thub: add nginx config, update to 0.7.4

home.admin/assets/nginx/sites-available/thub_ssl.conf

@@ -0,0 +1,20 @@
+## thub_ssl.conf
+
+server {
+    listen 3011 ssl;
+    listen [::]:3011 ssl;
+    server_name _;
+
+    include /etc/nginx/snippets/ssl-params.conf;
+    include /etc/nginx/snippets/ssl-certificate-app-data.conf;
+
+    access_log /var/log/nginx/access_thub.log;
+    error_log /var/log/nginx/error_thub.log;
+
+    location / {
+        proxy_pass http://127.0.0.1:3010;
+
+        include /etc/nginx/snippets/ssl-proxy-params.conf;
+    }
+
+}

home.admin/assets/nginx/sites-available/thub_tor.conf

@@ -0,0 +1,17 @@
+## thub_tor.conf
+
+server {
+    listen localhost:3012;
+    listen [::1]:3012;
+    server_name _;
+
+    access_log /var/log/nginx/access_thub.log;
+    error_log /var/log/nginx/error_thub.log;
+
+    location / {
+        proxy_pass http://127.0.0.1:3010;
+
+        include /etc/nginx/snippets/ssl-proxy-params.conf;
+    }
+
+}

home.admin/assets/nginx/sites-available/thub_tor_ssl.conf

@@ -0,0 +1,20 @@
+## thub_tor_ssl.conf
+
+server {
+    listen localhost:3013 ssl;
+    listen [::1]:3013 ssl;
+    server_name _;
+
+    include /etc/nginx/snippets/ssl-params.conf;
+    include /etc/nginx/snippets/ssl-certificate-app-data.conf;
+
+    access_log /var/log/nginx/access_thub.log;
+    error_log /var/log/nginx/error_thub.log;
+
+    location / {
+        proxy_pass http://127.0.0.1:3010;
+
+        include /etc/nginx/snippets/ssl-proxy-params.conf;
+    }
+
+}

home.admin/config.scripts/bonus.thunderhub.sh

@@ -22,23 +22,26 @@ if [ "$1" = "menu" ]; then
   # get network info
   localip=$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/')
   toraddress=$(sudo cat /mnt/hdd/tor/thunderhub/hostname 2>/dev/null)
+  fingerprint=$(openssl x509 -in /mnt/hdd/app-data/nginx/tls.cert -fingerprint -noout | cut -d"=" -f2)
 
   if [ "${runBehindTor}" = "on" ] && [ ${#toraddress} -gt 0 ]; then
     # Info with TOR
     /home/admin/config.scripts/blitz.lcd.sh qr "${toraddress}"
     whiptail --title " ThunderHub " --msgbox "Open the following URL in your local web browser:
-http://${localip}:3010
+http://${localip}:3011
+SHA1 Thumb/Fingerprint: ${fingerprint}\n
 Use your Password B to login.\n
-Hidden Service address for TOR Browser (QR see LCD):\n${toraddress}
-" 12 67
+Hidden Service address for TOR Browser (see LCD for QR):\n${toraddress}
+" 14 67
     /home/admin/config.scripts/blitz.lcd.sh hide
   else
     # Info without TOR
     whiptail --title " ThunderHub " --msgbox "Open the following URL in your local web browser:
-http://${localip}:3010
+http://${localip}:3011
+SHA1 Thumb/Fingerprint: ${fingerprint}\n
 Use your Password B to login.\n
 Activate TOR to access the web interface from outside your local network.
-" 12 57
+" 13 57
   fi
   echo "please wait ..."
   exit 0
@@ -76,7 +79,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
     sudo -u thunderhub git clone https://github.com/apotdevin/thunderhub.git /home/thunderhub/thunderhub
     cd /home/thunderhub/thunderhub
     # https://github.com/apotdevin/thunderhub/releases
-    sudo -u thunderhub git reset --hard v0.7.1
+    sudo -u thunderhub git reset --hard v0.7.4
     echo "Running npm install and run build..."
     sudo -u thunderhub npm install
     sudo -u thunderhub npm run build
@@ -110,9 +113,9 @@ LOG_LEVEL='debug'
 # Interface Configs
 # -----------
 THEME='dark'
-# CURRENCY='sat'
-# FETCH_PRICES=false
-# FETCH_FEES=false
+CURRENCY='sat'
+FETCH_PRICES=false
+FETCH_FEES=false
 
 # -----------
 # Account Configs
@@ -143,7 +146,31 @@ EOF
     sudo mv /home/admin/thubConfig.yaml /home/thunderhub/thubConfig.yaml
     sudo chown thunderhub:thunderhub /home/thunderhub/thubConfig.yaml
     sudo chmod 600 /home/thunderhub/thubConfig.yaml | exit 1
-
+    
+    ##################
+    # NGINX
+    ##################
+    # setup nginx symlinks
+    if ! [ -f /etc/nginx/sites-available/thub_ssl.conf ]; then
+       sudo cp /home/admin/assets/nginx/sites-available/thub_ssl.conf /etc/nginx/sites-available/thub_ssl.conf
+    fi
+    if ! [ -f /etc/nginx/sites-available/thub_tor.conf ]; then
+       sudo cp /home/admin/assets/nginx/sites-available/thub_tor.conf /etc/nginx/sites-available/thub_tor.conf
+    fi
+    if ! [ -f /etc/nginx/sites-available/thub_tor_ssl.conf ]; then
+       sudo cp /home/admin/assets/nginx/sites-available/thub_tor_ssl.conf /etc/nginx/sites-available/thub_tor_ssl.conf
+    fi
+    sudo ln -sf /etc/nginx/sites-available/thub_ssl.conf /etc/nginx/sites-enabled/
+    sudo ln -sf /etc/nginx/sites-available/thub_tor.conf /etc/nginx/sites-enabled/
+    sudo ln -sf /etc/nginx/sites-available/thub_tor_ssl.conf /etc/nginx/sites-enabled/
+    sudo nginx -t
+    sudo systemctl reload nginx
+    
+    # open the firewall
+    echo "*** Updating Firewall ***"
+    sudo ufw allow from any to any port 3010 comment 'allow ThunderHub'
+    echo ""
+        
     ##################
     # SYSTEMD SERVICE
     ##################
@@ -176,9 +203,6 @@ EOF
     sudo systemctl enable thunderhub
     echo "OK - the ThunderHub service is now enabled"
 
-    # open the firewall
-    sudo ufw allow from any to any port 3010 comment 'allow ThunderHub'
-
     # setting value in raspiblitz config
     sudo sed -i "s/^thunderhub=.*/thunderhub=on/g" /mnt/hdd/raspiblitz.conf
 
@@ -199,6 +223,16 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
   sudo rm -f /etc/systemd/system/thunderhub.service
   # delete user and home directory
   sudo userdel -rf thunderhub
+  # close port on firewall
+  sudo ufw deny 3010
+
+  # setup nginx symlinks
+  sudo rm -f /etc/nginx/sites-enabled/thub_ssl.conf
+  sudo rm -f /etc/nginx/sites-enabled/thub_tor.conf
+  sudo rm -f /etc/nginx/sites-enabled/thub_tor_ssl.conf
+  sudo nginx -t
+  sudo systemctl reload nginx
+
   echo "OK ThunderHub removed."
 
   # setting value in raspi blitz config