mirrors/raspiblitz
1
0
Fork 0
mirror of https://github.com/rootzoll/raspiblitz.git synced 2025-02-24 14:51:03 +01:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #1250 from openoms/thub-nginx

Browse source 
ThunderHub nginx config and blitz.web.sh fixes
This commit is contained in:
Christian Rotzoll 2020-06-12 17:41:53 +02:00 committed by GitHub
commit 0698087ba7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
13 changed files with 249 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
home.admin/60finishHDD.sh
View file

@ -32,6 +32,9 @@ sudo cp /home/admin/assets/${network}.conf /home/admin/.${network}/${network}.co
# make sure all files are linked correct # make sure all files are linked correct
sudo /home/admin/config.scripts/blitz.datadrive.sh link sudo /home/admin/config.scripts/blitz.datadrive.sh link
# BLITZ WEB SERVICE
/home/admin/config.scripts/blitz.web.sh on
###### ACTIVATE TOR IF SET DURING SETUP ###### ACTIVATE TOR IF SET DURING SETUP
if [ "${runBehindTor}" = "on" ]; then if [ "${runBehindTor}" = "on" ]; then

4
home.admin/_bootstrap.provision.sh
View file

@ -168,6 +168,10 @@ sudo sed -i "s/^message=.*/message='Installing Services'/g" ${infoFile}
echo "### RUNNING PROVISIONING SERVICES ###" >> ${logFile} echo "### RUNNING PROVISIONING SERVICES ###" >> ${logFile}
# BLITZ WEB SERVICE
echo "Provisioning BLITZ WEB SERVICE - run config script" >> ${logFile}
/home/admin/config.scripts/blitz.web.sh on >> ${logFile} 2>&1
# LND INTERIMS UPDATE # LND INTERIMS UPDATE
if [ ${#lndInterimsUpdate} -gt 0 ]; then if [ ${#lndInterimsUpdate} -gt 0 ]; then
sudo sed -i "s/^message=.*/message='Provisioning LND update'/g" ${infoFile} sudo sed -i "s/^message=.*/message='Provisioning LND update'/g" ${infoFile}

20
home.admin/assets/nginx/sites-available/btcrpcexplorer_ssl.conf Normal file
View file

@ -0,0 +1,20 @@
## btcrpcexplorer_ssl.conf
server {
listen 3021 ssl;
listen [::]:3021 ssl;
server_name _;
include /etc/nginx/snippets/ssl-params.conf;
include /etc/nginx/snippets/ssl-certificate-app-data.conf;
access_log /var/log/nginx/access_thub.log;
error_log /var/log/nginx/error_thub.log;
location / {
proxy_pass http://127.0.0.1:3020;
include /etc/nginx/snippets/ssl-proxy-params.conf;
}
}

17
home.admin/assets/nginx/sites-available/btcrpcexplorer_tor.conf Normal file
View file

@ -0,0 +1,17 @@
## btcrpcexplorer_tor.conf
server {
listen localhost:3022;
listen [::1]:3022;
server_name _;
access_log /var/log/nginx/access_thub.log;
error_log /var/log/nginx/error_thub.log;
location / {
proxy_pass http://127.0.0.1:3020;
include /etc/nginx/snippets/ssl-proxy-params.conf;
}
}

20
home.admin/assets/nginx/sites-available/btcrpcexplorer_tor_ssl.conf Normal file
View file

@ -0,0 +1,20 @@
## btcrpcexplorer_tor_ssl.conf
server {
listen localhost:3023 ssl;
listen [::1]:3023 ssl;
server_name _;
include /etc/nginx/snippets/ssl-params.conf;
include /etc/nginx/snippets/ssl-certificate-app-data.conf;
access_log /var/log/nginx/access_thub.log;
error_log /var/log/nginx/error_thub.log;
location / {
proxy_pass http://127.0.0.1:3020;
include /etc/nginx/snippets/ssl-proxy-params.conf;
}
}

