From d45bf5f25d1ab99304263d7e5ab3c40e3c8d22a5 Mon Sep 17 00:00:00 2001 From: /rootzoll Date: Sun, 18 Apr 2021 18:04:59 +0200 Subject: [PATCH] #2157 offer http for additional apps & small fixes (#2196) --- home.admin/00mainMenu.sh | 7 ----- home.admin/50syncHDD.sh | 20 ++++++------- home.admin/99connectMenu.sh | 5 +++- home.admin/XXdebugLogs.sh | 10 +++++++ home.admin/_bootstrap.provision.sh | 9 ++++++ .../nginx/sites-available/mempool_.conf | 11 +++++++ .../config.scripts/blitz.setpassword.sh | 29 ++++++++++++++----- .../config.scripts/bonus.btc-rpc-explorer.sh | 12 ++++---- .../config.scripts/bonus.btcpayserver.sh | 2 +- home.admin/config.scripts/bonus.lit.sh | 2 +- home.admin/config.scripts/bonus.lnbits.sh | 13 +++++---- home.admin/config.scripts/bonus.mempool.sh | 18 ++++++++---- home.admin/config.scripts/bonus.rtl.sh | 10 +++---- home.admin/config.scripts/bonus.thunderhub.sh | 10 +++---- 14 files changed, 103 insertions(+), 55 deletions(-) create mode 100644 home.admin/assets/nginx/sites-available/mempool_.conf diff --git a/home.admin/00mainMenu.sh b/home.admin/00mainMenu.sh index 248f74c7a..674a35664 100755 --- a/home.admin/00mainMenu.sh +++ b/home.admin/00mainMenu.sh @@ -316,13 +316,6 @@ case $CHOICE in ;; PASSWORD) sudo /home/admin/config.scripts/blitz.setpassword.sh - noreboot=$? - if [ "${noreboot}" = "0" ]; then - echo "Press ENTER to Reboot .." - read key - sudo /home/admin/XXshutdown.sh reboot - exit 0 - fi ;; UPDATE) /home/admin/99updateMenu.sh diff --git a/home.admin/50syncHDD.sh b/home.admin/50syncHDD.sh index e6f0f92ac..6e14b6fcd 100755 --- a/home.admin/50syncHDD.sh +++ b/home.admin/50syncHDD.sh @@ -32,16 +32,16 @@ if [ "$network" = "bitcoin" ]; then fi # ask if really sync behind TOR -if [ "${runBehindTor}" = "on" ]; then - whiptail --title ' Sync Blockchain from behind TOR? ' --yes-button='Public-Sync' --no-button='TOR-Sync' --yesno "You decided to run your node behind TOR and validate the blockchain with your RaspiBlitz - thats good. But downloading the complete blockchain thru TOR can add some extra time (maybe a day) to the process and adds a heavy load on the TOR network.\n -Your RaspiBlitz can just run the initial blockchain download with your public IP (Public-Sync) but keep your Lighting node safe behind TOR. -It would speed up the self-validation while not revealing your Lightning node identity. But for most privacy choose (TOR-Sync). - " 15 76 - if [ $? -eq 0 ]; then - # set flag to not run bitcoin behind TOR during IDB - echo "ibdBehindTor=off" >> /home/admin/raspiblitz.info - fi -fi +# if [ "${runBehindTor}" = "on" ]; then +# whiptail --title ' Sync Blockchain from behind TOR? ' --yes-button='Public-Sync' --no-button='TOR-Sync' --yesno "You decided to run your node behind TOR and validate the blockchain with your RaspiBlitz - thats good. But downloading the complete blockchain thru TOR can add some extra time (maybe a day) to the process and adds a heavy load on the TOR network.