From 2434875723a7d8e048ce4a50208ac1fafeeeb992 Mon Sep 17 00:00:00 2001
From: /rootzoll <christian@fulmo.org>
Date: Tue, 20 Jul 2021 16:57:41 +0200
Subject: [PATCH] #2425 Adding experimental Blitz WebUI & API (#2426)

---
 home.admin/assets/blitzweb.conf               |  44 ----
 .../assets/nginx/sites-available/public.conf  |  18 +-
 .../assets/nginx/www_blitzweb/favicon.ico     | Bin 2106 -> 0 bytes
 .../RaspiBlitz_Logo_Icon_Negative_Cut.png     | Bin 5931 -> 0 bytes
 .../assets/nginx/www_blitzweb/info/index.html |   1 -
 .../assets/nginx/www_blitzweb/info/info.j2    |  48 -----
 .../assets/nginx/www_blitzweb/info/status.css |  48 -----
 home.admin/assets/nginx/www_public/index.html |  16 +-
 .../ui}/index.html                            |   2 +-
 home.admin/config.scripts/blitz.debug.sh      |  11 +
 home.admin/config.scripts/blitz.github.sh     |   6 +
 home.admin/config.scripts/blitz.web.api.sh    | 190 ++++++++++++++++++
 home.admin/config.scripts/blitz.web.sh        | 147 +++-----------
 home.admin/config.scripts/blitz.web.ui.sh     |  96 +++++++++
 home.admin/config.scripts/bonus.nodejs.sh     |  59 +++---
 home.admin/config.scripts/lnd.export.sh       |  16 +-
 16 files changed, 395 insertions(+), 307 deletions(-)
 delete mode 100644 home.admin/assets/blitzweb.conf
 delete mode 100644 home.admin/assets/nginx/www_blitzweb/favicon.ico
 delete mode 100644 home.admin/assets/nginx/www_blitzweb/info/RaspiBlitz_Logo_Icon_Negative_Cut.png
 delete mode 120000 home.admin/assets/nginx/www_blitzweb/info/index.html
 delete mode 100644 home.admin/assets/nginx/www_blitzweb/info/info.j2
 delete mode 100644 home.admin/assets/nginx/www_blitzweb/info/status.css
 rename home.admin/assets/nginx/{www_blitzweb => www_public/ui}/index.html (88%)
 create mode 100755 home.admin/config.scripts/blitz.web.api.sh
 create mode 100755 home.admin/config.scripts/blitz.web.ui.sh

diff --git a/home.admin/assets/blitzweb.conf b/home.admin/assets/blitzweb.conf
deleted file mode 100644
index 43e0bbcf5..000000000
--- a/home.admin/assets/blitzweb.conf
+++ /dev/null
@@ -1,44 +0,0 @@
-## RaspiBlitz NGINX config: blitzweb.conf
-
-server {
-
-    # localhost only
-    listen 127.0.0.1:443 ssl default_server;
-    listen [::1]:443 ssl default_server;
-    # any interface
-    #listen 443 ssl default_server;
-    #listen [::]:443 ssl default_server;
-
-    server_name _;
-
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-    ssl_prefer_server_ciphers on;
-    ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED";
-
-    add_header Strict-Transport-Security "max-age=31536000";
-
-    # ToDo(frennkie) if /mnt/hdd/app-data is missing (e.g. no disk) this will cause nginx to fail!
-    ssl_certificate /mnt/hdd/app-data/nginx/tls.cert;
-    ssl_certificate_key /mnt/hdd/app-data/nginx/tls.key;
-
-    ##
-    # Logging Settings
-    ##
-
-    access_log /var/log/nginx/access_raspiblitz.log;
-    error_log /var/log/nginx/error_raspiblitz.log;
-
-    root /var/www/blitzweb;
-
-    location / {
-        # First attempt to serve request as file, then
-        # as directory, then fall back to displaying a 404.
-        try_files $uri $uri/ =404;
-    }
-
-    location /info/ {
-        auth_basic           "BlitzWeb (admin:Password B)";
-        auth_basic_user_file /etc/nginx/.htpasswd;
-    }
-
-}
diff --git a/home.admin/assets/nginx/sites-available/public.conf b/home.admin/assets/nginx/sites-available/public.conf
index 9becc451d..2e018f325 100644
--- a/home.admin/assets/nginx/sites-available/public.conf
+++ b/home.admin/assets/nginx/sites-available/public.conf
@@ -4,17 +4,23 @@ server {
 	listen 80 default_server;
 	listen [::]:80 default_server;
 
+	root /var/www/public;
+	index index.html;
+	server_name _;
+
+	# proxy for API
+	location /api/ {
+		proxy_pass        http://127.0.0.1:11111/;
+		proxy_set_header  X-Real-IP $remote_addr;
+		proxy_set_header  X-Forwarded-Host   $host;
+	}
+
+	# directory for acme challenge
 	location ^~ /.well-known/acme-challenge/ {
 		default_type "text/plain";
 		root /var/www/letsencrypt;
 	}
 
-	root /var/www/public;
-
-	index index.html;
-
-	server_name _;
-
 	location / {
 		# make sure to have https link to exact same host that was called
 		sub_filter '<a href="https://HOST_SET_BY_NGINX/' '<a href="https://$host/';
diff --git a/home.admin/assets/nginx/www_blitzweb/favicon.ico b/home.admin/assets/nginx/www_blitzweb/favicon.ico
deleted file mode 100644
index 49af0caf67b85e972d59b7b5726a4984a5a6ca11..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 2106
zcmV-A2*vk_P)<h;3K|Lk000e1NJLTq005W(005W>0{{R3FC5Sl0001rP)t-s|Ns90
z008^@`ve38OG`@$2?;DLEZf`L_V)Jj^77~B=MfPR85tS*`T6zr_0`qY%gf6`LPBb4
zY91aQ;o;#rIy$_(yn};-RaI5&?CizG#j>)pqobn^4h|d~9M8|sGBPrFczBJCjg^&^
zB_$<LP*7c6U4DLktE;P?o}O)OZIF<VHa0dzMMXpmW1Ij02Wv@0K~#90&0OnxqA(C8
zM8pDC0Z~!#wurUW_kX>`x@}RC%uF=do`3soE2lWj<;)3=^Gv)kEULj%FASlFCRSMG
z<$G9O+0ZJn8I~8HTIDt9V~Opp@^YqFUf#$qu^LM(vCAt6k-Wl*U1EQ*H*98?mwQ6;
zN?+^}8*?PFqg`H3g5-6wTa26+Wa#syU0zOsykR}pGO-wW!`7C0jga-bw#>^p;CO|;
zWnQlpj@Z^RFK3D473H>x?Qz8Z*ya`BLcjlNo7fJ;i@#Z*GF)tb9<ad%MJzU-TZ3Jn
zvybn8E>QKGFHF-K)lFTDlAj!oYhCAtX^rO|^WwKwQ<bCYcWJiK_v?mMJ-&&SBkG2|
zo1~Q=JXR)mWyQ@fyrRG$uVuyfyz`B$QK7#xM=MV_>rcCn{1(HjGS}!YDpt+}srx0x
z5HlvCxE~(dj79&0lAbbCjs9!Rcq0BbFw&DT5oHpyP%?E*F!kG%h~oEIDyt_L>B%$H
z=#Nsik;x4MOzUb$L|LaSmS)E(B8eFiQT&FNyd%cc?}HIulZwUi<QSANFEb)ap0Sgn
z%6%Yim=O`howG_6A&Ay>W2Diau~7A>BU)E8BFfZL4-g3H>1?9W4^s8$oJa5t6V}%U
z(F9nm++ZN2CnF+C!9#VQ4ogp^2@xe&0VBN+hrSUJB>}!jXAAN&BBG2r&=eq~rw`=^
z=)pZh0~ahk84*#I92&Sl>B)$QGK`_k3f#J816KxpVpA3YO#v)DMSU6M{T+xibi-Wq
z)>QBv>ko5l9s++9dTT1c1Fd!f{xW)N+Qmt~bIc>C_@cL_T>y1XiGpRoPoTG^9Xymo
zdXVsqlb(clzsVKBfwJ!nN)HJAVBZr0-tuO*0k&o<LU|}yO!za}*h0MSmq|_5A?O;l
zZuK3k0AAey+Y(x%LBus598i+#_61YcM}Pd7>zb$_Nh<5cQyzI}1>r-tQ}=<nJQ6k9
zXNJxnweIi?NK&4V!3-_55Br)k7vzQ#NBI<;0)n#CD`r4lm*}t)4{ET!upm4qH&EAg
zVSqJoQ;wYR3e9ztx~|JLj2N3@XPVQXx~|JVGr?}8YrWOA+6@)UGb8#&^q7`%q;x~A
z6k&A4rp*o0$`<ch0p?uh(=+Z071L2dUR08lQXXEg6Ydfb(;2Q*_4}+Wy(3oPE>UtF
zDMTSjrRpl}vlMp;&(k2La6>^Gt_fQiB&KjfLHmaZi*VP_`6?BXR1fldqrb{fBlzW#
z6cAtzA^1~`bTOCl^58l+#-<C61S@w#A*M!jf<4nql2nrFA%=$nTaxIV^-#7_N-@#8
z!xr%adBG@KDIo&PxwJjVDHdJrTOTb3&YgnpW)^Hi<0W%L?NL&zTVcoRpbTllh{O$5
z;nHD%9!8q+jbuk~#r3;H8tkU*gcY&pw8wHSPGVU5(+)4m5+#D|0|Dk-_84dld(8U;
zQAO;ALI&97*YSseXfl+rb;SnQB?naaJ;|IhzzL-%yzn=psQwhGQ@B#XkMhklN~p|%
z2Z_T!5J^vcd_(7RQqlzF^lylyCwzcik_9OP6f8qVq{t0L2+(1l)??)n){7>Po@&B2
za>|KzPk707g+O}hQ%0GZsw}~4!7IAbQ%R|_e(6!?3viKoMOS(vNmyIDMhLH-FX&27
zlmKfQEV{>km|@z3j`Xx4&B|My181<kp?P@kS4X4(bNo=}Py}oU>AImfZM>@WRA|sb
zb9q7@2(V_hB0rK>B+#*#dpFdElq&}(U9S{q)4G$Mly1f@cC6C%N*$%!j8EK2Ps9LQ
zm-@C!cdvAi-APXgDZpMgkJv&cD^>o#m7Zt;=DzEHkrynvC%xadZf2s(qu}0S=eiE^
zE8a*?L>tkfeDp-)uqW%2Z{1L|c$uWclqW#Gk(kpLZC*4RQ6T$F68x0yMP8D2>l%>)
zEYB#@iX7vR&AWqn+s#a~5#?uAJ;%1YXqa{Gd|P@V9k<J4mOks;V8iTumvq{0sEiUX
zlMSn$cb;((vD59{A91|^TUXEI)$r)E=tk(>>IK+a$g<}iXAENI?SATJOL`&%*z1-H
zqV++%yz|z2?@cGb{EYFLfj1l#t@hztdQ$d9HyHj2S!(8N-Vd*D*Au>_S~qR@-1uv8
zzNIH@ZydaPEGmqjUw6M+*BIw}%x4kvY71`>`f@!*sA~nY<`IsKpQ^v$U;UQ%kUwz8
zNyzwVY2^(sU(yq}qjUY;i8CJCq4h02DQrZatj4p<W2{WZw%&*H&-Juw1=#JS-4}m3
z>s@YZ*()r*2kI(4wFB%m-Y19M@mLhc-8R{8qR*d5>o=39{JTgx0XAW`;9-^=ecP`o
zxw@Xt?V2~37R{Zi=lgk`Y<I<CV)?aHSA0rOu*<_b+>7*tTf*DLr|Ze`yWmi`NKc@R
z=s#ePB3&M~vHYC@_9;F6#sG6BC4LES6+8SA-YSNh2jw<XSa5?cxp@Tj{ugGj2D$1z
k4*wIy?+mb}MYMUbzaCR*g<_A0ng9R*07*qoM6N<$g3nn300000

