forked from ss/sovereign-stack
Moved pay.domain.tld to proxy btcpay on bridge.
This commit is contained in:
parent
207d88e90b
commit
a1d3ff6465
@ -35,16 +35,12 @@ fi
|
|||||||
|
|
||||||
cd btcpayserver-docker
|
cd btcpayserver-docker
|
||||||
|
|
||||||
export BTCPAY_HOST="${FQDN}"
|
export BTCPAY_HOST="${BTCPAY_USER_FQDN}"
|
||||||
export NBITCOIN_NETWORK="${BTC_CHAIN}"
|
export NBITCOIN_NETWORK="${BTC_CHAIN}"
|
||||||
export LIGHTNING_ALIAS="${DOMAIN_NAME}"
|
export LIGHTNING_ALIAS="${DOMAIN_NAME}"
|
||||||
export LETSENCRYPT_EMAIL="${CERTIFICATE_EMAIL_ADDRESS}"
|
|
||||||
export BTCPAYGEN_LIGHTNING="clightning"
|
export BTCPAYGEN_LIGHTNING="clightning"
|
||||||
export BTCPAYGEN_CRYPTO1="btc"
|
export BTCPAYGEN_CRYPTO1="btc"
|
||||||
|
|
||||||
export BTCPAYGEN_ADDITIONAL_FRAGMENTS="opt-save-storage;opt-add-btctransmuter;opt-add-nostr-relay;"
|
export BTCPAYGEN_ADDITIONAL_FRAGMENTS="opt-save-storage;opt-add-btctransmuter;opt-add-nostr-relay;"
|
||||||
|
|
||||||
export BTCPAY_ADDITIONAL_HOSTS="${BTCPAY_ADDITIONAL_HOSTNAMES}"
|
|
||||||
export BTCPAYGEN_REVERSEPROXY="nginx"
|
export BTCPAYGEN_REVERSEPROXY="nginx"
|
||||||
export BTCPAY_ENABLE_SSH=false
|
export BTCPAY_ENABLE_SSH=false
|
||||||
export BTCPAY_BASE_DIRECTORY=${REMOTE_HOME}
|
export BTCPAY_BASE_DIRECTORY=${REMOTE_HOME}
|
||||||
@ -54,6 +50,12 @@ EOL
|
|||||||
if [ "$VPS_HOSTING_TARGET" = lxd ]; then
|
if [ "$VPS_HOSTING_TARGET" = lxd ]; then
|
||||||
cat >> "$SITE_PATH/btcpay.sh" <<EOL
|
cat >> "$SITE_PATH/btcpay.sh" <<EOL
|
||||||
export BTCPAYGEN_EXCLUDE_FRAGMENTS="nginx-https"
|
export BTCPAYGEN_EXCLUDE_FRAGMENTS="nginx-https"
|
||||||
|
export REVERSEPROXY_DEFAULT_HOST="$BTCPAY_USER_FQDN"
|
||||||
|
EOL
|
||||||
|
elif [ "$VPS_HOSTING_TARGET" = aws ]; then
|
||||||
|
cat >> "$SITE_PATH/btcpay.sh" <<EOL
|
||||||
|
export BTCPAY_ADDITIONAL_HOSTS="${BTCPAY_ADDITIONAL_HOSTNAMES}"
|
||||||
|
export LETSENCRYPT_EMAIL="${CERTIFICATE_EMAIL_ADDRESS}"
|
||||||
EOL
|
EOL
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
set -eux
|
set -eux
|
||||||
|
|
||||||
VIRTUAL_MACHINE="$1"
|
LXD_HOSTNAME="$1"
|
||||||
|
|
||||||
# generate the custom cloud-init file. Cloud init installs and configures sshd
|
# generate the custom cloud-init file. Cloud init installs and configures sshd
|
||||||
SSH_AUTHORIZED_KEY=$(<"$SSH_HOME/id_rsa.pub")
|
SSH_AUTHORIZED_KEY=$(<"$SSH_HOME/id_rsa.pub")
|
||||||
@ -10,7 +10,7 @@ eval "$(ssh-agent -s)"
|
|||||||
ssh-add "$SSH_HOME/id_rsa"
|
ssh-add "$SSH_HOME/id_rsa"
|
||||||
export SSH_AUTHORIZED_KEY="$SSH_AUTHORIZED_KEY"
|
export SSH_AUTHORIZED_KEY="$SSH_AUTHORIZED_KEY"
|
||||||
|
|
||||||
export FILENAME="$VIRTUAL_MACHINE.yml"
|
export FILENAME="$LXD_HOSTNAME.yml"
|
||||||
mkdir -p "$CLUSTER_PATH/cloud-init"
|
mkdir -p "$CLUSTER_PATH/cloud-init"
|
||||||
YAML_PATH="$CLUSTER_PATH/cloud-init/$FILENAME"
|
YAML_PATH="$CLUSTER_PATH/cloud-init/$FILENAME"
|
||||||
|
|
||||||
@ -23,7 +23,7 @@ config:
