Skip to content

Commit

Permalink
Merge pull request mempool#2012 from Emzy/ops/nginx-linux-patch
Browse files Browse the repository at this point in the history 
Installing Linux nginx config in prod install
  • Loading branch information
@wiz
wiz authored Jul 7, 2022
2 parents 8f0f755 + eeb84e5 commit c9f788e
Show file tree
Hide file tree
Showing 3 changed files with 49 additions and 64 deletions.
23 changes: 20 additions & 3 deletions production/install
View file
Original file line number Diff line number Diff line change
Expand Up @@ -197,6 +197,7 @@ case $OS in
TOR_USER=debian-tor
TOR_GROUP=debian-tor
CERTBOT_PKG=python3-certbot-nginx
NGINX_ETC_FOLDER=/etc/nginx
NGINX_CONFIGURATION=/etc/nginx/nginx.conf
;;
esac
Expand Down Expand Up @@ -925,6 +926,8 @@ if [ "${TOR_INSTALL}" = ON ];then
osSudo "${ROOT_USER}" /bin/sh -c "echo HiddenServiceDir ${TOR_RESOURCES}/${MEMPOOL_TOR_HS}/ >> ${TOR_CONFIGURATION}"
osSudo "${ROOT_USER}" /bin/sh -c "echo HiddenServicePort 80 127.0.0.1:81 >> ${TOR_CONFIGURATION}"
osSudo "${ROOT_USER}" /bin/sh -c "echo HiddenServiceVersion 3 >> ${TOR_CONFIGURATION}"
else
osSudo "${ROOT_USER}" sed -i.orig "s!__TOR_RESOURCES__!${TOR_RESOURCES}!" "${TOR_CONFIGURATION}"
fi

case $OS in
Expand All @@ -936,7 +939,7 @@ if [ "${TOR_INSTALL}" = ON ];then

# start tor now so it can bootstrap in time for bitcoin starting a few mins later
echo "[*] Starting Tor service"
osSudo "${ROOT_USER}" service tor start
osSudo "${ROOT_USER}" service tor restart
fi

########################
Expand Down Expand Up @@ -1508,6 +1511,12 @@ _EOF_

##### nginx


echo "[*] Read tor v3 onion hostnames"
NGINX_MEMPOOL_ONION=$(cat "${TOR_RESOURCES}/mempool/hostname")
NGINX_BISQ_ONION=$(cat "${TOR_RESOURCES}/bisq/hostname")
NGINX_LIQUID_ONION=$(cat "${TOR_RESOURCES}/liquid/hostname")

echo "[*] Adding Nginx configuration"
case $OS in

Expand All @@ -1517,8 +1526,16 @@ case $OS in

Debian)
osSudo "${ROOT_USER}" install -c -o "${ROOT_USER}" -g "${ROOT_GROUP}" -m 644 "${MEMPOOL_HOME}/${MEMPOOL_REPO_NAME}/production/nginx/nginx.conf" "${NGINX_CONFIGURATION}"
#echo "[*] Restarting Nginx"
#osSudo "${ROOT_USER}" service nginx restart
mkdir -p /var/cache/nginx/services /var/cache/nginx/api
chown www-data: /var/cache/nginx/services /var/cache/nginx/api
ln -s /mempool/mempool /etc/nginx/mempool
osSudo "${ROOT_USER}" sed -i.orig "s!__NGINX_USER__!www-data!" "${NGINX_CONFIGURATION}"
osSudo "${ROOT_USER}" sed -i.orig "s!__NGINX_ETC_FOLDER__!${NGINX_ETC_FOLDER}!" "${NGINX_CONFIGURATION}"
osSudo "${ROOT_USER}" sed -i.orig "s!__NGINX_MEMPOOL_ONION__!${NGINX_MEMPOOL_ONION%.onion}!" "${NGINX_CONFIGURATION}"
osSudo "${ROOT_USER}" sed -i.orig "s!__NGINX_BISQ_ONION__!${NGINX_BISQ_ONION%.onion}!" "${NGINX_CONFIGURATION}"
osSudo "${ROOT_USER}" sed -i.orig "s!__NGINX_LIQUID_ONION__!${NGINX_LIQUID_ONIONi%.onion}!" "${NGINX_CONFIGURATION}"
echo "[*] Restarting Nginx"
osSudo "${ROOT_USER}" service nginx restart
;;
esac

Expand Down
80 changes: 24 additions & 56 deletions production/nginx/nginx.conf
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
user nobody;
user __NGINX_USER__;
pid /var/run/nginx.pid;

worker_processes auto;
Expand All @@ -10,11 +10,11 @@ events {
}

http {
# DNS servers for on-demand recursive resolver
# DNS servers for on-demand resolution, change if desired
resolver 8.8.8.8;

# include default mime types
include /usr/local/etc/nginx/mime.types;
include __NGINX_ETC_FOLDER__/mime.types;
default_type application/octet-stream;

# HTTP basic configuration
Expand All @@ -32,9 +32,13 @@ http {
# MEMPOOL.NINJA
server {
# clearnet v4/v6
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mempool.ninja;
#listen 443 ssl http2;
#listen [::]:443 ssl http2;
server_name _;