diff --git a/home.admin/assets/nginx/www_blitzweb/info/RaspiBlitz_Logo_Icon_Negative_Cut.png b/home.admin/assets/nginx/www_blitzweb/info/RaspiBlitz_Logo_Icon_Negative_Cut.png
deleted file mode 100644
index 5778984a9bfd7f8ac149b1a019a69c94328539f1..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 5931
zcmX9?2|Uy9A16nf+ayL~u5w>Pa%JvYA&e&XQYvajN-?)B=IA!}nIlJzlq1KCG;<_!
z<tlT;l!(;->-XR5wb%D~KF{^}yg%>H^E{s?`J96#FP9h>3kwUcwUwC@@LgnKVMT#B
zfl?ASHUs#u-g2@uVX3B_U;q_%4ALIS!cv>Y{l|v`sDneSP`6lERAmnTtP#a$aez<?
zYwnIUy&2$x4Z3k1?h<q@fJIYXQ(aG8TTep=4ivPs^blue9<64xupG~{Hbc5Zc&(Ek
zJQVL8GCyk9u_sN}JYp@Fl-hx1cjYXR77&hE2ici>D;~)de3BAf0SZ28eD`If`1=X;
zAFb%$<tr^aCww$EH3n4!XI#QsUocn!9sd9Gc5ReQd}(z5#9uG|Hw&l(@E3_>=Hz<d
zu6l67<L$!l#w39w$;^hh-P{lAcdPzgU+tZafxpv+%zyYc2@$^kLXy!nhmQIL13{(=
z8s?S2%vkC9)7ynG$(2E1?3Yxh=GU;9>pESt*xkf8j*|3i{V$&LM@!059=9mYF0UI&
z9oIR1;MHVi6@pAo3B&{^+-Gd&i8gg@dPYskfgrAyzRI`+r_uJYwA7(%Emz=H?!w8;
z8CsbnETDe9DbEiOaDbWR<ROcuM~N|TpU~8Cs0x-`=M)g%Q`7liEae7v=%D-_R>#oI
zomW~`8Q*;wM_JeQJ+`qrcpXVnS2`~2xkfzRNEX5Ju!HNRG;;hfujt!*L&hX^ZpZ=(
zXTiPK)RIO*tC4(e%XW*K_cXQCsFvqRVD$gYe*L}K9yuy!X7z-qv`#DxPMq7B>A4KI
zYJTR_e8z|zstvilvueqP?7Uz_bRLJ6G9u(}^WftM^5;XP^$P{1Wjl;yDdp?L<1H_1
z#9UBw%CZ*q2--DJ`?DF(uQ&mzd@z_f%pg`UqW&9~IS_==%J4k^R?xLlm>LKMG~GY9
zCCU!IlP>zW7V+7bM9PE+KW;#HSjkwus0>L1j7`|icNh~e;y@`@atcDYAPb8lP@$oN
z!(mTPfJ3$Q3)8iPUD=Q)DKX^G3?4_YXe?aFiR&~UfC{$Wm_%2D6rR#AjCaA?Ik)zw
zn)j@$zx8UC`r~1A?Rvt?mHlG^QbKTzY7MdmM|nYE3|!yR_vaN%_Q}4(6($rQ1>uK-
z4}GIAizg3R=^>p)8A$*wZf@{6`d@iEiHuugPu6%w4$ZPN?ei1x4^dXs%cecSV;L`E
z;A}D)77Yl8jG#jRcv8AWKhZ9;A@TQRyCneqoJuNPP;5T9gyE4-k&`1Hp=wYiz)DS)
z;t(N!JwItDUb!?RiIy(<rVb%y{j^#PG^`+}_$vsL9Y}z`6NLCR;Vfhr&-%mRRv0T{
z>m*dA=#>G_i%JKQz_&>*gX4^Zj9vjL7<~v!Iac%_l@ot4-Kn`R0Fx~{>HJk97Vc)^
zJ8&73Z8m!pAGaibUZVn_p~w5Kys~;Yr0{(!!XUjN;QCR)n^LkCYeb<#dhF?_fNloL
zb}NrSok@{^C#lePG~KkyL(3O=vO0Nj6gfC`Pw1qHZ#S(udsNs}Cd~Y*jj|%=lzx}+
z#G!RJkH}KiMxbt)+qG$cb#Brcz8Jgcw)UTgO!G>LOCoE?B`0R|!l~RHv?uYe{+k-=
zKF6u=r;|j&D_)g>6iz^I{5&q@;JA{%s9{DG$||E`DO2a@<#4Ku6>%KOP5O^;2GQL~
z<k}OJl1iX0L5S~h{RQWP8)2L9_Gq}Je=WksZNQb$oJoCkJ9VixR<Yv0aGMV1xR<rQ
zS<mh*{)=bQbL4BwvdHei#D@@P{*g>06C0vJ31Y4D)BErp-#@x{J^v;?9NMAng_?OF
zJzNHSF~Ln;XLW4O%TbsfAL8L*nQ$~L-HCJ@mN5>^#lHLZd*a93!|vVoy$L?GAZfvy
zW_n0q#x<Vevi6lF3zNH^XCtYB5$9*Cc!kFVgHrS$zK>cFMhfOpRb{(7k#8RlHU&(-
z-Lp^5Ura1YB2BCjoqb<z*B{k*G%F%OZ-Cp*oqUg_;C6pc*eguEs_eUa4C{W@DBtsN
z5g<x`{$u*wrg!bdeP>4%_~tN(mwo}8O+<N(?`?wuC7@IJ8u7!2%`OT31=+oORw(kY
zeY~x&mcC5ak83lwL^U<Rc|LxXTb#mUrEzH_i0?B7aUHjNUW7@g=q}r+XhT2W**--C
zsZjlK6oNBAO;vUvitd?k)g8OOH34--cX;Um3VoN#hRadxa1=?o?m!^8sxtAZG)cjm
z{62?j8R`4+d3L-PgCM_4nLV`i9jFs-o`41htla?RvLs|gEgU)lC7~05qs%dg;2Lqy
zs5gpwk1HklzqpcGB5DvNy_PP%^1tD#9LZ!2aqO~g??V6>fIUWkc;sZLY|RQQRz!tg
zv>H6+YjsF{#OIRdFw;I7%FyId89*11M7R4eR+st$|LTS02=sm4#xtxoO9j|T1camD
z<ux_3PDJ-`C`io&-*{N(gHh&%>9M-IkRS{EkODGkW5bA%DZEC^)D^R_AX&N>eU_6d
z0jMw3Z=-DU(o3tbGctQZ#$Vy2I=NP{(T>i~FC3hZ;i&!`uA=Cwzc8!UO>-AfTeVcI
zJoUt!bV&4#8pPC>&aE#Btffyc0?W{7%LnNPs%ylPI!4k()nNA9_&)Za)njWsxe-h_
z2j1YFtgu@0&>D{tb7v-T&vV_BH_YeE?X`td)7@<^Hs)B|%&EZcb)mlz`nSBRt*06G
zw{{mxVIPldYeS0{__2v_JDt*dNM^46-h6TI7;i!bTWBNP*2T^j*kaoCnh+k|@@E7v
z;Njt1yTg;MLSkZrm8`}NO$r1U^mL7fkn(q(sB;md8S$uA^i)M9q##W4v+Vs(ymJW?
z&>XSO(&%0z%KYWHEK!6#=I$r5=mC$Mv(GjEm+&y@TEt$5ZKA_+*lvb_U{UvORU2}R
z$VZ=DF3$TQVmb6#dtcgr=c78h%y1lfDpV^g*k`LMz-t@Cw`oQy9%%pgxz@3z79qxz
zu~LZ&wrXulWLra<uJ|@&{8J0JoTfhqHfga37pwkVgSzC{@E@H}qITjUE{vgI>d$CY
ze}_9MsXOuy?o~bKI8J5d;~I9-tE%@J>mmUMg4TRPl5hFd6y+rdpQV-5`FnJZgIk6?
z=HGCXpllwwjjoo~V{+4mcc^TZ96`(YduVBU0h?#jugOFB>sD<9*XMJml7|C4T2G$h
z2pS#T9+^(RR0jl~JlDj7(J<Z)C$~yc;w$jh?~n@p>iuJ;zIQ8TA65(a%*M9yfBN<C
zy4a=F66A`W$*i@0z=p*v%-}1+BhG)c)M@O>Oztgz$M3ejmgIS5<fEUy&Z@Y<gQ|@W
z^JN>zWs8-l(^uZ4e-`>Pj5%$uu$sCR|9fNpcMjK#>6Mk0*PO;8j!Vi&u}2<HiqG*!
znQ&~d>R}|`eqsq$FcWe7EkWyba+@Af=Dqo*sSu@|!sC-eZed?~{kjd~Ir52xmP$%M
zFSd-M!<pmHlDTGN{!F?t-bAQEihP1d4mGQ)5_d!&7o6e9vFSVh$5W~tXtF`|o_j|~
zbaGS5`?K_&sxUeC=H`earAP3lr9Ha*i@9`%tmBw!&MHR`cL@1Q<TAv3^DJZWmmW4s
z=aCA%XCbq~c?^bSb{AHDT%Hf@@y9DO;(w@0)SCp$R!HFUIKL1MJ1lV%yyNLTKUi8K
