From 622760fced5206750d560227038fe8e58871500e Mon Sep 17 00:00:00 2001 From: openoms Date: Fri, 20 Sep 2019 23:13:02 +0100 Subject: [PATCH] btcpay, electrs: add certbot renew service daily --- BTCPayServer/btcpay_to_blitz.sh | 72 +++++++++++++++++++++----- electrs/2_electrs_systemd_service.sh | 2 +- electrs/3_Nginx_and_Certbot_for_SSL.sh | 13 +++-- nginx/bonus.SSL_for_RTL.sh | 53 +++++++------------ 4 files changed, 87 insertions(+), 53 deletions(-) diff --git a/BTCPayServer/btcpay_to_blitz.sh b/BTCPayServer/btcpay_to_blitz.sh index 581b35d..2572650 100644 --- a/BTCPayServer/btcpay_to_blitz.sh +++ b/BTCPayServer/btcpay_to_blitz.sh @@ -4,33 +4,77 @@ # to download and run: # wget https://raw.githubusercontent.com/openoms/bitcoin-tutorials/master/BTCPayServer/btcpay_to_blitz.sh && bash btcpay_to_blitz.sh -# requirements - -file="/etc/nginx/nginx.conf" -if [ -f "$file" ] -then - echo "$file found." - echo "There is an existing Nginx configuration which might fail if the setup continues" - echo "Press CRTL+C to abort or any key to continue" - read key -fi +#file="/etc/nginx/nginx.conf" +#if [ -f "$file" ] +#then +# echo "$file found." +# echo "There is an existing Nginx configuration which might fail if the setup continues" +# echo "Press CRTL+C to abort or any key to continue" +# read key +#fi #use `sudo apt purge nginx-common certbot` to clean configuration echo "" echo "***" -echo "Please confirm that the port 80, 443 and 9735 are forwarded to the IP of the RaspiBlitz by pressing [ENTER]" +echo "Confirm that the port 80, 443 and 9735 are forwarded to the IP of the RaspiBlitz by pressing [ENTER]" read key echo "" echo "***" -echo "Please type the domain/ddns you want to use for BTCPayServer followed by [ENTER]" +echo "Type the domain/ddns you want to use for BTCPayServer and press [ENTER]" read YOUR_DOMAIN +echo "" +echo "***" +echo "Type an email address that will be used to register the SSL certificate and press [ENTER]" +read YOUR_EMAIL + +# install nginx sudo apt-get install nginx-full certbot -y # get SSL cert -sudo certbot certonly --authenticator standalone -d $YOUR_DOMAIN --pre-hook "service nginx stop" --post-hook "service nginx start" +sudo certbot certonly -a standalone -m $YOUR_EMAIL --agree-tos -d $YOUR_DOMAIN --pre-hook "service nginx stop" --post-hook "service nginx start" + +echo "" +echo "***" +echo "Setting up certbot-auto renewal service" +echo "***" +echo "" + +sudo rm -f /etc/systemd/system/certbot.timer +echo " +[Unit] +Description=Certbot-auto renewal service + +[Timer] +OnBootSec=20min +OnCalendar=*-*-* 4:00:00 + +[Install] +WantedBy=timers.target +" | sudo tee -a /etc/systemd/system/certbot.timer + +sudo rm -f /etc/systemd/system/certbot.service +echo " +[Unit] +Description=Certbot-auto renewal service +After=bitcoind.service + +[Service] +WorkingDirectory=/home/admin/ +ExecStart=sudo certbot renew --pre-hook \"service nginx stop\" --post-hook \"service nginx start\" + +User=admin +Group=admin +Type=simple +KillMode=process +TimeoutSec=60 +Restart=always +RestartSec=60 +" | sudo tee -a /etc/systemd/system/certbot.service + +sudo systemctl enable certbot.timer # cleanup possible residual files from previous installs @@ -131,7 +175,7 @@ Requires=btcpayserver.service After=nbxplorer.service [Service] -ExecStart=/usr/local/bin/dotnet run --no-launch-profile --no-build -c Release -p "/home/admin/btcpayserver/BTCPayServer/BTCPayServer.csproj" -- \$@ +ExecStart=/usr/local/bin/dotnet run --no-launch-profile --no-build -c Release -p \"/home/admin/btcpayserver/BTCPayServer/BTCPayServer.csproj\" -- \$@ User=admin Group=admin Type=simple diff --git a/electrs/2_electrs_systemd_service.sh b/electrs/2_electrs_systemd_service.sh index 548c866..c71e8a6 100644 --- a/electrs/2_electrs_systemd_service.sh +++ b/electrs/2_electrs_systemd_service.sh @@ -16,7 +16,7 @@ After=bitcoind.service [Service] WorkingDirectory=/home/electrs/electrs -ExecStart=/home/electrs/electrs/target/release/electrs --index-batch-size=10 --electrum-rpc-addr="0.0.0.0:50001" +ExecStart=/home/electrs/electrs/target/release/electrs --index-batch-size=10 --electrum-rpc-addr=\"0.0.0.0:50001\" User=electrs Group=electrs Type=simple diff --git a/electrs/3_Nginx_and_Certbot_for_SSL.sh b/electrs/3_Nginx_and_Certbot_for_SSL.sh index 97f40fb..ab13bb3 100644 --- a/electrs/3_Nginx_and_Certbot_for_SSL.sh +++ b/electrs/3_Nginx_and_Certbot_for_SSL.sh @@ -12,9 +12,14 @@ echo "" echo "***" -echo "Please type the domain/dynamicDNS you want to use for Electrs followed by [ENTER]" +echo "Please type the domain/dynamicDNS you want to use for Electrs and press [ENTER]" read YOUR_DOMAIN +echo "" +echo "***" +echo "Please type an email that will be used to register the SSL certificate and press [ENTER]" +read YOUR_EMAIL + echo "" echo "***" echo "Please confirm that the port 80 is forwarded to the IP of the RaspiBlitz by pressing [ENTER]" @@ -47,7 +52,8 @@ echo "" sudo apt install -y certbot # get SSL cert -sudo certbot certonly --authenticator standalone -d $YOUR_DOMAIN --pre-hook "service nginx stop" --post-hook "service nginx start" +sudo certbot certonly -a standalone -m $YOUR_EMAIL --agree-tos -d $YOUR_DOMAIN --pre-hook "service nginx stop" --post-hook "service nginx start" + # Your certificate and chain have been saved at: # /etc/letsencrypt/live/$YOUR_DOMAIN/fullchain.pem @@ -67,7 +73,6 @@ Description=Certbot-auto renewal service [Timer] OnBootSec=20min OnCalendar=*-*-* 4:00:00 -OnCalendar=*-*-* 16:00:00 [Install] WantedBy=timers.target @@ -80,7 +85,7 @@ After=bitcoind.service [Service] WorkingDirectory=/home/admin/ -ExecStart=/home/admin/certbot-auto renew +ExecStart=sudo certbot renew --pre-hook \"service nginx stop\" --post-hook \"service nginx start\" User=admin Group=admin diff --git a/nginx/bonus.SSL_for_RTL.sh b/nginx/bonus.SSL_for_RTL.sh index 7c70562..448a570 100644 --- a/nginx/bonus.SSL_for_RTL.sh +++ b/nginx/bonus.SSL_for_RTL.sh @@ -8,43 +8,31 @@ # Forward port 3002 to be able to access RTL from outside of your LAN # https://www.raspberrypi.org/documentation/remote-access/web-server/nginx.md -echo "" -echo "***" -echo "installing Nginx" -echo "***" -echo "" - -sudo apt-get install -y nginx -sudo /etc/init.d/nginx start echo "" echo "***" echo "Please confirm that the port 80 is forwarded to the IP of the RaspiBlitz by pressing [ENTER]" read key +echo "" +echo "***" +echo "Please type the domain/ddns you have generated the certificate for followed by [ENTER]" +read YOUR_DOMAIN + +echo "" +echo "***" +echo "Type an email address that will be used to register the SSL certificate and press [ENTER]" +read YOUR_EMAIL + +echo "installing Nginx and certbot" +sudo apt-get install -y nginx-full certbot +sudo /etc/init.d/nginx start + echo "allow port 80 on ufw" sudo ufw allow 80 -# https://certbot.eff.org/lets-encrypt/debianother-nginx -echo "" -echo "***" -echo "Installing certbot" -echo " you will be asked for and email address and your domain name - a dynamic DNS can be used" -echo " give a 4-11 character password and press [ENTER] to save default options for the certificate" -echo "***" -echo "" - -# wget https://dl.eff.org/certbot-auto -# chmod +x certbot-auto -# sudo ./certbot-auto --nginx -sudo apt install -y certbot # get SSL cert -sudo certbot certonly --authenticator standalone -d $YOUR_DOMAIN --pre-hook "service nginx stop" --post-hook "service nginx start" - -# Your certificate and chain have been saved at: -# /etc/letsencrypt/live/$YOUR_DOMAIN/fullchain.pem -# Your key file has been saved at: -# /etc/letsencrypt/live/$YOUR_DOMAIN/privkey.pem +sudo certbot certonly -a standalone -m $YOUR_EMAIL --agree-tos -d $YOUR_DOMAIN --pre-hook "service nginx stop" --post-hook "service nginx start" echo "" echo "***" @@ -52,6 +40,7 @@ echo "Setting up certbot-auto renewal service" echo "***" echo "" +sudo rm -f /etc/systemd/system/certbot.timer echo " [Unit] Description=Certbot-auto renewal service @@ -59,20 +48,20 @@ Description=Certbot-auto renewal service [Timer] OnBootSec=20min OnCalendar=*-*-* 4:00:00 -OnCalendar=*-*-* 16:00:00 [Install] WantedBy=timers.target " | sudo tee -a /etc/systemd/system/certbot.timer +sudo rm -f /etc/systemd/system/certbot.service echo " [Unit] -Description=certbot-auto renew timer +Description=Certbot-auto renewal service After=bitcoind.service [Service] WorkingDirectory=/home/admin/ -ExecStart=/home/admin/certbot-auto renew +ExecStart=sudo certbot renew --pre-hook \"service nginx stop\" --post-hook \"service nginx start\" User=admin Group=admin @@ -85,10 +74,6 @@ RestartSec=60 sudo systemctl enable certbot.timer -echo "" -echo "***" -echo "Please type the domain/ddns you have generated the certificate for followed by [ENTER]" -read YOUR_DOMAIN echo "Setting up nginx.conf" echo "***"