From dd72f22b89b72024fe02d2769bc671a7ee108c4b Mon Sep 17 00:00:00 2001 From: Wouter Samaey Date: Thu, 13 Jun 2019 09:37:13 +0200 Subject: [PATCH] New enviroment variables BTCPAY_HTTP_PORT and BTCPAY_HTTPS_PORT (#142) * New enviroment variables BTCPAY_HTTP_PORT and BTCPAY_HTTPS_PORT * Added new vars to btcpay-setup.sh + added docs * Renamed BTCPAY_HTTP_PORT to REVERSEPROXY_HTTP_PORT and BTCPAY_HTTPS_PORT to REVERSEPROXY_HTTPS_PORT * Update btcpay-setup.sh Added ` ` around REVERSEPROXY_HTTP_PORT * Added REVERSEPROXY_HTTP_PORT ans REVERSEPROXY_HTTPS_PORT to helpers.sh --- README.md | 17 +++++++++++++++++ btcpay-setup.sh | 15 ++++++++++++--- .../docker-fragments/nginx.yml | 4 ++-- .../docker-fragments/traefik.yml | 4 ++-- helpers.sh | 2 ++ 5 files changed, 35 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 1f9630d..1a36183 100644 --- a/README.md +++ b/README.md @@ -116,6 +116,9 @@ You can read [the article](https://medium.com/@BtcpayServer/hosting-btcpay-serve `btcpay-setup.sh` will use the following environment variables: +* `BTCPAY_HOST`: The hostname of your website (eg. `btcpay.example.com`) +* `REVERSEPROXY_HTTP_PORT`: The public port the reverse proxy binds to for HTTP traffic (default: 80) +* `REVERSEPROXY_HTTPS_PORT`: The public port the reverse proxy binds to for HTTPS traffic (default: 443) * `BTCPAY_HOST`: The hostname of your website (eg. `btcpay.example.com`) * `REVERSEPROXY_DEFAULT_HOST`: Optional, if using a reverse proxy nginx, specify which website should be presented if the server is accessed by its IP. * `NBITCOIN_NETWORK`: The type of network to use (eg. `mainnet`, `testnet`, or `regtest`. Default: `mainnet`) @@ -447,3 +450,17 @@ Then set it up: export BTCPAYGEN_ADDITIONAL_FRAGMENTS="opt-save-storage.custom" . ./btcpay-setup.sh -i ``` + +## Can I run BTCPay Server on ports other than 80 and 443? + +You can change the ports for HTTP and HTTPS by setting the environment variables `REVERSEPROXY_HTTP_PORT` and `REVERSEPROXY_HTTPS_PORT`. This is handy when ports 80 and 443 are already in use on your host, or you want to offload SSL termination with an existing web proxy. + +When you set `REVERSEPROXY_HTTP_PORT` to another value than 80, the built-in Let's Encrypt certificate will not work, as Let's Encrypt will try to validate your SSL certificate request by connecting from the internet to your domain on port 80. This validation request should be able to reach BTCPay Server in order to receive the certificate. + +If you need to run on a different port, it's best to terminate SSL using another web proxy and foreard your traffic. + +## Can I offload HTTPS termination? + +Yes. To offload SSL termination, just forward the requests to the port specified by `REVERSEPROXY_HTTP_PORT` and make sure you are setting the header `X-Forwarded-Proto: https` so BTC Pay Server can know the original request was HTTPS. If you forget this extra header, BTCPay Server will work, but it will believe the connection is insecure and display a warning message. + +Because you are offloading HTTPS, you won't need the built-in Let's Encrypt anymore and can exclude `nginx-https` by adding it to `BTCPAYGEN_EXCLUDE_FRAGMENTS`. \ No newline at end of file diff --git a/btcpay-setup.sh b/btcpay-setup.sh index 3a1af8a..b5cef2c 100755 --- a/btcpay-setup.sh +++ b/btcpay-setup.sh @@ -45,11 +45,14 @@ This script will: You can run again this script if you desire to change your configuration. Except BTC and LTC, other crypto currencies are maintained by their own community. Run at your own risk. -Make sure you own a domain with DNS record pointing to your website and that port 80 is accessible before running this script. -This will be used to properly setup HTTPS via let's encrypt. +Make sure you own a domain with DNS record pointing to your website. +If you want HTTPS setup automatically with Let's Encrypt, leave `REVERSEPROXY_HTTP_PORT` at it's default value of 80 and make sure this port is accessible from the internet. +Or, if you want to