z?rJ=R^CoY>&<3^iGlhg+!OY@HedVx^uyyh`Evh0hg{Lv6o2wj{I@VgI$VcRi@Y`sh
zg74!9au+KSI+0K4-F_BsZPREhGPq)wQ<n<P;2i2f;8k<Np30fbm~yB|V40QumH1J#
zvY80~t%yrC!7*YTkps`_zUL86Nd#0`hz!mvOH(tv=siMwEfJ3}Gur;ecYUzTxLDPk
zC6pN{!OU93Q5{QLo<}_~cN&8|Y8mbk;s<*A)q;Y?%_Z{jrH_ek0$>TMIX%EmV__eA
zuQJiA){x1VFV6~&QOz-T*9w4{iZ~i9&p*xWky$ikRg7ps7vGbe69OdUkL=}do`f-*
z9b&t8u*|#f>Nr{=z6La8g;|mS4;_i5k)Q0G8@qyK4s@>ID_xWJuYs56Z-dYVKWb*g
z>L9Yb1%z*cKx@|uUQ4!L9&He8d#?6aj%p4AWf%ZkFg$Emz%uO!1kh{1Bmh2yLK{0^
zlP-W7ueat!0CB6>d8EjoR&xqzhrR3z!<AAWK>_-KRXI@7X+N~AfO4mkTT4WBZ$N*G
z48Y1Ht;^Q^9uHJ=2%#!gwrb1s$w$!!j~8z7q5ua(6^;rk`LiDiJOKE9JA~JRCL#15
z=l|4tA40B6%?Gd_cl!pM7T-5>I2nP=u<pRGsC>e=;CYayl~~c}L)AlC9vNk^2^a_a
z0I(M!nR$d#vbx|_4oeW}`mLgBzvcO$li6^YBINuX#~}LW@iPQ^PvPT_>lGmit9-+G
z5n0cVp$#mPm8fvEK?={WXyr;07uujVxhbKN-8#07IWzE9Yi3=kcI8Jz7uPUJo-q$j
zpgp~_Z&Rt$C!_=TOzc=1{MX0%!3AEJRJfT{EP%Ti5peS$N)k^T=~<YrMiDbq%*t4m
zgD-`p|DRFFwTiPV*%J-g`e-xi9RL_hV8rRb`j1^Gh7Cz@7!Cjp(#HUv&VLC~z~X1G
z7(#tKk4WsFS77Ab+P6{OGMK3zBk3!*g6KV6#y@0gUg{AKS#@zx?(+wL*opL>k@CZ!
ziQUmE!!euNLY0%r^=oJYbV;Qj;K=mXgwjdS>%x+1Y@C@i^UUfc(qQ5wz?Wd#&G-xz
z+4XsbQNVQm=*Rs=b}Z9C+E2t$4EapBpnXjB*V(D4d4BQBfu49Z|5q<t98ux^4zUHk
z-zq(%t}C1-fZs$6gNEtg62d7_IhfsOPv*&h>2wX=l^Eq;7hZsZMzyF>B7<2$=lDlQ
z8}?OmumB@%cF+dC>49J6$IrZ{_hhR6KNKQ2=B=Sp;iIG4VTfD0dK>e7DprWOrtkXx
zu6JbfEo~a<wNVfC0;UCv2pFa%B(mg_ssy{j0N2oIq=+Ltvf-suX{G)ZvBhbwd;%tp
zTz@6Lxp+#M_Ufg8e~%LZ@HY?y3Jh<|FJXn%q-UJ1^_N}F-UKM>$mna6Hc4I9=3Rl2
z5gTLY>Z9V}l2Ye^kdDh3a&P#!f3hZAYr+k5lOIwn>^L(EI}?!UNosu5s8}(x*JxxB
ztkZS%V8&8u3A80J^ZaSk?Of$N!skYdf8o}%exY@Qqeuzk^TT&U2Bn|3M|2htghTK}
zWp`@lonPmlU_nYC3+~p#5-zRgpLQ~**8RQd#d_mwQdDs}e`>xO%}->o^uq_uHyTy;
z2Y;(f7`HnYg83%g4sXzE1D8Y`Q*vCBnE|a(oSel13D8@dB##bbE{8KbNXLaM$V@d@
z%eq<)Oa061EBi<A!DivFK8<}r^Shb1+cx1xImBqRW_DZD_7++}BGs7mVD#dwtyJ-Q
zd}_DoN1878`^J?$X5WK{1vF>`<LT7Y&#)QU?i(L+e{4?Eh}*CJ!lfjF3uR1lViLJa
ziu7PZ56Pi%zPZ!dPbAla%t;T%KbHVEOx3ZpJ)^3SAJ^-le@nV@xKHP175v>@3yeTL
zHnc>N)(y%Ms^Z5a<~S5Ia91%z1#{yn;atNTxip}yS)d4{L=_W8j6+K(x$EglDJdA?
zF9QBb;-?j^Qn@OM|Maa92@*|s_+%(ET7kSABIx96=YvVQ#5V!0!d@`S<+g43X@Afp
zQQf!y!9E+avV5nDrYj`vFYYDLE_xDOg`?buBr#jNBZg_0IgmPeVKLlDi)Eh+E^na|
zP($Z6p7-vuls*aF1h_c8XUXqi`E92nkUILb`*G?o^qj$2D1qvDmD6O##U>m5NTP@d
zXni(!iXN{#$B2Ds*hM}$TVf!_eXe99Ve?IluhP`O-tsZ&MR2ga%WU<7H_N-f3!NG-
z;wWo_8YZMt=6Rp#z1w9EuRAUIID2^hYq&S66o~nQdYWub>Ek-xYfLJAw<Q`w)=&d&
zv3p2LS^1Rf<0yaN)REmMTkhTmH$lmQ`hHRZi(rGIz$FtDD;TKy2rLR>ktO8Kn)c}u
z1lDxx?Z^F(PssTqlaW(Bfz6;TU4_JqTErL|Qlgh|^fi^E@bFTt3EC1(P5|V0^EM>;
zYFkyp2R{;^Et!M3oMXc4mzq?DTdMQ8>JeTqQOIjCpxZ1J>MMzf{qw=%y(>4mX(60=
z1G^>!30MD)wh6`?M1OyQ#w{OadZ|d#(dAHisD9U3(3bi%5v`!;i(!vZTxB)jk@Ngq
zyghi~G-o{mq7^3|h|w~vo<*2Z4dn}Vm+7y8cZmCJBT%L>X`gwX{yIb+1*EJXF8oy5
zW3E-yswH5pj4lwSf{7V&6cNb03eF-}VDaAFN-6R0f8~JNx@lsRWlsm-GZ)m(m!i(S
z=f(cpA!-nrI~Xjd;Fh4=_N{0$oR;3o&MR2)6WTHl`|o3tysVQ4z|^(lP{@MgcA*!e
z|Bxs~J+_Io%&?5^-B=*~9nt`8Y48E7c9Y3WN0=`L%VSQq)P>r#&Gr^n2AvK#7;O;v
zKpR)C2~P-5BFQL27>SA8|4frp#-R*j5<hcT!21JuEU_PJp((HkDz^7x|80n~Z~)3`
zrhVkh|F~(?O;{R|d%8|^Evrl2q-%asnViFzcdLqbmd1fl6M9ga@4WShpTp}|$|#(w
zR&y^Kc(6bqNtcXCBfvw86sT_gviupnaj07~yuCwgORolTGFtI!JlE>d6Y}}}bIv+(
zj$lEjEY9oAMBv57ITpSFM;i*Q5pNrl!r{~(Kxz+W588#={Nlq=2F{HNIwWMYj`Ykx
zXRIZqV7zj7IQ0FHRwxGjOwt52(nrq^nM4BJJUb4pAbF8^<j%6|`=PB+wFVS#Or_nP
zqLRw3c&$5_h*M#4{_?Loun97CrIk-VrHw=RkR&j`8r$z#+J5oE`d!*U`t?j(7H7fZ
z#I5;m<XyNohFz)(p2;JJAPW))1nYLN!um3BP~F)Y#F0!l5{ysI57T|>R@~bAtq$5U
zKC87dK>jx3Pm@FfWsSH8vQR98k+e;IL148AJ(*&-@Pz_yh<>576PM=hIZd2JufIJ?
z#zSHp3Z|k)!8%#NI181jbIA2<tf1!9VFyLcl1izuv_Q;qJcH;Dx61X#$jV*nUwPA+
zLQc;n3J$M|LG;<Sz{7JuZ_cSq8`4Zd#s?amdjuNd*a%{rLif<34dK-IceH4~Mabfw
zY2P?BB+I4hmeTjEff*>>Obl7An>FD2g>F}p6~;(lS>w@tu7#gcmA6{sY0lEZUknBU
zh^-p#+^<)$6hmfpCY6>UHqLFS?R~mb>l$~}T8gTf^%iP0)};WfVcnNeN2|T(ug7-s
zC^Cm1$2nlZg>=x)B9d8eWy+a&UGf3+;h>%$eO=Ib1;=>@)8T}blzMr>CQy&<xSVN!
zq;*SwSBbZ<z@l>v!drV!#DD+Luu6v=bMm8n|9Zr@KAQnOEKb?9uQW#>n#`KIY#3lT
zF5rzz@OnaHar+6A;s+3ByExnc-{AqA6MZ$(5!L(XD2}t^nfv?f3#haAPk4PyWAWw<
wmjC@@eG_@M^hE2CXxp+!M-ShO*)gJjCDQ|KSK{4g+z$oT<_>1nCf@k}0m6m!?f?J)

