highperfocused/raspiblitz
1
0
Fork 0
mirror of https://github.com/raspiblitz/raspiblitz.git synced 2025-09-28 12:36:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

JoinMarket Web UI (#2747)

Browse Source 
* Add JoinMarket Web UI
* Update webserver config
* Add update option
* Improve logging for api service
* Improve install and update script
* Update version and install process
* Use correct onion service script
* Ensure JoinMarket is installed
* add joinmarket-webui precheck to load wallet.dat
This commit is contained in:
d11n
2022-01-15 11:00:36 +01:00
committed by GitHub
parent 33ed2af24a
commit 7a7693caa6
7 changed files with 457 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@@ -24,6 +24,7 @@ There are further Services that can be switched on:
* **SpecterDesktop** (Multisig Trezor, Ledger, COLDCARDwallet & Specter-DIY) [details](https://github.com/cryptoadvance/specter-desktop) [app connection guide](https://d11n.net/connect-specter-desktor-with-raspiblitz.html)
* **Lightning Terminal (Loop, Pool & Faraday)** (Manage Channel Liquidity) [details](https://github.com/lightninglabs/lightning-terminal#lightning-terminal-lit)
* **JoinMarket** (CoinJoin Service) [details](https://github.com/JoinMarket-Org/joinmarket-clientserver)
* **JoinMarket Web UI** (Browser-based interface for JoinMarket) [details](https://github.com/joinmarket-webui/joinmarket-webui)
* **ThunderHub** (Lightning Node Manager WebUI) [details](https://www.thunderhub.io/)
* **Balance Of Satoshis** (Commands for working with LND balances) [details](https://github.com/alexbosworth/balanceofsatoshis/blob/master/README.md)
* **Kindle Display** (Bitcoin Status Display made with a jailbroken Kindle) [details](https://github.com/dennisreimann/kindle-display)
@@ -983,7 +984,8 @@ To try out the IP2TOR tunnel choose in `MAINMENU` the extra menu point of the Se
If you want a web service, like BTCPay Server or LNbits, to be available to the outside internet (like with IP2TOR) people expect you to offer an HTTPS address so that the communication between the client and your RaspiBlitz is encrypted.
You could use the self-signed HTTPS certificate that RaspiBlitz is offering you, but this will give users Security Warnings in their browser and is not very user friendly.
That's where you can use a LetsEncrypt Subscription to get a free valid HTTPS certificate that is accepted without warning by most browsers.
That's where you can use a LetsEncrypt Subscription to get a free valid HTTPS certificate that is excepted without warning from almost all common browsers
Because you also need a domain name for that you will need to open a free account, the following are presently supported, would be good to add more with the help of the community:
[DuckDNS.org](https://www.duckdns.org)

9
home.admin/_provision_.sh
View File

@@ -571,6 +571,15 @@ else
echo "Provisioning JoinMarket - keep default" >> ${logFile}
fi
# JoinMarket Web UI
if [ "${joinmarketWebUI}" = "on" ]; then
echo "Provisioning JoinMarket Web UI - run config script" >> ${logFile}
sudo sed -i "s/^message=.*/message='Setup JoinMarket Web UI'/g" ${infoFile}
sudo /home/admin/config.scripts/bonus.joinmarket-webui.sh on >> ${logFile} 2>&1
else
echo "Provisioning JoinMarket Web UI - keep default" >> ${logFile}
fi
# Specter
if [ "${specter}" = "on" ]; then
echo "Provisioning Specter - run config script" >> ${logFile}

34
home.admin/assets/nginx/sites-available/joinmarket_webui.conf Normal file
View File

@@ -0,0 +1,34 @@
## joinmarket_webui.conf
server {
listen 7500;
listen [::1]:7500;
server_name _;
access_log /var/log/nginx/access_joinmarket_webui.log;
error_log /var/log/nginx/error_joinmarket_webui.log;
gzip on;
gzip_types application/javascript application/json text/css image/svg+xml;
root /home/joinmarket/webui/build;
index index.html;
location /api/ {
include /etc/nginx/snippets/proxy-params.conf;
proxy_pass https://127.0.0.1:28183;
}
location /ws/ {
include /etc/nginx/snippets/proxy-params.conf;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_pass https://127.0.0.1:28183;
}
location / {
include /etc/nginx/snippets/proxy-params.conf;
try_files $uri $uri/ /index.html;
add_header Cache-Control no-cache;
}
}

