mirrors/raspiblitz
1
0
Fork 0
mirror of https://github.com/rootzoll/raspiblitz.git synced 2025-02-24 06:48:00 +01:00
Code Issues Projects Releases Packages Wiki Activity

#1171 revert specter using own ssl selfgenerated

Browse source
This commit is contained in:
rootzoll 2020-06-29 19:33:23 +02:00
parent 8974d87e74
commit e1f24cb4aa
3 changed files with 14 additions and 70 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
home.admin/assets/nginx/sites-available/specter_ssl.conf
View file

@ -1,20 +0,0 @@
## btcrpcexplorer_ssl.conf
server {
listen 25442 ssl;
listen [::]:25442 ssl;
server_name _;
include /etc/nginx/snippets/ssl-params.conf;
include /etc/nginx/snippets/ssl-certificate-app-data.conf;
access_log /var/log/nginx/access_specter.log;
error_log /var/log/nginx/error_specter.log;
location / {
proxy_pass http://127.0.0.1:25441;
include /etc/nginx/snippets/ssl-proxy-params.conf;
}
}

20
home.admin/assets/nginx/sites-available/specter_tor_ssl.conf
View file

@ -1,20 +0,0 @@
## btcrpcexplorer_tor_ssl.conf
server {
listen localhost:25444 ssl;
listen [::1]:25444 ssl;
server_name _;
include /etc/nginx/snippets/ssl-params.conf;
include /etc/nginx/snippets/ssl-certificate-app-data.conf;
access_log /var/log/nginx/access_specter.log;
error_log /var/log/nginx/error_specter.log;
location / {
proxy_pass http://127.0.0.1:25441;
include /etc/nginx/snippets/ssl-proxy-params.conf;
}
}

44
home.admin/config.scripts/bonus.cryptoadvance-specter.sh
View file

@ -116,30 +116,18 @@ EOF
echo "# --> pip-installing specter" echo "# --> pip-installing specter"
sudo -u bitcoin /home/bitcoin/.specter/.env/bin/python3 -m pip install --upgrade cryptoadvance.specter sudo -u bitcoin /home/bitcoin/.specter/.env/bin/python3 -m pip install --upgrade cryptoadvance.specter
# Mandatory as the camera doesn't work without https # Mandatory as the camera doesn't work without https
# echo "# --> Creating self-signed certificate" echo "# --> Creating self-signed certificate"
# openssl req -x509 -newkey rsa:4096 -nodes -out /tmp/cert.pem -keyout /tmp/key.pem -days 365 -subj "/C=US/ST=Nooneknows/L=Springfield/O=Dis/CN=www.fakeurl.com" openssl req -x509 -newkey rsa:4096 -nodes -out /tmp/cert.pem -keyout /tmp/key.pem -days 365 -subj "/C=US/ST=Nooneknows/L=Springfield/O=Dis/CN=www.fakeurl.com"
# sudo mv /tmp/cert.pem /home/bitcoin/.specter sudo mv /tmp/cert.pem /home/bitcoin/.specter
# sudo chown -R bitcoin:bitcoin /home/bitcoin/.specter/cert.pem sudo chown -R bitcoin:bitcoin /home/bitcoin/.specter/cert.pem
# sudo mv /tmp/key.pem /home/bitcoin/.specter sudo mv /tmp/key.pem /home/bitcoin/.specter
# sudo chown -R bitcoin:bitcoin /home/bitcoin/.specter/key.pem sudo chown -R bitcoin:bitcoin /home/bitcoin/.specter/key.pem
# setup nginx symlinks
if ! [ -f /etc/nginx/sites-available/specter_ssl.conf ]; then
sudo cp /home/admin/assets/nginx/sites-available/specter_ssl.conf /etc/nginx/sites-available/specter_ssl.conf
fi
if ! [ -f /etc/nginx/sites-available/specter_tor_ssl.conf]; then
sudo cp /home/admin/assets/nginx/sites-available/specter_tor_ssl.conf /etc/nginx/sites-available/specter_tor_ssl.conf
fi
sudo ln -sf /etc/nginx/sites-available/specter_ssl.conf /etc/nginx/sites-enabled/
sudo ln -sf /etc/nginx/sites-available/specter_tor_ssl.conf /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
# open firewall # open firewall
echo "# --> Updating Firewall" echo "# --> Updating Firewall"
sudo ufw allow 25441 comment 'SPECTER HTTP' sudo ufw allow 25441 comment 'cryptoadvance-specter'
sudo ufw allow 25442 comment 'SPECTER HTTPS'
sudo ufw --force enable sudo ufw --force enable
echo "" echo ""
@ -226,7 +214,7 @@ Wants=${network}d.service
After=${network}d.service After=${network}d.service
[Service] [Service]
ExecStart=/home/bitcoin/.specter/.env/bin/python3 -m cryptoadvance.specter server --host 0.0.0.0 ExecStart=/home/bitcoin/.specter/.env/bin/python3 -m cryptoadvance.specter server --host 0.0.0.0 --cert=/home/bitcoin/.specter/cert.pem --key=/home/bitcoin/.specter/key.pem
User=bitcoin User=bitcoin
Environment=PATH=/home/bitcoin/.specter.env/bin:/home/bitcoin/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/sbin:/bin Environment=PATH=/home/bitcoin/.specter.env/bin:/home/bitcoin/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/sbin:/bin
Restart=always Restart=always
@ -254,7 +242,11 @@ EOF
# Hidden Service for SERVICE if Tor is active # Hidden Service for SERVICE if Tor is active
source /mnt/hdd/raspiblitz.conf source /mnt/hdd/raspiblitz.conf
if [ "${runBehindTor}" = "on" ]; then if [ "${runBehindTor}" = "on" ]; then
/home/admin/config.scripts/internet.hiddenservice.sh cryptoadvance-specter 443 25444 echo "# --> correct old Hidden Service with port"
sudo sed -i "s/^HiddenServicePort 25441 127.0.0.1:25441/HiddenServicePort 80 127.0.0.1:25441/g" /etc/tor/torrc
sudo sed -i "s/^HiddenServicePort 25441 127.0.0.1:80/HiddenServicePort 443 127.0.0.1:25441/g" /etc/tor/torrc
# port 25441 is HTTPS with self-signed cert
/home/admin/config.scripts/internet.hiddenservice.sh cryptoadvance-specter 443 25441
fi fi
exit 0 exit 0
fi fi
@ -272,14 +264,6 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
sudo systemctl disable cryptoadvance-specter sudo systemctl disable cryptoadvance-specter
sudo rm /etc/systemd/system/cryptoadvance-specter.service sudo rm /etc/systemd/system/cryptoadvance-specter.service
# remove nginx symlinks
sudo rm -f /etc/nginx/sites-enabled/specter_ssl.conf
sudo rm -f /etc/nginx/sites-enabled/specter_tor_ssl.conf
sudo rm -f /etc/nginx/sites-available/specter_ssl.conf
sudo rm -f /etc/nginx/sites-available/specter_tor_ssl.conf
sudo nginx -t
sudo systemctl reload nginx
if whiptail --defaultno --yesno "Do you want to delete all Data related to specter? This includes also Bitcoin-Core-Wallets managed by specter?" 0 0; then if whiptail --defaultno --yesno "Do you want to delete all Data related to specter? This includes also Bitcoin-Core-Wallets managed by specter?" 0 0; then
echo "# --> Removing wallets in core" echo "# --> Removing wallets in core"
bitcoin-cli listwallets | jq -r .[] | tail -n +2 bitcoin-cli listwallets | jq -r .[] | tail -n +2