2020-05-17 13:43:52 +01:00
|
|
|
#!/usr/bin/env bash
|
|
|
|
|
|
|
|
|
|
source /mnt/hdd/raspiblitz.conf
|
|
|
|
|
|
|
|
|
|
# command info
|
|
|
|
|
if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] || [ "$1" = "-help" ]; then
|
|
|
|
|
echo "the RaspiBlitz Web Interface(s)"
|
2020-05-20 20:53:05 +01:00
|
|
|
echo "blitz.web.sh on"
|
|
|
|
|
echo "blitz.web.sh off"
|
|
|
|
|
echo "blitz.web.sh listen localhost"
|
|
|
|
|
echo "blitz.web.sh listen any"
|
2020-05-17 13:43:52 +01:00
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# using ${APOST} is a workaround to be able to use sed with '
|
2020-05-17 20:34:42 +01:00
|
|
|
APOST=\' # close tag for linters: '
|
2020-05-17 13:43:52 +01:00
|
|
|
|
|
|
|
|
|
2020-05-20 20:53:05 +01:00
|
|
|
###################
|
|
|
|
|
# FUNCTIONS
|
|
|
|
|
###################
|
|
|
|
|
function set_nginx_blitzweb_listen() {
|
|
|
|
|
# first parameter to function should be either "localhost" or "any"
|
|
|
|
|
listen_to=${1}
|
|
|
|
|
|
|
|
|
|
if [ -f "/etc/nginx/sites-available/blitzweb.conf" ]; then
|
|
|
|
|
if ! grep -Eq '^\s*#?\s*listen 127.0.0.1:443 ssl default_server;$' /etc/nginx/sites-available/blitzweb.conf; then
|
|
|
|
|
echo "Error: missing expected line for: lo:v4 https"
|
|
|
|
|
exit 1
|
|
|
|
|
else
|
|
|
|
|
if grep -Eq '^\s*#\s*listen 127.0.0.1:443 ssl default_server;$' /etc/nginx/sites-available/blitzweb.conf; then
|
|
|
|
|
#echo "found: lo:v4 https (disabled line)"
|
|
|
|
|
if [ ${listen_to} = "localhost" ]; then
|
|
|
|
|
sudo sed -i -E 's/#\s*(listen 127.0.0.1:443 ssl default_server;)/\1/g' /etc/nginx/sites-available/blitzweb.conf
|
|
|
|
|
fi
|
|
|
|
|
else
|
|
|
|
|
#echo "found: lo:v4 https (enabled line)"
|
|
|
|
|
if [ ${listen_to} = "any" ]; then
|
|
|
|
|
sudo sed -i -E 's/(listen 127.0.0.1:443 ssl default_server;)/#\1/g' /etc/nginx/sites-available/blitzweb.conf
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if ! grep -Eq '^\s*#?\s*listen \[::1\]:443 ssl default_server;$' /etc/nginx/sites-available/blitzweb.conf; then
|
|
|
|
|
echo "Error: missing expected line for: lo:v6 https"
|
|
|
|
|
exit 1
|
|
|
|
|
else
|
|
|
|
|
if grep -Eq '^\s*#\s*listen \[::1\]:443 ssl default_server;$' /etc/nginx/sites-available/blitzweb.conf; then
|
|
|
|
|
#echo "found: lo:v6 https (disabled line)"
|
|
|
|
|
if [ ${listen_to} = "localhost" ]; then
|
|
|
|
|
sudo sed -i -E 's/#\s*(listen \[::1\]:443 ssl default_server;)/\1/g' /etc/nginx/sites-available/blitzweb.conf
|
|
|
|
|
fi
|
|
|
|
|
else
|
|
|
|
|
#echo "found: lo:v6 https (enabled line)"
|
|
|
|
|
if [ ${listen_to} = "any" ]; then
|
|
|
|
|
sudo sed -i -E 's/(listen \[::1\]:443 ssl default_server;)/#\1/g' /etc/nginx/sites-available/blitzweb.conf
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if ! grep -Eq '^\s*#?\s*listen 443 ssl default_server;$' /etc/nginx/sites-available/blitzweb.conf; then
|
|
|
|
|
echo "Error: missing expected line for: any:v4 https"
|
|
|
|
|
exit 1
|
|
|
|
|
else
|
|
|
|
|
if grep -Eq '^\s*#\s*listen 443 ssl default_server;$' /etc/nginx/sites-available/blitzweb.conf; then
|
|
|
|
|
#echo "found: any:v4 https (disabled line)"
|
|
|
|
|
if [ ${listen_to} = "any" ]; then
|
|
|
|
|
sudo sed -i -E 's/#\s*(listen 443 ssl default_server;)/\1/g' /etc/nginx/sites-available/blitzweb.conf
