --- /dev/null +++ b/home.admin/config.scripts/blitz.web.ui.sh @@ -0,0 +1,96 @@ +#!/usr/bin/env bash + +# TODO: Later use for default install (when no github parameters are given) a precompiled version +# that comes with the repo so that the user does not need to install node +# use fro that then: yarn build:production & yarn licenses generate-disclaimer + +# TODO: Put WebUI into / base directory of nginx and let the index.html of the webUI handle +# the Tor detection or build it directly into the WebUI + +# command info +if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] || [ "$1" = "-help" ]; then + echo "Manage RaspiBlitz Web UI" + echo "blitz.web.ui.sh on [?GITHUBUSER] [?REPO] [?BRANCH]" + echo "blitz.web.ui.sh update" + echo "blitz.web.ui.sh off" + exit 1 +fi + +DEFAULT_GITHUB_USER="cstenglein" +DEFAULT_GITHUB_REPO="raspiblitz-web" +DEFAULT_GITHUB_BRANCH="master" + +################### +# ON / INSTALL +################### +if [ "$1" = "1" ] || [ "$1" = "on" ]; then + + if [ "$2" != "" ]; then + DEFAULT_GITHUB_USER="$2" + fi + + if [ "$3" != "" ]; then + DEFAULT_GITHUB_REPO="$3" + fi + + if [ "$4" != "" ]; then + DEFAULT_GITHUB_BRANCH="$4" + fi + + echo "# INSTALL WebUI" + sudo rm -r /home/admin/blitz_web 2>/dev/null + cd /home/admin + # git clone https://github.com/cstenglein/raspiblitz-web.git /home/admin/blitz_web + git clone https://github.com/${DEFAULT_GITHUB_USER}/${DEFAULT_GITHUB_REPO}.git /home/admin/blitz_web + cd blitz_web + git checkout ${DEFAULT_GITHUB_BRANCH} + + echo "# Compile WebUI" + /home/admin/config.scripts/bonus.nodejs.sh on + source <(/home/admin/config.scripts/bonus.nodejs.sh info) + sudo npm install --global yarn + ${NODEPATH}/yarn install + ${NODEPATH}/yarn build + + sudo rm -r /var/www/public/* 2>/dev/null + sudo cp -r /home/admin/blitz_web/build/* /var/www/public + sudo chown www-data:www-data -R /var/www/public + + exit 1 +fi + +################### +# UPDATE +################### +if [ "$1" = "update" ]; then + + echo "# Update Web API" + cd /home/admin/blitz_web + git fetch + git pull + source <(/home/admin/config.scripts/bonus.nodejs.sh info) + ${NODEPATH}/yarn install + ${NODEPATH}/yarn build + sudo rm -r /var/www/public/* 2>/dev/null + sudo cp -r /home/admin/blitz_web/build/* /var/www/public + sudo chown www-data:www-data -R /var/www/public + echo "# blitzapi updates and restarted" + exit 0 + +fi + +################### +# OFF / UNINSTALL +################### +if [ "$1" = "0" ] || [ "$1" = "off" ]; then + + echo "# UNINSTALL WebUI" + sudo rm -r /home/admin/blitz_web 2>/dev/null + sudo rm -r /var/www/public/* 2>/dev/null + exit 0 +fi + + + + + diff --git a/home.admin/config.scripts/bonus.nodejs.sh b/home.admin/config.scripts/bonus.nodejs.sh index 2dd0cb9c4..0b6410c98 100755 --- a/home.admin/config.scripts/bonus.nodejs.sh +++ b/home.admin/config.scripts/bonus.nodejs.sh @@ -9,10 +9,36 @@ CHECKSUM_linux_x64="ed01043751f86bb534d8c70b16ab64c956af88fd35a9506b7e4a68f5b824 # command info if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then echo "config script to install NodeJs $VERSION" - echo "bonus.nodejs.sh [on|off]" + echo "bonus.nodejs.sh [on|off|info]" exit 1 fi + # determine nodeJS VERSION and DISTRO +isARM=$(uname -m | grep -c 'arm') +isAARCH64=$(uname -m | grep -c 'aarch64') +isX86_64=$(uname -m | grep -c 'x86_64') +if [ ${isARM} -eq 1 ] ; then + DISTRO="linux-armv7l" + CHECKSUM="${CHECKSUM_linux_armv7l}" +elif [ ${isAARCH64} -eq 1 ] ; then + DISTRO="linux-arm64" + CHECKSUM="${CHECKSUM_linux_arm64}" +elif [ ${isX86_64} -eq 1 ] ; then + DISTRO="linux-x64" + CHECKSUM="${CHECKSUM_linux_x64}" +elif [ ${#DISTRO} -eq 0 ]; then + echo "# FAIL: Was not able to determine architecture" + exit 1 +fi + +# info +if [ "$1" = "info" ]; then + echo "NODEVERSION='${VERSION}'" + echo "NODEDISTRO='${DISTRO}'" + echo "NODEPATH='/usr/local/lib/nodejs/node-$VERSION-$DISTRO/bin'" + exit 0 +fi + # switch on if [ "$1" = "1" ] || [ "$1" = "on" ]; then # check if nodeJS was installed @@ -20,34 +46,15 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then if ! [ ${nodeJSInstalled} -eq 0 ]; then echo "nodeJS is already installed" else - # determine nodeJS VERSION and DISTRO - echo "Detect CPU architecture ..." - isARM=$(uname -m | grep -c 'arm') - isAARCH64=$(uname -m | grep -c 'aarch64') - isX86_64=$(uname -m | grep -c 'x86_64') - - if [ ${isARM} -eq 1 ] ; then - DISTRO="linux-armv7l" - CHECKSUM="${CHECKSUM_linux_armv7l}" - elif [ ${isAARCH64} -eq 1 ] ; then - DISTRO="linux-arm64" - CHECKSUM="${CHECKSUM_linux_arm64}" - elif [ ${isX86_64} -eq 1 ] ; then - DISTRO="linux-x64" - CHECKSUM="${CHECKSUM_linux_x64}" - elif [ ${#DISTRO} -eq 0 ]; then - echo "FAIL: Was not able to determine architecture" - exit 1 - fi + + # install latest nodejs + # https://github.com/nodejs/help/wiki/Installation + echo "*** Install NodeJS $VERSION-$DISTRO ***" echo "VERSION: ${VERSION}" echo "DISTRO: ${DISTRO}" echo "CHECKSUM: ${CHECKSUM}" echo "" - - # install latest nodejs - # https://github.com/nodejs/help/wiki/Installation - echo "*** Install NodeJS $VERSION-$DISTRO ***" - + # download cd /home/admin/download wget https://nodejs.org/dist/$VERSION/node-$VERSION-$DISTRO.tar.xz @@ -69,7 +76,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then sudo ln -sf /usr/local/lib/nodejs/node-$VERSION-$DISTRO/bin/npm /usr/bin/npm sudo ln -sf /usr/local/lib/nodejs/node-$VERSION-$DISTRO/bin/npx /usr/bin/npx # add to PATH permanently - sudo bash -c "echo 'PATH=\$PATH:/usr/local/lib/nodejs/node-\$VERSION-\$DISTRO/bin/' >> /etc/profile" + sudo bash -c "echo 'PATH=\$PATH:/usr/local/lib/nodejs/node-${VERSION}-${DISTRO}/bin/' >> /etc/profile" echo "" # check if nodeJS was installed diff --git a/home.admin/config.scripts/lnd.export.sh b/home.admin/config.scripts/lnd.export.sh index 245fdc45a..830810d74 100755 --- a/home.admin/config.scripts/lnd.export.sh +++ b/home.admin/config.scripts/lnd.export.sh @@ -62,17 +62,17 @@ elif [ "${exportType}" = "hexstring" ]; then clear echo "###### HEXSTRING EXPORT ######" echo "" - echo "admin.macaroon:" - sudo xxd -ps -u -c 1000 /mnt/hdd/lnd/data/chain/${network}/${chain}net/admin.macaroon + adminMacaroon=$(sudo xxd -ps -u -c 1000 /mnt/hdd/lnd/data/chain/${network}/${chain}net/admin.macaroon) + echo "adminMacaroon=${adminMacaroon}" echo "" - echo "invoice.macaroon:" - sudo xxd -ps -u -c 1000 /mnt/hdd/lnd/data/chain/${network}/${chain}net/invoice.macaroon + invoiceMacaroon=$(sudo xxd -ps -u -c 1000 /mnt/hdd/lnd/data/chain/${network}/${chain}net/invoice.macaroon) + echo "invoiceMacaroon=${invoiceMacaroon}" echo "" - echo "readonly.macaroon:" - sudo xxd -ps -u -c 1000 /mnt/hdd/lnd/data/chain/${network}/${chain}net/readonly.macaroon + readonlyMacaroon=$(sudo xxd -ps -u -c 1000 /mnt/hdd/lnd/data/chain/${network}/${chain}net/readonly.macaroon) + echo "readonlyMacaroon=${readonlyMacaroon}" echo "" - echo "tls.cert:" - sudo xxd -ps -u -c 1000 /mnt/hdd/lnd/tls.cert + tlsCert=$(sudo xxd -ps -u -c 1000 /mnt/hdd/lnd/tls.cert) + echo "tlsCert=${tlsCert}" echo "" ########################