\n +#Your RaspiBlitz can just run the initial blockchain download with your public IP (Public-Sync) but keep your Lighting node safe behind TOR. +#It would speed up the self-validation while not revealing your Lightning node identity. But for most privacy choose (TOR-Sync). +# " 15 76 +# if [ $? -eq 0 ]; then +# # set flag to not run bitcoin behind TOR during IDB +# echo "ibdBehindTor=off" >> /home/admin/raspiblitz.info +# fi +#fi echo "**********************************" echo "Dont Trust, verify - starting sync" diff --git a/home.admin/99connectMenu.sh b/home.admin/99connectMenu.sh index 53b4160f8..7086386b5 100644 --- a/home.admin/99connectMenu.sh +++ b/home.admin/99connectMenu.sh @@ -51,7 +51,10 @@ case $CHOICE in ELECTRS) /home/admin/config.scripts/bonus.electrs.sh menu;; BTCPAY) - /home/admin/config.scripts/lnd.export.sh btcpay;; + /home/admin/config.scripts/lnd.export.sh btcpay + echo "Press ENTER to return to main menu." + read key + exit 0;; RESET) sudo /home/admin/config.scripts/lnd.credentials.sh reset echo "Press ENTER to return to main menu." diff --git a/home.admin/XXdebugLogs.sh b/home.admin/XXdebugLogs.sh index a64150b37..813a96eec 100755 --- a/home.admin/XXdebugLogs.sh +++ b/home.admin/XXdebugLogs.sh @@ -121,6 +121,16 @@ else echo "" fi +if [ "${lit}" = "off" ]; then + echo "- LIT is OFF by config" +else + echo "" + echo "*** LAST 20 LIT LOGS ***" + echo "sudo journalctl -u litd -b --no-pager -n20" + sudo journalctl -u litd -b --no-pager -n20 + echo "" +fi + if [ "${BTCPayServer}" = "off" ]; then echo "- BTCPayServer is OFF by config" else diff --git a/home.admin/_bootstrap.provision.sh b/home.admin/_bootstrap.provision.sh index dddfa20d0..b5e6efbb9 100755 --- a/home.admin/_bootstrap.provision.sh +++ b/home.admin/_bootstrap.provision.sh @@ -582,6 +582,15 @@ else echo "Provisioning Stacking Sats Kraken - keep default" >> ${logFile} fi +# lit (make sure to be installed after RTL) +if [ "${lit}" = "on" ]; then + echo "Provisioning LIT - run config script" >> ${logFile} + sudo sed -i "s/^message=.*/message='Setup LIT'/g" ${infoFile} + sudo -u admin /home/admin/config.scripts/bonus.lit.sh on >> ${logFile} 2>&1 +else + echo "Provisioning LIT - keep default" >> ${logFile} +fi + # pool if [ "${pool}" = "on" ]; then echo "Provisioning Pool - run config script" >> ${logFile} diff --git a/home.admin/assets/nginx/sites-available/mempool_.conf b/home.admin/assets/nginx/sites-available/mempool_.conf new file mode 100644 index 000000000..35ffec8e7 --- /dev/null +++ b/home.admin/assets/nginx/sites-available/mempool_.conf @@ -0,0 +1,11 @@ +## mempool_ssl.conf + +server { + listen 4080; + listen [::]:4080; + server_name _; + + include /etc/nginx/snippets/ssl-params.conf; + include /etc/nginx/snippets/ssl-certificate-app-data.conf; + include /etc/nginx/snippets/mempool.conf; +} diff --git a/home.admin/config.scripts/blitz.setpassword.sh b/home.admin/config.scripts/blitz.setpassword.sh index c57d54e85..9e7c6f14d 100755 --- a/home.admin/config.scripts/blitz.setpassword.sh +++ b/home.admin/config.scripts/blitz.setpassword.sh @@ -8,7 +8,6 @@ echo "blitz.setpassword.sh b [?newpassword] " echo "blitz.setpassword.sh c [?oldpassword] [?newpassword] " echo "or just as a password enter dialog (result as file)" echo "blitz.setpassword.sh [x] [text] [result-file] [?empty-allowed]" - echo "exits on 0 = needs reboot" exit 1 fi @@ -35,8 +34,10 @@ fi abcd=$1 # run