highperfocused/raspiblitz
1
0
Fork 0
mirror of https://github.com/raspiblitz/raspiblitz.git synced 2025-09-29 13:02:35 +02:00
Code Issues Packages Projects Releases Wiki Activity

#2425 Adding experimental Blitz WebUI & API (#2426)

Browse Source
This commit is contained in:
/rootzoll
2021-07-20 16:57:41 +02:00
committed by GitHub
parent d98ce4d601
commit 2434875723
16 changed files with 395 additions and 307 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
home.admin/assets/blitzweb.conf
View File

@@ -1,44 +0,0 @@
## RaspiBlitz NGINX config: blitzweb.conf
server {
# localhost only
listen 127.0.0.1:443 ssl default_server;
listen [::1]:443 ssl default_server;
# any interface
#listen 443 ssl default_server;
#listen [::]:443 ssl default_server;
server_name _;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED";
add_header Strict-Transport-Security "max-age=31536000";
# ToDo(frennkie) if /mnt/hdd/app-data is missing (e.g. no disk) this will cause nginx to fail!
ssl_certificate /mnt/hdd/app-data/nginx/tls.cert;
ssl_certificate_key /mnt/hdd/app-data/nginx/tls.key;
##
# Logging Settings
##
access_log /var/log/nginx/access_raspiblitz.log;
error_log /var/log/nginx/error_raspiblitz.log;
root /var/www/blitzweb;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
location /info/ {
auth_basic "BlitzWeb (admin:Password B)";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}

18
home.admin/assets/nginx/sites-available/public.conf
View File

@@ -4,17 +4,23 @@ server {
listen 80 default_server; listen 80 default_server;
listen [::]:80 default_server; listen [::]:80 default_server;
root /var/www/public;
index index.html;
server_name _;
# proxy for API
location /api/ {
proxy_pass http://127.0.0.1:11111/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
}
# directory for acme challenge
location ^~ /.well-known/acme-challenge/ { location ^~ /.well-known/acme-challenge/ {
default_type "text/plain"; default_type "text/plain";
root /var/www/letsencrypt; root /var/www/letsencrypt;
} }
root /var/www/public;
index index.html;
server_name _;
location / { location / {
# make sure to have https link to exact same host that was called # make sure to have https link to exact same host that was called
sub_filter '<a href="https://HOST_SET_BY_NGINX/' '<a href="https://$host/'; sub_filter '<a href="https://HOST_SET_BY_NGINX/' '<a href="https://$host/';

BIN
home.admin/assets/nginx/www_blitzweb/favicon.ico
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.1 KiB

BIN
home.admin/assets/nginx/www_blitzweb/info/RaspiBlitz_Logo_Icon_Negative_Cut.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 5.8 KiB

1
home.admin/assets/nginx/www_blitzweb/info/index.html
View File

@@ -1 +0,0 @@
/var/cache/raspiblitz/info.html

48
home.admin/assets/nginx/www_blitzweb/info/info.j2
View File

@@ -1,48 +0,0 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<title>RaspiBlitz Status</title>
<link rel="stylesheet" href="status.css">
</head>
<body>
<div class="grid-container" id="regular">
<div class="header">
<p>Info Dashboard (Updated: {{ datetime }})</p>
</div>
<div class="logo">
<img src="RaspiBlitz_Logo_Icon_Negative_Cut.png" height="310" width="196" />
</div>
<div class="main">
<p>RaspiBlitz v{{ codeVersion }} {{ hostname }}</p>
<p>{{ network }} Fullnode + Lightning Network {{ torInfo }}</p>
<p>&nbsp;<p>
<p>CPU load {{ load }}, temp {{ tempC }}°C {{ tempF }}°F</p>
<p>Free Mem {{ ram }} HDDuse {{ hddUsedInfo }}</p>
<p>{{ uptime }}</p>
<p>ssh admin@{{ local_ip }} ▼{{ network_rx }} ▲{{ network_tx }}</p>
{% if runningRTL == '1' %}
<p>web admin --> <a href="http://{{ local_ip }}:3000">http://{{ local_ip }}:3000</a></p>
{% endif %}
<p>&nbsp;<p>
<p>{{ network }} {{ networkVersion }} {{ chain }}net Sync OK {{ sync_percentage }}</p> <!-- ToDo(frennkie) this doesn't cover all cases-->
<p>{{ public_addr_pre }} {{ public_addr }} {{ networkConnections }} peers</p>
<p>&nbsp;<p>
<p>LND {{ ln_version }} {{ ln_baseInfo }} <p>
{% if ln_version|length %}
<p>{{ ln_channelInfo }} {{ ln_peers }} peers <p>
{% endif %}
</div>
<div class="footer">
{% if ln_version|length %}
<p>{{ ln_external }}</p>
{% endif %}
</div>
</div>
</body>
</html>