diff --git a/home.admin/assets/nginx/www_blitzweb/info/index.html b/home.admin/assets/nginx/www_blitzweb/info/index.html
deleted file mode 120000
index 779063a79..000000000
--- a/home.admin/assets/nginx/www_blitzweb/info/index.html
+++ /dev/null
@@ -1 +0,0 @@
-/var/cache/raspiblitz/info.html
\ No newline at end of file
diff --git a/home.admin/assets/nginx/www_blitzweb/info/info.j2 b/home.admin/assets/nginx/www_blitzweb/info/info.j2
deleted file mode 100644
index 74b671121..000000000
--- a/home.admin/assets/nginx/www_blitzweb/info/info.j2
+++ /dev/null
@@ -1,48 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
-    <title>RaspiBlitz Status</title>
-    <link rel="stylesheet" href="status.css">
-</head>
-<body>
-
-<div class="grid-container" id="regular">
-    <div class="header">
-        <p>Info Dashboard (Updated: {{ datetime }})</p>
-    </div>
-
-    <div class="logo">
-        <img src="RaspiBlitz_Logo_Icon_Negative_Cut.png" height="310" width="196" />
-    </div>
-
-    <div class="main">
-        <p>RaspiBlitz v{{ codeVersion }} {{ hostname }}</p>
-        <p>{{ network }} Fullnode + Lightning Network {{ torInfo }}</p>
-        <p>&nbsp;<p>
-        <p>CPU load {{ load }}, temp  {{ tempC }}°C {{ tempF }}°F</p>
-        <p>Free Mem {{ ram }} HDDuse {{ hddUsedInfo }}</p>
-        <p>{{ uptime }}</p>
-        <p>ssh admin@{{ local_ip }} ▼{{ network_rx }} ▲{{ network_tx }}</p>
-        {% if runningRTL == '1' %}
-            <p>web admin --> <a href="http://{{ local_ip }}:3000">http://{{ local_ip }}:3000</a></p>
-        {% endif %}
-        <p>&nbsp;<p>
-	<p>{{ network }} {{ networkVersion }} {{ chain }}net Sync OK {{ sync_percentage }}</p>  <!-- ToDo(frennkie) this doesn't cover all cases-->
-        <p>{{ public_addr_pre }} {{ public_addr }} {{ networkConnections }} peers</p>
-        <p>&nbsp;<p>
-        <p>LND {{ ln_version }} {{ ln_baseInfo }} <p>
-        {% if ln_version|length %}
-            <p>{{ ln_channelInfo }} {{ ln_peers }} peers <p>
-        {% endif %}
-    </div>
-
-    <div class="footer">
-        {% if ln_version|length %}
-            <p>{{ ln_external }}</p>
-        {% endif %}
-    </div>
-</div>
-
-</body>
-</html>
diff --git a/home.admin/assets/nginx/www_blitzweb/info/status.css b/home.admin/assets/nginx/www_blitzweb/info/status.css
deleted file mode 100644
index e239afcc4..000000000
--- a/home.admin/assets/nginx/www_blitzweb/info/status.css
+++ /dev/null
@@ -1,48 +0,0 @@
-#regular {
-    /* The size of the LCD on shopping list */
-    width: 920px;
-    height: 440px;
-}
-
-.header {
-    grid-area: header;
-    text-align: center;
-}
-
-.logo {
-    grid-area: logo;
-    text-align: center;
-}
-
-.main {
-    grid-area: main;
-}
-
-.footer {
-    grid-area: footer;
-}
-
-.grid-container {
-    display: grid;
-    grid-template-areas: 'header header header header' 'logo main main main' 'footer footer footer footer';
-    grid-gap: 1px;
-    background-color: #02192b;
-    padding: 1px;
-}
-
-.grid-container > div {
-    background-color: rgba(0, 0, 0, 0.8);
-    padding: 4px 8px;
-    font-size: 30px;
-}
-
-body {
-    background-color: black;
-    font-family: monospace, monospace;
-    color: LightSteelBlue;
-}
-
-p {
-    font-size: 12px;
-    margin: 4px;
-}
diff --git a/home.admin/assets/nginx/www_public/index.html b/home.admin/assets/nginx/www_public/index.html
index 5167fa05a..7d0eba5bc 100644
--- a/home.admin/assets/nginx/www_public/index.html
+++ b/home.admin/assets/nginx/www_public/index.html
@@ -17,9 +17,23 @@
     <img src="img/RaspiBlitz_Logo_Main.png" class="rb_logo" alt="RaspiBlitz Logo"/>
 