20
home.admin/assets/nginx/sites-available/thub_ssl.conf Normal file
View file

@ -0,0 +1,20 @@
## thub_ssl.conf
server {
listen 3011 ssl;
listen [::]:3011 ssl;
server_name _;
include /etc/nginx/snippets/ssl-params.conf;
include /etc/nginx/snippets/ssl-certificate-app-data.conf;
access_log /var/log/nginx/access_thub.log;
error_log /var/log/nginx/error_thub.log;
location / {
proxy_pass http://127.0.0.1:3010;
include /etc/nginx/snippets/ssl-proxy-params.conf;
}
}

17
home.admin/assets/nginx/sites-available/thub_tor.conf Normal file
View file

@ -0,0 +1,17 @@
## thub_tor.conf
server {
listen localhost:3012;
listen [::1]:3012;
server_name _;
access_log /var/log/nginx/access_thub.log;
error_log /var/log/nginx/error_thub.log;
location / {
proxy_pass http://127.0.0.1:3010;
include /etc/nginx/snippets/ssl-proxy-params.conf;
}
}

20
home.admin/assets/nginx/sites-available/thub_tor_ssl.conf Normal file
View file

@ -0,0 +1,20 @@
## thub_tor_ssl.conf
server {
listen localhost:3013 ssl;
listen [::1]:3013 ssl;
server_name _;
include /etc/nginx/snippets/ssl-params.conf;
include /etc/nginx/snippets/ssl-certificate-app-data.conf;
access_log /var/log/nginx/access_thub.log;
error_log /var/log/nginx/error_thub.log;
location / {
proxy_pass http://127.0.0.1:3010;
include /etc/nginx/snippets/ssl-proxy-params.conf;
}
}

12
home.admin/config.scripts/blitz.web.sh
View file

@ -121,11 +121,11 @@ elif [ "$1" = "1" ] || [ "$1" = "on" ]; then
echo "Turning ON: Web" echo "Turning ON: Web"
# install # install
sudo apt-get update >/dev/null sudo apt-get update
sudo apt-get install -y nginx apache2-utils >/dev/null sudo apt-get install -y nginx apache2-utils
# make sure that it is enabled and started # make sure that it is enabled and started
sudo systemctl enable nginx >/dev/null sudo systemctl enable nginx
sudo systemctl start nginx sudo systemctl start nginx
# general nginx settings # general nginx settings
@ -134,7 +134,7 @@ elif [ "$1" = "1" ] || [ "$1" = "on" ]; then
sudo sed -i -E '/^.*server_names_hash_bucket_size [0-9]*;$/a \\tserver_names_hash_bucket_size 128;' /etc/nginx/nginx.conf sudo sed -i -E '/^.*server_names_hash_bucket_size [0-9]*;$/a \\tserver_names_hash_bucket_size 128;' /etc/nginx/nginx.conf
fi fi
if [ -f /etc/ssl/certs/dhparam.pem ]; then if [ ! -f /etc/ssl/certs/dhparam.pem ]; then
#can take 5-10+ minutes on a Raspberry Pi 3 #can take 5-10+ minutes on a Raspberry Pi 3
echo "Running \"sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048\" next." echo "Running \"sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048\" next."
echo "This can take 5-10 minutes on a Raspberry Pi 3 - please be patient!" echo "This can take 5-10 minutes on a Raspberry Pi 3 - please be patient!"
@ -152,7 +152,7 @@ elif [ "$1" = "1" ] || [ "$1" = "on" ]; then
fi fi
if ! [ -d /var/www/letsencrypt/.well-known/acme-challenge ]; then if ! [ -d /var/www/letsencrypt/.well-known/acme-challenge ]; then
sudo mkdir -p /var/www/letsencrypt/.well-known/acme-challenge >/dev/null sudo mkdir -p /var/www/letsencrypt/.well-known/acme-challenge
fi fi
# make sure admin can write here even without sudo # make sure admin can write here even without sudo
@ -175,7 +175,7 @@ elif [ "$1" = "1" ] || [ "$1" = "on" ]; then
fi fi
# make sure jinja2 is installed and install j2cli # make sure jinja2 is installed and install j2cli
sudo apt-get install python3-jinja2 >/dev/null sudo apt-get install -y python3-jinja2
sudo -H python3 -m pip install j2cli sudo -H python3 -m pip install j2cli
# create nginx app-data dir and use LND cert by default # create nginx app-data dir and use LND cert by default