interactive if no further parameters +reboot=0; OPTIONS=() if [ ${#abcd} -eq 0 ]; then + reboot=1; emptyAllowed=1 OPTIONS+=(A "Master User Password / SSH") OPTIONS+=(B "RPC Password (blockchain/lnd)") @@ -146,7 +147,6 @@ if [ "${abcd}" = "a" ]; then echo "" echo "OK - password A changed for user pi, root, admin & bitcoin" - exit 0 ############################ # PASSWORD B @@ -159,9 +159,9 @@ elif [ "${abcd}" = "b" ]; then clear # ask user for new password B (first time) - password1=$(whiptail --passwordbox "\nPlease enter your RPC Password B:\n(min 8chars, 1word, chars+number, no specials)" 10 52 "" --title "Password B" --backtitle "RaspiBlitz - Setup" 3>&1 1>&2 2>&3) + password1=$(whiptail --passwordbox "\nPlease enter your new Password B:\n(min 8chars, 1word, chars+number, no specials)" 10 52 "" --title "Password B" --backtitle "RaspiBlitz - Setup" 3>&1 1>&2 2>&3) if [ $? -eq 1 ]; then - if [ ${emptyAllowed} -eq 0 ]; then + if [ "${emptyAllowed}" == "0" ]; then echo "CANCEL not possible" sleep 2 else @@ -172,7 +172,7 @@ elif [ "${abcd}" = "b" ]; then # ask user for new password B (second time) password2=$(whiptail --passwordbox "\nRe-Enter Password B:\n" 10 52 "" --title "Password B" --backtitle "RaspiBlitz - Setup" 3>&1 1>&2 2>&3) if [ $? -eq 1 ]; then - if [ ${emptyAllowed} -eq 0 ]; then + if [ "${emptyAllowed}" == "0" ]; then echo "CANCEL not possible" sleep 2 else @@ -283,12 +283,18 @@ EOF # ThunderHub if [ "${thunderhub}" == "on" ]; then echo "# changing the password for ThunderHub" - sed -i "s/^masterPassword:.*/masterPassword: '${newPassword}'/g" /mnt/hdd/app-data/thunderhub/thubConfig.yaml + sudo sed -i "s/^masterPassword:.*/masterPassword: '${newPassword}'/g" /mnt/hdd/app-data/thunderhub/thubConfig.yaml + fi + + # LIT + if [ "${lit}" == "on" ]; then + echo "# changing the password for LIT" + sudo sed -i "s/^uipassword=.*/uipassword=${newPassword}/g" /mnt/hdd/app-data/.lit/lit.conf + sudo sed -i "s/^faraday.bitcoin.password=.*/faraday.bitcoin.password=${newPassword}/g" /mnt/hdd/app-data/.lit/lit.conf fi echo "# OK -> RPC Password B changed" echo "# Reboot is needed" - exit 0 ############################ # PASSWORD C @@ -381,7 +387,6 @@ elif [ "${abcd}" = "c" ]; then # final user output echo "" echo "OK" - exit 0 ############################ # PASSWORD X @@ -447,3 +452,11 @@ else echo "FAIL: there is no password '${abcd}' (reminder: use lower case)" exit 1 fi + +# when started with menu ... reboot when done +if [ "${reboot}" == "1" ]; then + echo "Now rebooting to activate changes ..." + sudo /home/admin/XXshutdown.sh reboot +else + echo "..." +fi diff --git a/home.admin/config.scripts/bonus.btc-rpc-explorer.sh b/home.admin/config.scripts/bonus.btc-rpc-explorer.sh index 41f38923f..1af94f7f3 100755 --- a/home.admin/config.scripts/bonus.btc-rpc-explorer.sh +++ b/home.admin/config.scripts/bonus.btc-rpc-explorer.sh @@ -39,9 +39,9 @@ This can take multiple hours. # TOR /home/admin/config.scripts/blitz.display.sh qr "${toraddress}" - whiptail --title " BTC-RPC-Explorer " --msgbox "Open in your local web browser & accept self-signed cert: -https://${localip}:3021\n -SHA1 Thumb/Fingerprint: + whiptail --title " BTC-RPC-Explorer " --msgbox "Open in your local web browser: +http://${localip}:3020\n +https://${localip}:3021 with Fingerprint: ${fingerprint}\n Login is 'admin' with your Password B\n Hidden Service address for TOR Browser (QR see LCD): @@ -51,9 +51,9 @@ ${toraddress} else # IP + Domain - whiptail --title " BTC-RPC-Explorer " --msgbox "Open in your local web browser & accept self-signed cert: -https://${localip}:3021\n -SHA1 Thumb/Fingerprint: + whiptail --title " BTC-RPC-Explorer " --msgbox "Open in your local web browser: +http://${localip}:3020\n +https://${localip}:3021 with Fingerprint: ${fingerprint}\n Login is 'admin' with your Password B\n Activate TOR to access the web block explorer from outside your local network. diff --git a/home.admin/config.scripts/bonus.btcpayserver.sh b/home.admin/config.scripts/bonus.btcpayserver.sh index 349d1f516..13b686d20 100755 --- a/home.admin/config.scripts/bonus.btcpayserver.sh +++ b/home.admin/config.scripts/bonus.btcpayserver.sh @@ -145,7 +145,7 @@ consider adding a IP2TOR Bridge: MAINMENU > SUBSCRIBE > IP2TOR" text="${text}\n To get the 'Connection String' to activate Lightning Payments: -MAINMENU > LNDCREDS > EXPORT > BTCPay Server" +MAINMENU > CONNECT > BTCPay Server" whiptail --title " BTCPay Server " --msgbox "${text}" 17 69 diff --git a/home.admin/config.scripts/bonus.lit.sh b/home.admin/config.scripts/bonus.lit.sh index f40b46336..d9620cc57 100644 --- a/home.admin/config.scripts/bonus.lit.sh +++ b/home.admin/config.scripts/bonus.lit.sh @@ -31,7 +31,7 @@ if [ "$1" = "menu" ]; then # get network info localip=$(ip addr | grep 'state UP' -A2 | egrep -v 'docker0' | grep 'eth0\|wlan0' | tail -n1 | awk '{print $2}' | cut -f1 -d'/') toraddress=$(sudo cat /mnt/hdd/tor/lit/hostname 2>/dev/null) - fingerprint=$(openssl x509 -in /home/lit/.lit/tls.cert -fingerprint -noout | cut -d"=" -f2) + fingerprint=$(sudo openssl x509 -in /home/lit/.lit/tls.cert -fingerprint -noout | cut -d"=" -f2) if [ "${runBehindTor}" = "on" ] && [ ${#toraddress} -gt 0 ]; then # Info with TOR diff --git a/home.admin/config.scripts/bonus.lnbits.sh b/home.admin/config.scripts/bonus.lnbits.sh index 9e205a4d3..1a686bc9c 100755 --- a/home.admin/config.scripts/bonus.lnbits.sh +++ b/home.admin/config.scripts/bonus.lnbits.sh @@ -33,7 +33,7 @@ if [ "$1" = "menu" ]; then fi fi - text="Local Webrowser: https://${localIP}:${httpsPort}" + text="Local Webrowser: http://${localIP}:${httpPort}" if [ ${#publicDomain} -gt 0 ]; then text="${text} @@ -41,8 +41,9 @@ Public Domain: https://${publicDomain}:${httpsPort} port forwarding on router needs to be active & may change port" fi - text="${text} -SHA1 ${sslFingerprintIP}" + text="${text}\n +https://${localIP}:${httpsPort} with Fingerprint +${sslFingerprintIP}" if [ "${runBehindTor}" = "on" ] && [ ${#toraddress} -gt 0 ]; then /home/admin/config.scripts/blitz.display.sh qr "${toraddress}" @@ -66,7 +67,7 @@ To enable easy reachability with normal browser from the outside consider adding a IP2TOR Bridge (MAINMENU > SUBSCRIBE)." fi - whiptail --title " LNbits " --msgbox "${text}" 15 69 + whiptail --title " LNbits " --msgbox "${text}" 16 69 /home/admin/config.scripts/blitz.display.sh hide echo "please