     <h2 class="text-center">
-        Welcome 
+        Welcome Node Operator
     </h2>
 
+    <p id="userinfo">Please Wait ...</p>
+    <script>
+        document.getElementById("userinfo").innerHTML=window.location.hostname;
+        if (window.location.hostname.endsWith(".onion")) {
+            document.getElementById("userinfo").innerHTML="onion domain address TODO: redirect on same address to subfolder of /ui"
+        }
+        else if ((window.location.hostname.endsWith(".local")) || (window.location.hostname.split(".").length>2)) {
+            document.getElementById("userinfo").innerHTML="local domain/IP address TODO: give info on download/use Tor and offer onion address for easy copy & paste"
+        }
+        else {
+            document.getElementById("userinfo").innerHTML="unknown hostname: "+window.location.hostname
+        }
+    </script>
+
     <h4>Use one the following link to access your RaspiBlitz</h4>
     <p>
         Please be aware about HTTPS Certificate Warning! Here is some useful information on that...
diff --git a/home.admin/assets/nginx/www_blitzweb/index.html b/home.admin/assets/nginx/www_public/ui/index.html
similarity index 88%
rename from home.admin/assets/nginx/www_blitzweb/index.html
rename to home.admin/assets/nginx/www_public/ui/index.html
index 2da139ae5..f4fb2b5eb 100644
--- a/home.admin/assets/nginx/www_blitzweb/index.html
+++ b/home.admin/assets/nginx/www_public/ui/index.html
@@ -4,7 +4,7 @@
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
 
-    <title>RaspiBlitz Welcome</title>
+    <title>WebUI</title>
 
 </head>
 <body>
diff --git a/home.admin/config.scripts/blitz.debug.sh b/home.admin/config.scripts/blitz.debug.sh
index beb5f77d3..7e44897d8 100755
--- a/home.admin/config.scripts/blitz.debug.sh
+++ b/home.admin/config.scripts/blitz.debug.sh
@@ -101,6 +101,17 @@ echo "--> CHECK CONFIG: sudo nginx -t"
 sudo nginx -t
 echo ""
 
+echo "*** BLITZAPI SYSTEMD STATUS ***"
+sudo systemctl status blitzapi -n2 --no-pager
+echo ""
+
+echo "*** LAST BLITZAPI LOGS ***"
+echo "sudo journalctl -u blitzapi -b --no-pager -n20"
+sudo journalctl -u nginx -b --no-pager -n20
+echo "--> CHECK CONFIG: sudo nginx -t"
+sudo nginx -t
+echo ""
+
 if [ "${touchscreen}" = "" ] || [ "${touchscreen}" = "0" ]; then
   echo "- TOUCHSCREEN is OFF by config"
 else
diff --git a/home.admin/config.scripts/blitz.github.sh b/home.admin/config.scripts/blitz.github.sh
index 575f02a8e..f010bfca8 100755
--- a/home.admin/config.scripts/blitz.github.sh
+++ b/home.admin/config.scripts/blitz.github.sh
@@ -163,6 +163,12 @@ sudo -u admin chmod -R +x /home/admin/config.scripts
 sudo -u admin chmod -R +x /home/admin/setup.scripts
 echo "# ******************************************"
 