# tor v3
listen 127.0.0.1:81;
set $onion "__NGINX_MEMPOOL_ONION__";

# for services from mempool.space like contributors on about page
set $mempoolSpaceServices "https://mempool.space";
Expand All @@ -52,30 +56,24 @@ http {
set $esploraTestnet "http://esplora-bitcoin-testnet";
set $esploraSignet "http://esplora-bitcoin-signet";

# tor v3
listen 127.0.0.1:81;
set $onion "mempoolhqx4isw62xs7abwphsq7ldayuidyx2v2oethdhhj6mlo2r6ad";

# filesystem paths
root /mempool/public_html/mainnet/;
access_log /var/log/nginx/mempool-access.log;
error_log /var/log/nginx/mempool-error.log;

# ssl configuration
ssl_certificate /usr/local/etc/letsencrypt/live/mempool.ninja/fullchain.pem;
ssl_certificate_key /usr/local/etc/letsencrypt/live/mempool.ninja/privkey.pem;
include /usr/local/etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem;

# site configuration
include mempool/production/nginx/server-mempool.conf;
}
# BISQ.NINJA
server {
# clearnet v4/v6
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name bisq.ninja;
#listen 443 ssl http2;
#listen [::]:443 ssl http2;
server_name _;

# tor v3
listen 127.0.0.1:82;
set $onion "__NGINX_BISQ_ONION__";

# for services from mempool.space like contributors on about page
set $mempoolSpaceServices "https://mempool.space";
Expand All @@ -86,30 +84,24 @@ http {
# for blockstream/esplora daemon, see upstream-esplora.conf
set $esploraMainnet "http://esplora-bitcoin-mainnet";

# tor v3
listen 127.0.0.1:82;
set $onion "bisqmktse2cabavbr2xjq7xw3h6g5ottemo5rolfcwt6aly6tp5fdryd";

# filesystem paths
root /mempool/public_html/bisq/;
access_log /var/log/nginx/bisq-access.log;
error_log /var/log/nginx/bisq-error.log;

# ssl configuration
ssl_certificate /usr/local/etc/letsencrypt/live/bisq.ninja/fullchain.pem;
ssl_certificate_key /usr/local/etc/letsencrypt/live/bisq.ninja/privkey.pem;
include /usr/local/etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem;

# site configuration
include mempool/production/nginx/server-bisq.conf;
}
# LIQUID.PLACE
server {
# clearnet v4/v6
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name liquid.place;
#listen 443 ssl http2;
#listen [::]:443 ssl http2;
server_name _;

# tor v3
listen 127.0.0.1:83;
set $onion "__NGINX_LIQUID_ONION__";

# for services from mempool.space like contributors on about page
set $mempoolSpaceServices "https://mempool.space";
Expand All @@ -122,36 +114,12 @@ http {
set $esploraMainnet "http://esplora-liquid-mainnet";
set $esploraTestnet "http://esplora-liquid-testnet";

# tor v3
listen 127.0.0.1:83;
set $onion "liquidmom47f6s3m53ebfxn47p76a6tlnxib3wp6deux7wuzotdr6cyd";

# filesystem paths
root /mempool/public_html/liquid/;
access_log /var/log/nginx/liquid-access.log;
error_log /var/log/nginx/liquid-error.log;

# ssl configuration
ssl_certificate /usr/local/etc/letsencrypt/live/liquid.place/fullchain.pem;
ssl_certificate_key /usr/local/etc/letsencrypt/live/liquid.place/privkey.pem;
include /usr/local/etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem;

# site configuration
include mempool/production/nginx/server-liquid.conf;
}
# HTTP to HTTPS redirect
server {
# clearnet v4/v6
listen 80;
listen [::]:80;
server_name _;

# only redirect for our hosted domains
if ($host ~ "^(mempool.ninja|bisq.ninja|liquid.place)$")
{
return 301 https://$host$request_uri;
}
return 503;
}
}
10 changes: 5 additions & 5 deletions production/torrc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,21 +3,21 @@ SOCKSPort 9050
ControlPort 9051
Log notice syslog

DataDirectory /var/db/tor
DataDirectory __TOR_RESOURCES__
DataDirectoryGroupReadable 1

CookieAuthentication 1
CookieAuthFile /var/db/tor/control_auth_cookie
CookieAuthFile __TOR_RESOURCES__/control_auth_cookie
CookieAuthFileGroupReadable 1

HiddenServiceDir /var/db/tor/mempool
HiddenServiceDir __TOR_RESOURCES__/mempool
HiddenServicePort 80 127.0.0.1:81
HiddenServiceVersion 3

HiddenServiceDir /var/db/tor/bisq
HiddenServiceDir __TOR_RESOURCES__/bisq
HiddenServicePort 80 127.0.0.1:82
HiddenServiceVersion 3

HiddenServiceDir /var/db/tor/liquid
HiddenServiceDir __TOR_RESOURCES__/liquid
HiddenServicePort 80 127.0.0.1:83
HiddenServiceVersion 3

0 comments on commit c9f788e

Please sign in to comment.