48
home.admin/assets/nginx/www_blitzweb/info/status.css
View File

@@ -1,48 +0,0 @@
#regular {
/* The size of the LCD on shopping list */
width: 920px;
height: 440px;
}
.header {
grid-area: header;
text-align: center;
}
.logo {
grid-area: logo;
text-align: center;
}
.main {
grid-area: main;
}
.footer {
grid-area: footer;
}
.grid-container {
display: grid;
grid-template-areas: 'header header header header' 'logo main main main' 'footer footer footer footer';
grid-gap: 1px;
background-color: #02192b;
padding: 1px;
}
.grid-container > div {
background-color: rgba(0, 0, 0, 0.8);
padding: 4px 8px;
font-size: 30px;
}
body {
background-color: black;
font-family: monospace, monospace;
color: LightSteelBlue;
}
p {
font-size: 12px;
margin: 4px;
}

16
home.admin/assets/nginx/www_public/index.html
View File

@@ -17,9 +17,23 @@
<img src="img/RaspiBlitz_Logo_Main.png" class="rb_logo" alt="RaspiBlitz Logo"/> <img src="img/RaspiBlitz_Logo_Main.png" class="rb_logo" alt="RaspiBlitz Logo"/>
<h2 class="text-center"> <h2 class="text-center">
Welcome Welcome Node Operator
</h2> </h2>
<p id="userinfo">Please Wait ...</p>
<script>
document.getElementById("userinfo").innerHTML=window.location.hostname;
if (window.location.hostname.endsWith(".onion")) {
document.getElementById("userinfo").innerHTML="onion domain address TODO: redirect on same address to subfolder of /ui"
}
else if ((window.location.hostname.endsWith(".local")) || (window.location.hostname.split(".").length>2)) {
document.getElementById("userinfo").innerHTML="local domain/IP address TODO: give info on download/use Tor and offer onion address for easy copy & paste"
}
else {
document.getElementById("userinfo").innerHTML="unknown hostname: "+window.location.hostname
}
</script>
<h4>Use one the following link to access your RaspiBlitz</h4> <h4>Use one the following link to access your RaspiBlitz</h4>
<p> <p>
Please be aware about HTTPS Certificate Warning! Here is some useful information on that... Please be aware about HTTPS Certificate Warning! Here is some useful information on that...

2
home.admin/assets/nginx/www_blitzweb/index.html → home.admin/assets/nginx/www_public/ui/index.html
View File

@@ -4,7 +4,7 @@
<meta charset="UTF-8"> <meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<title>RaspiBlitz Welcome</title> <title>WebUI</title>
</head> </head>
<body> <body>

11
home.admin/config.scripts/blitz.debug.sh
View File

@@ -101,6 +101,17 @@ echo "--> CHECK CONFIG: sudo nginx -t"
sudo nginx -t sudo nginx -t
echo "" echo ""
echo "*** BLITZAPI SYSTEMD STATUS ***"
sudo systemctl status blitzapi -n2 --no-pager
echo ""
echo "*** LAST BLITZAPI LOGS ***"
echo "sudo journalctl -u blitzapi -b --no-pager -n20"
sudo journalctl -u nginx -b --no-pager -n20
echo "--> CHECK CONFIG: sudo nginx -t"
sudo nginx -t
echo ""
if [ "${touchscreen}" = "" ] || [ "${touchscreen}" = "0" ]; then if [ "${touchscreen}" = "" ] || [ "${touchscreen}" = "0" ]; then
echo "- TOUCHSCREEN is OFF by config" echo "- TOUCHSCREEN is OFF by config"
else else

6
home.admin/config.scripts/blitz.github.sh
View File

@@ -163,6 +163,12 @@ sudo -u admin chmod -R +x /home/admin/config.scripts
sudo -u admin chmod -R +x /home/admin/setup.scripts sudo -u admin chmod -R +x /home/admin/setup.scripts
echo "# ******************************************" echo "# ******************************************"
echo "# Syncing Webcontent .."
if [ -d /var/www/public ]; then
sudo cp -a /home/admin/assets/nginx/www_public/* /var/www/public
sudo chown www-data:www-data /var/www/public
fi
echo "# Checking if the content of BlitzPy changed .." echo "# Checking if the content of BlitzPy changed .."
checkSumBlitzPyAfter=$(find /home/admin/raspiblitz/home.admin/BlitzPy -type f -exec md5sum {} \; | md5sum) checkSumBlitzPyAfter=$(find /home/admin/raspiblitz/home.admin/BlitzPy -type f -exec md5sum {} \; | md5sum)
echo "# checkSumBlitzPyBefore = ${checkSumBlitzPyBefore}" echo "# checkSumBlitzPyBefore = ${checkSumBlitzPyBefore}"