51
home.admin/config.scripts/bonus.btc-rpc-explorer.sh
View file

@ -39,7 +39,7 @@ This can take multiple hours.
# TOR # TOR
/home/admin/config.scripts/blitz.lcd.sh qr "${toraddress}" /home/admin/config.scripts/blitz.lcd.sh qr "${toraddress}"
whiptail --title " BTC-RPC-Explorer " --msgbox "Open the following URL in your local web browser: whiptail --title " BTC-RPC-Explorer " --msgbox "Open the following URL in your local web browser:
http://${localip}:3002 https://${localip}:3021
Login is 'admin' with your Password B\n Login is 'admin' with your Password B\n
Hidden Service address for TOR Browser (QR see LCD): Hidden Service address for TOR Browser (QR see LCD):
${toraddress} ${toraddress}
@ -49,7 +49,7 @@ ${toraddress}
# IP + Domain # IP + Domain
whiptail --title " BTC-RPC-Explorer " --msgbox "Open the following URL in your local web browser: whiptail --title " BTC-RPC-Explorer " --msgbox "Open the following URL in your local web browser:
http://${localip}:3002 https://${localip}:3021
Login is 'admin' with your Password B\n Login is 'admin' with your Password B\n
Activate TOR to access the web block explorer from outside your local network. Activate TOR to access the web block explorer from outside your local network.
" 12 54 " 12 54
@ -127,7 +127,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
# Host/Port to bind to # Host/Port to bind to
# Defaults: shown # Defaults: shown
BTCEXP_HOST=0.0.0.0 BTCEXP_HOST=0.0.0.0
BTCEXP_PORT=3002 BTCEXP_PORT=3020
# Bitcoin RPC Credentials (URI -OR- HOST/PORT/USER/PASS) # Bitcoin RPC Credentials (URI -OR- HOST/PORT/USER/PASS)
# Defaults: # Defaults:
# - [host/port]: 127.0.0.1:8332 # - [host/port]: 127.0.0.1:8332
@ -156,9 +156,30 @@ EOF
# open firewall # open firewall
echo "*** Updating Firewall ***" echo "*** Updating Firewall ***"
sudo ufw allow 3002 comment 'btc-rpc-explorer' sudo ufw allow 3020 comment 'btc-rpc-explorer HTTP'
sudo ufw allow 3021 comment 'btc-rpc-explorer HTTPS'
echo "" echo ""
##################
# NGINX
##################
# setup nginx symlinks
if ! [ -f /etc/nginx/sites-available/btcrpcexplorer_ssl.conf ]; then
sudo cp /home/admin/assets/nginx/sites-available/btcrpcexplorer_ssl.conf /etc/nginx/sites-available/btcrpcexplorer_ssl.conf
fi
if ! [ -f /etc/nginx/sites-available/btcrpcexplorer_tor.conf ]; then
sudo cp /home/admin/assets/nginx/sites-available/btcrpcexplorer_tor.conf /etc/nginx/sites-available/btcrpcexplorer_tor.conf
fi
if ! [ -f /etc/nginx/sites-available/btcrpcexplorer_tor_ssl.conf ]; then
sudo cp /home/admin/assets/nginx/sites-available/btcrpcexplorer_tor_ssl.conf /etc/nginx/sites-available/btcrpcexplorer_tor_ssl.conf