+echo "# Syncing Webcontent .."
+if [ -d /var/www/public ]; then
+  sudo cp -a /home/admin/assets/nginx/www_public/* /var/www/public
+  sudo chown www-data:www-data /var/www/public
+fi
+
 echo "# Checking if the content of BlitzPy changed .."
 checkSumBlitzPyAfter=$(find /home/admin/raspiblitz/home.admin/BlitzPy -type f -exec md5sum {} \; | md5sum)
 echo "# checkSumBlitzPyBefore = ${checkSumBlitzPyBefore}"
diff --git a/home.admin/config.scripts/blitz.web.api.sh b/home.admin/config.scripts/blitz.web.api.sh
new file mode 100755
index 000000000..e9345ac74
--- /dev/null
+++ b/home.admin/config.scripts/blitz.web.api.sh
@@ -0,0 +1,190 @@
+#!/usr/bin/env bash
+
+# main repo: https://github.com/fusion44/blitz_api
+
+# restart the systemd `blitzapi` when credentials of lnd or bitcoind are changeing and it will
+# excute the `update-config` automatically before restarting
+
+# TODO: On sd card install there might be no Bitcoin & Lightning confs - make sure backend runs without
+
+# command info
+if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] || [ "$1" = "-help" ]; then
+  echo "Manage RaspiBlitz Web API"
+  echo "blitz.web.api.sh on [?GITHUBUSER] [?REPO] [?BRANCH]"
+  echo "blitz.web.api.sh update-config"
+  echo "blitz.web.api.sh update-code"
+  echo "blitz.web.api.sh off"
+  exit 1
+fi
+
+DEFAULT_GITHUB_USER="fusion44"
+DEFAULT_GITHUB_REPO="blitz_api"
+DEFAULT_GITHUB_BRANCH="main"
+
+###################
+# ON / INSTALL
+###################
+if [ "$1" = "1" ] || [ "$1" = "on" ]; then
+
+  if [ "$2" != "" ]; then
+    DEFAULT_GITHUB_USER="$2"
+  fi
+
+  if [ "$3" != "" ]; then
+    DEFAULT_GITHUB_REPO="$3"
+  fi
+
+  if [ "$4" != "" ]; then
+    DEFAULT_GITHUB_BRANCH="$4"
+  fi
+
+  echo "# INSTALL Web API ..."
+  sudo apt install -y redis
+  sudo rm -r /home/admin/blitz_api 2>/dev/null
+  cd /home/admin
+  # git clone https://github.com/fusion44/blitz_api.git /home/admin/blitz_api
+  git clone https://github.com/${DEFAULT_GITHUB_USER}/${DEFAULT_GITHUB_REPO}.git /home/admin/blitz_api
+  cd blitz_api
+  git checkout ${DEFAULT_GITHUB_BRANCH}
+  pip install -r requirements.txt
+
+  # TODO: check if that manual install is still needed in a future version
+  pip install sse_starlette
+
+  # build the config and set unique secret (its OK to be a new secret every install/upadte)
+  /home/admin/config.scripts/blitz.web.api.sh update-config
+  secret=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 64 ; echo '')
+  sed -i "s/^secret=.*/secret=${secret}/g" ./.env
+
+  # prepare systemd service
+  echo "
+[Unit]
+Description=BlitzBackendAPI
+Wants=network.target
+After=network.target
+
+[Service]
+WorkingDirectory=/home/admin/blitz_api
+# before every start update the config with latest credentials/settings
+ExecStartPre=-/home/admin/config.scripts/blitz.web.api.sh update-config
+ExecStart=sudo -admin /usr/bin/python -m uvicorn main:app --reload --port 11111 --host=0.0.0.0 --root-path /api
+User=root
+Group=root
+Type=simple
+Restart=always
+StandardOutput=journal
+StandardError=journal
+
+# Hardening measures
+PrivateTmp=true
+ProtectSystem=full
+NoNewPrivileges=true
+PrivateDevices=true
+
+[Install]
+WantedBy=multi-user.target
+" | sudo tee /etc/systemd/system/blitzapi.service
+
+  sudo systemctl enable blitzapi
+  sudo systemctl start blitzapi
+
+  # TODO: remove after experimental step
+  sudo ufw allow 11111 comment 'WebAPI Develop'
+
+  # install info
+  echo "# the API should new be available under http://[LOCALHOST]/api and port 11111 for testing"
+  echo "# check for systemd:  sudo systemctl status blitzapi"
+  echo "# check for logs:     sudo journalctl -f -u blitzapi"
+
+  exit 0
+fi
+
+###################
+# UPDATE CONFIG
+###################
+if [ "$1" = "update-config" ]; then
+
+  # prepare configs data
+  source /mnt/hdd/raspiblitz.conf 2>/dev/null
+  if [ "${network}" = "" ]; then
+    network="bitcoin"
+    chain="main"
+  fi
+
+  cd /home/admin/blitz_api
+  dateStr=$(date)
+  echo "# Update Web API CONFIG (${dateStr})"
+  RPCUSER=$(sudo cat /mnt/hdd/${network}/${network}.conf | grep rpcuser | cut -c 9-)
+  RPCPASS=$(sudo cat /mnt/hdd/${network}/${network}.conf | grep rpcpassword | cut -c 13-)
+  if [ "${RPCUSER}" == "" ]; then
+    RPCUSER="raspibolt"
+  fi
+  if [ "${RPCPASS}" == "" ]; then
+    RPCPASS="passwordB"
+  fi
+  sed -i "s/^network=.*/network=mainnet/g" ./.env
+  sed -i "s/^bitcoind_ip_mainnet=.*/bitcoind_ip_mainnet=127.0.0.1/g" ./.env
+  sed -i "s/^bitcoind_ip_testnet=.*/bitcoind_ip_testnet=127.0.0.1/g" ./.env
+  sed -i "s/^bitcoind_user=.*/bitcoind_user=${RPCUSER}/g" ./.env
+  sed -i "s/^bitcoind_pw=.*/bitcoind_pw=${RPCPASS}/g" ./.env
+  
+  # configure LND
+  if [ "${lightning}" == "lnd" ]; then
+
+    echo "# CONFIG Web API Lightning --> LND"
+    tlsCert=$(sudo xxd -ps -u -c 1000 /mnt/hdd/lnd/tls.cert)
+    adminMacaroon=$(sudo xxd -ps -u -c 1000 /mnt/hdd/lnd/data/chain/bitcoin/mainnet/admin.macaroon)
+    sed -i "s/^ln_node=.*/ln_node=lnd/g" ./.env
+    sed -i "s/^lnd_grpc_ip=.*/lnd_grpc_ip=127.0.0.1/g" ./.env
+    sed -i "s/^lnd_macaroon=.*/lnd_macaroon=${adminMacaroon}/g" ./.env
+    sed -i "s/^lnd_cert=.*/lnd_cert=${tlsCert}/g" ./.env
+
+  # configure CLN
+  elif [ "${lightning}" == "cln" ]; then
+    
+    echo "# CONFIG Web API Lightning --> CLN"
+    sed -i "s/^ln_node=.*/ln_node=cln/g" ./.env
+    
+    # TODO: ADD C-Lightning config as soon as available
+    echo "# MISSING CLN CONFIG YET"
+
+  else
+    echo "# CONFIG Web API Lightning --> OFF"
+    sed -i "s/^ln_node=.*/ln_node=/g" ./.env
+  fi
+
+  echo "# '.env' config updates - blitzapi maybe needs to be restarted"
+  exit 0
+
+fi
+
+###################
+# UPDATE CODE
+###################
+if [ "$1" = "update-code" ]; then
+
+  echo "# Update Web API CODE"
+  sudo systemctl stop blitzapi
+  cd /home/admin/blitz_api
+  git fetch
+  git pull
+  pip install -r requirements.txt
+  sudo systemctl start blitzapi
+  echo "# blitzapi updates and restarted"
+  exit 0
+
+fi
+
+###################
+# OFF / UNINSTALL
+###################
+if [ "$1" = "0" ] || [ "$1" = "off" ]; then
+
+  echo "# UNINSTALL Web API"
+  sudo systemctl stop blitzapi
+  sudo systemctl disable blitzapi
+  sudo rm /etc/systemd/system/blitzapi.service
+  sudo rm -r /home/admin/blitz_api
+  exit 0
+
+fi
diff --git a/home.admin/config.scripts/blitz.web.sh b/home.admin/config.scripts/blitz.web.sh
index 1891cee86..fc42418d6 100755
--- a/home.admin/config.scripts/blitz.web.sh
+++ b/home.admin/config.scripts/blitz.web.sh
@@ -1,5 +1,7 @@
 #!/usr/bin/env bash
 
+# TODO: later on this script will be run on build sdcard - make sure that the self-signed tls cert get created fresh on every new RaspiBlitz
+
 source /mnt/hdd/raspiblitz.conf
 
 # command info
@@ -8,98 +10,9 @@ if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] || [ "$1" = "-help" ];
   printf "blitz.web.sh check \t\tprint operational nginx listen status (lsof)\n"
   printf "blitz.web.sh on \t\tturn on\n"
   printf "blitz.web.sh off \t\tturn off\n"
-  printf "blitz.web.sh listen localhost \tset port 443 to localhost only\n"
-  printf "blitz.web.sh listen any \tset port 443 to any\n"
   exit 1
 fi
 
-# using ${APOST} is a workaround to be able to use sed with '
-APOST=\'  # close tag for linters: '
-
-
-###################
-# FUNCTIONS
-###################
-function set_nginx_blitzweb_listen() {
-   # first parameter to function should be either "localhost" or "any"
-   listen_to=${1}
-
-   if [ -f "/etc/nginx/sites-available/blitzweb.conf" ]; then
-       if ! grep -Eq '^\s*#?\s*listen 127.0.0.1:443 ssl default_server;$' /etc/nginx/sites-available/blitzweb.conf; then
-           echo "Error: missing expected line for: lo:v4 https"
-           exit 1
-       else
-           if grep -Eq '^\s*#\s*listen 127.0.0.1:443 ssl default_server;$' /etc/nginx/sites-available/blitzweb.conf; then
-           #echo "found: lo:v4 https (disabled line)"
-               if [ ${listen_to} = "localhost" ]; then
-                   sudo sed -i -E 's/#\s*(listen 127.0.0.1:443 ssl default_server;)/\1/g' /etc/nginx/sites-available/blitzweb.conf
-               fi
-           else
-               #echo "found: lo:v4 https (enabled line)"
-               if [ ${listen_to} = "any" ]; then
-                   sudo sed -i -E 's/(listen 127.0.0.1:443 ssl default_server;)/#\1/g' /etc/nginx/sites-available/blitzweb.conf
-               fi
-          fi
-
-       fi
-
-       if ! grep -Eq '^\s*#?\s*listen \[::1\]:443 ssl default_server;$' /etc/nginx/sites-available/blitzweb.conf; then
-           echo "Error: missing expected line for: lo:v6 https"
-           exit 1
-       else
-           if grep -Eq '^\s*#\s*listen \[::1\]:443 ssl default_server;$' /etc/nginx/sites-available/blitzweb.conf; then
-               #echo "found: lo:v6 https (disabled line)"
-               if [ ${listen_to} = "localhost" ]; then
-                   sudo sed -i -E 's/#\s*(listen \[::1\]:443 ssl default_server;)/\1/g' /etc/nginx/sites-available/blitzweb.conf
-               fi
-           else
-               #echo "found: lo:v6 https (enabled line)"
-               if [ ${listen_to} = "any" ]; then
-                   sudo sed -i -E 's/(listen \[::1\]:443 ssl default_server;)/#\1/g' /etc/nginx/sites-available/blitzweb.conf
-               fi
-           fi
-
-       fi
-
-       if ! grep -Eq '^\s*#?\s*listen 443 ssl default_server;$' /etc/nginx/sites-available/blitzweb.conf; then
-           echo "Error: missing expected line for: any:v4 https"
-           exit 1
-       else
-           if grep -Eq '^\s*#\s*listen 443 ssl default_server;$' /etc/nginx/sites-available/blitzweb.conf; then
-               #echo "found: any:v4 https (disabled line)"
-               if [ ${listen_to} = "any" ]; then
-                   sudo sed -i -E 's/#\s*(listen 443 ssl default_server;)/\1/g' /etc/nginx/sites-available/blitzweb.conf
-               fi
-           else
-               #echo "found: any:v4 https (enabled line)"
-               if [ ${listen_to} = "localhost" ]; then
-                   sudo sed -i -E 's/(listen 443 ssl default_server;)/#\1/g' /etc/nginx/sites-available/blitzweb.conf
-               fi
-           fi
-
-       fi
-
-       if ! grep -Eq '^\s*#?\s*listen \[::\]:443 ssl default_server;$' /etc/nginx/sites-available/blitzweb.conf; then
-           echo "Error: missing expected line for: any:v6 https"
-           exit 1
-       else
-           if grep -Eq '^\s*#\s*listen \[::\]:443 ssl default_server;$' /etc/nginx/sites-available/blitzweb.conf; then
-               #echo "found: any:v6 https (disabled line)"
-               if [ ${listen_to} = "any" ]; then
-                   sudo sed -i -E 's/#\s*(listen \[::\]:443 ssl default_server;)/\1/g' /etc/nginx/sites-available/blitzweb.conf
-               fi
-           else
-               #echo "found: any:v6 https (enabled line)"
-               if [ ${listen_to} = "localhost" ]; then
-                   sudo sed -i -E 's/(listen \[::\]:443 ssl default_server;)/#\1/g' /etc/nginx/sites-available/blitzweb.conf
-               fi
-           fi
-       fi
-   fi
-}
-
-
-
 ###################
 # CHECK
 ###################
@@ -145,6 +58,7 @@ EOF
     sudo sed -i -E '/^.*server_names_hash_bucket_size [0-9]*;$/a \\tserver_names_hash_bucket_size 128;' /etc/nginx/nginx.conf
   fi
 
