From d6c42368e3982c0545c64384a73a98503e1e4cd0 Mon Sep 17 00:00:00 2001 From: "nicolas.dorier" Date: Mon, 13 Aug 2018 01:06:48 +0900 Subject: [PATCH] Add ability to grant BTCPay SSH access --- .../docker-compose.btc-clightning.yml | 4 ++- .../docker-compose.btc-ltc-clightning.yml | 4 ++- .../docker-compose.btc-ltc.yml | 4 ++- .../docker-compose.btc.yml | 4 ++- .../docker-compose.ltc-clightning.yml | 4 ++- .../docker-compose.ltc.yml | 4 ++- Production/docker-compose.btc-clightning.yml | 4 ++- .../docker-compose.btc-ltc-clightning.yml | 4 ++- Production/docker-compose.btc-ltc.yml | 4 ++- Production/docker-compose.btc.yml | 4 ++- Production/docker-compose.ltc-clightning.yml | 4 ++- Production/docker-compose.ltc.yml | 4 ++- btcpay-setup.sh | 26 ++++++++++++++++++- .../docker-fragments/btcpayserver.yml | 4 ++- 14 files changed, 64 insertions(+), 14 deletions(-) diff --git a/Production-NoReverseProxy/docker-compose.btc-clightning.yml b/Production-NoReverseProxy/docker-compose.btc-clightning.yml index 9acf9e8..c87e9b2 100644 --- a/Production-NoReverseProxy/docker-compose.btc-clightning.yml +++ b/Production-NoReverseProxy/docker-compose.btc-clightning.yml @@ -2,7 +2,7 @@ version: "3" services: btcpayserver: restart: unless-stopped - image: nicolasdorier/btcpayserver:1.0.2.87 + image: nicolasdorier/btcpayserver:1.0.2.90 expose: - "49392" environment: @@ -11,6 +11,8 @@ services: BTCPAY_BIND: 0.0.0.0:49392 BTCPAY_EXTERNALURL: ${BTCPAY_PROTOCOL:-https}://${BTCPAY_HOST}/ BTCPAY_ROOTPATH: ${BTCPAY_ROOTPATH:-/} + BTCPAY_SSHTRUSTEDFINGERPRINTS: ${BTCPAY_SSHTRUSTEDFINGERPRINTS} + BTCPAY_SSHKEYFILE: ${BTCPAY_SSHKEYFILE} VIRTUAL_NETWORK: nginx-proxy VIRTUAL_PORT: 49392 VIRTUAL_HOST: ${BTCPAY_HOST} diff --git a/Production-NoReverseProxy/docker-compose.btc-ltc-clightning.yml b/Production-NoReverseProxy/docker-compose.btc-ltc-clightning.yml index 2c92b7b..3804bbf 100644 --- a/Production-NoReverseProxy/docker-compose.btc-ltc-clightning.yml +++ b/Production-NoReverseProxy/docker-compose.btc-ltc-clightning.yml @@ -2,7 +2,7 @@ version: "3" services: btcpayserver: restart: unless-stopped - image: nicolasdorier/btcpayserver:1.0.2.87 + image: nicolasdorier/btcpayserver:1.0.2.90 expose: - "49392" environment: @@ -11,6 +11,8 @@ services: BTCPAY_BIND: 0.0.0.0:49392 BTCPAY_EXTERNALURL: ${BTCPAY_PROTOCOL:-https}://${BTCPAY_HOST}/ BTCPAY_ROOTPATH: ${BTCPAY_ROOTPATH:-/} + BTCPAY_SSHTRUSTEDFINGERPRINTS: ${BTCPAY_SSHTRUSTEDFINGERPRINTS} + BTCPAY_SSHKEYFILE: ${BTCPAY_SSHKEYFILE} VIRTUAL_NETWORK: nginx-proxy VIRTUAL_PORT: 49392 VIRTUAL_HOST: ${BTCPAY_HOST} diff --git a/Production-NoReverseProxy/docker-compose.btc-ltc.yml b/Production-NoReverseProxy/docker-compose.btc-ltc.yml index 5f75d31..4e1a677 100644 --- a/Production-NoReverseProxy/docker-compose.btc-ltc.yml +++ b/Production-NoReverseProxy/docker-compose.btc-ltc.yml @@ -2,7 +2,7 @@ version: "3" services: btcpayserver: restart: unless-stopped - image: nicolasdorier/btcpayserver:1.0.2.87 + image: nicolasdorier/btcpayserver:1.0.2.90 expose: - "49392" environment: @@ -11,6 +11,8 @@ services: BTCPAY_BIND: 0.0.0.0:49392 BTCPAY_EXTERNALURL: ${BTCPAY_PROTOCOL:-https}://${BTCPAY_HOST}/ BTCPAY_ROOTPATH: ${BTCPAY_ROOTPATH:-/} + BTCPAY_SSHTRUSTEDFINGERPRINTS: ${BTCPAY_SSHTRUSTEDFINGERPRINTS} + BTCPAY_SSHKEYFILE: ${BTCPAY_SSHKEYFILE} VIRTUAL_NETWORK: nginx-proxy VIRTUAL_PORT: 49392 VIRTUAL_HOST: ${BTCPAY_HOST} diff --git a/Production-NoReverseProxy/docker-compose.btc.yml b/Production-NoReverseProxy/docker-compose.btc.yml index a462514..afbc9dc 100644 --- a/Production-NoReverseProxy/docker-compose.btc.yml +++ b/Production-NoReverseProxy/docker-compose.btc.yml @@ -2,7 +2,7 @@ version: "3" services: btcpayserver: restart: unless-stopped - image: nicolasdorier/btcpayserver:1.0.2.87 + image: nicolasdorier/btcpayserver:1.0.2.90 expose: - "49392" environment: @@ -11,6 +11,8 @@ services: BTCPAY_BIND: 0.0.0.0:49392 BTCPAY_EXTERNALURL: ${BTCPAY_PROTOCOL:-https}://${BTCPAY_HOST}/ BTCPAY_ROOTPATH: ${BTCPAY_ROOTPATH:-/} + BTCPAY_SSHTRUSTEDFINGERPRINTS: ${BTCPAY_SSHTRUSTEDFINGERPRINTS} + BTCPAY_SSHKEYFILE: ${BTCPAY_SSHKEYFILE} VIRTUAL_NETWORK: nginx-proxy VIRTUAL_PORT: 49392 VIRTUAL_HOST: ${BTCPAY_HOST} diff --git a/Production-NoReverseProxy/docker-compose.ltc-clightning.yml b/Production-NoReverseProxy/docker-compose.ltc-clightning.yml index 98f978f..bc41ffa 100644 --- a/Production-NoReverseProxy/docker-compose.ltc-clightning.yml +++ b/Production-NoReverseProxy/docker-compose.ltc-clightning.yml @@ -2,7 +2,7 @@ version: "3" services: btcpayserver: restart: unless-stopped - image: nicolasdorier/btcpayserver:1.0.2.87 + image: nicolasdorier/btcpayserver:1.0.2.90 expose: - "49392" environment: @@ -11,6 +11,8 @@ services: BTCPAY_BIND: 0.0.0.0:49392 BTCPAY_EXTERNALURL: ${BTCPAY_PROTOCOL:-https}://${BTCPAY_HOST}/ BTCPAY_ROOTPATH: ${BTCPAY_ROOTPATH:-/} + BTCPAY_SSHTRUSTEDFINGERPRINTS: ${BTCPAY_SSHTRUSTEDFINGERPRINTS} + BTCPAY_SSHKEYFILE: ${BTCPAY_SSHKEYFILE} VIRTUAL_NETWORK: nginx-proxy VIRTUAL_PORT: 49392 VIRTUAL_HOST: ${BTCPAY_HOST} diff --git a/Production-NoReverseProxy/docker-compose.ltc.yml b/Production-NoReverseProxy/docker-compose.ltc.yml index 0f1e006..3f69143 100644 --- a/Production-NoReverseProxy/docker-compose.ltc.yml +++ b/Production-NoReverseProxy/docker-compose.ltc.yml @@ -2,7 +2,7 @@ version: "3" services: btcpayserver: restart: unless-stopped - image: nicolasdorier/btcpayserver:1.0.2.87 + image: nicolasdorier/btcpayserver:1.0.2.90 expose: - "49392" environment: @@ -11,6 +11,8 @@ services: BTCPAY_BIND: 0.0.0.0:49392 BTCPAY_EXTERNALURL: ${BTCPAY_PROTOCOL:-https}://${BTCPAY_HOST}/ BTCPAY_ROOTPATH: ${BTCPAY_ROOTPATH:-/} + BTCPAY_SSHTRUSTEDFINGERPRINTS: ${BTCPAY_SSHTRUSTEDFINGERPRINTS} + BTCPAY_SSHKEYFILE: ${BTCPAY_SSHKEYFILE} VIRTUAL_NETWORK: nginx-proxy VIRTUAL_PORT: 49392 VIRTUAL_HOST: ${BTCPAY_HOST} diff --git a/Production/docker-compose.btc-clightning.yml b/Production/docker-compose.btc-clightning.yml index 89560de..dd74f4e 100644 --- a/Production/docker-compose.btc-clightning.yml +++ b/Production/docker-compose.btc-clightning.yml @@ -46,7 +46,7 @@ services: - nginx-gen btcpayserver: restart: unless-stopped - image: nicolasdorier/btcpayserver:1.0.2.87 + image: nicolasdorier/btcpayserver:1.0.2.90 expose: - "49392" environment: @@ -55,6 +55,8 @@ services: BTCPAY_BIND: 0.0.0.0:49392 BTCPAY_EXTERNALURL: ${BTCPAY_PROTOCOL:-https}://${BTCPAY_HOST}/ BTCPAY_ROOTPATH: ${BTCPAY_ROOTPATH:-/} + BTCPAY_SSHTRUSTEDFINGERPRINTS: ${BTCPAY_SSHTRUSTEDFINGERPRINTS} + BTCPAY_SSHKEYFILE: ${BTCPAY_SSHKEYFILE} VIRTUAL_NETWORK: nginx-proxy VIRTUAL_PORT: 49392 VIRTUAL_HOST: ${BTCPAY_HOST} diff --git a/Production/docker-compose.btc-ltc-clightning.yml b/Production/docker-compose.btc-ltc-clightning.yml index 2d68ccc..780db49 100644 --- a/Production/docker-compose.btc-ltc-clightning.yml +++ b/Production/docker-compose.btc-ltc-clightning.yml @@ -46,7 +46,7 @@ services: - nginx-gen btcpayserver: restart: unless-stopped - image: nicolasdorier/btcpayserver:1.0.2.87 + image: nicolasdorier/btcpayserver:1.0.2.90 expose: - "49392" environment: @@ -55,6 +55,8 @@ services: BTCPAY_BIND: 0.0.0.0:49392 