Last active
December 13, 2021 07:53
-
-
Save ndeet/eb8e676d050db56124fa86a3df1a9b33 to your computer and use it in GitHub Desktop.
Revisions
-
ndeet revised this gist
Dec 13, 2021 . 1 changed file with 3 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -19,7 +19,7 @@ rm /etc/nginx/sites-enabled/default # Create subdomain vHost nano /etc/nginx/sites-available/btcpay.yourdomain.tld ``` copy+paste and adjust the IP2TOR ip ``` proxy_buffer_size 128k; proxy_buffers 4 256k; @@ -60,10 +60,10 @@ nginx -t systemctl restart nginx # test if the site is reachable, make sure DNS serves already from the correct IP # create letsencrypt cert (reads your nginx config and does everything for you) certbot --nginx -d btcpay.yourdomain.tld # on question "Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access." -
Dec 13, 2021 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,79 @@ Tested on Ubuntu 20.04 minimal install Preparation: Setup a VPS and not down the IP 21.21.21.21 (replace with real IP) Add a subdomain and map it to the VPS IP via an A-Record to 21.21.21.21 Replace btcpay.yourdomain.tld with your actual subdomain. SSH into your VPS and follow the steps: ``` # install nginx + certbot apt install nginx-full certbot python3-certbot-nginx # Delete the default vHost: rm /etc/nginx/sites-enabled/default # Create subdomain vHost nano /etc/nginx/sites-available/btcpay.yourdomain.tld ``` ``` proxy_buffer_size 128k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; client_header_buffer_size 500k; large_client_header_buffers 4 500k; http2_max_field_size 500k; http2_max_header_size 500k; map $http_upgrade $connection_upgrade { default upgrade; '' close; } server { client_max_body_size 100M; server_name btcpay.yourdomain.tld; location / { # Replace with ip2tor port and IP you got from raspiblitz proxy_pass https://X.X.X.X:37160; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; } } ``` ``` ln -s /etc/nginx/sites-available/btcpay.yourdomain.tld /etc/nginx/sites-enabled/ nginx -t systemctl restart nginx # testen ob seite aufrufbar # letsencrypt zertifikat erstellen (liest automatisch nginx und erstellt ssl) certbot --nginx -d btcpay.yourdomain.tld # on question "Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access." -> select "2: Redirect" # certbot will update your nginx config and make everything work, nothing else to do # just make sure certbot auto-renewal enabled systemctl status certbot.timer # and make sure renewal works certbot renew --dry-run ```