From e17902880feb869e3520d332c377a39b81e7be36 Mon Sep 17 00:00:00 2001 From: "nicolas.dorier" Date: Sun, 10 Mar 2019 15:45:12 +0900 Subject: [PATCH 1/3] Add tor support --- Generated/.gitignore | 2 +- Generated/torrc.tmpl | 26 ++++ Production/nginx.tmpl | 21 +++- .../docker-fragments/opt-add-tor.yml | 119 ++++++++++++++++++ .../docker-fragments/opt-add-woocommerce.yml | 2 +- 5 files changed, 167 insertions(+), 3 deletions(-) create mode 100644 Generated/torrc.tmpl create mode 100644 docker-compose-generator/docker-fragments/opt-add-tor.yml diff --git a/Generated/.gitignore b/Generated/.gitignore index 2fb9890..77c2d3c 100644 --- a/Generated/.gitignore +++ b/Generated/.gitignore @@ -1,4 +1,4 @@ *.yml -*.tmpl +nginx.tmpl *.toml *.json \ No newline at end of file diff --git a/Generated/torrc.tmpl b/Generated/torrc.tmpl new file mode 100644 index 0000000..80fb004 --- /dev/null +++ b/Generated/torrc.tmpl @@ -0,0 +1,26 @@ +{{ $CurrentContainer := where $ "ID" .Docker.CurrentContainerID | first }} + +{{ range $name, $containers := groupByMulti $ "Env.HIDDENSERVICE_NAME" "," }} +# For the hidden service {{ $name }} +HiddenServiceDir /var/lib/tor/hidden_services/{{ $name }} +{{ range $container := $containers }} + {{ range $knownNetwork := $CurrentContainer.Networks }} + {{ range $containerNetwork := $container.Networks }} + {{ if eq $knownNetwork.Name $containerNetwork.Name }} + {{ $containerOrReverseProxyName := coalesce $container.Env.HIDDENSERVICE_REVERSEPROXY $container.Name }} + + {{ range $reverseProxyContainer := where $ "Name" $containerOrReverseProxyName }} + {{ range $containerNetwork := where $reverseProxyContainer.Networks "Name" $knownNetwork.Name }} + {{ $port := coalesce $container.Env.HIDDENSERVICE_PORT "80" }} + {{ $virtualPort := coalesce $container.Env.HIDDENSERVICE_VIRTUAL_PORT $port }} + {{ if ne $containerNetwork.IP "" }} +# Redirecting to {{ $containerOrReverseProxyName }} +HiddenServicePort {{ $virtualPort }} {{ $containerNetwork.IP }}:{{ $port }} + {{ end }} + {{ end }} + {{ end }} + {{ end }} + {{ end }} + {{ end }} +{{ end }} +{{ end }} \ No newline at end of file diff --git a/Production/nginx.tmpl b/Production/nginx.tmpl index 7b7d88a..e676a9a 100644 --- a/Production/nginx.tmpl +++ b/Production/nginx.tmpl @@ -216,8 +216,27 @@ upstream {{ $upstream_name }} { {{ end }} {{ end }} } + +{{ $hiddenReverseProxy := trim (or (first (groupByKeys $containers "Env.HIDDENSERVICE_REVERSEPROXY")) "") }} +{{ if (eq $hiddenReverseProxy "nginx")}} + {{ $hiddenHostName := trim (or (first (groupByKeys $containers "Env.HIDDENSERVICE_NAME")) "") }} + {{ $onionHost := read (printf "/var/lib/tor/hidden_services/%s/hostname" $hiddenHostName) }} + {{ if ne $onionHost "" }} +server { + server_name {{ trim $onionHost }}; + listen nginx:80 ; + access_log /var/log/nginx/access.log vhost; + location / { + proxy_pass http://{{ trim $upstream_name }}; + } + {{ template "redirects" (dict "HostName" $host_name "Containers" $) }} +} + {{ end }} +{{ end }} + {{ range $host, $containers := groupByMulti $containers "Env.VIRTUAL_HOST" "," }} {{ $host := trim $host }} +{{ if ne $host "" }} {{ $default_host := or ($.Env.DEFAULT_HOST) "" }} {{ $default_server := index (dict $host "" $default_host "default_server") $host }} @@ -424,7 +443,7 @@ server { ssl_certificate_key /etc/nginx/certs/default.key; } {{ end }} - +{{ end }} {{ end }} {{ end }} {{ end }} \ No newline at end of file diff --git a/docker-compose-generator/docker-fragments/opt-add-tor.yml b/docker-compose-generator/docker-fragments/opt-add-tor.yml new file mode 100644 index 0000000..77279a2 --- /dev/null +++ b/docker-compose-generator/docker-fragments/opt-add-tor.yml @@ -0,0 +1,119 @@ +version: "3" + +services: + + btcpayserver: + environment: + HIDDENSERVICE_NAME: BTCPayServer + HIDDENSERVICE_REVERSEPROXY: nginx + BTCPAY_TORRCFILE: /usr/local/etc/tor/torrc-2 + BTCPAY_SOCKSENDPOINT: tor:9050 + volumes: + - "tor_servicesdir:/var/lib/tor/hidden_services" + - "tor_torrcdir:/usr/local/etc/tor/" + + woocommerce: + environment: + HIDDENSERVICE_NAME: WooCommerce + WOOCOMMERCE_HIDDENSERVICE_HOSTNAME_FILE: /var/lib/tor/hidden_services/WooCommerce/hostname + volumes: + - "tor_servicesdir:/var/lib/tor/hidden_services" + + bitcoind: + environment: + BITCOIN_EXTRA_ARGS: | + onion=tor:9050 + volumes: + - "tor_datadir:/home/tor/.tor" + links: + - tor + + nginx: + volumes: + - "tor_servicesdir:/var/lib/tor/hidden_services" + nginx-gen: + volumes: + - "tor_servicesdir:/var/lib/tor/hidden_services" + + tor: + restart: unless-stopped + image: btcpayserver/tor:0.3.5.8 + container_name: tor + environment: + TOR_PASSWORD: btcpayserver + TOR_ADDITIONAL_CONFIG: /usr/local/etc/tor/torrc-2 + TOR_EXTRA_ARGS: | + CookieAuthentication 1 + expose: + - "9050" # SOCKS + - "9051" # Tor Control + volumes: + - "tor_datadir:/home/tor/.tor" + - "tor_torrcdir:/usr/local/etc/tor" + - "tor_servicesdir:/var/lib/tor/hidden_services" + + clightning_bitcoin: + environment: + HIDDENSERVICE_NAME: c-lightning + HIDDENSERVICE_PORT: 9735 + LIGHTNINGD_HIDDENSERVICE_HOSTNAME_FILE: /var/lib/tor/hidden_services/c-lightning/hostname + LIGHTNINGD_OPT: | + proxy=tor:9050 + volumes: + - "tor_servicesdir:/var/lib/tor/hidden_services" + links: + - tor + clightning_litecoin: + environment: + HIDDENSERVICE_NAME: c-lightning-ltc + HIDDENSERVICE_PORT: 9736 + LIGHTNINGD_HIDDENSERVICE_HOSTNAME_FILE: /var/lib/tor/hidden_services/c-lightning-ltc/hostname + LIGHTNINGD_OPT: | + proxy=tor:9050 + volumes: + - "tor_servicesdir:/var/lib/tor/hidden_services" + links: + - tor + + tor-gen: + restart: unless-stopped + image: btcpayserver/docker-gen:0.7.5 + container_name: tor-gen + volumes: + - "/var/run/docker.sock:/tmp/docker.sock:ro" + - "./torrc.tmpl:/etc/docker-gen/templates/torrc.tmpl:ro" + - "tor_torrcdir:/usr/local/etc/tor" + entrypoint: /usr/local/bin/docker-gen -notify-sighup tor -watch -wait 5s:30s /etc/docker-gen/templates/torrc.tmpl /usr/local/etc/tor/torrc-2 + links: + - tor + + lnd_bitcoin: + environment: + HIDDENSERVICE_NAME: lnd + HIDDENSERVICE_PORT: 9735 + LND_HIDDENSERVICE_HOSTNAME_FILE: /var/lib/tor/hidden_services/lnd/hostname + LND_EXTRA_ARGS: | + tor.socks=tor:9050 + links: + - tor + volumes: + - "tor_datadir:/home/tor/.tor" + - "tor_servicesdir:/var/lib/tor/hidden_services" + + lnd_litecoin: + environment: + HIDDENSERVICE_NAME: lnd-ltc + HIDDENSERVICE_PORT: 9736 + LND_HIDDENSERVICE_HOSTNAME_FILE: /var/lib/tor/hidden_services/lnd-ltc/hostname + LND_EXTRA_ARGS: | + tor.socks=tor:9050 + links: + - tor + volumes: + - "tor_datadir:/home/tor/.tor" + - "tor_servicesdir:/var/lib/tor/hidden_services" + +volumes: + tor_datadir: + tor_torrcdir: + tor_servicesdir: diff --git a/docker-compose-generator/docker-fragments/opt-add-woocommerce.yml b/docker-compose-generator/docker-fragments/opt-add-woocommerce.yml index a86b688..0ab4a67 100644 --- a/docker-compose-generator/docker-fragments/opt-add-woocommerce.yml +++ b/docker-compose-generator/docker-fragments/opt-add-woocommerce.yml @@ -2,7 +2,7 @@ version: '3' services: woocommerce: - image: btcpayserver/docker-woocommerce:3.0.5 + image: btcpayserver/docker-woocommerce:3.0.6-2 environment: WOOCOMMERCE_HOST: ${WOOCOMMERCE_HOST} WORDPRESS_DB_HOST: mariadb From bf708ce271bcb580d8fc4e998f69b3b233ee1d79 Mon Sep 17 00:00:00 2001 From: "nicolas.dorier" Date: Mon, 18 Mar 2019 17:52:27 +0900 Subject: [PATCH 2/3] BTCPAY_HOST can be empty --- btcpay-setup.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/btcpay-setup.sh b/btcpay-setup.sh index 264385b..67a6bbc 100755 --- a/btcpay-setup.sh +++ b/btcpay-setup.sh @@ -74,11 +74,11 @@ if [ "$1" != "-i" ]; then return fi -if [ -z "$BTCPAY_HOST" ]; then +if [ -z "$BTCPAYGEN_CRYPTO1" ]; then if [ -f "/etc/profile.d/btcpay-env.sh" ]; then echo "This script must be run as root after running \"sudo su -\"" else - echo "BTCPAY_HOST should not be empty" + echo "BTCPAYGEN_CRYPTO1 should not be empty" fi return fi @@ -129,7 +129,7 @@ if [[ -f "$BTCPAY_HOST_SSHKEYFILE" ]]; then done fi -if [[ "$BTCPAYGEN_REVERSEPROXY" == "nginx" ]]; then +if [[ "$BTCPAYGEN_REVERSEPROXY" == "nginx" ]] && [[ "$BTCPAY_HOST" ]]; then DOMAIN_NAME="$(echo "$BTCPAY_HOST" | grep -P '(?=^.{4,253}$)(^(?:[a-zA-Z0-9](?:(?:[a-zA-Z0-9\-]){0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$)')" if [[ ! "$DOMAIN_NAME" ]]; then echo "BTCPAYGEN_REVERSEPROXY is set to nginx, so BTCPAY_HOST must be a domain name which point to this server (with port 80 and 443 open), but the current value of BTCPAY_HOST ('$BTCPAY_HOST') is not a valid domain name." From 80ca5102e35b8e583cfaec57d9ed7967f90d16d5 Mon Sep 17 00:00:00 2001 From: "nicolas.dorier" Date: Mon, 18 Mar 2019 18:28:28 +0900 Subject: [PATCH 3/3] Make sure no hidden service dir if no hidden port --- Generated/torrc.tmpl | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/Generated/torrc.tmpl b/Generated/torrc.tmpl index 80fb004..b97696a 100644 --- a/Generated/torrc.tmpl +++ b/Generated/torrc.tmpl @@ -1,8 +1,7 @@ {{ $CurrentContainer := where $ "ID" .Docker.CurrentContainerID | first }} {{ range $name, $containers := groupByMulti $ "Env.HIDDENSERVICE_NAME" "," }} -# For the hidden service {{ $name }} -HiddenServiceDir /var/lib/tor/hidden_services/{{ $name }} +{{ $firstServicePort := true }} {{ range $container := $containers }} {{ range $knownNetwork := $CurrentContainer.Networks }} {{ range $containerNetwork := $container.Networks }} @@ -14,6 +13,11 @@ HiddenServiceDir /var/lib/tor/hidden_services/{{ $name }} {{ $port := coalesce $container.Env.HIDDENSERVICE_PORT "80" }} {{ $virtualPort := coalesce $container.Env.HIDDENSERVICE_VIRTUAL_PORT $port }} {{ if ne $containerNetwork.IP "" }} + {{ if $firstServicePort }} +# For the hidden service {{ $name }} +HiddenServiceDir /var/lib/tor/hidden_services/{{ $name }} + {{ $firstServicePort := false }} + {{ end }} # Redirecting to {{ $containerOrReverseProxyName }} HiddenServicePort {{ $virtualPort }} {{ $containerNetwork.IP }}:{{ $port }} {{ end }}