|
|
|
|
|
fi
|
|
|
|
|
else
|
|
|
|
|
#echo "found: any:v4 https (enabled line)"
|
|
|
|
|
if [ ${listen_to} = "localhost" ]; then
|
|
|
|
|
sudo sed -i -E 's/(listen 443 ssl default_server;)/#\1/g' /etc/nginx/sites-available/blitzweb.conf
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if ! grep -Eq '^\s*#?\s*listen \[::\]:443 ssl default_server;$' /etc/nginx/sites-available/blitzweb.conf; then
|
|
|
|
|
echo "Error: missing expected line for: any:v6 https"
|
|
|
|
|
exit 1
|
|
|
|
|
else
|
|
|
|
|
if grep -Eq '^\s*#\s*listen \[::\]:443 ssl default_server;$' /etc/nginx/sites-available/blitzweb.conf; then
|
|
|
|
|
#echo "found: any:v6 https (disabled line)"
|
|
|
|
|
if [ ${listen_to} = "any" ]; then
|
|
|
|
|
sudo sed -i -E 's/#\s*(listen \[::\]:443 ssl default_server;)/\1/g' /etc/nginx/sites-available/blitzweb.conf
|
|
|
|
|
fi
|
|
|
|
|
else
|
|
|
|
|
#echo "found: any:v6 https (enabled line)"
|
|
|
|
|
if [ ${listen_to} = "localhost" ]; then
|
|
|
|
|
sudo sed -i -E 's/(listen \[::\]:443 ssl default_server;)/#\1/g' /etc/nginx/sites-available/blitzweb.conf
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2020-05-17 13:43:52 +01:00
|
|
|
###################
|
|
|
|
|
# SWITCH ON
|
|
|
|
|
###################
|
|
|
|
|
if [ "$1" = "1" ] || [ "$1" = "on" ]; then
|
|
|
|
|
|
2020-05-18 20:07:22 +01:00
|
|
|
echo "Turning ON: Web"
|
2020-05-17 13:43:52 +01:00
|
|
|
|
|
|
|
|
# install
|
|
|
|
|
sudo apt-get update >/dev/null
|
2020-05-18 20:07:22 +01:00
|
|
|
sudo apt-get install -y nginx apache2-utils >/dev/null
|
2020-05-17 13:43:52 +01:00
|
|
|
|
2020-05-17 14:04:25 +01:00
|
|
|
# make sure that it is enabled and started
|
2020-05-17 13:43:52 +01:00
|
|
|
sudo systemctl enable nginx >/dev/null
|
|
|
|
|
sudo systemctl start nginx
|
|
|
|
|
|
2020-05-23 22:17:00 +01:00
|
|
|
# general nginx settings
|
|
|
|
|
if ! grep -Eq '^\s*server_names_hash_bucket_size.*$' /etc/nginx/nginx.conf; then
|
|
|
|
|
# ToDo(frennkie) verify this
|
|
|
|
|
sudo sed -i -E '/^.*server_names_hash_bucket_size [0-9]*;$/a \tserver_names_hash_bucket_size 128;' /etc/nginx/nginx.conf
|
|
|
|
|
fi
|
|
|
|
|
|
2020-05-23 22:43:31 +01:00
|
|
|
if [ -f /etc/ssl/certs/dhparam.pem ]; then
|
|
|
|
|
#can take 5-10+ minutes on a Raspberry Pi 3
|
|
|
|
|
echo "Running \"sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048\" next."
|
|
|
|
|
echo "This can take 5-10 minutes on a Raspberry Pi 3 - please be patient!"
|
|
|
|
|
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
|
|
|
|
|
fi
|
|
|
|
|
|
2020-05-23 22:17:00 +01:00
|
|
|
sudo cp /home/admin/assets/nginx/snippets/* /etc/nginx/snippets/
|
|
|
|
|
|
2020-05-17 13:43:52 +01:00
|
|
|
### Welcome Server on HTTP Port 80
|
|
|
|
|
sudo rm -f /etc/nginx/sites-enabled/default
|
|
|
|
|
sudo rm -f /var/www/html/index.nginx-debian.html
|
|
|
|
|
|
2020-05-24 09:43:51 +01:00
|
|
|
if ! [ -f /etc/nginx/sites-available/public.conf ]; then
|
|
|
|
|
sudo cp /home/admin/assets/nginx/sites-available/public.conf /etc/nginx/sites-available/public.conf
|
2020-05-17 14:04:25 +01:00
|
|
|
fi
|
2020-05-17 13:43:52 +01:00
|
|
|
|
2020-05-24 09:43:51 +01:00
|
|
|
if ! [ -d /var/www/letsencrypt/.well-known/acme-challenge ]; then
|
|
|
|
|
sudo mkdir -p /var/www/letsencrypt/.well-known/acme-challenge >/dev/null