BTCPAY_EXTERNALURL: ${BTCPAY_PROTOCOL:-https}://${BTCPAY_HOST}/ BTCPAY_ROOTPATH: ${BTCPAY_ROOTPATH:-/} + BTCPAY_SSHTRUSTEDFINGERPRINTS: ${BTCPAY_SSHTRUSTEDFINGERPRINTS} + BTCPAY_SSHKEYFILE: ${BTCPAY_SSHKEYFILE} VIRTUAL_NETWORK: nginx-proxy VIRTUAL_PORT: 49392 VIRTUAL_HOST: ${BTCPAY_HOST} diff --git a/Production/docker-compose.btc-ltc.yml b/Production/docker-compose.btc-ltc.yml index 7d05924..8cf0aae 100644 --- a/Production/docker-compose.btc-ltc.yml +++ b/Production/docker-compose.btc-ltc.yml @@ -46,7 +46,7 @@ services: - nginx-gen btcpayserver: restart: unless-stopped - image: nicolasdorier/btcpayserver:1.0.2.87 + image: nicolasdorier/btcpayserver:1.0.2.90 expose: - "49392" environment: @@ -55,6 +55,8 @@ services: BTCPAY_BIND: 0.0.0.0:49392 BTCPAY_EXTERNALURL: ${BTCPAY_PROTOCOL:-https}://${BTCPAY_HOST}/ BTCPAY_ROOTPATH: ${BTCPAY_ROOTPATH:-/} + BTCPAY_SSHTRUSTEDFINGERPRINTS: ${BTCPAY_SSHTRUSTEDFINGERPRINTS} + BTCPAY_SSHKEYFILE: ${BTCPAY_SSHKEYFILE} VIRTUAL_NETWORK: nginx-proxy VIRTUAL_PORT: 49392 VIRTUAL_HOST: ${BTCPAY_HOST} diff --git a/Production/docker-compose.btc.yml b/Production/docker-compose.btc.yml index 94568af..b94a932 100644 --- a/Production/docker-compose.btc.yml +++ b/Production/docker-compose.btc.yml @@ -46,7 +46,7 @@ services: - nginx-gen btcpayserver: restart: unless-stopped - image: nicolasdorier/btcpayserver:1.0.2.87 + image: nicolasdorier/btcpayserver:1.0.2.90 expose: - "49392" environment: @@ -55,6 +55,8 @@ services: BTCPAY_BIND: 0.0.0.0:49392 BTCPAY_EXTERNALURL: ${BTCPAY_PROTOCOL:-https}://${BTCPAY_HOST}/ BTCPAY_ROOTPATH: ${BTCPAY_ROOTPATH:-/} + BTCPAY_SSHTRUSTEDFINGERPRINTS: ${BTCPAY_SSHTRUSTEDFINGERPRINTS} + BTCPAY_SSHKEYFILE: ${BTCPAY_SSHKEYFILE} VIRTUAL_NETWORK: nginx-proxy VIRTUAL_PORT: 49392 VIRTUAL_HOST: ${BTCPAY_HOST} diff --git a/Production/docker-compose.ltc-clightning.yml b/Production/docker-compose.ltc-clightning.yml index 60a6110..c9806a8 100644 --- a/Production/docker-compose.ltc-clightning.yml +++ b/Production/docker-compose.ltc-clightning.yml @@ -46,7 +46,7 @@ services: - nginx-gen btcpayserver: restart: unless-stopped - image: nicolasdorier/btcpayserver:1.0.2.87 + image: nicolasdorier/btcpayserver:1.0.2.90 expose: - "49392" environment: @@ -55,6 +55,8 @@ services: BTCPAY_BIND: 0.0.0.0:49392 BTCPAY_EXTERNALURL: ${BTCPAY_PROTOCOL:-https}://${BTCPAY_HOST}/ BTCPAY_ROOTPATH: ${BTCPAY_ROOTPATH:-/} + BTCPAY_SSHTRUSTEDFINGERPRINTS: ${BTCPAY_SSHTRUSTEDFINGERPRINTS} + BTCPAY_SSHKEYFILE: ${BTCPAY_SSHKEYFILE} VIRTUAL_NETWORK: nginx-proxy VIRTUAL_PORT: 49392 VIRTUAL_HOST: ${BTCPAY_HOST} diff --git a/Production/docker-compose.ltc.yml b/Production/docker-compose.ltc.yml index 0decd8c..8ceb613 100644 --- a/Production/docker-compose.ltc.yml +++ b/Production/docker-compose.ltc.yml @@ -46,7 +46,7 @@ services: - nginx-gen btcpayserver: restart: unless-stopped - image: nicolasdorier/btcpayserver:1.0.2.87 + image: nicolasdorier/btcpayserver:1.0.2.90 expose: - "49392" environment: @@ -55,6 +55,8 @@ services: BTCPAY_BIND: 0.0.0.0:49392 BTCPAY_EXTERNALURL: ${BTCPAY_PROTOCOL:-https}://${BTCPAY_HOST}/ BTCPAY_ROOTPATH: ${BTCPAY_ROOTPATH:-/} + BTCPAY_SSHTRUSTEDFINGERPRINTS: ${BTCPAY_SSHTRUSTEDFINGERPRINTS} + BTCPAY_SSHKEYFILE: ${BTCPAY_SSHKEYFILE} VIRTUAL_NETWORK: nginx-proxy VIRTUAL_PORT: 49392 VIRTUAL_HOST: ${BTCPAY_HOST} diff --git a/btcpay-setup.sh b/btcpay-setup.sh index 7fd2747..06d6a33 100755 --- a/btcpay-setup.sh +++ b/btcpay-setup.sh @@ -147,10 +147,21 @@ fi BTCPAY_ENV_FILE="$BTCPAY_BASE_DIRECTORY/.env" +BTCPAY_SSHKEYFILE="" +BTCPAY_SSHTRUSTEDFINGERPRINTS="" +if [[ -f "$BTCPAY_HOST_SSHKEYFILE" ]]; then + BTCPAY_SSHKEYFILE="/datadir/id_rsa" + for pubkey in /etc/ssh/ssh_host_*.pub; do + fingerprint="$(ssh-keygen -l -f $pubkey | awk '{print $2}')" + BTCPAY_SSHTRUSTEDFINGERPRINTS="$fingerprint;$BTCPAY_SSHTRUSTEDFINGERPRINTS" + done +fi + echo " -------SETUP----------- Parameters passed: BTCPAY_HOST:$BTCPAY_HOST +BTCPAY_HOST_SSHKEYFILE:$BTCPAY_HOST_SSHKEYFILE LETSENCRYPT_EMAIL:$LETSENCRYPT_EMAIL NBITCOIN_NETWORK:$NBITCOIN_NETWORK LIGHTNING_ALIAS:$LIGHTNING_ALIAS @@ -172,6 +183,8 @@ BTCPAY_DOCKER_COMPOSE=$BTCPAY_DOCKER_COMPOSE BTCPAY_BASE_DIRECTORY=$BTCPAY_BASE_DIRECTORY BTCPAY_ENV_FILE=$BTCPAY_ENV_FILE BTCPAYGEN_OLD_PREGEN=$BTCPAYGEN_OLD_PREGEN +BTCPAY_SSHKEYFILE=$BTCPAY_SSHKEYFILE +BTCPAY_SSHTRUSTEDFINGERPRINTS:$BTCPAY_SSHTRUSTEDFINGERPRINTS ---------------------- " @@ -207,12 +220,15 @@ export BTCPAYGEN_REVERSEPROXY=\"$BTCPAYGEN_REVERSEPROXY\" export BTCPAY_DOCKER_COMPOSE=\"$BTCPAY_DOCKER_COMPOSE\" export BTCPAY_BASE_DIRECTORY=\"$BTCPAY_BASE_DIRECTORY\" export BTCPAY_ENV_FILE=\"$BTCPAY_ENV_FILE\" +export BTCPAY_HOST_SSHKEYFILE=\"$BTCPAY_HOST_SSHKEYFILE\" if cat \$BTCPAY_ENV_FILE &> /dev/null; then export BTCPAY_HOST=\"\$(cat \$BTCPAY_ENV_FILE | sed -n 's/^BTCPAY_HOST=\(.