From de47575bcf9ce844628bd52ad1ba73957bbace66 Mon Sep 17 00:00:00 2001 From: openoms Date: Thu, 20 Jan 2022 18:27:18 +0000 Subject: [PATCH] add subdomains --- BTCPayServer/addSubdomains.md | 10 +++---- BTCPayServer/subdomain.md | 54 +++++++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+), 5 deletions(-) create mode 100644 BTCPayServer/subdomain.md diff --git a/BTCPayServer/addSubdomains.md b/BTCPayServer/addSubdomains.md index 9d3dee0..3fdd197 100644 --- a/BTCPayServer/addSubdomains.md +++ b/BTCPayServer/addSubdomains.md @@ -11,20 +11,20 @@ read EMAIL echo "Input 3 subdomains separated with commas (eg: pay.example.com,tips.example.com,status.example.com)" read SUBDOMAINS -echo "Input the the URL to be redirected to for the second domain" +echo "Input the URL to be redirected to for the second domain" read REDIRECT1 -echo "Input the the URL to be redirected to for the third domain" +echo "Input the URL to be redirected to for the third domain" read REDIRECT2 -certbot certonly -a standalone -m $EMAIL --agree-tos \ +sudo certbot certonly -a standalone -m $EMAIL --agree-tos \ -d $SUBDOMAINS --expand -n --pre-hook "service nginx stop" \ --post-hook "service nginx start" || exit 1 firstDomain=$(echo $SUBDOMAINS|cut -d"," -f1) # copy in place if needed -#cat /etc/letsencrypt/live/$firstDomain/fullchain.pem -#cat /etc/letsencrypt/live/$firstDomain/privkey.pem +#sudo cat /etc/letsencrypt/live/$firstDomain/fullchain.pem +#sudo cat /etc/letsencrypt/live/$firstDomain/privkey.pem # Add to /etc/nginx/sites-available/btcpayserver echo " diff --git a/BTCPayServer/subdomain.md b/BTCPayServer/subdomain.md new file mode 100644 index 0000000..83f2a27 --- /dev/null +++ b/BTCPayServer/subdomain.md @@ -0,0 +1,54 @@ +# Add a custom subdomain + +In this example configuration I add a redirect to mempool on the LAN. + + +``` +echo "Input your email:" +read EMAIL + +echo "Input a subdomain set up with an A record pointing to this server (eg: mempool.example.com)" +read SUBDOMAIN + +echo "Input the URL to be redirected to (eg. https://192.168.1.42:4081)" +read REDIRECT + +sudo certbot certonly -a standalone -m $EMAIL --agree-tos \ +-d $SUBDOMAIN --expand -n --pre-hook "service nginx stop" \ +--post-hook "service nginx start" || exit 1 + +# copy in place if needed +#sudo cat /etc/letsencrypt/live/$SUBDOMAIN/fullchain.pem +#sudo cat /etc/letsencrypt/live/$SUBDOMAIN/privkey.pem + +# Add to /etc/nginx/sites-available/btcpayserver +echo " +server { + listen 443 ssl; + server_name $SUBDOMAIN; + ssl on; + + ssl_certificate /etc/letsencrypt/live/$SUBDOMAIN/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/$SUBDOMAIN/privkey.pem; + ssl_session_timeout 1d; + ssl_session_cache shared:SSL:50m; + ssl_session_tickets off; + ssl_protocols TLSv1.1 TLSv1.2; + ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK'; + ssl_prefer_server_ciphers on; + ssl_stapling on; + ssl_stapling_verify on; + ssl_trusted_certificate /etc/letsencrypt/live/$SUBDOMAIN/chain.pem; + + location / { + proxy_pass $REDIRECT; + } + +}" | sudo tee /etc/nginx/sites-available/$SUBDOMAIN + + +sudo nano /etc/nginx/sites-available/$SUBDOMAIN + +sudo ln -s /etc/nginx/sites-available/$SUBDOMAIN /etc/nginx/sites-enabled/ +sudo nginx -t +sudo systemctl reload nginx \ No newline at end of file