diff --git a/BTCPayServer/bonus.btcpaysetdomain.sh b/BTCPayServer/bonus.btcpaysetdomain.sh index d2aa2df..a16627d 100644 --- a/BTCPayServer/bonus.btcpaysetdomain.sh +++ b/BTCPayServer/bonus.btcpaysetdomain.sh @@ -240,5 +240,5 @@ if [ $1 = revert ];then # test sudo nginx -t # reload - sudo systemctl reload nginx + sudo systemctl restart nginx fi diff --git a/nginx/custom_website_subdomain.sh b/nginx/custom_website_subdomain.sh index a09c62a..1d06ffc 100644 --- a/nginx/custom_website_subdomain.sh +++ b/nginx/custom_website_subdomain.sh @@ -22,8 +22,8 @@ sudo certbot certonly -a standalone -m $EMAIL --agree-tos \ --post-hook "service nginx start" || exit 1 # copy in place on a remote machine if needed -#sudo cat /etc/letsencrypt/live/$SUBDOMAIN/fullchain.pem -#sudo cat /etc/letsencrypt/live/$SUBDOMAIN/privkey.pem +#sudo cat /etc/letsencrypt/live/$SUBDOMAIN/fullchain.pem +#sudo cat /etc/letsencrypt/live/$SUBDOMAIN/privkey.pem # add to /etc/nginx/sites-available/ echo "\ @@ -48,9 +48,9 @@ server { # from https://github.com/rootzoll/raspiblitz/blob/v1.7/home.admin/assets/nginx/snippets/ssl-proxy-params.conf proxy_redirect off; - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host \$http_host; + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; } }" | sudo tee /etc/nginx/sites-available/$SUBDOMAIN @@ -63,4 +63,4 @@ sudo ln -s /etc/nginx/sites-available/$SUBDOMAIN /etc/nginx/sites-enabled/ sudo nginx -t || exit 1 -sudo systemctl reload nginx +sudo systemctl restart nginx diff --git a/nginx/electrum_server_subdomain.sh b/nginx/electrum_server_subdomain.sh index 234035e..c706bb5 100644 --- a/nginx/electrum_server_subdomain.sh +++ b/nginx/electrum_server_subdomain.sh @@ -78,4 +78,4 @@ stream { sudo nginx -t || exit 1 # restart -sudo systemctl reload nginx +sudo systemctl restart nginx diff --git a/nginx/https_redirect_to_subdomain.sh b/nginx/https_redirect_to_subdomain.sh new file mode 100644 index 0000000..15cbe83 --- /dev/null +++ b/nginx/https_redirect_to_subdomain.sh @@ -0,0 +1,68 @@ +#!/bin/bash + +echo " +Input your email: +" +read EMAIL + +echo " +Input a subdomain set up with an A record pointing to this server: +eg.: tips.diynodes.com +" +read SUBDOMAIN + +echo " +Input the URL where the subdomain should be redirected to: +eg.: https://pay.diynodes.com/apps/otJAn2YiMRKeHnKrsZYQF8VuCJD/pos +" +read SERVER + +echo " +Input the host address where the site is served: +eg.: https://192.168.1.42:23001 +" +read SERVER + +sudo certbot certonly -a standalone -m $EMAIL --agree-tos \ +-d $SUBDOMAIN --expand -n --pre-hook "service nginx stop" \ +--post-hook "service nginx start" || exit 1 + + +echo "\ +server { + listen 443 ssl; + server_name SUBDOMAIN; + return 301 $REDIRECT; + ssl on; + + ssl_certificate /etc/letsencrypt/live/tips.diynodes.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/tips.diynodes.com/privkey.pem; + ssl_session_timeout 1d; + ssl_session_cache shared:SSL:50m; + ssl_session_tickets off; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK'; + ssl_prefer_server_ciphers on; + ssl_stapling on; + ssl_stapling_verify on; + ssl_trusted_certificate /etc/letsencrypt/live/tips.diynodes.com/chain.pem; + + location / { + proxy_set_header Host \$host; + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto \$scheme; + proxy_pass $SERVER; + } +} +" | sudo tee /etc/nginx/sites-available/$SUBDOMAIN + +# edit with +# sudo nano /etc/nginx/sites-available/$SUBDOMAIN + +# add to /etc/nginx/sites-enabled/ +sudo ln -s /etc/nginx/sites-available/$SUBDOMAIN /etc/nginx/sites-enabled/ + +sudo nginx -t || exit 1 + +sudo systemctl restart nginx diff --git a/nginx/mempool_subdomain.sh b/nginx/mempool_subdomain.sh index aa25b2d..a6bfe62 100644 --- a/nginx/mempool_subdomain.sh +++ b/nginx/mempool_subdomain.sh @@ -85,4 +85,4 @@ sudo ln -s /etc/nginx/sites-available/$SUBDOMAIN /etc/nginx/sites-enabled/ sudo nginx -t || exit 1 -sudo systemctl reload nginx +sudo systemctl restart nginx