190
home.admin/config.scripts/blitz.web.api.sh Executable file
View File

@@ -0,0 +1,190 @@
#!/usr/bin/env bash
# main repo: https://github.com/fusion44/blitz_api
# restart the systemd `blitzapi` when credentials of lnd or bitcoind are changeing and it will
# excute the `update-config` automatically before restarting
# TODO: On sd card install there might be no Bitcoin & Lightning confs - make sure backend runs without
# command info
if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] || [ "$1" = "-help" ]; then
echo "Manage RaspiBlitz Web API"
echo "blitz.web.api.sh on [?GITHUBUSER] [?REPO] [?BRANCH]"
echo "blitz.web.api.sh update-config"
echo "blitz.web.api.sh update-code"
echo "blitz.web.api.sh off"
exit 1
fi
DEFAULT_GITHUB_USER="fusion44"
DEFAULT_GITHUB_REPO="blitz_api"
DEFAULT_GITHUB_BRANCH="main"
###################
# ON / INSTALL
###################
if [ "$1" = "1" ] || [ "$1" = "on" ]; then
if [ "$2" != "" ]; then
DEFAULT_GITHUB_USER="$2"
fi
if [ "$3" != "" ]; then
DEFAULT_GITHUB_REPO="$3"
fi
if [ "$4" != "" ]; then
DEFAULT_GITHUB_BRANCH="$4"
fi
echo "# INSTALL Web API ..."
sudo apt install -y redis
sudo rm -r /home/admin/blitz_api 2>/dev/null
cd /home/admin
# git clone https://github.com/fusion44/blitz_api.git /home/admin/blitz_api
git clone https://github.com/${DEFAULT_GITHUB_USER}/${DEFAULT_GITHUB_REPO}.git /home/admin/blitz_api
cd blitz_api
git checkout ${DEFAULT_GITHUB_BRANCH}
pip install -r requirements.txt
# TODO: check if that manual install is still needed in a future version
pip install sse_starlette
# build the config and set unique secret (its OK to be a new secret every install/upadte)
/home/admin/config.scripts/blitz.web.api.sh update-config
secret=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 64 ; echo '')
sed -i "s/^secret=.*/secret=${secret}/g" ./.env
# prepare systemd service
echo "
[Unit]
Description=BlitzBackendAPI
Wants=network.target
After=network.target
[Service]
WorkingDirectory=/home/admin/blitz_api
# before every start update the config with latest credentials/settings
ExecStartPre=-/home/admin/config.scripts/blitz.web.api.sh update-config
ExecStart=sudo -admin /usr/bin/python -m uvicorn main:app --reload --port 11111 --host=0.0.0.0 --root-path /api
User=root
Group=root
Type=simple
Restart=always
StandardOutput=journal
StandardError=journal
# Hardening measures
PrivateTmp=true
ProtectSystem=full
NoNewPrivileges=true
PrivateDevices=true
[Install]
WantedBy=multi-user.target
" | sudo tee /etc/systemd/system/blitzapi.service
sudo systemctl enable blitzapi
sudo systemctl start blitzapi
# TODO: remove after experimental step
sudo ufw allow 11111 comment 'WebAPI Develop'
# install info
echo "# the API should new be available under http://[LOCALHOST]/api and port 11111 for testing"
echo "# check for systemd: sudo systemctl status blitzapi"
echo "# check for logs: sudo journalctl -f -u blitzapi"
exit 0
fi
###################
# UPDATE CONFIG
###################
if [ "$1" = "update-config" ]; then
# prepare configs data
source /mnt/hdd/raspiblitz.conf 2>/dev/null
if [ "${network}" = "" ]; then
network="bitcoin"
chain="main"
fi
cd /home/admin/blitz_api
dateStr=$(date)
echo "# Update Web API CONFIG (${dateStr})"
RPCUSER=$(sudo cat /mnt/hdd/${network}/${network}.conf | grep rpcuser | cut -c 9-)
RPCPASS=$(sudo cat /mnt/hdd/${network}/${network}.conf | grep rpcpassword | cut -c 13-)
if [ "${RPCUSER}" == "" ]; then
RPCUSER="raspibolt"
fi
if [ "${RPCPASS}" == "" ]; then
RPCPASS="passwordB"
fi
sed -i "s/^network=.*/network=mainnet/g" ./.env
sed -i "s/^bitcoind_ip_mainnet=.*/bitcoind_ip_mainnet=127.0.0.1/g" ./.env
sed -i "s/^bitcoind_ip_testnet=.*/bitcoind_ip_testnet=127.0.0.1/g" ./.env
sed -i "s/^bitcoind_user=.*/bitcoind_user=${RPCUSER}/g" ./.env
sed -i "s/^bitcoind_pw=.*/bitcoind_pw=${RPCPASS}/g" ./.env
# configure LND
if [ "${lightning}" == "lnd" ]; then
echo "# CONFIG Web API Lightning --> LND"
tlsCert=$(sudo xxd -ps -u -c 1000 /mnt/hdd/lnd/tls.cert)
adminMacaroon=$(sudo xxd -ps -u -c 1000 /mnt/hdd/lnd/data/chain/bitcoin/mainnet/admin.macaroon)
sed -i "s/^ln_node=.*/ln_node=lnd/g" ./.env
sed -i "s/^lnd_grpc_ip=.*/lnd_grpc_ip=127.0.0.1/g" ./.env
sed -i "s/^lnd_macaroon=.*/lnd_macaroon=${adminMacaroon}/g" ./.env
sed -i "s/^lnd_cert=.*/lnd_cert=${tlsCert}/g" ./.env
# configure CLN
elif [ "${lightning}" == "cln" ]; then
echo "# CONFIG Web API Lightning --> CLN"
sed -i "s/^ln_node=.*/ln_node=cln/g" ./.env
# TODO: ADD C-Lightning config as soon as available
echo "# MISSING CLN CONFIG YET"
else
echo "# CONFIG Web API Lightning --> OFF"
sed -i "s/^ln_node=.*/ln_node=/g" ./.env
fi
echo "# '.env' config updates - blitzapi maybe needs to be restarted"
exit 0
fi
###################
# UPDATE CODE
###################
if [ "$1" = "update-code" ]; then
echo "# Update Web API CODE"
sudo systemctl stop blitzapi
cd /home/admin/blitz_api
git fetch
git pull
pip install -r requirements.txt
sudo systemctl start blitzapi
echo "# blitzapi updates and restarted"
exit 0
fi
###################
# OFF / UNINSTALL
###################
if [ "$1" = "0" ] || [ "$1" = "off" ]; then
echo "# UNINSTALL Web API"
sudo systemctl stop blitzapi
sudo systemctl disable blitzapi
sudo rm /etc/systemd/system/blitzapi.service
sudo rm -r /home/admin/blitz_api
exit 0
fi