offload SSL because you have an existing web proxy, change `REVERSEPROXY_HTTP_PORT` to any port you want. You can then forward the traffic. Just don't forget to pass the X-Forwarded-Proto header. Environment variables: BTCPAY_HOST: The hostname of your website (eg. btcpay.example.com) + REVERSEPROXY_HTTP_PORT: The port the reverse proxy binds to for public HTTP requests. Default: 80 + REVERSEPROXY_HTTPS_PORT: The port the reverse proxy binds to for public HTTPS requests. Default: 443 REVERSEPROXY_DEFAULT_HOST: Optional, if using a reverse proxy nginx, specify which website should be presented if the server is accessed by its IP. LETSENCRYPT_EMAIL: A mail will be sent to this address if certificate expires and fail to renew automatically (eg. me@example.com) NBITCOIN_NETWORK: The type of network to use (eg. mainnet, testnet or regtest. Default: mainnet) @@ -110,6 +113,8 @@ fi : "${REVERSEPROXY_DEFAULT_HOST:=none}" : "${ACME_CA_URI:=https://acme-v01.api.letsencrypt.org/directory}" : "${BTCPAY_PROTOCOL:=https}" +: "${REVERSEPROXY_HTTP_PORT:=80}" +: "${REVERSEPROXY_HTTPS_PORT:=443}" OLD_BTCPAY_DOCKER_COMPOSE="$BTCPAY_DOCKER_COMPOSE" ORIGINAL_DIRECTORY="$(pwd)" @@ -142,7 +147,7 @@ fi if [[ "$BTCPAYGEN_REVERSEPROXY" == "nginx" ]] && [[ "$BTCPAY_HOST" ]]; then DOMAIN_NAME="$(echo "$BTCPAY_HOST" | grep -E '^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$')" if [[ ! "$DOMAIN_NAME" ]]; then - echo "BTCPAYGEN_REVERSEPROXY is set to nginx, so BTCPAY_HOST must be a domain name which point to this server (with port 80 and 443 open), but the current value of BTCPAY_HOST ('$BTCPAY_HOST') is not a valid domain name." + echo "BTCPAYGEN_REVERSEPROXY is set to nginx, so BTCPAY_HOST must be a domain name which point to this server, but the current value of BTCPAY_HOST ('$BTCPAY_HOST') is not a valid domain name." return fi BTCPAY_HOST="$DOMAIN_NAME" @@ -159,6 +164,8 @@ echo " Parameters passed: BTCPAY_PROTOCOL:$BTCPAY_PROTOCOL BTCPAY_HOST:$BTCPAY_HOST +REVERSEPROXY_HTTP_PORT:$REVERSEPROXY_HTTP_PORT +REVERSEPROXY_HTTPS_PORT:$REVERSEPROXY_HTTPS_PORT REVERSEPROXY_DEFAULT_HOST:$REVERSEPROXY_DEFAULT_HOST LIBREPATRON_HOST:$LIBREPATRON_HOST WOOCOMMERCE_HOST:$WOOCOMMERCE_HOST @@ -237,7 +244,9 @@ chmod +x /etc/profile.d/btcpay-env.sh echo -e "BTCPay Server environment variables successfully saved in /etc/profile.d/btcpay-env.sh\n" + btcpay_update_docker_env + echo -e "BTCPay Server docker-compose parameters saved in $BTCPAY_ENV_FILE\n" . /etc/profile.d/btcpay-env.sh diff --git a/docker-compose-generator/docker-fragments/nginx.yml b/docker-compose-generator/docker-fragments/nginx.yml index 5c273d6..e24fd87 100644 --- a/docker-compose-generator/docker-fragments/nginx.yml +++ b/docker-compose-generator/docker-fragments/nginx.yml @@ -6,8 +6,8 @@ services: image: nginx:latest container_name: nginx ports: - - "80:80" - - "443:443" + - "${REVERSEPROXY_HTTP_PORT:-80}:80" + - "${REVERSEPROXY_HTTPS_PORT:-443}:443" volumes: - "nginx_conf:/etc/nginx/conf.d" - "nginx_vhost:/etc/nginx/vhost.d" diff --git a/docker-compose-generator/docker-fragments/traefik.yml b/docker-compose-generator/docker-fragments/traefik.yml index a42dadf..18d7daf 100644 --- a/docker-compose-generator/docker-fragments/traefik.yml +++ b/docker-compose-generator/docker-fragments/traefik.yml @@ -6,8 +6,8 @@ services: image: traefik container_name: traefik ports: - - "80:80" - - "443:443" + - "${REVERSEPROXY_HTTP_PORT:-80}:80" + - "${REVERSEPROXY_HTTPS_PORT:-443}:443" volumes: - "/var/run/docker.sock:/var/run/docker.sock" - "./traefik.toml:/traefik.toml" diff --git a/helpers.sh b/helpers.sh index 80f3c22..7d2eb3b 100755 --- a/helpers.sh +++ b/helpers.sh @@ -71,6 +71,8 @@ echo " BTCPAY_PROTOCOL=$BTCPAY_PROTOCOL BTCPAY_HOST=$BTCPAY_HOST BTCPAY_ANNOUNCEABLE_HOST=$BTCPAY_ANNOUNCEABLE_HOST +REVERSEPROXY_HTTP_PORT=$REVERSEPROXY_HTTP_PORT +REVERSEPROXY_HTTPS_PORT=$REVERSEPROXY_HTTPS_PORT REVERSEPROXY_DEFAULT_HOST=$REVERSEPROXY_DEFAULT_HOST BTCPAY_IMAGE=$BTCPAY_IMAGE ACME_CA_URI=$ACME_CA_URI