fi
sudo ln -sf /etc/nginx/sites-available/btcrpcexplorer_ssl.conf /etc/nginx/sites-enabled/
sudo ln -sf /etc/nginx/sites-available/btcrpcexplorer_tor.conf /etc/nginx/sites-enabled/
sudo ln -sf /etc/nginx/sites-available/btcrpcexplorer_tor_ssl.conf /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
# install service # install service
echo "*** Install btc-rpc-explorer systemd ***" echo "*** Install btc-rpc-explorer systemd ***"
cat > /home/admin/btc-rpc-explorer.service <<EOF cat > /home/admin/btc-rpc-explorer.service <<EOF
@ -204,8 +225,8 @@ EOF
source /mnt/hdd/raspiblitz.conf source /mnt/hdd/raspiblitz.conf
if [ "${runBehindTor}" = "on" ]; then if [ "${runBehindTor}" = "on" ]; then
# correct old Hidden Service with port # correct old Hidden Service with port
sudo sed -i "s/^HiddenServicePort 3002 127.0.0.1:3002/HiddenServicePort 80 127.0.0.1:3002/g" /etc/tor/torrc sudo sed -i "s/^HiddenServicePort 80 127.0.0.1:3002/HiddenServicePort 80 127.0.0.1:3022/g" /etc/tor/torrc
/home/admin/config.scripts/internet.hiddenservice.sh btc-rpc-explorer 80 3002 /home/admin/config.scripts/internet.hiddenservice.sh btc-rpc-explorer 80 3022 443 3023
fi fi
exit 0 exit 0
fi fi
@ -219,15 +240,27 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
isInstalled=$(sudo ls /etc/systemd/system/btc-rpc-explorer.service 2>/dev/null | grep -c 'btc-rpc-explorer.service') isInstalled=$(sudo ls /etc/systemd/system/btc-rpc-explorer.service 2>/dev/null | grep -c 'btc-rpc-explorer.service')
if [ ${isInstalled} -eq 1 ]; then if [ ${isInstalled} -eq 1 ]; then
echo "*** REMOVING BTC-RPC-explorer ***" echo "*** REMOVING BTC-RPC-explorer ***"
sudo systemctl stop btc-rpc-explorer
sudo systemctl disable btc-rpc-explorer sudo systemctl disable btc-rpc-explorer
sudo rm /etc/systemd/system/btc-rpc-explorer.service sudo rm /etc/systemd/system/btc-rpc-explorer.service
sudo rm -rf /home/btcrpcexplorer/btc-rpc-explorer # delete user and home directory
sudo rm -f /home/btcrpcexplorer/.config/btc-rpc-explorer.env sudo userdel -rf btcrpcexplorer
# remove nginx symlinks
sudo rm -f /etc/nginx/sites-enabled/btcrpcexplorer_ssl.conf
sudo rm -f /etc/nginx/sites-enabled/btcrpcexplorer_tor.conf
sudo rm -f /etc/nginx/sites-enabled/btcrpcexplorer_tor_ssl.conf
sudo nginx -t
sudo systemctl reload nginx
echo "OK BTC-RPC-explorer removed." echo "OK BTC-RPC-explorer removed."
else else
echo "BTC-RPC-explorer is not installed." echo "BTC-RPC-explorer is not installed."
fi fi
# close ports on firewall
sudo ufw deny 3020
sudo ufw deny 3021
exit 0 exit 0
fi fi