147
home.admin/config.scripts/blitz.web.sh
View File

@@ -1,5 +1,7 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# TODO: later on this script will be run on build sdcard - make sure that the self-signed tls cert get created fresh on every new RaspiBlitz
source /mnt/hdd/raspiblitz.conf source /mnt/hdd/raspiblitz.conf
# command info # command info
@@ -8,98 +10,9 @@ if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] || [ "$1" = "-help" ];
printf "blitz.web.sh check \t\tprint operational nginx listen status (lsof)\n" printf "blitz.web.sh check \t\tprint operational nginx listen status (lsof)\n"
printf "blitz.web.sh on \t\tturn on\n" printf "blitz.web.sh on \t\tturn on\n"
printf "blitz.web.sh off \t\tturn off\n" printf "blitz.web.sh off \t\tturn off\n"
printf "blitz.web.sh listen localhost \tset port 443 to localhost only\n"
printf "blitz.web.sh listen any \tset port 443 to any\n"
exit 1 exit 1
fi fi
# using ${APOST} is a workaround to be able to use sed with '
APOST=\' # close tag for linters: '
###################
# FUNCTIONS
###################
function set_nginx_blitzweb_listen() {
# first parameter to function should be either "localhost" or "any"
listen_to=${1}
if [ -f "/etc/nginx/sites-available/blitzweb.conf" ]; then
if ! grep -Eq '^\s*#?\s*listen 127.0.0.1:443 ssl default_server;$' /etc/nginx/sites-available/blitzweb.conf; then
echo "Error: missing expected line for: lo:v4 https"
exit 1
else
if grep -Eq '^\s*#\s*listen 127.0.0.1:443 ssl default_server;$' /etc/nginx/sites-available/blitzweb.conf; then
#echo "found: lo:v4 https (disabled line)"
if [ ${listen_to} = "localhost" ]; then
sudo sed -i -E 's/#\s*(listen 127.0.0.1:443 ssl default_server;)/\1/g' /etc/nginx/sites-available/blitzweb.conf
fi
else
#echo "found: lo:v4 https (enabled line)"
if [ ${listen_to} = "any" ]; then
sudo sed -i -E 's/(listen 127.0.0.1:443 ssl default_server;)/#\1/g' /etc/nginx/sites-available/blitzweb.conf
fi
fi
fi
if ! grep -Eq '^\s*#?\s*listen \[::1\]:443 ssl default_server;$' /etc/nginx/sites-available/blitzweb.conf; then
echo "Error: missing expected line for: lo:v6 https"
exit 1
else
if grep -Eq '^\s*#\s*listen \[::1\]:443 ssl default_server;$' /etc/nginx/sites-available/blitzweb.conf; then
#echo "found: lo:v6 https (disabled line)"
if [ ${listen_to} = "localhost" ]; then
sudo sed -i -E 's/#\s*(listen \[::1\]:443 ssl default_server;)/\1/g' /etc/nginx/sites-available/blitzweb.conf
fi
else
#echo "found: lo:v6 https (enabled line)"
if [ ${listen_to} = "any" ]; then
sudo sed -i -E 's/(listen \[::1\]:443 ssl default_server;)/#\1/g' /etc/nginx/sites-available/blitzweb.conf
fi
fi
fi
if ! grep -Eq '^\s*#?\s*listen 443 ssl default_server;$' /etc/nginx/sites-available/blitzweb.conf; then
echo "Error: missing expected line for: any:v4 https"
exit 1
else
if grep -Eq '^\s*#\s*listen 443 ssl default_server;$' /etc/nginx/sites-available/blitzweb.conf; then
#echo "found: any:v4 https (disabled line)"
if [ ${listen_to} = "any" ]; then
sudo sed -i -E 's/#\s*(listen 443 ssl default_server;)/\1/g' /etc/nginx/sites-available/blitzweb.conf
fi
else
#echo "found: any:v4 https (enabled line)"
if [ ${listen_to} = "localhost" ]; then
