-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
dc080ab
commit db22052
Showing
2 changed files
with
60 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
# Create nginx reverse proxy service | ||
|
||
I created a script to create a reverse proxy service for nginx. The script is | ||
based on https://docs.btcpayserver.org/Deployment/ReverseProxyToTor. The script | ||
assumes a Debian-based system and will use certbot to obtain a certificate and | ||
upgrade HTTP connections to HTTPS. | ||
|
||
# Requirements | ||
|
||
- Debian system | ||
- Domain record configured | ||
- Root access | ||
- HTTP or HTTPS service to be proxied | ||
|
||
# Usage | ||
|
||
1. View the script at https://gist.github.com/sudocarlos/6d0e640f25101b0017e68ebd4c08c147 | ||
and make sure you're comfortable with what it's doing | ||
|
||
1. Download the script | ||
|
||
wget https://gist.github.com/sudocarlos/6d0e640f25101b0017e68ebd4c08c147/raw/287b9ac1c4456ad3cbe3e433d00b2432d9c4397e/create_nginx_service.sh | ||
|
||
1. Make the script executable | ||
|
||
chmod +x create_nginx_service.sh | ||
|
||
1. Run the script as root and specify the domain and address/port to proxy to | ||
|
||
sudo ./create_nginx_service.sh btcpayserver.mydomain.com http://localhost:80 | ||
|
||
__More examples__ | ||
|
||
sudo ./create_nginx_service.sh mymempooldomain.com http://start9:8080 | ||
sudo ./create_nginx_service.sh lnd.mydomain.com https://start9:3001 | ||
|
||
# Notes | ||
|
||
- __All issuance requests are subject to a Duplicate Certificate limit of 5 per week__ | ||
- https://letsencrypt.org/docs/duplicate-certificate-limit/ | ||
- Use `sudo ./create_nginx_service.sh clear DOMAIN` to remove related files from your system. This will remove: | ||
- /etc/nginx/sites-available/DOMAIN.conf | ||
- /etc/nginx/sites-enabled/DOMAIN.conf | ||
- /etc/letsencrypt/live/DOMAIN* | ||
- /etc/letsencrypt/archive/DOMAIN* | ||
- /etc/letsencrypt/renewal/DOMAIN* | ||
- If `nginx` or `certbot` are not installed, they are installed using `apt` | ||
- If `/etc/ssl/certs/dhparam.pem` does not exist, a 4096 bit DH params is generated. This can take a while. | ||
- If `/var/lib/letsencrypt/.well-known` does not exist, it is created and appropriate permissions and groups are applied | ||
- If expected map parameters are missing from `/etc/nginx/conf.d/map.conf`, they are added | ||
- New configs are placed in `/etc/nginx/sites-available/` and enabled in `/etc/nginx/sites-enabled` | ||
|
||
# Resources | ||
|
||
- [https://docs.btcpayserver.org/Deployment/ReverseProxyToTor]() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -7,7 +7,6 @@ that will describe how to install and connect to Tailscale so that you can use t | |
exposed ports from any other device in your tailnet, and how to use that Tailscale | ||
connection to expose services on the Internet using a VPS. | ||
|
||
|
||
1. Create a backup: https://docs.start9.com/0.3.5.x/user-manual/backups/backup-create | ||
1. SSH to your Start9: https://docs.start9.com/0.3.5.x/user-manual/ssh | ||
1. Enable the chroot-and-upgrade context | ||
|
@@ -111,7 +110,7 @@ connection to expose services on the Internet using a VPS. | |
tcp 0 0 0.0.0.0:8081 0.0.0.0:* LISTEN 2795077/socat | ||
|
||
1. Enable the service service to start automatically | ||
1. Enable the socat service to start automatically | ||
|
||
systemctl enable [email protected] | ||
|
||
|
@@ -121,3 +120,7 @@ connection to expose services on the Internet using a VPS. | |
ip route | grep default | awk '{print $9}' | ||
|
||
1. Create more services by repeating the previous steps, starting from 9 | ||
|
||
# Resources | ||
|
||
- https://community.start9.com/t/diy-exposing-electrs-and-bitcoind-over-lan-in-startos-0-3/754 |