Tested on Ubuntu 20.04 minimal install Preparation: Setup a VPS and not down the IP 21.21.21.21 (replace with real IP) Add a subdomain and map it to the VPS IP via an A-Record to 21.21.21.21 Replace btcpay.yourdomain.tld with your actual subdomain. SSH into your VPS and follow the steps: ``` # install nginx + certbot apt install nginx-full certbot python3-certbot-nginx # Delete the default vHost: rm /etc/nginx/sites-enabled/default # Create subdomain vHost nano /etc/nginx/sites-available/btcpay.yourdomain.tld ``` copy+paste and adjust the IP2TOR ip ``` proxy_buffer_size 128k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; client_header_buffer_size 500k; large_client_header_buffers 4 500k; http2_max_field_size 500k; http2_max_header_size 500k; map $http_upgrade $connection_upgrade { default upgrade; '' close; } server { client_max_body_size 100M; server_name btcpay.yourdomain.tld; location / { # Replace with ip2tor port and IP you got from raspiblitz proxy_pass https://X.X.X.X:37160; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; } } ``` ``` ln -s /etc/nginx/sites-available/btcpay.yourdomain.tld /etc/nginx/sites-enabled/ nginx -t systemctl restart nginx # test if the site is reachable, make sure DNS serves already from the correct IP # create letsencrypt cert (reads your nginx config and does everything for you) certbot --nginx -d btcpay.yourdomain.tld # on question "Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access." -> select "2: Redirect" # certbot will update your nginx config and make everything work, nothing else to do # just make sure certbot auto-renewal enabled systemctl status certbot.timer # and make sure renewal works certbot renew --dry-run ```