37
home.admin/assets/nginx/sites-available/joinmarket_webui_ssl.conf Normal file
View File

@@ -0,0 +1,37 @@
## joinmarket_webui_ssl.conf
server {
listen 7501 ssl;
listen [::]:7501 ssl;
server_name _;
include /etc/nginx/snippets/ssl-params.conf;
include /etc/nginx/snippets/ssl-certificate-app-data.conf;
access_log /var/log/nginx/access_joinmarket_webui.log;
error_log /var/log/nginx/error_joinmarket_webui.log;
gzip on;
gzip_types application/javascript application/json text/css image/svg+xml;
root /home/joinmarket/webui/build;
index index.html;
location /api/ {
include /etc/nginx/snippets/ssl-proxy-params.conf;
proxy_pass https://127.0.0.1:28183;
}
location /ws/ {
include /etc/nginx/snippets/proxy-params.conf;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_pass https://127.0.0.1:28183;
}
location / {
include /etc/nginx/snippets/ssl-proxy-params.conf;
try_files $uri $uri/ /index.html;
add_header Cache-Control no-cache;
}
}

34
home.admin/assets/nginx/sites-available/joinmarket_webui_tor.conf Normal file
View File

@@ -0,0 +1,34 @@
## joinmarket_webui_tor.conf
server {
listen 7502;
listen [::1]:7502;
server_name _;
access_log /var/log/nginx/access_joinmarket_webui.log;
error_log /var/log/nginx/error_joinmarket_webui.log;
gzip on;
gzip_types application/javascript application/json text/css image/svg+xml;
root /home/joinmarket/webui/build;
index index.html;
location /api/ {
include /etc/nginx/snippets/proxy-params.conf;
proxy_pass https://127.0.0.1:28183;
}
location /ws/ {
include /etc/nginx/snippets/proxy-params.conf;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_pass https://127.0.0.1:28183;
}
location / {
include /etc/nginx/snippets/proxy-params.conf;
try_files $uri $uri/ /index.html;
add_header Cache-Control no-cache;
}
}

37
home.admin/assets/nginx/sites-available/joinmarket_webui_tor_ssl.conf Normal file
View File

@@ -0,0 +1,37 @@
## joinmarket_webui_tor_ssl.conf
server {
listen 7503 ssl;
listen [::1]:7503 ssl;
server_name _;
include /etc/nginx/snippets/ssl-params.conf;
include /etc/nginx/snippets/ssl-certificate-app-data-tor.conf;
access_log /var/log/nginx/access_joinmarket_webui.log;
error_log /var/log/nginx/error_joinmarket_webui.log;
gzip on;
gzip_types application/javascript application/json text/css image/svg+xml;
root /home/joinmarket/webui/build;
index index.html;
location /api/ {
include /etc/nginx/snippets/ssl-proxy-params.conf;
proxy_pass https://127.0.0.1:28183;
}
location /ws/ {
include /etc/nginx/snippets/proxy-params.conf;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_pass https://127.0.0.1:28183;
}
location / {
include /etc/nginx/snippets/ssl-proxy-params.conf;
try_files $uri $uri/ /index.html;
add_header Cache-Control no-cache;
}
}

299
home.admin/config.scripts/bonus.joinmarket-webui.sh Executable file
View File