26
home.admin/config.scripts/bonus.rtl.sh
View file

@ -29,19 +29,21 @@ if [ "$1" = "menu" ]; then
/home/admin/config.scripts/blitz.lcd.sh qr "${toraddress}" /home/admin/config.scripts/blitz.lcd.sh qr "${toraddress}"
whiptail --title " Ride The Lightning (RTL) " --msgbox "Open the following URL in your local web browser: whiptail --title " Ride The Lightning (RTL) " --msgbox "Open the following URL in your local web browser:
https://${localip}:3001 https://${localip}:3001
SHA1 Thumb/Fingerprint: ${fingerprint}\n SHA1 Thumb/Fingerprint:
${fingerprint}\n
Use your Password B to login.\n Use your Password B to login.\n
Hidden Service address for TOR Browser (QR see LCD):\n${toraddress} Hidden Service address for TOR Browser (QRcode on LCD):\n${toraddress}
" 14 67 " 15 67
/home/admin/config.scripts/blitz.lcd.sh hide /home/admin/config.scripts/blitz.lcd.sh hide
else else
# Info without TOR # Info without TOR
whiptail --title " Ride The Lightning (RTL) " --msgbox "Open the following URL in your local web browser: whiptail --title " Ride The Lightning (RTL) " --msgbox "Open the following URL in your local web browser:
https://${localip}:3001 https://${localip}:3001
SHA1 Thumb/Fingerprint: ${fingerprint}\n SHA1 Thumb/Fingerprint:
${fingerprint}\n
Use your Password B to login.\n Use your Password B to login.\n
Activate TOR to access the web interface from outside your local network. Activate TOR to access the web interface from outside your local network.
" 13 57 " 14 57
fi fi
echo "please wait ..." echo "please wait ..."
exit 0 exit 0
@ -172,7 +174,8 @@ EOF
# open firewall # open firewall
echo "*** Updating Firewall ***" echo "*** Updating Firewall ***"
sudo ufw allow 3000 comment 'RTL' sudo ufw allow 3000 comment 'RTL HTTP'
sudo ufw allow 3001 comment 'RTL HTTPS'
echo "" echo ""
# install service # install service
@ -212,6 +215,7 @@ EOF
# Hidden Service for RTL if Tor is active # Hidden Service for RTL if Tor is active
if [ "${runBehindTor}" = "on" ]; then if [ "${runBehindTor}" = "on" ]; then
# correct old Hidden Service with port # correct old Hidden Service with port
sudo sed -i "s/^HiddenServicePort 80 127.0.0.1:3000/HiddenServicePort 80 127.0.0.1:3002/g" /etc/tor/torrc
/home/admin/config.scripts/internet.hiddenservice.sh RTL 80 3002 443 3003 /home/admin/config.scripts/internet.hiddenservice.sh RTL 80 3002 443 3003
fi fi
exit 0 exit 0
@ -223,7 +227,7 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
# setting value in raspi blitz config # setting value in raspi blitz config
sudo sed -i "s/^rtlWebinterface=.*/rtlWebinterface=off/g" /mnt/hdd/raspiblitz.conf sudo sed -i "s/^rtlWebinterface=.*/rtlWebinterface=off/g" /mnt/hdd/raspiblitz.conf
# setup nginx symlinks # remove nginx symlinks
sudo rm -f /etc/nginx/sites-enabled/rtl_ssl.conf sudo rm -f /etc/nginx/sites-enabled/rtl_ssl.conf
sudo rm -f /etc/nginx/sites-enabled/rtl_tor.conf sudo rm -f /etc/nginx/sites-enabled/rtl_tor.conf
sudo rm -f /etc/nginx/sites-enabled/rtl_tor_ssl.conf sudo rm -f /etc/nginx/sites-enabled/rtl_tor_ssl.conf
@ -233,15 +237,19 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
isInstalled=$(sudo ls /etc/systemd/system/RTL.service 2>/dev/null | grep -c 'RTL.service') isInstalled=$(sudo ls /etc/systemd/system/RTL.service 2>/dev/null | grep -c 'RTL.service')
if [ ${isInstalled} -eq 1 ]; then if [ ${isInstalled} -eq 1 ]; then
echo "*** REMOVING RTL ***" echo "*** REMOVING RTL ***"
sudo systemctl stop RTL
sudo systemctl disable RTL sudo systemctl disable RTL
sudo rm /etc/systemd/system/RTL.service sudo rm /etc/systemd/system/RTL.service
sudo rm -rf /home/rtl/RTL # delete user and home directory
sudo userdel -rf rtl
echo "OK RTL removed." echo "OK RTL removed."
else else
echo "RTL is not installed." echo "RTL is not installed."
fi fi
# close ports on firewall
sudo ufw deny 3000
sudo ufw deny 3001
echo "needs reboot to activate new setting" echo "needs reboot to activate new setting"
exit 0 exit 0
fi fi