|
2020-05-17 13:43:52 +01:00
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# copy webroot
|
2020-05-17 14:04:25 +01:00
|
|
|
if ! [ -d /var/www/public ]; then
|
2020-05-24 09:43:51 +01:00
|
|
|
sudo cp -a /home/admin/assets/nginx/www_public/ /var/www/public
|
|
|
|
|
sudo chown www-data:www-data /var/www/public
|
2020-05-17 14:04:25 +01:00
|
|
|
fi
|
2020-05-17 13:43:52 +01:00
|
|
|
|
|
|
|
|
sudo ln -sf /etc/nginx/sites-available/public.conf /etc/nginx/sites-enabled/public.conf
|
|
|
|
|
|
|
|
|
|
### RaspiBlitz Webserver on HTTPS 443
|
|
|
|
|
|
|
|
|
|
# copy webroot
|
2020-05-17 14:04:25 +01:00
|
|
|
if ! [ -d /var/www/blitzweb ]; then
|
2020-05-24 09:43:51 +01:00
|
|
|
sudo cp -a /home/admin/assets/nginx/www_blitzweb/ /var/www/blitzweb
|
2020-05-17 14:04:25 +01:00
|
|
|
sudo chown www-data:www-data /var/www/blitzweb
|
|
|
|
|
fi
|
2020-05-17 13:43:52 +01:00
|
|
|
|
2020-05-17 20:34:42 +01:00
|
|
|
# make sure jinja2 is installed and install j2cli
|
|
|
|
|
sudo apt-get install python3-jinja2 >/dev/null
|
|
|
|
|
sudo -H python3 -m pip install j2cli
|
|
|
|
|
|
|
|
|
|
|
2020-05-17 13:43:52 +01:00
|
|
|
# create nginx app-data dir and use LND cert by default
|
2020-05-17 14:04:25 +01:00
|
|
|
sudo mkdir /mnt/hdd/app-data/nginx/ 2>/dev/null
|
2020-05-17 13:43:52 +01:00
|
|
|
sudo ln -sf /mnt/hdd/lnd/tls.cert /mnt/hdd/app-data/nginx/tls.cert
|
|
|
|
|
sudo ln -sf /mnt/hdd/lnd/tls.key /mnt/hdd/app-data/nginx/tls.key
|
|
|
|
|
|
|
|
|
|
# config
|
|
|
|
|
sudo cp /home/admin/assets/blitzweb.conf /etc/nginx/sites-available/blitzweb.conf
|
|
|
|
|
sudo ln -sf /etc/nginx/sites-available/blitzweb.conf /etc/nginx/sites-enabled/
|
|
|
|
|
|
2020-05-18 20:07:22 +01:00
|
|
|
if ! [ -f /etc/nginx/.htpasswd ]; then
|
2020-05-19 12:40:33 +01:00
|
|
|
PASSWORD_B=$(sudo cat /mnt/hdd/${network}/${network}.conf | grep rpcpassword | cut -c 13-)
|
|
|
|
|
echo "${PASSWORD_B}" | sudo htpasswd -c -i /etc/nginx/.htpasswd admin
|
2020-05-18 20:07:22 +01:00
|
|
|
sudo chown www-data:www-data /etc/nginx/.htpasswd
|
|
|
|
|
sudo chmod 640 /etc/nginx/.htpasswd
|
|
|
|
|
|
|
|
|
|
else
|
|
|
|
|
sudo chown www-data:www-data /etc/nginx/.htpasswd
|
|
|
|
|
sudo chmod 640 /etc/nginx/.htpasswd
|
|
|
|
|
fi
|
|
|
|
|
|
2020-05-17 13:43:52 +01:00
|
|
|
# restart NGINX
|
|
|
|
|
sudo systemctl restart nginx
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
###################
|
|
|
|
|
# SWITCH OFF
|
|
|
|
|
###################
|
|
|
|
|
elif [ "$1" = "0" ] || [ "$1" = "off" ]; then
|
|
|
|
|
|
2020-05-18 20:07:22 +01:00
|
|
|
echo "Turning OFF: Web"
|
2020-05-17 13:43:52 +01:00
|
|
|
|
|
|
|
|
sudo systemctl stop nginx
|
|
|
|
|
sudo systemctl disable nginx >/dev/null
|
|
|
|
|
|
2020-05-20 20:53:05 +01:00
|
|
|
|
|
|
|
|
###################
|
|
|
|
|
# LISTEN
|
|
|
|
|
###################
|
|
|
|
|
elif [ "$1" = "listen" ]; then
|
|
|
|
|
|
|
|
|
|
if [ "$2" = "localhost" ] || [ "$2" = "any" ]; then
|
|
|
|
|
echo "Setting NGINX to listen on: ${2}"
|
|
|
|
|
set_nginx_blitzweb_listen "${2}"
|
|
|
|
|
else
|
|
|
|
|
echo "# FAIL: parameter not known - run with -h for help"
|
|
|
|
|
fi
|
|
|
|
|
|
2020-05-17 13:43:52 +01:00
|
|
|
else
|
|
|
|
|
echo "# FAIL: parameter not known - run with -h for help"
|
|
|
|
|
fi
|
