add subdomains

2025-12-19 04:54:18 +01:00 · 2022-01-20 18:27:18 +00:00
parent 7d5e8a4662
commit de47575bcf
2 changed files with 59 additions and 5 deletions
--- a/BTCPayServer/addSubdomains.md
+++ b/BTCPayServer/addSubdomains.md
@@ -11,20 +11,20 @@ read EMAIL
 echo "Input 3 subdomains separated with commas (eg: pay.example.com,tips.example.com,status.example.com)"
 read SUBDOMAINS

-echo "Input the the URL to be redirected to for the second domain"
+echo "Input the URL to be redirected to for the second domain"
 read REDIRECT1
-echo "Input the the URL to be redirected to for the third domain"
+echo "Input the URL to be redirected to for the third domain"
 read REDIRECT2

-certbot certonly -a standalone -m $EMAIL --agree-tos \
+sudo certbot certonly -a standalone -m $EMAIL --agree-tos \
 -d $SUBDOMAINS --expand -n --pre-hook "service nginx stop" \
 --post-hook "service nginx start" || exit 1

 firstDomain=$(echo $SUBDOMAINS|cut -d"," -f1)

 # copy in place if needed
-#cat /etc/letsencrypt/live/$firstDomain/fullchain.pem 
-#cat /etc/letsencrypt/live/$firstDomain/privkey.pem 
+#sudo cat /etc/letsencrypt/live/$firstDomain/fullchain.pem 
+#sudo cat /etc/letsencrypt/live/$firstDomain/privkey.pem 

 # Add to /etc/nginx/sites-available/btcpayserver
 echo "
--- a/BTCPayServer/subdomain.md
+++ b/BTCPayServer/subdomain.md
@@ -0,0 +1,54 @@
+# Add a custom subdomain
+
+In this example configuration I add a redirect to mempool on the LAN.
+
+
+```
+echo "Input your email:"
+read EMAIL
+
+echo "Input a subdomain set up with an A record pointing to this server (eg: mempool.example.com)"
+read SUBDOMAIN
+
+echo "Input the URL to be redirected to (eg. https://192.168.1.42:4081)"
+read REDIRECT
+
+sudo certbot certonly -a standalone -m $EMAIL --agree-tos \
+-d $SUBDOMAIN --expand -n --pre-hook "service nginx stop" \
+--post-hook "service nginx start" || exit 1
+
+# copy in place if needed
+#sudo cat /etc/letsencrypt/live/$SUBDOMAIN/fullchain.pem 
+#sudo cat /etc/letsencrypt/live/$SUBDOMAIN/privkey.pem 
+
+# Add to /etc/nginx/sites-available/btcpayserver
+echo "
+server {
+  listen 443 ssl;
+  server_name $SUBDOMAIN;
+  ssl on;
+
+  ssl_certificate /etc/letsencrypt/live/$SUBDOMAIN/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/$SUBDOMAIN/privkey.pem;
+  ssl_session_timeout 1d;
+  ssl_session_cache shared:SSL:50m;
+  ssl_session_tickets off;
+  ssl_protocols TLSv1.1 TLSv1.2;
+  ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
+  ssl_prefer_server_ciphers on;
+  ssl_stapling on;
+  ssl_stapling_verify on;
+  ssl_trusted_certificate /etc/letsencrypt/live/$SUBDOMAIN/chain.pem;
+
+  location / {
+          proxy_pass      $REDIRECT;
+  }
+
+}" | sudo tee /etc/nginx/sites-available/$SUBDOMAIN
+
+
+sudo nano /etc/nginx/sites-available/$SUBDOMAIN
+
+sudo ln -s /etc/nginx/sites-available/$SUBDOMAIN /etc/nginx/sites-enabled/
+sudo nginx -t
+sudo systemctl reload nginx