wait ..." @@ -86,6 +87,7 @@ if [ "$1" = "status" ]; then localIP=$(ip addr | grep 'state UP' -A2 | egrep -v 'docker0|veth' | grep 'eth0\|wlan0\|enp0' | tail -n1 | awk '{print $2}' | cut -f1 -d'/') echo "localIP='${localIP}'" + echo "httpPort='5000'" echo "httpsPort='5001'" echo "publicIP='${publicIP}'" @@ -301,7 +303,8 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then # open firewall echo echo "*** Updating Firewall ***" - sudo ufw allow 5001 comment 'lnbits' + sudo ufw allow 5000 comment 'lnbits HTTP' + sudo ufw allow 5001 comment 'lnbits HTTPS' echo "" # install service diff --git a/home.admin/config.scripts/bonus.mempool.sh b/home.admin/config.scripts/bonus.mempool.sh index aa317eaff..6327b8549 100755 --- a/home.admin/config.scripts/bonus.mempool.sh +++ b/home.admin/config.scripts/bonus.mempool.sh @@ -40,9 +40,9 @@ This can take multiple hours. # TOR /home/admin/config.scripts/blitz.display.sh qr "${toraddress}" - whiptail --title " Mempool " --msgbox "Open in your local web browser & accept self-signed cert: -https://${localip}:4081\n -SHA1 Thumb/Fingerprint: + whiptail --title " Mempool " --msgbox "Open in your local web browser: +http://${localip}:4080\n +https://${localip}:4081 with Fingerprint: ${fingerprint}\n Hidden Service address for TOR Browser (QR see LCD): ${toraddress} @@ -51,9 +51,9 @@ ${toraddress} else # IP + Domain - whiptail --title " Mempool " --msgbox "Open in your local web browser & accept self-signed cert: -https://${localip}:4081\n -SHA1 Thumb/Fingerprint: + whiptail --title " Mempool " --msgbox "Open in your local web browser: +http://${localip}:4080\n +https://${localip}:4081 with Fingerprint: ${fingerprint}\n Activate TOR to access the web block explorer from outside your local network. " 16 54 @@ -213,6 +213,7 @@ EOF # open firewall echo "# *** Updating Firewall ***" + sudo ufw allow 4080 comment 'mempool HTTP' sudo ufw allow 4081 comment 'mempool HTTPS' echo "" @@ -223,10 +224,12 @@ EOF # setup nginx symlinks sudo cp /home/admin/assets/nginx/snippets/mempool.conf /etc/nginx/snippets/mempool.conf sudo cp /home/admin/assets/nginx/snippets/mempool-http.conf /etc/nginx/snippets/mempool-http.conf + sudo cp /home/admin/assets/nginx/sites-available/mempool_.conf /etc/nginx/sites-available/mempool_.conf sudo cp /home/admin/assets/nginx/sites-available/mempool_ssl.conf /etc/nginx/sites-available/mempool_ssl.conf sudo cp /home/admin/assets/nginx/sites-available/mempool_tor.conf /etc/nginx/sites-available/mempool_tor.conf sudo cp /home/admin/assets/nginx/sites-available/mempool_tor_ssl.conf /etc/nginx/sites-available/mempool_tor_ssl.conf + sudo ln -sf /etc/nginx/sites-available/mempool_.conf /etc/nginx/sites-enabled/ sudo ln -sf /etc/nginx/sites-available/mempool_ssl.conf /etc/nginx/sites-enabled/ sudo ln -sf /etc/nginx/sites-available/mempool_tor.conf /etc/nginx/sites-enabled/ sudo ln -sf /etc/nginx/sites-available/mempool_tor_ssl.conf /etc/nginx/sites-enabled/ @@ -306,9 +309,11 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then # remove nginx symlinks sudo rm -f /etc/nginx/snippets/mempool.conf sudo rm -f /etc/nginx/snippets/mempool-http.conf + sudo rm -f /etc/nginx/sites-enabled/mempool_.conf