*\)$/\1/p')\" export LETSENCRYPT_EMAIL=\"\$(cat \$BTCPAY_ENV_FILE | sed -n 's/^LETSENCRYPT_EMAIL=\(.*\)$/\1/p')\" export NBITCOIN_NETWORK=\"\$(cat \$BTCPAY_ENV_FILE | sed -n 's/^NBITCOIN_NETWORK=\(.*\)$/\1/p')\" export LIGHTNING_ALIAS=\"\$(cat \$BTCPAY_ENV_FILE | sed -n 's/^LIGHTNING_ALIAS=\(.*\)$/\1/p')\" export ACME_CA_URI=\"\$(cat \$BTCPAY_ENV_FILE | sed -n 's/^ACME_CA_URI=\(.*\)$/\1/p')\" +export BTCPAY_SSHKEYFILE=\"\$(cat \$BTCPAY_ENV_FILE | sed -n 's/^BTCPAY_SSHKEYFILE=\(.*\)$/\1/p')\" +export BTCPAY_SSHTRUSTEDFINGERPRINTS=\"\$(cat \$BTCPAY_ENV_FILE | sed -n 's/^BTCPAY_SSHTRUSTEDFINGERPRINTS=\(.*\)$/\1/p')\" fi " > /etc/profile.d/btcpay-env.sh chmod +x /etc/profile.d/btcpay-env.sh @@ -226,7 +242,9 @@ BTCPAY_HOST=$BTCPAY_HOST ACME_CA_URI=$ACME_CA_URI NBITCOIN_NETWORK=$NBITCOIN_NETWORK LETSENCRYPT_EMAIL=$LETSENCRYPT_EMAIL -LIGHTNING_ALIAS=$LIGHTNING_ALIAS" > $BTCPAY_ENV_FILE +LIGHTNING_ALIAS=$LIGHTNING_ALIAS +BTCPAY_SSHTRUSTEDFINGERPRINTS=$BTCPAY_SSHTRUSTEDFINGERPRINTS +BTCPAY_SSHKEYFILE=$BTCPAY_SSHKEYFILE" > $BTCPAY_ENV_FILE echo -e "BTCPay Server docker-compose parameters saved in $BTCPAY_ENV_FILE\n" . /etc/profile.d/btcpay-env.sh @@ -338,6 +356,12 @@ fi docker-compose -f "$BTCPAY_DOCKER_COMPOSE" up -d --remove-orphans +# Give SSH key to BTCPay +if [[ -f "$BTCPAY_HOST_SSHKEYFILE" ]]; then + echo "Copying $BTCPAY_SSHKEYFILE to BTCPayServer container" + docker cp "$BTCPAY_HOST_SSHKEYFILE" $(docker ps --filter "name=_btcpayserver_" -q):$BTCPAY_SSHKEYFILE +fi + cd $ORIGINAL_DIRECTORY for scriptname in *.sh; do diff --git a/docker-compose-generator/docker-fragments/btcpayserver.yml b/docker-compose-generator/docker-fragments/btcpayserver.yml index 3609daf..44bb966 100644 --- a/docker-compose-generator/docker-fragments/btcpayserver.yml +++ b/docker-compose-generator/docker-fragments/btcpayserver.yml @@ -4,7 +4,7 @@ services: btcpayserver: restart: unless-stopped - image: nicolasdorier/btcpayserver:1.0.2.87 + image: nicolasdorier/btcpayserver:1.0.2.90 expose: - "49392" environment: @@ -14,6 +14,8 @@ services: BTCPAY_BIND: 0.0.0.0:49392 BTCPAY_EXTERNALURL: ${BTCPAY_PROTOCOL:-https}://${BTCPAY_HOST}/ BTCPAY_ROOTPATH: ${BTCPAY_ROOTPATH:-/} + BTCPAY_SSHTRUSTEDFINGERPRINTS: ${BTCPAY_SSHTRUSTEDFINGERPRINTS} + BTCPAY_SSHKEYFILE: ${BTCPAY_SSHKEYFILE} # NGINX settings VIRTUAL_NETWORK: nginx-proxy