+  echo "# Checking dhparam.pem ..."
   if [ ! -f /etc/ssl/certs/dhparam.pem ]; then
 
     # check if there is a user generated dhparam.pem on the HDD to use
@@ -162,6 +76,8 @@ EOF
       sudo cp /mnt/hdd/app-data/nginx/dhparam.pem /etc/ssl/certs/dhparam.pem
     fi
 
+  else
+    echo "# skip - dhparam.pem exists"
   fi
 
   sudo cp /home/admin/assets/nginx/snippets/* /etc/nginx/snippets/
@@ -171,7 +87,10 @@ EOF
   sudo rm -f /var/www/html/index.nginx-debian.html
 
   if ! [ -f /etc/nginx/sites-available/public.conf ]; then
+    echo "# copy /etc/nginx/sites-available/public.conf"
     sudo cp /home/admin/assets/nginx/sites-available/public.conf /etc/nginx/sites-available/public.conf
+  else
+    echo "# exists /etc/nginx/sites-available/public.conf"
   fi
 
   if ! [ -d /var/www/letsencrypt/.well-known/acme-challenge ]; then
@@ -183,32 +102,38 @@ EOF
 
   # copy webroot
   if ! [ -d /var/www/public ]; then
+    echo "# copy /var/www/public"
     sudo cp -a /home/admin/assets/nginx/www_public/ /var/www/public
     sudo chown www-data:www-data /var/www/public
+  else
+    echo "# exists /var/www/public"
   fi
 
   sudo ln -sf /etc/nginx/sites-available/public.conf /etc/nginx/sites-enabled/public.conf
 
   ### RaspiBlitz Webserver on HTTPS 443
 
-  # copy webroot
-  if ! [ -d /var/www/blitzweb ]; then
-      sudo cp -a /home/admin/assets/nginx/www_blitzweb/ /var/www/blitzweb
-      sudo chown www-data:www-data /var/www/blitzweb
+  # copy compiled webUI (TODO: do later)
+  if ! [ -d /var/www/public/ui ]; then
+      echo "# copy precompiled webui TODO: implement"
+      sudo cp -a /home/admin/blitz_web_compiled /var/www/public/ui
+      sudo chown www-data:www-data /var/www/public/ui
+  else
+    echo "# exists /var/www/public/ui"
   fi
 
-  # make sure jinja2 is installed and install j2cli
-  sudo apt-get install -y python3-jinja2
-  sudo -H python3 -m pip install j2cli
+  if ! [ -f /mnt/hdd/app-data/nginx/tls.cert ];then
 
-  if [ -f /mnt/hdd/app-data/nginx/tls.cert ];then
     if [ -f /mnt/hdd/lnd/tls.cert ]; then
       # use LND cert by default
+      echo "# use LND cert for: /mnt/hdd/app-data/nginx/tls.cert"
       sudo ln -sf /mnt/hdd/lnd/tls.cert /mnt/hdd/app-data/nginx/tls.cert
       sudo ln -sf /mnt/hdd/lnd/tls.key /mnt/hdd/app-data/nginx/tls.key
       sudo ln -sf /mnt/hdd/lnd/tls.cert /mnt/hdd/app-data/nginx/tor_tls.cert
       sudo ln -sf /mnt/hdd/lnd/tls.key /mnt/hdd/app-data/nginx/tor_tls.key
     else 
+      echo "# exists /mnt/hdd/app-data/nginx/tls.cert"
+
       # create a self-signed cert if the LND cert is not present
       /home/admin/config.scripts/internet.selfsignedcert.sh   
   
@@ -221,21 +146,8 @@ EOF
       sudo ln -sf /mnt/hdd/app-data/selfsignedcert/selfsigned.key \
                   /mnt/hdd/app-data/nginx/tor_tls.key
     fi
-  fi
-
-  # config
-  sudo cp /home/admin/assets/blitzweb.conf /etc/nginx/sites-available/blitzweb.conf
-  sudo ln -sf /etc/nginx/sites-available/blitzweb.conf /etc/nginx/sites-enabled/
-
-  if ! [ -f /etc/nginx/.htpasswd ]; then
-    PASSWORD_B=$(sudo cat /mnt/hdd/${network}/${network}.conf | grep rpcpassword | cut -c 13-)
-    echo "${PASSWORD_B}" | sudo htpasswd -c -i /etc/nginx/.htpasswd admin
-    sudo chown www-data:www-data /etc/nginx/.htpasswd
-    sudo chmod 640 /etc/nginx/.htpasswd
-
   else
-    sudo chown www-data:www-data /etc/nginx/.htpasswd
-    sudo chmod 640 /etc/nginx/.htpasswd
+    echo "# exists /mnt/hdd/app-data/nginx/tls.cert"
   fi
 
   # restart NGINX
@@ -252,19 +164,6 @@ elif [ "$1" = "0" ] || [ "$1" = "off" ]; then
   sudo systemctl stop nginx
   sudo systemctl disable nginx >/dev/null
 
