forked from ss/sovereign-stack
Moved pay.domain.tld to proxy btcpay on bridge.
This commit is contained in:
parent
207d88e90b
commit
a1d3ff6465
GPG Key ID:
8F1CD799CCA516CC
@ -35,16 +35,12 @@ fi
|
||||
|
||||
cd btcpayserver-docker
|
||||
|
||||
export BTCPAY_HOST="${FQDN}"
|
||||
export BTCPAY_HOST="${BTCPAY_USER_FQDN}"
|
||||
export NBITCOIN_NETWORK="${BTC_CHAIN}"
|
||||
export LIGHTNING_ALIAS="${DOMAIN_NAME}"
|
||||
export LETSENCRYPT_EMAIL="${CERTIFICATE_EMAIL_ADDRESS}"
|
||||
export BTCPAYGEN_LIGHTNING="clightning"
|
||||
export BTCPAYGEN_CRYPTO1="btc"
|
||||
|
||||
export BTCPAYGEN_ADDITIONAL_FRAGMENTS="opt-save-storage;opt-add-btctransmuter;opt-add-nostr-relay;"
|
||||
|
||||
export BTCPAY_ADDITIONAL_HOSTS="${BTCPAY_ADDITIONAL_HOSTNAMES}"
|
||||
export BTCPAYGEN_REVERSEPROXY="nginx"
|
||||
export BTCPAY_ENABLE_SSH=false
|
||||
export BTCPAY_BASE_DIRECTORY=${REMOTE_HOME}
|
||||
@ -54,6 +50,12 @@ EOL
|
||||
if [ "$VPS_HOSTING_TARGET" = lxd ]; then
|
||||
cat >> "$SITE_PATH/btcpay.sh" <<EOL
|
||||
export BTCPAYGEN_EXCLUDE_FRAGMENTS="nginx-https"
|
||||
export REVERSEPROXY_DEFAULT_HOST="$BTCPAY_USER_FQDN"
|
||||
EOL
|
||||
elif [ "$VPS_HOSTING_TARGET" = aws ]; then
|
||||
cat >> "$SITE_PATH/btcpay.sh" <<EOL
|
||||
export BTCPAY_ADDITIONAL_HOSTS="${BTCPAY_ADDITIONAL_HOSTNAMES}"
|
||||
export LETSENCRYPT_EMAIL="${CERTIFICATE_EMAIL_ADDRESS}"
|
||||
EOL
|
||||
fi
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
|
||||
set -eux
|
||||
|
||||
VIRTUAL_MACHINE="$1"
|
||||
LXD_HOSTNAME="$1"
|
||||
|
||||
# generate the custom cloud-init file. Cloud init installs and configures sshd
|
||||
SSH_AUTHORIZED_KEY=$(<"$SSH_HOME/id_rsa.pub")
|
||||
@ -10,7 +10,7 @@ eval "$(ssh-agent -s)"
|
||||
ssh-add "$SSH_HOME/id_rsa"
|
||||
export SSH_AUTHORIZED_KEY="$SSH_AUTHORIZED_KEY"
|
||||
|
||||
export FILENAME="$VIRTUAL_MACHINE.yml"
|
||||
export FILENAME="$LXD_HOSTNAME.yml"
|
||||
mkdir -p "$CLUSTER_PATH/cloud-init"
|
||||
YAML_PATH="$CLUSTER_PATH/cloud-init/$FILENAME"
|
||||
|
||||
@ -23,7 +23,7 @@ config:
|
||||
EOF
|
||||
|
||||
# if VIRTUAL_MACHINE=sovereign-stack then we are building the base image.
|
||||
if [ "$VIRTUAL_MACHINE" = "sovereign-stack" ]; then
|
||||
if [ "$LXD_HOSTNAME" = "sovereign-stack" ]; then
|
||||
# this is for the base image only...
|
||||
cat >> "$YAML_PATH" <<EOF
|
||||
user.vendor-data: |
|
||||
@ -259,9 +259,9 @@ EOF
|
||||
fi
|
||||
|
||||
# let's create a profile for the BCM TYPE-1 VMs. This is per VM.
|
||||
if ! lxc profile list --format csv | grep -q "$VIRTUAL_MACHINE"; then
|
||||
lxc profile create "$VIRTUAL_MACHINE"
|
||||
if ! lxc profile list --format csv | grep -q "$LXD_HOSTNAME"; then
|
||||
lxc profile create "$LXD_HOSTNAME"