sudo sed -i -E 's/(listen 443 ssl default_server;)/#\1/g' /etc/nginx/sites-available/blitzweb.conf
fi
fi
fi
if ! grep -Eq '^\s*#?\s*listen \[::\]:443 ssl default_server;$' /etc/nginx/sites-available/blitzweb.conf; then
echo "Error: missing expected line for: any:v6 https"
exit 1
else
if grep -Eq '^\s*#\s*listen \[::\]:443 ssl default_server;$' /etc/nginx/sites-available/blitzweb.conf; then
#echo "found: any:v6 https (disabled line)"
if [ ${listen_to} = "any" ]; then
sudo sed -i -E 's/#\s*(listen \[::\]:443 ssl default_server;)/\1/g' /etc/nginx/sites-available/blitzweb.conf
fi
else
#echo "found: any:v6 https (enabled line)"
if [ ${listen_to} = "localhost" ]; then
sudo sed -i -E 's/(listen \[::\]:443 ssl default_server;)/#\1/g' /etc/nginx/sites-available/blitzweb.conf
fi
fi
fi
fi
}
################### ###################
# CHECK # CHECK
################### ###################
@@ -145,6 +58,7 @@ EOF
sudo sed -i -E '/^.*server_names_hash_bucket_size [0-9]*;$/a \\tserver_names_hash_bucket_size 128;' /etc/nginx/nginx.conf sudo sed -i -E '/^.*server_names_hash_bucket_size [0-9]*;$/a \\tserver_names_hash_bucket_size 128;' /etc/nginx/nginx.conf
fi fi
echo "# Checking dhparam.pem ..."
if [ ! -f /etc/ssl/certs/dhparam.pem ]; then if [ ! -f /etc/ssl/certs/dhparam.pem ]; then
# check if there is a user generated dhparam.pem on the HDD to use # check if there is a user generated dhparam.pem on the HDD to use
@@ -162,6 +76,8 @@ EOF
sudo cp /mnt/hdd/app-data/nginx/dhparam.pem /etc/ssl/certs/dhparam.pem sudo cp /mnt/hdd/app-data/nginx/dhparam.pem /etc/ssl/certs/dhparam.pem
fi fi
else
echo "# skip - dhparam.pem exists"
fi fi
sudo cp /home/admin/assets/nginx/snippets/* /etc/nginx/snippets/ sudo cp /home/admin/assets/nginx/snippets/* /etc/nginx/snippets/
@@ -171,7 +87,10 @@ EOF
sudo rm -f /var/www/html/index.nginx-debian.html sudo rm -f /var/www/html/index.nginx-debian.html
if ! [ -f /etc/nginx/sites-available/public.conf ]; then if ! [ -f /etc/nginx/sites-available/public.conf ]; then
echo "# copy /etc/nginx/sites-available/public.conf"
sudo cp /home/admin/assets/nginx/sites-available/public.conf /etc/nginx/sites-available/public.conf sudo cp /home/admin/assets/nginx/sites-available/public.conf /etc/nginx/sites-available/public.conf
else
echo "# exists /etc/nginx/sites-available/public.conf"
fi fi
if ! [ -d /var/www/letsencrypt/.well-known/acme-challenge ]; then if ! [ -d /var/www/letsencrypt/.well-known/acme-challenge ]; then
@@ -183,32 +102,38 @@ EOF
# copy webroot # copy webroot
if ! [ -d /var/www/public ]; then if ! [ -d /var/www/public ]; then
echo "# copy /var/www/public"
sudo cp -a /home/admin/assets/nginx/www_public/ /var/www/public sudo cp -a /home/admin/assets/nginx/www_public/ /var/www/public
sudo chown www-data:www-data /var/www/public sudo chown www-data:www-data /var/www/public
else
echo "# exists /var/www/public"
fi fi
sudo ln -sf /etc/nginx/sites-available/public.conf /etc/nginx/sites-enabled/public.conf sudo ln -sf /etc/nginx/sites-available/public.conf /etc/nginx/sites-enabled/public.conf