@@ -0,0 +1,299 @@
#!/bin/bash
# https://github.com/joinmarket-webui/joinmarket-webui
USERNAME=joinmarket
HOME_DIR=/home/$USERNAME
REPO=joinmarket-webui/joinmarket-webui
APP_DIR=webui
RASPIBLITZ_INFO=/home/admin/raspiblitz.info
RASPIBLITZ_CONF=/mnt/hdd/raspiblitz.conf
WEBUI_VERSION=0.0.2
# command info
if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
echo "config script to switch joinmarket_webui on or off"
echo "bonus.joinmarket-webui.sh [on|off|menu|update|update commit|precheck]"
exit 1
fi
# check and load raspiblitz config to know which network is running
source $RASPIBLITZ_INFO
source $RASPIBLITZ_CONF
# show info menu
if [ "$1" = "menu" ]; then
isInstalled=$(sudo ls $HOME_DIR 2>/dev/null | grep -c "$APP_DIR")
if [ ${isInstalled} -eq 1 ]; then
# get network info
localip=$(hostname -I | awk '{print $1}')
toraddress=$(sudo cat /mnt/hdd/tor/joinmarket-webui/hostname 2>/dev/null)
fingerprint=$(openssl x509 -in /mnt/hdd/app-data/nginx/tls.cert -fingerprint -noout | cut -d"=" -f2)
if [ "${runBehindTor}" = "on" ] && [ ${#toraddress} -gt 0 ]; then
# Info with TOR
/home/admin/config.scripts/blitz.display.sh qr "${toraddress}"
whiptail --title " JoinMarket Web UI " --msgbox "Open in your local web browser:
http://${localip}:7500\n
https://${localip}:7501 with Fingerprint:
${fingerprint}\n
Hidden Service address for TOR Browser (see LCD for QR):\n${toraddress}
" 16 67
/home/admin/config.scripts/blitz.display.sh hide
else
# Info without TOR
whiptail --title " JoinMarket Web UI " --msgbox "Open in your local web browser & accept self-signed cert:
http://${localip}:7500\n
https://${localip}:7501 with Fingerprint:
${fingerprint}\n
Activate TOR to access the web interface from outside your local network.
" 15 57
fi
echo "please wait ..."
else
echo "*** JOINMARKET WEB UI NOT INSTALLED ***"
fi
exit 0
fi
# switch on
if [ "$1" = "1" ] || [ "$1" = "on" ]; then
isInstalled=$(sudo ls $HOME_DIR 2>/dev/null | grep -c "$APP_DIR")
if [ ${isInstalled} -eq 0 ]; then
# check if joinmarket is installed
if [ -f "/home/joinmarket/.joinmarket/joinamrket.cfg" ]; then
echo "# JoinMarket is already installed and configured."
else
sudo /home/admin/config.scripts/bonus.joinmarket.sh on
fi
echo "*** INSTALL JOINMARKET WEB UI ***"
# install nodeJS
/home/admin/config.scripts/bonus.nodejs.sh on
# install JoinMarket Web UI
cd $HOME_DIR
sudo -u $USERNAME wget https://github.com/$REPO/archive/refs/tags/v$WEBUI_VERSION.tar.gz
sudo -u $USERNAME tar -xzf v$WEBUI_VERSION.tar.gz
sudo -u $USERNAME rm v$WEBUI_VERSION.tar.gz
sudo -u $USERNAME mv joinmarket-webui-$WEBUI_VERSION $APP_DIR
cd $APP_DIR
sudo -u $USERNAME rm -rf docker
sudo -u $USERNAME npm install
if ! [ $? -eq 0 ]; then
echo "FAIL - npm install did not run correctly, aborting"
exit 1
fi
sudo -u $USERNAME npm run build
##################
# NGINX
##################
# setup nginx symlinks
if ! [ -f /etc/nginx/sites-available/joinmarket_webui_ssl.conf ]; then
sudo cp -f /home/admin/assets/nginx/sites-available/joinmarket_webui_ssl.conf /etc/nginx/sites-available/joinmarket_webui_ssl.conf