|
||||
fi
|
||||
|
||||
# configure the profile with our generated cloud-init.yml file.
|
||||
cat "$YAML_PATH" | lxc profile edit "$VIRTUAL_MACHINE"
|
||||
cat "$YAML_PATH" | lxc profile edit "$LXD_HOSTNAME"
|
||||
|
||||
@ -27,6 +27,6 @@ elif [ "$VPS_HOSTING_TARGET" = lxd ]; then
|
||||
-v "$REMOTE_HOME/letsencrypt":/etc/letsencrypt \
|
||||
-v /var/lib/letsencrypt:/var/lib/letsencrypt \
|
||||
-v "$REMOTE_HOME/letsencrypt_logs":/var/log/letsencrypt \
|
||||
certbot/certbot certonly -v --noninteractive --agree-tos --key-type ecdsa --standalone --expand -d "$DOMAIN_NAME" -d "$FQDN" -d "$BTCPAY_USER_FQDN" -d "$NEXTCLOUD_FQDN" -d "$GITEA_FQDN" -d "$NOSTR_FQDN" --email "$CERTIFICATE_EMAIL_ADDRESS"
|
||||
certbot/certbot certonly -v --noninteractive --agree-tos --key-type ecdsa --standalone --expand -d "$DOMAIN_NAME" -d "$WWW_FQDN" -d "$BTCPAY_USER_FQDN" -d "$NEXTCLOUD_FQDN" -d "$GITEA_FQDN" -d "$NOSTR_FQDN" --email "$CERTIFICATE_EMAIL_ADDRESS"
|
||||
|
||||
fi
|
||||
|
||||
@ -22,9 +22,25 @@ events {
|
||||
|
||||
http {
|
||||
client_max_body_size 100m;
|
||||
server_names_hash_bucket_size 128;
|
||||
server_tokens off;
|
||||
|
||||
# next two sets commands and connection_upgrade block come from https://docs.btcpayserver.org/FAQ/Deployment/#can-i-use-an-existing-nginx-server-as-a-reverse-proxy-with-ssl-termination
|
||||
# Needed to allow very long URLs to prevent issues while signing PSBTs
|
||||
server_names_hash_bucket_size 128;
|
||||
proxy_buffer_size 128k;
|
||||
proxy_buffers 4 256k;
|
||||
proxy_busy_buffers_size 256k;
|
||||
client_header_buffer_size 500k;
|
||||
large_client_header_buffers 4 500k;
|
||||
http2_max_field_size 500k;
|
||||
http2_max_header_size 500k;
|
||||
|
||||
# Needed websocket support (used by Ledger hardware wallets)
|
||||
map \$http_upgrade \$connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
|
||||
# this server block returns a 403 for all non-explicit host requests.
|
||||
#server {
|
||||
# listen 80 default_server;
|
||||
@ -89,6 +105,25 @@ cat >>"$NGINX_CONF_PATH" <<EOL
|
||||
EOL
|
||||
fi
|
||||
|
||||
# REDIRECT FOR BTCPAY_USER_FQDN
|
||||
if [ "$VPS_HOSTING_TARGET" = lxd ]; then
|
||||
# gitea http to https redirect.
|
||||
if [ "$DEPLOY_BTCPAY_SERVER" = true ]; then
|
||||
|
||||
cat >>"$NGINX_CONF_PATH" <<EOL
|
||||
# http://${BTCPAY_USER_FQDN} redirect to https://${BTCPAY_USER_FQDN}
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name ${BTCPAY_USER_FQDN};
|
||||
return 301 https://${BTCPAY_USER_FQDN}\$request_uri;
|
||||
}
|
||||
|
||||
EOL
|
||||
|
||||
fi
|
||||
fi
|
||||
|
||||
# TLS config for ghost.
|
||||
cat >>"$NGINX_CONF_PATH" <<EOL
|
||||
# global TLS settings
|
||||
@ -163,6 +198,49 @@ cat >>"$NGINX_CONF_PATH" <<EOL
|
||||
EOL
|
||||
fi
|
||||
|
||||
|
||||
|
||||
# SERVER block for BTCPAY Server
|
||||
if [ "$VPS_HOSTING_TARGET" = lxd ]; then
|
||||
# gitea http to https redirect.
|
||||
if [ "$DEPLOY_BTCPAY_SERVER" = true ]; then
|
||||
|
||||
cat >>"$NGINX_CONF_PATH" <<EOL
|
||||
# http://${BTCPAY_USER_FQDN} redirect to https://${BTCPAY_USER_FQDN}
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
ssl on;
|
||||
server_name ${BTCPAY_USER_FQDN};
|
||||
|
||||
# Route everything to the real BTCPay server
|
||||
location / {
|
||||
# URL of BTCPay Server
|
||||
proxy_pass http://10.139.144.10:80;
|
||||
proxy_set_header Host \$http_host;
|
||||
proxy_set_header X-Forwarded-Proto \$scheme;
|
||||
proxy_set_header X-Real-IP \$remote_addr;
|
||||
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
||||
|
||||
# For websockets (used by Ledger hardware wallets)
|
||||
proxy_set_header Upgrade \$http_upgrade;
|
||||
}
|
||||
}
|
||||
|
||||
EOL
|
||||
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
# the open server block for the HTTPS listener
|
||||
cat >>"$NGINX_CONF_PATH" <<EOL
|
||||
server {
|
||||
|
||||
@ -24,6 +24,7 @@ fi
|
||||
|
||||
# TODO, ensure VPS_HOSTING_TARGET is in range.
|
||||
export NEXTCLOUD_FQDN="$NEXTCLOUD_HOSTNAME.$DOMAIN_NAME"
|
||||
export BTCPAY_FQDN="$BTCPAY_HOSTNAME.$DOMAIN_NAME"
|
||||
export BTCPAY_USER_FQDN="$BTCPAY_HOSTNAME_IN_CERT.$DOMAIN_NAME"
|
||||
export WWW_FQDN="$WWW_HOSTNAME.$DOMAIN_NAME"
|
||||
export GITEA_FQDN="$GITEA_HOSTNAME.$DOMAIN_NAME"
|
||||
|
||||
Loading…
Reference in New Issue
Block a user