-
-###################
-# LISTEN
-###################
-elif [ "$1" = "listen" ]; then
-
-  if [ "$2" = "localhost" ] || [ "$2" = "any" ]; then
-    echo "Setting NGINX to listen on: ${2}"
-    set_nginx_blitzweb_listen "${2}"
-  else
-    echo "# FAIL: parameter not known - run with -h for help"
-  fi
-
 else
   echo "# FAIL: parameter not known - run with -h for help"
 fi
diff --git a/home.admin/config.scripts/blitz.web.ui.sh b/home.admin/config.scripts/blitz.web.ui.sh
new file mode 100755
index 000000000..ecda65cef
--- /dev/null
+++ b/home.admin/config.scripts/blitz.web.ui.sh
@@ -0,0 +1,96 @@
+#!/usr/bin/env bash
+
+# TODO: Later use for default install (when no github parameters are given) a precompiled version
+# that comes with the repo so that the user does not need to install node
+# use fro that then: yarn build:production & yarn licenses generate-disclaimer
+
+# TODO: Put WebUI into / base directory of nginx and let the index.html of the webUI handle
+# the Tor detection or build it directly into the WebUI
+
+# command info
+if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] || [ "$1" = "-help" ]; then
+  echo "Manage RaspiBlitz Web UI"
+  echo "blitz.web.ui.sh on [?GITHUBUSER] [?REPO] [?BRANCH]"
+  echo "blitz.web.ui.sh update"
+  echo "blitz.web.ui.sh off"
+  exit 1
+fi
+
+DEFAULT_GITHUB_USER="cstenglein"
+DEFAULT_GITHUB_REPO="raspiblitz-web"
+DEFAULT_GITHUB_BRANCH="master"
+
+###################
+# ON / INSTALL
+###################
+if [ "$1" = "1" ] || [ "$1" = "on" ]; then
+
+  if [ "$2" != "" ]; then
+    DEFAULT_GITHUB_USER="$2"
+  fi
+
+  if [ "$3" != "" ]; then
+    DEFAULT_GITHUB_REPO="$3"
+  fi
+
+  if [ "$4" != "" ]; then
+    DEFAULT_GITHUB_BRANCH="$4"
+  fi
+
+  echo "# INSTALL WebUI"
+  sudo rm -r /home/admin/blitz_web 2>/dev/null
+  cd /home/admin
+  # git clone https://github.com/cstenglein/raspiblitz-web.git /home/admin/blitz_web
+  git clone https://github.com/${DEFAULT_GITHUB_USER}/${DEFAULT_GITHUB_REPO}.git /home/admin/blitz_web
+  cd blitz_web
+  git checkout ${DEFAULT_GITHUB_BRANCH}
+
+  echo "# Compile WebUI"
+  /home/admin/config.scripts/bonus.nodejs.sh on
+  source <(/home/admin/config.scripts/bonus.nodejs.sh info)
+  sudo npm install --global yarn
+  ${NODEPATH}/yarn install
+  ${NODEPATH}/yarn build
+
+  sudo rm -r /var/www/public/* 2>/dev/null
+  sudo cp -r /home/admin/blitz_web/build/* /var/www/public
+  sudo chown www-data:www-data -R /var/www/public
+
+  exit 1
+fi
+
+###################
+# UPDATE
+###################
+if [ "$1" = "update" ]; then
+
+  echo "# Update Web API"
+  cd /home/admin/blitz_web
+  git fetch
+  git pull
+  source <(/home/admin/config.scripts/bonus.nodejs.sh info)
+  ${NODEPATH}/yarn install
+  ${NODEPATH}/yarn build
+  sudo rm -r /var/www/public/* 2>/dev/null
+  sudo cp -r /home/admin/blitz_web/build/* /var/www/public
+  sudo chown www-data:www-data -R /var/www/public
+  echo "# blitzapi updates and restarted"
+  exit 0
+
+fi
+
+###################
+# OFF / UNINSTALL
+###################
+if [ "$1" = "0" ] || [ "$1" = "off" ]; then
+
+  echo "# UNINSTALL WebUI"
+  sudo rm -r /home/admin/blitz_web 2>/dev/null
+  sudo rm -r /var/www/public/* 2>/dev/null
+  exit 0
+fi
+
+
+
+
+
diff --git a/home.admin/config.scripts/bonus.nodejs.sh b/home.admin/config.scripts/bonus.nodejs.sh
index 2dd0cb9c4..0b6410c98 100755
--- a/home.admin/config.scripts/bonus.nodejs.sh
+++ b/home.admin/config.scripts/bonus.nodejs.sh
@@ -9,10 +9,36 @@ CHECKSUM_linux_x64="ed01043751f86bb534d8c70b16ab64c956af88fd35a9506b7e4a68f5b824
 # command info
 if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
  echo "config script to install NodeJs $VERSION"
- echo "bonus.nodejs.sh [on|off]"
+ echo "bonus.nodejs.sh [on|off|info]"
  exit 1
 fi
 
+ # determine nodeJS VERSION and DISTRO
+isARM=$(uname -m | grep -c 'arm')
+isAARCH64=$(uname -m | grep -c 'aarch64')
+isX86_64=$(uname -m | grep -c 'x86_64')
+if [ ${isARM} -eq 1 ] ; then
+  DISTRO="linux-armv7l"
+  CHECKSUM="${CHECKSUM_linux_armv7l}"
+elif [ ${isAARCH64} -eq 1 ] ; then
+  DISTRO="linux-arm64"
+  CHECKSUM="${CHECKSUM_linux_arm64}"
+elif [ ${isX86_64} -eq 1 ] ; then
+  DISTRO="linux-x64"
+  CHECKSUM="${CHECKSUM_linux_x64}"
+elif [ ${#DISTRO} -eq 0 ]; then
+  echo "# FAIL: Was not able to determine architecture"
+  exit 1
+fi
+
+# info
+if [ "$1" = "info" ]; then
+  echo "NODEVERSION='${VERSION}'"
+  echo "NODEDISTRO='${DISTRO}'"
+  echo "NODEPATH='/usr/local/lib/nodejs/node-$VERSION-$DISTRO/bin'"
+  exit 0
+fi
+
 # switch on
 if [ "$1" = "1" ] || [ "$1" = "on" ]; then
   # check if nodeJS was installed
@@ -20,34 +46,15 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
   if ! [ ${nodeJSInstalled} -eq 0 ]; then
     echo "nodeJS is already installed"
   else
-    # determine nodeJS VERSION and DISTRO
-    echo "Detect CPU architecture ..."
-    isARM=$(uname -m | grep -c 'arm')
-    isAARCH64=$(uname -m | grep -c 'aarch64')
-    isX86_64=$(uname -m | grep -c 'x86_64')
-        
-    if [ ${isARM} -eq 1 ] ; then
-      DISTRO="linux-armv7l"
-      CHECKSUM="${CHECKSUM_linux_armv7l}"
-    elif [ ${isAARCH64} -eq 1 ] ; then
-      DISTRO="linux-arm64"
-      CHECKSUM="${CHECKSUM_linux_arm64}"
-    elif [ ${isX86_64} -eq 1 ] ; then
-      DISTRO="linux-x64"
-      CHECKSUM="${CHECKSUM_linux_x64}"
-    elif [ ${#DISTRO} -eq 0 ]; then
-      echo "FAIL: Was not able to determine architecture"
-      exit 1
-    fi
+
+    # install latest nodejs
+    # https://github.com/nodejs/help/wiki/Installation
+    echo "*** Install NodeJS $VERSION-$DISTRO ***"
     echo "VERSION: ${VERSION}"
     echo "DISTRO: ${DISTRO}"
     echo "CHECKSUM: ${CHECKSUM}"
     echo ""
-  
-    # install latest nodejs
-    # https://github.com/nodejs/help/wiki/Installation
-    echo "*** Install NodeJS $VERSION-$DISTRO ***"
-  
+
     # download
     cd /home/admin/download
     wget https://nodejs.org/dist/$VERSION/node-$VERSION-$DISTRO.tar.xz
@@ -69,7 +76,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
     sudo ln -sf /usr/local/lib/nodejs/node-$VERSION-$DISTRO/bin/npm /usr/bin/npm
     sudo ln -sf /usr/local/lib/nodejs/node-$VERSION-$DISTRO/bin/npx /usr/bin/npx
     # add to PATH permanently
-    sudo bash -c "echo 'PATH=\$PATH:/usr/local/lib/nodejs/node-\$VERSION-\$DISTRO/bin/' >> /etc/profile"
+    sudo bash -c "echo 'PATH=\$PATH:/usr/local/lib/nodejs/node-${VERSION}-${DISTRO}/bin/' >> /etc/profile"
     echo ""
   
     # check if nodeJS was installed
diff --git a/home.admin/config.scripts/lnd.export.sh b/home.admin/config.scripts/lnd.export.sh
index 245fdc45a..830810d74 100755
--- a/home.admin/config.scripts/lnd.export.sh
+++ b/home.admin/config.scripts/lnd.export.sh
@@ -62,17 +62,17 @@ elif [ "${exportType}" = "hexstring" ]; then
   clear
   echo "###### HEXSTRING EXPORT ######"
   echo ""
-  echo "admin.macaroon:"
-  sudo xxd -ps -u -c 1000 /mnt/hdd/lnd/data/chain/${network}/${chain}net/admin.macaroon
+  adminMacaroon=$(sudo xxd -ps -u -c 1000 /mnt/hdd/lnd/data/chain/${network}/${chain}net/admin.macaroon)
+  echo "adminMacaroon=${adminMacaroon}"
   echo ""
-  echo "invoice.macaroon:"
-  sudo xxd -ps -u -c 1000 /mnt/hdd/lnd/data/chain/${network}/${chain}net/invoice.macaroon
+  invoiceMacaroon=$(sudo xxd -ps -u -c 1000 /mnt/hdd/lnd/data/chain/${network}/${chain}net/invoice.macaroon)
+  echo "invoiceMacaroon=${invoiceMacaroon}"
   echo ""
-  echo "readonly.macaroon:"
-  sudo xxd -ps -u -c 1000 /mnt/hdd/lnd/data/chain/${network}/${chain}net/readonly.macaroon
+  readonlyMacaroon=$(sudo xxd -ps -u -c 1000 /mnt/hdd/lnd/data/chain/${network}/${chain}net/readonly.macaroon)
+  echo "readonlyMacaroon=${readonlyMacaroon}"
   echo ""
-  echo "tls.cert:"
-  sudo xxd -ps -u -c 1000 /mnt/hdd/lnd/tls.cert
+  tlsCert=$(sudo xxd -ps -u -c 1000 /mnt/hdd/lnd/tls.cert)
+  echo "tlsCert=${tlsCert}"
   echo ""
 
 ########################