diff --git a/home.admin/assets/nginx/sites-available/thub_ssl.conf b/home.admin/assets/nginx/sites-available/thub_ssl.conf new file mode 100644 index 00000000..cd6e849b --- /dev/null +++ b/home.admin/assets/nginx/sites-available/thub_ssl.conf @@ -0,0 +1,20 @@ +## thub_ssl.conf + +server { + listen 3011 ssl; + listen [::]:3011 ssl; + server_name _; + + include /etc/nginx/snippets/ssl-params.conf; + include /etc/nginx/snippets/ssl-certificate-app-data.conf; + + access_log /var/log/nginx/access_thub.log; + error_log /var/log/nginx/error_thub.log; + + location / { + proxy_pass http://127.0.0.1:3010; + + include /etc/nginx/snippets/ssl-proxy-params.conf; + } + +} diff --git a/home.admin/assets/nginx/sites-available/thub_tor.conf b/home.admin/assets/nginx/sites-available/thub_tor.conf new file mode 100644 index 00000000..f872ae97 --- /dev/null +++ b/home.admin/assets/nginx/sites-available/thub_tor.conf @@ -0,0 +1,17 @@ +## thub_tor.conf + +server { + listen localhost:3012; + listen [::1]:3012; + server_name _; + + access_log /var/log/nginx/access_thub.log; + error_log /var/log/nginx/error_thub.log; + + location / { + proxy_pass http://127.0.0.1:3010; + + include /etc/nginx/snippets/ssl-proxy-params.conf; + } + +} diff --git a/home.admin/assets/nginx/sites-available/thub_tor_ssl.conf b/home.admin/assets/nginx/sites-available/thub_tor_ssl.conf new file mode 100644 index 00000000..1e5f9b41 --- /dev/null +++ b/home.admin/assets/nginx/sites-available/thub_tor_ssl.conf @@ -0,0 +1,20 @@ +## thub_tor_ssl.conf + +server { + listen localhost:3013 ssl; + listen [::1]:3013 ssl; + server_name _; + + include /etc/nginx/snippets/ssl-params.conf; + include /etc/nginx/snippets/ssl-certificate-app-data.conf; + + access_log /var/log/nginx/access_thub.log; + error_log /var/log/nginx/error_thub.log; + + location / { + proxy_pass http://127.0.0.1:3010; + + include /etc/nginx/snippets/ssl-proxy-params.conf; + } + +} diff --git a/home.admin/config.scripts/bonus.thunderhub.sh b/home.admin/config.scripts/bonus.thunderhub.sh index 094844fc..c386e291 100644 --- a/home.admin/config.scripts/bonus.thunderhub.sh +++ b/home.admin/config.scripts/bonus.thunderhub.sh @@ -22,23 +22,26 @@ if [ "$1" = "menu" ]; then # get network info localip=$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/') toraddress=$(sudo cat /mnt/hdd/tor/thunderhub/hostname 2>/dev/null) + fingerprint=$(openssl x509 -in /mnt/hdd/app-data/nginx/tls.cert -fingerprint -noout | cut -d"=" -f2) if [ "${runBehindTor}" = "on" ] && [ ${#toraddress} -gt 0 ]; then # Info with TOR /home/admin/config.scripts/blitz.lcd.sh qr "${toraddress}" whiptail --title " ThunderHub " --msgbox "Open the following URL in your local web browser: -http://${localip}:3010 +http://${localip}:3011 +SHA1 Thumb/Fingerprint: ${fingerprint}\n Use your Password B to login.\n -Hidden Service address for TOR Browser (QR see LCD):\n${toraddress} -" 12 67 +Hidden Service address for TOR Browser (see LCD for QR):\n${toraddress} +" 14 67 /home/admin/config.scripts/blitz.lcd.sh hide else # Info without TOR whiptail --title " ThunderHub " --msgbox "Open the following URL in your local web browser: -http://${localip}:3010 +http://${localip}:3011 +SHA1 Thumb/Fingerprint: ${fingerprint}\n Use your Password B to login.\n Activate TOR to access the web interface from outside your local network. -" 12 57 +" 13 57 fi echo "please wait ..." exit 0 @@ -76,7 +79,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then sudo -u thunderhub git clone https://github.com/apotdevin/thunderhub.git /home/thunderhub/thunderhub cd /home/thunderhub/thunderhub # https://github.com/apotdevin/thunderhub/releases - sudo -u thunderhub git reset --hard v0.7.1 + sudo -u thunderhub git reset --hard v0.7.4 echo "Running npm install and run build..." sudo -u thunderhub npm install sudo -u thunderhub npm run build @@ -110,9 +113,9 @@ LOG_LEVEL='debug' # Interface Configs # ----------- THEME='dark' -# CURRENCY='sat' -# FETCH_PRICES=false -# FETCH_FEES=false +CURRENCY='sat' +FETCH_PRICES=false +FETCH_FEES=false # ----------- # Account Configs @@ -143,7 +146,31 @@ EOF sudo mv /home/admin/thubConfig.yaml /home/thunderhub/thubConfig.yaml sudo chown thunderhub:thunderhub /home/thunderhub/thubConfig.yaml sudo chmod 600 /home/thunderhub/thubConfig.yaml | exit 1 - + + ################## + # NGINX + ################## + # setup nginx symlinks + if ! [ -f /etc/nginx/sites-available/thub_ssl.conf ]; then + sudo cp /home/admin/assets/nginx/sites-available/thub_ssl.conf /etc/nginx/sites-available/thub_ssl.conf + fi + if ! [ -f /etc/nginx/sites-available/thub_tor.conf ]; then + sudo cp /home/admin/assets/nginx/sites-available/thub_tor.conf /etc/nginx/sites-available/thub_tor.conf + fi + if ! [ -f /etc/nginx/sites-available/thub_tor_ssl.conf ]; then + sudo cp /home/admin/assets/nginx/sites-available/thub_tor_ssl.conf /etc/nginx/sites-available/thub_tor_ssl.conf + fi + sudo ln -sf /etc/nginx/sites-available/thub_ssl.conf /etc/nginx/sites-enabled/ + sudo ln -sf /etc/nginx/sites-available/thub_tor.conf /etc/nginx/sites-enabled/ + sudo ln -sf /etc/nginx/sites-available/thub_tor_ssl.conf /etc/nginx/sites-enabled/ + sudo nginx -t + sudo systemctl reload nginx + + # open the firewall + echo "*** Updating Firewall ***" + sudo ufw allow from any to any port 3010 comment 'allow ThunderHub' + echo "" + ################## # SYSTEMD SERVICE ################## @@ -176,9 +203,6 @@ EOF sudo systemctl enable thunderhub echo "OK - the ThunderHub service is now enabled" - # open the firewall - sudo ufw allow from any to any port 3010 comment 'allow ThunderHub' - # setting value in raspiblitz config sudo sed -i "s/^thunderhub=.*/thunderhub=on/g" /mnt/hdd/raspiblitz.conf @@ -199,6 +223,16 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then sudo rm -f /etc/systemd/system/thunderhub.service # delete user and home directory sudo userdel -rf thunderhub + # close port on firewall + sudo ufw deny 3010 + + # setup nginx symlinks + sudo rm -f /etc/nginx/sites-enabled/thub_ssl.conf + sudo rm -f /etc/nginx/sites-enabled/thub_tor.conf + sudo rm -f /etc/nginx/sites-enabled/thub_tor_ssl.conf + sudo nginx -t + sudo systemctl reload nginx + echo "OK ThunderHub removed." # setting value in raspi blitz config