76
home.admin/config.scripts/bonus.thunderhub.sh
View file

@ -22,23 +22,28 @@ if [ "$1" = "menu" ]; then
# get network info # get network info
localip=$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/') localip=$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/')
toraddress=$(sudo cat /mnt/hdd/tor/thunderhub/hostname 2>/dev/null) toraddress=$(sudo cat /mnt/hdd/tor/thunderhub/hostname 2>/dev/null)
fingerprint=$(openssl x509 -in /mnt/hdd/app-data/nginx/tls.cert -fingerprint -noout | cut -d"=" -f2)
if [ "${runBehindTor}" = "on" ] && [ ${#toraddress} -gt 0 ]; then if [ "${runBehindTor}" = "on" ] && [ ${#toraddress} -gt 0 ]; then
# Info with TOR # Info with TOR
/home/admin/config.scripts/blitz.lcd.sh qr "${toraddress}" /home/admin/config.scripts/blitz.lcd.sh qr "${toraddress}"
whiptail --title " ThunderHub " --msgbox "Open the following URL in your local web browser: whiptail --title " ThunderHub " --msgbox "Open the following URL in your local web browser:
http://${localip}:3010 https://${localip}:3011
SHA1 Thumb/Fingerprint:
${fingerprint}\n
Use your Password B to login.\n Use your Password B to login.\n
Hidden Service address for TOR Browser (QR see LCD):\n${toraddress} Hidden Service address for TOR Browser (see LCD for QR):\n${toraddress}
" 12 67 " 15 67
/home/admin/config.scripts/blitz.lcd.sh hide /home/admin/config.scripts/blitz.lcd.sh hide
else else
# Info without TOR # Info without TOR
whiptail --title " ThunderHub " --msgbox "Open the following URL in your local web browser: whiptail --title " ThunderHub " --msgbox "Open the following URL in your local web browser:
http://${localip}:3010 https://${localip}:3011
SHA1 Thumb/Fingerprint:
${fingerprint}\n
Use your Password B to login.\n Use your Password B to login.\n
Activate TOR to access the web interface from outside your local network. Activate TOR to access the web interface from outside your local network.
" 12 57 " 14 57
fi fi
echo "please wait ..." echo "please wait ..."
exit 0 exit 0
@ -76,7 +81,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
sudo -u thunderhub git clone https://github.com/apotdevin/thunderhub.git /home/thunderhub/thunderhub sudo -u thunderhub git clone https://github.com/apotdevin/thunderhub.git /home/thunderhub/thunderhub
cd /home/thunderhub/thunderhub cd /home/thunderhub/thunderhub
# https://github.com/apotdevin/thunderhub/releases # https://github.com/apotdevin/thunderhub/releases
sudo -u thunderhub git reset --hard v0.7.1 sudo -u thunderhub git reset --hard v0.7.8
echo "Running npm install and run build..." echo "Running npm install and run build..."
sudo -u thunderhub npm install sudo -u thunderhub npm install
sudo -u thunderhub npm run build sudo -u thunderhub npm run build
@ -110,9 +115,17 @@ LOG_LEVEL='debug'
# Interface Configs # Interface Configs
# ----------- # -----------
THEME='dark' THEME='dark'
# CURRENCY='sat' CURRENCY='sat'
# FETCH_PRICES=false
# FETCH_FEES=false # -----------
# Privacy Configs
# -----------
FETCH_PRICES=false
FETCH_FEES=false
HODL_HODL=false
DISABLE_LINKS=true
NO_CLIENT_ACCOUNTS=true
NO_VERSION_CHECK=true
# ----------- # -----------
# Account Configs # Account Configs
@ -143,7 +156,32 @@ EOF
sudo mv /home/admin/thubConfig.yaml /home/thunderhub/thubConfig.yaml sudo mv /home/admin/thubConfig.yaml /home/thunderhub/thubConfig.yaml
sudo chown thunderhub:thunderhub /home/thunderhub/thubConfig.yaml sudo chown thunderhub:thunderhub /home/thunderhub/thubConfig.yaml