### RaspiBlitz Webserver on HTTPS 443 ### RaspiBlitz Webserver on HTTPS 443
# copy webroot # copy compiled webUI (TODO: do later)
if ! [ -d /var/www/blitzweb ]; then if ! [ -d /var/www/public/ui ]; then
sudo cp -a /home/admin/assets/nginx/www_blitzweb/ /var/www/blitzweb echo "# copy precompiled webui TODO: implement"
sudo chown www-data:www-data /var/www/blitzweb sudo cp -a /home/admin/blitz_web_compiled /var/www/public/ui
sudo chown www-data:www-data /var/www/public/ui
else
echo "# exists /var/www/public/ui"
fi fi
# make sure jinja2 is installed and install j2cli if ! [ -f /mnt/hdd/app-data/nginx/tls.cert ];then
sudo apt-get install -y python3-jinja2
sudo -H python3 -m pip install j2cli
if [ -f /mnt/hdd/app-data/nginx/tls.cert ];then
if [ -f /mnt/hdd/lnd/tls.cert ]; then if [ -f /mnt/hdd/lnd/tls.cert ]; then
# use LND cert by default # use LND cert by default
echo "# use LND cert for: /mnt/hdd/app-data/nginx/tls.cert"
sudo ln -sf /mnt/hdd/lnd/tls.cert /mnt/hdd/app-data/nginx/tls.cert sudo ln -sf /mnt/hdd/lnd/tls.cert /mnt/hdd/app-data/nginx/tls.cert
sudo ln -sf /mnt/hdd/lnd/tls.key /mnt/hdd/app-data/nginx/tls.key sudo ln -sf /mnt/hdd/lnd/tls.key /mnt/hdd/app-data/nginx/tls.key
sudo ln -sf /mnt/hdd/lnd/tls.cert /mnt/hdd/app-data/nginx/tor_tls.cert sudo ln -sf /mnt/hdd/lnd/tls.cert /mnt/hdd/app-data/nginx/tor_tls.cert
sudo ln -sf /mnt/hdd/lnd/tls.key /mnt/hdd/app-data/nginx/tor_tls.key sudo ln -sf /mnt/hdd/lnd/tls.key /mnt/hdd/app-data/nginx/tor_tls.key
else else
echo "# exists /mnt/hdd/app-data/nginx/tls.cert"
# create a self-signed cert if the LND cert is not present # create a self-signed cert if the LND cert is not present
/home/admin/config.scripts/internet.selfsignedcert.sh /home/admin/config.scripts/internet.selfsignedcert.sh
@@ -221,21 +146,8 @@ EOF
sudo ln -sf /mnt/hdd/app-data/selfsignedcert/selfsigned.key \ sudo ln -sf /mnt/hdd/app-data/selfsignedcert/selfsigned.key \
/mnt/hdd/app-data/nginx/tor_tls.key /mnt/hdd/app-data/nginx/tor_tls.key
fi fi
fi
# config
sudo cp /home/admin/assets/blitzweb.conf /etc/nginx/sites-available/blitzweb.conf
sudo ln -sf /etc/nginx/sites-available/blitzweb.conf /etc/nginx/sites-enabled/
if ! [ -f /etc/nginx/.htpasswd ]; then
PASSWORD_B=$(sudo cat /mnt/hdd/${network}/${network}.conf | grep rpcpassword | cut -c 13-)
echo "${PASSWORD_B}" | sudo htpasswd -c -i /etc/nginx/.htpasswd admin
sudo chown www-data:www-data /etc/nginx/.htpasswd
sudo chmod 640 /etc/nginx/.htpasswd
else else
sudo chown www-data:www-data /etc/nginx/.htpasswd echo "# exists /mnt/hdd/app-data/nginx/tls.cert"
sudo chmod 640 /etc/nginx/.htpasswd
fi fi
# restart NGINX # restart NGINX
@@ -252,19 +164,6 @@ elif [ "$1" = "0" ] || [ "$1" = "off" ]; then
sudo systemctl stop nginx sudo systemctl stop nginx
sudo systemctl disable nginx >/dev/null sudo systemctl disable nginx >/dev/null
###################
# LISTEN
###################
elif [ "$1" = "listen" ]; then
if [ "$2" = "localhost" ] || [ "$2" = "any" ]; then
echo "Setting NGINX to listen on: ${2}"
set_nginx_blitzweb_listen "${2}"
else
echo "# FAIL: parameter not known - run with -h for help"
fi
else else
echo "# FAIL: parameter not known - run with -h for help" echo "# FAIL: parameter not known - run with -h for help"
fi fi