fi
if ! [ -f /etc/nginx/sites-available/joinmarket_webui_tor.conf ]; then
sudo cp /home/admin/assets/nginx/sites-available/joinmarket_webui_tor.conf /etc/nginx/sites-available/joinmarket_webui_tor.conf
fi
if ! [ -f /etc/nginx/sites-available/joinmarket_webui_tor_ssl.conf ]; then
sudo cp /home/admin/assets/nginx/sites-available/joinmarket_webui_tor_ssl.conf /etc/nginx/sites-available/joinmarket_webui_tor_ssl.conf
fi
sudo ln -sf /etc/nginx/sites-available/joinmarket_webui_ssl.conf /etc/nginx/sites-enabled/
sudo ln -sf /etc/nginx/sites-available/joinmarket_webui_tor.conf /etc/nginx/sites-enabled/
sudo ln -sf /etc/nginx/sites-available/joinmarket_webui_tor_ssl.conf /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
# open the firewall
echo "*** Updating Firewall ***"
sudo ufw allow from any to any port 7500 comment 'allow JoinMarket Web UI HTTP'
sudo ufw allow from any to any port 7501 comment 'allow JoinMarket Web UI HTTPS'
echo ""
# SSL
if ! [ -d $HOME_DIR/.joinmarket/ssl ]; then
sudo -u $USERNAME mkdir -p $HOME_DIR/.joinmarket/ssl
fi
if ! [ -f $HOME_DIR/.joinmarket/ssl/cert.pem ]; then
sudo ln -sf /mnt/hdd/app-data/nginx/tls.cert $HOME_DIR/.joinmarket/ssl/cert.pem
sudo chown $USERNAME:$USERNAME $HOME_DIR/.joinmarket/ssl/cert.pem
fi
if ! [ -f $HOME_DIR/.joinmarket/ssl/key.pem ]; then
sudo ln -sf /mnt/hdd/app-data/nginx/tls.key $HOME_DIR/.joinmarket/ssl/key.pem
sudo chown $USERNAME:$USERNAME $HOME_DIR/.joinmarket/ssl/key.pem
fi
##################
# SYSTEMD SERVICE
##################
echo "# Install JoinMarket API systemd"
echo "\
# Systemd unit for JoinMarket API
[Unit]
Description=JoinMarket API daemon
# Make sure lnd starts after bitcoind is ready
Requires=bitcoind.service
After=bitcoind.service
[Service]
WorkingDirectory=$HOME_DIR/joinmarket-clientserver/scripts/
ExecStartPre=/home/admin/config.scripts/bonus.joinmarket-webui.sh precheck
ExecStart=/bin/sh -c '. $HOME_DIR/joinmarket-clientserver/jmvenv/bin/activate && python jmwalletd.py'
User=joinmarket
Group=joinmarket
Restart=always
TimeoutSec=120
RestartSec=30
# Hardening measures
PrivateTmp=true
ProtectSystem=full
NoNewPrivileges=true
PrivateDevices=true
[Install]
WantedBy=multi-user.target
" | sudo tee /etc/systemd/system/joinmarket-api.service
sudo systemctl enable joinmarket-api
# setting value in raspiblitz config
sudo sed -i "s/^joinmarketWebUI=.*/joinmarketWebUI=on/g" $RASPIBLITZ_CONF
# Hidden Service for joinmarket-webui if Tor is active
if [ "${runBehindTor}" = "on" ]; then
# make sure to keep in sync with internet.tor.sh script
/home/admin/config.scripts/tor.onion-service.sh joinmarket-webui 80 7502 443 7503
fi
source $RASPIBLITZ_INFO
if [ "${state}" == "ready" ]; then
echo "# OK - the joinmarket-api.service is enabled, system is ready so starting service"
sudo systemctl start joinmarket-api
else
echo "# OK - the joinmarket-api.service is enabled, to start manually use: 'sudo systemctl start joinmarket-api'"
fi
else
echo "*** JOINMARKET WEB UI ALREADY INSTALLED ***"
fi
exit 0
fi
# precheck
if [ "$1" = "precheck" ]; then
