From d56238bb0139df680bb8ad2d378f65108c37f7ba Mon Sep 17 00:00:00 2001
From: wiz <j@wiz.biz>
Date: Sun, 29 Sep 2019 15:52:11 +0900
Subject: [PATCH] Add custom docker fragment to expose bitcoind P2P on TCP/8333
 (#169)

---
 README.md                                                  | 3 ++-
 .../docker-fragments/opt-expose-unsafe.yml                 | 7 +++++++
 2 files changed, 9 insertions(+), 1 deletion(-)
 create mode 100644 docker-compose-generator/docker-fragments/opt-expose-unsafe.yml

diff --git a/README.md b/README.md
index 7080679..617808a 100644
--- a/README.md
+++ b/README.md
@@ -152,6 +152,7 @@ Available `BTCPAYGEN_ADDITIONAL_FRAGMENTS` currently are:
 * [opt-add-tor](docker-compose-generator/docker-fragments/opt-add-tor.yml), for exposing BTCPayServer, Woocommerce, your lightning nodes as hidden services and accept onion peers for your full node. Warning: This options is for working around NAT and firewall problems as well as to help protect your customer's privacy. This will not protect your privacy against a targeted attack against you.
 * [opt-add-btctransmuter](docker-compose-generator/docker-fragments/opt-add-btctransmuter.yml), for a self-hosted IFTTT style service for crypto services such as fiat settlement.
 * [opt-txindex](docker-compose-generator/docker-fragments/opt-txindex.yml), to enable txindex=1 in bitcoin.conf if you require txindexing for Bisq, DOJO, Esplora, etc.
+* [opt-unsafe-expose](docker-compose-generator/docker-fragments/opt-unsafe-expose.yml), to unsafely expose bitcoind P2P port 8333 if you require P2P for Bisq, DOJO, Esplora, etc. WARNING: ONLY USE ON TRUSTED LAN OR WITH FIREWALL RULES WHITELISTING SPECIFIC HOSTS
 
 You can also create your own [custom fragments](#how-can-i-customize-the-generated-docker-compose-file).
 
@@ -436,4 +437,4 @@ If you need to run on a different port, it's best to terminate SSL using another
 
 Yes. To offload SSL termination, just forward the requests to the port specified by `REVERSEPROXY_HTTP_PORT` and make sure you are setting the header `X-Forwarded-Proto: https` so BTC Pay Server can know the original request was HTTPS. If you forget this extra header, BTCPay Server will work, but it will believe the connection is insecure and display a warning message.
 
-Because you are offloading HTTPS, you won't need the built-in Let's Encrypt anymore and can exclude `nginx-https` by adding it to `BTCPAYGEN_EXCLUDE_FRAGMENTS`.
\ No newline at end of file
+Because you are offloading HTTPS, you won't need the built-in Let's Encrypt anymore and can exclude `nginx-https` by adding it to `BTCPAYGEN_EXCLUDE_FRAGMENTS`.
diff --git a/docker-compose-generator/docker-fragments/opt-expose-unsafe.yml b/docker-compose-generator/docker-fragments/opt-expose-unsafe.yml
new file mode 100644
index 0000000..e8ec3f6
--- /dev/null
+++ b/docker-compose-generator/docker-fragments/opt-expose-unsafe.yml
@@ -0,0 +1,7 @@
+version: "3"
+# unsafely exposes bitcoind P2P port, for use on trusted LAN only
+
+services:
+  bitcoind:
+      ports:
+        - "8333:39388"