96
home.admin/config.scripts/blitz.web.ui.sh Executable file
View File

@@ -0,0 +1,96 @@
#!/usr/bin/env bash
# TODO: Later use for default install (when no github parameters are given) a precompiled version
# that comes with the repo so that the user does not need to install node
# use fro that then: yarn build:production & yarn licenses generate-disclaimer
# TODO: Put WebUI into / base directory of nginx and let the index.html of the webUI handle
# the Tor detection or build it directly into the WebUI
# command info
if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] || [ "$1" = "-help" ]; then
echo "Manage RaspiBlitz Web UI"
echo "blitz.web.ui.sh on [?GITHUBUSER] [?REPO] [?BRANCH]"
echo "blitz.web.ui.sh update"
echo "blitz.web.ui.sh off"
exit 1
fi
DEFAULT_GITHUB_USER="cstenglein"
DEFAULT_GITHUB_REPO="raspiblitz-web"
DEFAULT_GITHUB_BRANCH="master"
###################
# ON / INSTALL
###################
if [ "$1" = "1" ] || [ "$1" = "on" ]; then
if [ "$2" != "" ]; then
DEFAULT_GITHUB_USER="$2"
fi
if [ "$3" != "" ]; then
DEFAULT_GITHUB_REPO="$3"
fi
if [ "$4" != "" ]; then
DEFAULT_GITHUB_BRANCH="$4"
fi
echo "# INSTALL WebUI"
sudo rm -r /home/admin/blitz_web 2>/dev/null
cd /home/admin
# git clone https://github.com/cstenglein/raspiblitz-web.git /home/admin/blitz_web
git clone https://github.com/${DEFAULT_GITHUB_USER}/${DEFAULT_GITHUB_REPO}.git /home/admin/blitz_web
cd blitz_web
git checkout ${DEFAULT_GITHUB_BRANCH}
echo "# Compile WebUI"
/home/admin/config.scripts/bonus.nodejs.sh on
source <(/home/admin/config.scripts/bonus.nodejs.sh info)
sudo npm install --global yarn
${NODEPATH}/yarn install
${NODEPATH}/yarn build
sudo rm -r /var/www/public/* 2>/dev/null
sudo cp -r /home/admin/blitz_web/build/* /var/www/public
sudo chown www-data:www-data -R /var/www/public
exit 1
fi
###################
# UPDATE
###################
if [ "$1" = "update" ]; then
echo "# Update Web API"
cd /home/admin/blitz_web
git fetch
git pull
source <(/home/admin/config.scripts/bonus.nodejs.sh info)
${NODEPATH}/yarn install
${NODEPATH}/yarn build
sudo rm -r /var/www/public/* 2>/dev/null
sudo cp -r /home/admin/blitz_web/build/* /var/www/public
sudo chown www-data:www-data -R /var/www/public
echo "# blitzapi updates and restarted"
exit 0
fi
###################
# OFF / UNINSTALL
###################
if [ "$1" = "0" ] || [ "$1" = "off" ]; then
echo "# UNINSTALL WebUI"
sudo rm -r /home/admin/blitz_web 2>/dev/null
sudo rm -r /var/www/public/* 2>/dev/null
exit 0
fi