if [ $(/usr/local/bin/bitcoin-cli -conf=/mnt/hdd/bitcoin/bitcoin.conf listwallets | grep -c wallet.dat) -eq 0 ];then
echo "# Create wallet.dat"
/usr/local/bin/bitcoin-cli -conf=/mnt/hdd/bitcoin/bitcoin.conf createwallet wallet.dat
else
echo "# The wallet.dat is loaded in bitcoind."
fi
exit 0
fi
# update
if [ "$1" = "update" ]; then
isInstalled=$(sudo ls $HOME_DIR 2>/dev/null | grep -c "$APP_DIR")
if [ ${isInstalled} -eq 1 ]; then
echo "*** UPDATE JOINMARKET WEB UI ***"
cd $HOME_DIR
if [ "$2" = "commit" ]; then
echo "# Updating to the latest commit in the default branch"
sudo -u $USERNAME wget https://github.com/$REPO/archive/refs/heads/master.tar.gz
sudo -u $USERNAME tar -xzf master.tar.gz
sudo -u $USERNAME rm -rf master.tar.gz
sudo -u $USERNAME mv joinmarket-webui-master $APP_DIR-update
else
version=$(curl --silent "https://api.github.com/repos/$REPO/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/')
cd $APP_DIR
current=$(node -p "require('./package.json').version")
cd ..
if [ "$current" = "$version" ]; then
echo "*** JOINMARKET WEB UI IS ALREADY UPDATED TO LATEST VERSION ***"
exit 0
fi
sudo -u $USERNAME wget https://github.com/$REPO/archive/refs/tags/v$version.tar.gz
sudo -u $USERNAME tar -xzf v$version.tar.gz
sudo -u $USERNAME rm v$version.tar.gz
sudo -u $USERNAME mv joinmarket-webui-$version $APP_DIR-update
fi
cd $APP_DIR-update
sudo -u $USERNAME rm -rf docker
sudo -u $USERNAME npm install
if ! [ $? -eq 0 ]; then
echo "FAIL - npm install did not run correctly, aborting"
exit 1
fi
sudo -u $USERNAME npm run build
if ! [ $? -eq 0 ]; then
echo "FAIL - npm run build did not run correctly, aborting"
exit 1
fi
cd ..
sudo -u $USERNAME rm -rf $APP_DIR
sudo -u $USERNAME mv $APP_DIR-update $APP_DIR
echo "*** JOINMARKET WEB UI UPDATED ***"
else
echo "*** JOINMARKET WEB UI NOT INSTALLED ***"
fi
exit 0
fi
# switch off
if [ "$1" = "0" ] || [ "$1" = "off" ]; then
isInstalled=$(sudo ls $HOME_DIR 2>/dev/null | grep -c "$APP_DIR")
if [ ${isInstalled} -eq 1 ]; then
echo "*** UNINSTALL JOINMARKET WEB UI ***"
# remove systemd service
sudo systemctl stop joinmarket-api
sudo systemctl disable joinmarket-api
sudo rm -f /etc/systemd/system/joinmarket-api.service
# close ports on firewall
sudo ufw delete allow from any to any port 7500 comment 'allow JoinMarket Web UI HTTP'
sudo ufw delete allow from any to any port 7501 comment 'allow JoinMarket Web UI HTTPS'
# remove nginx symlinks
sudo rm -f /etc/nginx/sites-enabled/joinmarket_webui_*
sudo rm -f /etc/nginx/sites-available/joinmarket_webui_*
sudo nginx -t
sudo systemctl reload nginx
# Hidden Service if Tor is active
if [ "${runBehindTor}" = "on" ]; then
/home/admin/config.scripts/internet.hiddenservice.sh off joinmarket-webui
fi
# remove the app
sudo rm -rf $HOME_DIR/$APP_DIR
# remove SSL
sudo rm -rf $HOME_DIR/.joinmarket/ssl
# setting value in raspi blitz config
sudo sed -i "s/^joinmarketWebUI=.*/joinmarketWebUI=off/g" $RASPIBLITZ_CONF
echo "OK JOINMARKET WEB UI removed."
else
echo "*** JOINMARKET WEB UI NOT INSTALLED ***"
fi
exit 0
fi
echo "FAIL - Unknown Parameter $1"
exit 1