#1171 revert specter using own ssl selfgenerated

2025-02-24 06:48:00 +01:00 · 2020-06-29 19:33:23 +02:00 · 2020-06-29 19:33:23 +02:00 · e1f24cb4aa
commit e1f24cb4aa
parent 8974d87e74
3 changed files with 14 additions and 70 deletions
--- a/home.admin/assets/nginx/sites-available/specter_ssl.conf
+++ b/home.admin/assets/nginx/sites-available/specter_ssl.conf
@ -1,20 +0,0 @@
-## btcrpcexplorer_ssl.conf
-
-server {
-    listen 25442 ssl;
-    listen [::]:25442 ssl;
-    server_name _;
-
-    include /etc/nginx/snippets/ssl-params.conf;
-    include /etc/nginx/snippets/ssl-certificate-app-data.conf;
-
-    access_log /var/log/nginx/access_specter.log;
-    error_log /var/log/nginx/error_specter.log;
-
-    location / {
-        proxy_pass http://127.0.0.1:25441;
-
-        include /etc/nginx/snippets/ssl-proxy-params.conf;
-    }
-
-}
--- a/home.admin/assets/nginx/sites-available/specter_tor_ssl.conf
+++ b/home.admin/assets/nginx/sites-available/specter_tor_ssl.conf
@ -1,20 +0,0 @@
-## btcrpcexplorer_tor_ssl.conf
-
-server {
-    listen localhost:25444 ssl;
-    listen [::1]:25444 ssl;
-    server_name _;
-
-    include /etc/nginx/snippets/ssl-params.conf;
-    include /etc/nginx/snippets/ssl-certificate-app-data.conf;
-
-    access_log /var/log/nginx/access_specter.log;
-    error_log /var/log/nginx/error_specter.log;
-
-    location / {
-        proxy_pass http://127.0.0.1:25441;
-
-        include /etc/nginx/snippets/ssl-proxy-params.conf;
-    }
-
-}
--- a/home.admin/config.scripts/bonus.cryptoadvance-specter.sh
+++ b/home.admin/config.scripts/bonus.cryptoadvance-specter.sh
@ -116,30 +116,18 @@ EOF
    echo "#    --> pip-installing specter"
    sudo -u bitcoin /home/bitcoin/.specter/.env/bin/python3 -m pip install --upgrade cryptoadvance.specter
    
+    
    # Mandatory as the camera doesn't work without https
-    # echo "#    --> Creating self-signed certificate"
-    # openssl req -x509 -newkey rsa:4096 -nodes -out /tmp/cert.pem -keyout /tmp/key.pem -days 365 -subj "/C=US/ST=Nooneknows/L=Springfield/O=Dis/CN=www.fakeurl.com"
-    # sudo mv /tmp/cert.pem /home/bitcoin/.specter
-    # sudo chown -R bitcoin:bitcoin /home/bitcoin/.specter/cert.pem
-    # sudo mv /tmp/key.pem /home/bitcoin/.specter
-    # sudo chown -R bitcoin:bitcoin /home/bitcoin/.specter/key.pem
-
-    # setup nginx symlinks
-    if ! [ -f /etc/nginx/sites-available/specter_ssl.conf ]; then
-       sudo cp /home/admin/assets/nginx/sites-available/specter_ssl.conf /etc/nginx/sites-available/specter_ssl.conf
-    fi
-    if ! [ -f /etc/nginx/sites-available/specter_tor_ssl.conf]; then
-       sudo cp /home/admin/assets/nginx/sites-available/specter_tor_ssl.conf /etc/nginx/sites-available/specter_tor_ssl.conf
-    fi
-    sudo ln -sf /etc/nginx/sites-available/specter_ssl.conf /etc/nginx/sites-enabled/
-    sudo ln -sf /etc/nginx/sites-available/specter_tor_ssl.conf /etc/nginx/sites-enabled/
-    sudo nginx -t
-    sudo systemctl reload nginx
+    echo "#    --> Creating self-signed certificate"
+   openssl req -x509 -newkey rsa:4096 -nodes -out /tmp/cert.pem -keyout /tmp/key.pem -days 365 -subj "/C=US/ST=Nooneknows/L=Springfield/O=Dis/CN=www.fakeurl.com"
+    sudo mv /tmp/cert.pem /home/bitcoin/.specter
+    sudo chown -R bitcoin:bitcoin /home/bitcoin/.specter/cert.pem
+    sudo mv /tmp/key.pem /home/bitcoin/.specter
+    sudo chown -R bitcoin:bitcoin /home/bitcoin/.specter/key.pem

    # open firewall
    echo "#    --> Updating Firewall"
-    sudo ufw allow 25441 comment 'SPECTER HTTP'
-    sudo ufw allow 25442 comment 'SPECTER HTTPS'
+    sudo ufw allow 25441 comment 'cryptoadvance-specter'
    sudo ufw --force enable
    echo ""

@ -226,7 +214,7 @@ Wants=${network}d.service
 After=${network}d.service

 [Service]
-ExecStart=/home/bitcoin/.specter/.env/bin/python3 -m cryptoadvance.specter server --host 0.0.0.0
+ExecStart=/home/bitcoin/.specter/.env/bin/python3 -m cryptoadvance.specter server --host 0.0.0.0 --cert=/home/bitcoin/.specter/cert.pem --key=/home/bitcoin/.specter/key.pem
 User=bitcoin
 Environment=PATH=/home/bitcoin/.specter.env/bin:/home/bitcoin/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/sbin:/bin
 Restart=always
@ -254,7 +242,11 @@ EOF
  # Hidden Service for SERVICE if Tor is active
  source /mnt/hdd/raspiblitz.conf
  if [ "${runBehindTor}" = "on" ]; then
-    /home/admin/config.scripts/internet.hiddenservice.sh cryptoadvance-specter 443 25444
+    echo "#    --> correct old Hidden Service with port"
+    sudo sed -i "s/^HiddenServicePort 25441 127.0.0.1:25441/HiddenServicePort 80 127.0.0.1:25441/g" /etc/tor/torrc
+    sudo sed -i "s/^HiddenServicePort 25441 127.0.0.1:80/HiddenServicePort 443 127.0.0.1:25441/g" /etc/tor/torrc
+    # port 25441 is HTTPS with self-signed cert
+    /home/admin/config.scripts/internet.hiddenservice.sh cryptoadvance-specter 443 25441
  fi
  exit 0
 fi
@ -272,14 +264,6 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
    sudo systemctl disable cryptoadvance-specter
    sudo rm /etc/systemd/system/cryptoadvance-specter.service

-    # remove nginx symlinks
-    sudo rm -f /etc/nginx/sites-enabled/specter_ssl.conf
-    sudo rm -f /etc/nginx/sites-enabled/specter_tor_ssl.conf
-    sudo rm -f /etc/nginx/sites-available/specter_ssl.conf
-    sudo rm -f /etc/nginx/sites-available/specter_tor_ssl.conf
-    sudo nginx -t
-    sudo systemctl reload nginx
-
    if whiptail --defaultno --yesno "Do you want to delete all Data related to specter? This includes also Bitcoin-Core-Wallets managed by specter?" 0 0; then
      echo "#    --> Removing wallets in core"
      bitcoin-cli listwallets | jq -r .[] | tail -n +2