57
home.admin/config.scripts/bonus.nodejs.sh
View File

@@ -9,10 +9,36 @@ CHECKSUM_linux_x64="ed01043751f86bb534d8c70b16ab64c956af88fd35a9506b7e4a68f5b824
# command info # command info
if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
echo "config script to install NodeJs $VERSION" echo "config script to install NodeJs $VERSION"
echo "bonus.nodejs.sh [on|off]" echo "bonus.nodejs.sh [on|off|info]"
exit 1 exit 1
fi fi
# determine nodeJS VERSION and DISTRO
isARM=$(uname -m | grep -c 'arm')
isAARCH64=$(uname -m | grep -c 'aarch64')
isX86_64=$(uname -m | grep -c 'x86_64')
if [ ${isARM} -eq 1 ] ; then
DISTRO="linux-armv7l"
CHECKSUM="${CHECKSUM_linux_armv7l}"
elif [ ${isAARCH64} -eq 1 ] ; then
DISTRO="linux-arm64"
CHECKSUM="${CHECKSUM_linux_arm64}"
elif [ ${isX86_64} -eq 1 ] ; then
DISTRO="linux-x64"
CHECKSUM="${CHECKSUM_linux_x64}"
elif [ ${#DISTRO} -eq 0 ]; then
echo "# FAIL: Was not able to determine architecture"
exit 1
fi
# info
if [ "$1" = "info" ]; then
echo "NODEVERSION='${VERSION}'"
echo "NODEDISTRO='${DISTRO}'"
echo "NODEPATH='/usr/local/lib/nodejs/node-$VERSION-$DISTRO/bin'"
exit 0
fi
# switch on # switch on
if [ "$1" = "1" ] || [ "$1" = "on" ]; then if [ "$1" = "1" ] || [ "$1" = "on" ]; then
# check if nodeJS was installed # check if nodeJS was installed
@@ -20,33 +46,14 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
if ! [ ${nodeJSInstalled} -eq 0 ]; then if ! [ ${nodeJSInstalled} -eq 0 ]; then
echo "nodeJS is already installed" echo "nodeJS is already installed"
else else
# determine nodeJS VERSION and DISTRO
echo "Detect CPU architecture ..."
isARM=$(uname -m | grep -c 'arm')
isAARCH64=$(uname -m | grep -c 'aarch64')
isX86_64=$(uname -m | grep -c 'x86_64')
if [ ${isARM} -eq 1 ] ; then
DISTRO="linux-armv7l"
CHECKSUM="${CHECKSUM_linux_armv7l}"
elif [ ${isAARCH64} -eq 1 ] ; then
DISTRO="linux-arm64"
CHECKSUM="${CHECKSUM_linux_arm64}"
elif [ ${isX86_64} -eq 1 ] ; then
DISTRO="linux-x64"
CHECKSUM="${CHECKSUM_linux_x64}"
elif [ ${#DISTRO} -eq 0 ]; then
echo "FAIL: Was not able to determine architecture"
exit 1
fi
echo "VERSION: ${VERSION}"
echo "DISTRO: ${DISTRO}"
echo "CHECKSUM: ${CHECKSUM}"
echo ""
# install latest nodejs # install latest nodejs
# https://github.com/nodejs/help/wiki/Installation # https://github.com/nodejs/help/wiki/Installation
echo "*** Install NodeJS $VERSION-$DISTRO ***" echo "*** Install NodeJS $VERSION-$DISTRO ***"
echo "VERSION: ${VERSION}"
echo "DISTRO: ${DISTRO}"
echo "CHECKSUM: ${CHECKSUM}"
echo ""
# download # download
cd /home/admin/download cd /home/admin/download
@@ -69,7 +76,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
sudo ln -sf /usr/local/lib/nodejs/node-$VERSION-$DISTRO/bin/npm /usr/bin/npm sudo ln -sf /usr/local/lib/nodejs/node-$VERSION-$DISTRO/bin/npm /usr/bin/npm
sudo ln -sf /usr/local/lib/nodejs/node-$VERSION-$DISTRO/bin/npx /usr/bin/npx sudo ln -sf /usr/local/lib/nodejs/node-$VERSION-$DISTRO/bin/npx /usr/bin/npx
# add to PATH permanently # add to PATH permanently
sudo bash -c "echo 'PATH=\$PATH:/usr/local/lib/nodejs/node-\$VERSION-\$DISTRO/bin/' >> /etc/profile" sudo bash -c "echo 'PATH=\$PATH:/usr/local/lib/nodejs/node-${VERSION}-${DISTRO}/bin/' >> /etc/profile"
echo "" echo ""
# check if nodeJS was installed # check if nodeJS was installed

16
home.admin/config.scripts/lnd.export.sh
View File

@@ -62,17 +62,17 @@ elif [ "${exportType}" = "hexstring" ]; then
clear clear
echo "###### HEXSTRING EXPORT ######" echo "###### HEXSTRING EXPORT ######"
echo "" echo ""
echo "admin.macaroon:" adminMacaroon=$(sudo xxd -ps -u -c 1000 /mnt/hdd/lnd/data/chain/${network}/${chain}net/admin.macaroon)
sudo xxd -ps -u -c 1000 /mnt/hdd/lnd/data/chain/${network}/${chain}net/admin.macaroon echo "adminMacaroon=${adminMacaroon}"
echo "" echo ""
echo "invoice.macaroon:" invoiceMacaroon=$(sudo xxd -ps -u -c 1000 /mnt/hdd/lnd/data/chain/${network}/${chain}net/invoice.macaroon)
sudo xxd -ps -u -c 1000 /mnt/hdd/lnd/data/chain/${network}/${chain}net/invoice.macaroon echo "invoiceMacaroon=${invoiceMacaroon}"
echo "" echo ""
echo "readonly.macaroon:" readonlyMacaroon=$(sudo xxd -ps -u -c 1000 /mnt/hdd/lnd/data/chain/${network}/${chain}net/readonly.macaroon)
sudo xxd -ps -u -c 1000 /mnt/hdd/lnd/data/chain/${network}/${chain}net/readonly.macaroon echo "readonlyMacaroon=${readonlyMacaroon}"
echo "" echo ""
echo "tls.cert:" tlsCert=$(sudo xxd -ps -u -c 1000 /mnt/hdd/lnd/tls.cert)
sudo xxd -ps -u -c 1000 /mnt/hdd/lnd/tls.cert echo "tlsCert=${tlsCert}"
echo "" echo ""
######################## ########################