sudo chmod 600 /home/thunderhub/thubConfig.yaml | exit 1 sudo chmod 600 /home/thunderhub/thubConfig.yaml | exit 1
##################
# NGINX
##################
# setup nginx symlinks
if ! [ -f /etc/nginx/sites-available/thub_ssl.conf ]; then
sudo cp /home/admin/assets/nginx/sites-available/thub_ssl.conf /etc/nginx/sites-available/thub_ssl.conf
fi
if ! [ -f /etc/nginx/sites-available/thub_tor.conf ]; then
sudo cp /home/admin/assets/nginx/sites-available/thub_tor.conf /etc/nginx/sites-available/thub_tor.conf
fi
if ! [ -f /etc/nginx/sites-available/thub_tor_ssl.conf ]; then
sudo cp /home/admin/assets/nginx/sites-available/thub_tor_ssl.conf /etc/nginx/sites-available/thub_tor_ssl.conf
fi
sudo ln -sf /etc/nginx/sites-available/thub_ssl.conf /etc/nginx/sites-enabled/
sudo ln -sf /etc/nginx/sites-available/thub_tor.conf /etc/nginx/sites-enabled/
sudo ln -sf /etc/nginx/sites-available/thub_tor_ssl.conf /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
# open the firewall
echo "*** Updating Firewall ***"
sudo ufw allow from any to any port 3010 comment 'allow ThunderHub HTTP'
sudo ufw allow from any to any port 3011 comment 'allow ThunderHub HTTPS'
echo ""
################## ##################
# SYSTEMD SERVICE # SYSTEMD SERVICE
################## ##################
@ -176,15 +214,14 @@ EOF
sudo systemctl enable thunderhub sudo systemctl enable thunderhub
echo "OK - the ThunderHub service is now enabled" echo "OK - the ThunderHub service is now enabled"
# open the firewall
sudo ufw allow from any to any port 3010 comment 'allow ThunderHub'
# setting value in raspiblitz config # setting value in raspiblitz config
sudo sed -i "s/^thunderhub=.*/thunderhub=on/g" /mnt/hdd/raspiblitz.conf sudo sed -i "s/^thunderhub=.*/thunderhub=on/g" /mnt/hdd/raspiblitz.conf
# Hidden Service for thunderhub if Tor is active # Hidden Service for thunderhub if Tor is active
if [ "${runBehindTor}" = "on" ]; then if [ "${runBehindTor}" = "on" ]; then
/home/admin/config.scripts/internet.hiddenservice.sh thunderhub 80 3010 # correct old Hidden Service with port
sudo sed -i "s/^HiddenServicePort 80 127.0.0.1:3001/HiddenServicePort 80 127.0.0.1:3012/g" /etc/tor/torrc
/home/admin/config.scripts/internet.hiddenservice.sh thunderhub 80 3012 443 3013
fi fi
fi fi
exit 0 exit 0
@ -199,6 +236,17 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
sudo rm -f /etc/systemd/system/thunderhub.service sudo rm -f /etc/systemd/system/thunderhub.service
# delete user and home directory # delete user and home directory
sudo userdel -rf thunderhub sudo userdel -rf thunderhub
# close ports on firewall
sudo ufw deny 3010
sudo ufw deny 3011
# remove nginx symlinks
sudo rm -f /etc/nginx/sites-enabled/thub_ssl.conf
sudo rm -f /etc/nginx/sites-enabled/thub_tor.conf
sudo rm -f /etc/nginx/sites-enabled/thub_tor_ssl.conf
sudo nginx -t
sudo systemctl reload nginx
echo "OK ThunderHub removed." echo "OK ThunderHub removed."
# setting value in raspi blitz config # setting value in raspi blitz config

1
home.admin/config.scripts/internet.hiddenservice.sh
View file

@ -92,6 +92,7 @@ HiddenServicePort $toPort 127.0.0.1:$fromPort" | sudo tee -a /etc/tor/torrc
echo "use with the port: $toPort" echo "use with the port: $toPort"
echo "" echo ""
if [ ${#toPort2} -gt 0 ]; then if [ ${#toPort2} -gt 0 ]; then
alreadyThere=$(sudo cat /etc/tor/torrc 2>/dev/null | grep -c "\b127.0.0.1:$fromPort2\b")
if [ ${alreadyThere} -eq 0 ]; then if [ ${alreadyThere} -eq 0 ]; then
echo "or the port: $toPort2" echo "or the port: $toPort2"
else else