sudo rm -f /etc/nginx/sites-enabled/mempool_ssl.conf sudo rm -f /etc/nginx/sites-enabled/mempool_tor.conf sudo rm -f /etc/nginx/sites-enabled/mempool_tor_ssl.conf + sudo rm -f /etc/nginx/sites-available/mempool_.conf sudo rm -f /etc/nginx/sites-available/mempool_ssl.conf sudo rm -f /etc/nginx/sites-available/mempool_tor.conf sudo rm -f /etc/nginx/sites-available/mempool_tor_ssl.conf @@ -330,6 +335,7 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then fi # close ports on firewall + sudo ufw deny 4080 sudo ufw deny 4081 exit 0 fi diff --git a/home.admin/config.scripts/bonus.rtl.sh b/home.admin/config.scripts/bonus.rtl.sh index 96f5665fb..423565a53 100755 --- a/home.admin/config.scripts/bonus.rtl.sh +++ b/home.admin/config.scripts/bonus.rtl.sh @@ -29,9 +29,9 @@ if [ "$1" = "menu" ]; then if [ "${runBehindTor}" = "on" ] && [ ${#toraddress} -gt 0 ]; then # Info with TOR /home/admin/config.scripts/blitz.display.sh qr "${toraddress}" - whiptail --title " Ride The Lightning (RTL) " --msgbox "Open in your local web browser & accept self-signed cert: -https://${localip}:3001\n -SHA1 Thumb/Fingerprint: + whiptail --title " Ride The Lightning (RTL) " --msgbox "Open in your local web browser: +http://${localip}:3000\n +https://${localip}:3001 with Fingerprint: ${fingerprint}\n Use your Password B to login.\n Hidden Service address for TOR Browser (QRcode on LCD):\n${toraddress} @@ -40,8 +40,8 @@ Hidden Service address for TOR Browser (QRcode on LCD):\n${toraddress} else # Info without TOR whiptail --title " Ride The Lightning (RTL) " --msgbox "Open in your local web browser & accept self-signed cert: -https://${localip}:3001\n -SHA1 Thumb/Fingerprint: +http://${localip}:3000\n +https://${localip}:3001 with Fingerprint: ${fingerprint}\n Use your Password B to login.\n Activate TOR to access the web interface from outside your local network. diff --git a/home.admin/config.scripts/bonus.thunderhub.sh b/home.admin/config.scripts/bonus.thunderhub.sh index a9cd6d6d8..010ac2651 100755 --- a/home.admin/config.scripts/bonus.thunderhub.sh +++ b/home.admin/config.scripts/bonus.thunderhub.sh @@ -30,9 +30,9 @@ if [ "$1" = "menu" ]; then if [ "${runBehindTor}" = "on" ] && [ ${#toraddress} -gt 0 ]; then # Info with TOR /home/admin/config.scripts/blitz.display.sh qr "${toraddress}" - whiptail --title " ThunderHub " --msgbox "Open in your local web browser & accept self-signed cert: -https://${localip}:3011\n -SHA1 Thumb/Fingerprint: + whiptail --title " ThunderHub " --msgbox "Open in your local web browser: +http://${localip}:3010\n +https://${localip}:3011 with Fingerprint: ${fingerprint}\n Use your Password B to login.\n Hidden Service address for TOR Browser (see LCD for QR):\n${toraddress} @@ -41,8 +41,8 @@ Hidden Service address for TOR Browser (see LCD for QR):\n${toraddress} else # Info without TOR whiptail --title " ThunderHub " --msgbox "Open in your local web browser & accept self-signed cert: -https://${localip}:3011\n -SHA1 Thumb/Fingerprint: +http://${localip}:3010\n +https://${localip}:3011 with Fingerprint: ${fingerprint}\n Use your Password B to login.\n Activate TOR to access the web interface from outside your local network.