|
|||||||
EOF
|
EOF
|
||||||
|
|
||||||
# if VIRTUAL_MACHINE=sovereign-stack then we are building the base image.
|
# if VIRTUAL_MACHINE=sovereign-stack then we are building the base image.
|
||||||
if [ "$VIRTUAL_MACHINE" = "sovereign-stack" ]; then
|
if [ "$LXD_HOSTNAME" = "sovereign-stack" ]; then
|
||||||
# this is for the base image only...
|
# this is for the base image only...
|
||||||
cat >> "$YAML_PATH" <<EOF
|
cat >> "$YAML_PATH" <<EOF
|
||||||
user.vendor-data: |
|
user.vendor-data: |
|
||||||
@ -259,9 +259,9 @@ EOF
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# let's create a profile for the BCM TYPE-1 VMs. This is per VM.
|
# let's create a profile for the BCM TYPE-1 VMs. This is per VM.
|
||||||
if ! lxc profile list --format csv | grep -q "$VIRTUAL_MACHINE"; then
|
if ! lxc profile list --format csv | grep -q "$LXD_HOSTNAME"; then
|
||||||
lxc profile create "$VIRTUAL_MACHINE"
|
lxc profile create "$LXD_HOSTNAME"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# configure the profile with our generated cloud-init.yml file.
|
# configure the profile with our generated cloud-init.yml file.
|
||||||
cat "$YAML_PATH" | lxc profile edit "$VIRTUAL_MACHINE"
|
cat "$YAML_PATH" | lxc profile edit "$LXD_HOSTNAME"
|
||||||
|
@ -27,6 +27,6 @@ elif [ "$VPS_HOSTING_TARGET" = lxd ]; then
|
|||||||
-v "$REMOTE_HOME/letsencrypt":/etc/letsencrypt \
|
-v "$REMOTE_HOME/letsencrypt":/etc/letsencrypt \
|
||||||
-v /var/lib/letsencrypt:/var/lib/letsencrypt \
|
-v /var/lib/letsencrypt:/var/lib/letsencrypt \
|
||||||
-v "$REMOTE_HOME/letsencrypt_logs":/var/log/letsencrypt \
|
-v "$REMOTE_HOME/letsencrypt_logs":/var/log/letsencrypt \
|
||||||
certbot/certbot certonly -v --noninteractive --agree-tos --key-type ecdsa --standalone --expand -d "$DOMAIN_NAME" -d "$FQDN" -d "$BTCPAY_USER_FQDN" -d "$NEXTCLOUD_FQDN" -d "$GITEA_FQDN" -d "$NOSTR_FQDN" --email "$CERTIFICATE_EMAIL_ADDRESS"
|
certbot/certbot certonly -v --noninteractive --agree-tos --key-type ecdsa --standalone --expand -d "$DOMAIN_NAME" -d "$WWW_FQDN" -d "$BTCPAY_USER_FQDN" -d "$NEXTCLOUD_FQDN" -d "$GITEA_FQDN" -d "$NOSTR_FQDN" --email "$CERTIFICATE_EMAIL_ADDRESS"
|
||||||
|
|
||||||
fi
|
fi
|
||||||
|
@ -22,9 +22,25 @@ events {
|
|||||||
|
|
||||||
http {
|
http {
|
||||||
client_max_body_size 100m;
|
client_max_body_size 100m;
|
||||||
server_names_hash_bucket_size 128;
|
|
||||||
server_tokens off;
|
server_tokens off;
|
||||||
|
|
||||||
|
# next two sets commands and connection_upgrade block come from https://docs.btcpayserver.org/FAQ/Deployment/#can-i-use-an-existing-nginx-server-as-a-reverse-proxy-with-ssl-termination
|
||||||
|
# Needed to allow very long URLs to prevent issues while signing PSBTs
|
||||||
|
server_names_hash_bucket_size 128;
|
||||||
|
proxy_buffer_size 128k;
|
||||||
|
proxy_buffers 4 256k;
|
||||||
|
proxy_busy_buffers_size 256k;
|
||||||
|
client_header_buffer_size 500k;
|
||||||
|
large_client_header_buffers 4 500k;
|
||||||
|
http2_max_field_size 500k;
|
||||||
|
http2_max_header_size 500k;
|
||||||
|
|
||||||
|
# Needed websocket support (used by Ledger hardware wallets)
|
||||||
|
map \$http_upgrade \$connection_upgrade {
|
||||||
|
default upgrade;
|
||||||
|
'' close;
|
||||||
|
}
|
||||||
|
|
||||||
# this server block returns a 403 for all non-explicit host requests.
|
# this server block returns a 403 for all non-explicit host requests.
|
||||||
#server {
|
#server {
|
||||||
# listen 80 default_server;
|
# listen 80 default_server;
|
||||||
@ -89,6 +105,25 @@ cat >>"$NGINX_CONF_PATH" <<EOL
|
|||||||
EOL
|
EOL
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# REDIRECT FOR BTCPAY_USER_FQDN
|
||||||
|
if [ "$VPS_HOSTING_TARGET" = lxd ]; then
|
||||||
|
# gitea http to https redirect.
|
||||||
|
if [ "$DEPLOY_BTCPAY_SERVER" = true ]; then
|
||||||
|
|
||||||
|
cat >>"$NGINX_CONF_PATH" <<EOL
|
||||||
|
# http://${BTCPAY_USER_FQDN} redirect to https://${BTCPAY_USER_FQDN}
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
listen [::]:80;
|
||||||
|
server_name ${BTCPAY_USER_FQDN};
|
||||||
|
return 301 https://${BTCPAY_USER_FQDN}\$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
EOL
|
||||||
|
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
# TLS config for ghost.
|
# TLS config for ghost.
|
||||||
cat >>"$NGINX_CONF_PATH" <<EOL
|
cat >>"$NGINX_CONF_PATH" <<EOL
|
||||||
# global TLS settings
|
# global TLS settings
|
||||||
@ -163,6 +198,49 @@ cat >>"$NGINX_CONF_PATH" <<EOL
|
|||||||
EOL
|
EOL
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# SERVER block for BTCPAY Server
|
||||||
|
if [ "$VPS_HOSTING_TARGET" = lxd ]; then
|
||||||
|
# gitea http to https redirect.
|
||||||
|
if [ "$DEPLOY_BTCPAY_SERVER" = true ]; then
|
||||||
|
|
||||||
|
cat >>"$NGINX_CONF_PATH" <<EOL
|
||||||
|
# http://${BTCPAY_USER_FQDN} redirect to https://${BTCPAY_USER_FQDN}
|
||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
ssl on;
|
||||||
|
server_name ${BTCPAY_USER_FQDN};
|
||||||
|
|
||||||
|
# Route everything to the real BTCPay server
|
||||||
|
location / {
|
||||||
|
# URL of BTCPay Server
|
||||||
|
proxy_pass http://10.139.144.10:80;
|
||||||
|
proxy_set_header Host \$http_host;
|
||||||
|
proxy_set_header X-Forwarded-Proto \$scheme;
|
||||||
|
proxy_set_header X-Real-IP \$remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
||||||
|
|
||||||
|
# For websockets (used by Ledger hardware wallets)
|
||||||
|
proxy_set_header Upgrade \$http_upgrade;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
EOL
|
||||||
|
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# the open server block for the HTTPS listener
|
# the open server block for the HTTPS listener
|
||||||
cat >>"$NGINX_CONF_PATH" <<EOL
|
cat >>"$NGINX_CONF_PATH" <<EOL
|
||||||
server {
|
server {
|
||||||
|
@ -24,6 +24,7 @@ fi
|
|||||||
|
|
||||||
# TODO, ensure VPS_HOSTING_TARGET is in range.
|
# TODO, ensure VPS_HOSTING_TARGET is in range.
|
||||||
export NEXTCLOUD_FQDN="$NEXTCLOUD_HOSTNAME.$DOMAIN_NAME"
|
export NEXTCLOUD_FQDN="$NEXTCLOUD_HOSTNAME.$DOMAIN_NAME"
|
||||||
|
export BTCPAY_FQDN="$BTCPAY_HOSTNAME.$DOMAIN_NAME"
|
||||||
export BTCPAY_USER_FQDN="$BTCPAY_HOSTNAME_IN_CERT.$DOMAIN_NAME"
|
export BTCPAY_USER_FQDN="$BTCPAY_HOSTNAME_IN_CERT.$DOMAIN_NAME"
|
||||||
export WWW_FQDN="$WWW_HOSTNAME.$DOMAIN_NAME"
|
export WWW_FQDN="$WWW_HOSTNAME.$DOMAIN_NAME"
|
||||||
export GITEA_FQDN="$GITEA_HOSTNAME.$DOMAIN_NAME"
|
export GITEA_FQDN="$GITEA_HOSTNAME.$DOMAIN_NAME"
|
||||||
|
Loading…
Reference in New Issue
Block a user