private/apostol-dm
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Docker fix

Browse Source
This commit is contained in:
status404
2023-08-22 16:54:53 +03:00
parent cd9bcb8c13
commit 721762f5bb
5 changed files with 208 additions and 190 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docker/Dockerfile
View File

@@ -19,17 +19,13 @@ ARG DEBIAN_FRONTEND="noninteractive" \
DEBCONF_NOWARNINGS="yes"
RUN apt-get update -y ; \
apt-get upgrade -y ; \
apt-get -y install --no-install-recommends locales jq moreutils; \
apt-get -y install --no-install-recommends locales tzdata jq moreutils; \
apt-get -y install --no-install-recommends gpg gpg-agent ; \
apt-get -y install --no-install-recommends nginx ; \
apt-get -y install --no-install-recommends openssl ca-certificates ; \
apt-get clean ; \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
## Generate UTF-8 locales
RUN sed -i '/\.UTF-8/s/^# //g' /etc/locale.gen; \
locale-gen
## Add the Module user
ARG UNAME
ARG UHOME
@@ -110,7 +106,7 @@ COPY --from=development /usr/sbin/dm /usr/sbin/dm
COPY --from=development /etc/init.d/dm /etc/init.d/dm
COPY --from=development --chown=www-data:www-data $UHOME/web-build/build /var/www/web
COPY --from=development --chown=$UNAME:$UNAME $UHOME/apostol-dm/docker/bitdeals-testnet.asc /etc/dm/bitdeals-testnet.asc
#COPY --from=development --chown=$UNAME:$UNAME $UHOME/apostol-dm/docker/bitdeals.asc /etc/dm/bitdeals.asc
COPY --from=development --chown=$UNAME:$UNAME $UHOME/apostol-dm/docker/bitdeals.asc /etc/dm/bitdeals.asc
COPY --from=development $UHOME/apostol-dm/docker/entrypoint.sh /entrypoint.sh
COPY nginx.conf /etc/nginx/sites-enabled/default

2
docker/README.md
View File

@@ -33,7 +33,7 @@ services:
- |
DM_PGP_SEC=
-----BEGIN PGP PRIVATE KEY BLOCK-----
<key>
<key>
-----END PGP PRIVATE KEY BLOCK-----
volumes:

0
docker/bitdeals.asc Normal file
View File

366
docker/entrypoint.sh
View File

@@ -3,7 +3,7 @@
##
## BitDeals Module configuration helper script for Docker Container.
## It writes an Environment variables to the daemon config files.
## And can generate a Bitcoing and PGP key filies at first start.
## And can generate a Bitcoin and PGP key filies at first start.
##
## Web app requires the dmHost address should be accessable from your browser
@@ -14,7 +14,7 @@ DM_TESTNET=${DM_TESTNET:-0}
## Daemon config files
CONF_FILES=$(find /etc/dm/ -type f -name "*.conf" -not -name "default.conf")
BITDEALS_PGP_FILE="/etc/dm/bitdeals.asc"
BITDEALS_TEST_PGP_FILE="/etc/dm/bitdeals-testnet.asc"
BITDEALS_TESTNET_PGP_FILE="/etc/dm/bitdeals-testnet.asc"
PGP_SEC_FILE="$UHOME/pgp-key.sec"
BX_CONF_FILE="/usr/local/etc/libbitcoin/bx.cfg"
WEB_CONF_FILE="/var/www/web/config.js"
@@ -25,179 +25,217 @@ WEB_KEY="$UHOME/ssl-privkey.pem"
WEB_DH="/etc/ssl/dhparam.pem"
BITCOIN_KEYS_BACKUP="$UHOME/bitcoin.backup_and_remove"
#variable for tput color output
## Variable for tput color output
export TERM=xterm
## Write a default variables to dm config
sed -i -e "/\[main\]/,/\[/ s/.*user=.*/user=$UNAME/" \
-e "/\[main\]/,/\[/ s/.*group=.*/group=$UNAME/" \
-e "/\[daemon\]/,/\[/ s/.*daemon=.*/daemon=false/" \
-e "/\[server\]/,/\[/ s/.*listen=.*/listen=0.0.0.0/" \
-e "/\[server\]/,/\[/ s/.*port=.*/port=4999/" $CONF_FILES
set_locale()
{
## Setup locale
if [ "$DM_LC_ALL" ]; then
export LC_ALL="$DM_LC_ALL"
update-locale
fi
## Setup Timezone
if [ "$DM_TZ" ]; then
echo $DM_TZ > /etc/timezone
ln -snf /usr/share/zoneinfo/$TZ /etc/localtime
dpkg-reconfigure -f noninteractive tzdata
fi
}
## Change dm Website config
sed -i "s|dmHost:.*|dmHost: \"$DM_FORWEB\",|" $WEB_CONF_FILE
init_config()
{
## Write a default variables to dm config
sed -i -e "/\[main\]/,/\[/ s/^user\s*=.*/user=$UNAME/" \
-e "/\[main\]/,/\[/ s/^group\s*=.*/group=$UNAME/" \
-e "/\[main\]/,/\[/ s/^workers\s*=.*/workers=$(nproc)/" \
-e "/\[module\/WebSocket\]/,/\[/ s/^enable\s*=.*/enable=true/" \
-e "/\[daemon\]/,/\[/ s/^daemon\s*=.*/daemon=false/" \
-e "/\[server\]/,/\[/ s/^listen\s*=.*/listen=0.0.0.0/" \
-e "/\[server\]/,/\[/ s/^port\s*=.*/port=4999/" $CONF_FILES
## Change dm Website config
sed -i "s|dmHost:.*|dmHost: \"$DM_FORWEB\",|" $WEB_CONF_FILE
if [ "$DM_WEBAUTH" = 1 -o "$DM_WEBAUTH" = true ]; then
sed -i 's/confAuthorize:.*/confAuthorize: true,/' $WEB_CONF_FILE
else
sed -i 's/confAuthorize:.*/confAuthorize: false,/' $WEB_CONF_FILE
fi
if [ "$DM_WEBAUTH" = 1 -o "$DM_WEBAUTH" = true ]; then
sed -i 's/confAuthorize:.*/confAuthorize: true,/' $WEB_CONF_FILE
else
sed -i 's/confAuthorize:.*/confAuthorize: false,/' $WEB_CONF_FILE
fi
if [ "$DM_LC_ALL" = "ru_RU.UTF-8" ]; then
sed -i 's/defaultLanguage:.*/defaultLanguage: "ru",/' $WEB_CONF_FILE
else
sed -i 's/defaultLanguage:.*/defaultLanguage: "en",/' $WEB_CONF_FILE
fi
if [ "$DM_LC_ALL" = "ru_RU.UTF-8" ]; then
sed -i 's/defaultLanguage:.*/defaultLanguage: "ru",/' $WEB_CONF_FILE
else
sed -i 's/defaultLanguage:.*/defaultLanguage: "en",/' $WEB_CONF_FILE
fi
## Add DM_FORWEB to dm oauth config
cat $WEB_CONF_OAUTH | \
jq --arg host "$(basename $DM_FORWEB)" '.web.redirect_uris=[
"http://"+$host+"/oauth2/code","http://"+$host+"/oauth2/callback",
"https://"+$host+"/oauth2/code","https://"+$host+"/oauth2/callback"]' | \
sponge $WEB_CONF_OAUTH
cat $WEB_CONF_SITES | \
jq --arg host "$(basename $DM_FORWEB)" '.hosts = [$host]' | \
sponge $WEB_CONF_SITES
## Write the PGP keys locations to dm config
sed -i "/\[pgp\]/,/\[/ s%^private\s*=.*%private=$PGP_SEC_FILE%" $CONF_FILES
if [ "$DM_TESTNET" = 1 -o "$DM_TESTNET" = true ]; then
sed -i "/\[pgp\]/,/\[/ s%^public\s*=.*%public=$BITDEALS_TESTNET_PGP_FILE%" $CONF_FILES
else
sed -i "/\[pgp\]/,/\[/ s%^public\s*=.*%public=$BITDEALS_PGP_FILE%" $CONF_FILES
fi
## Write a user variables to the daemon config files.
if [ "$DM_BITCOIN" ]; then
sed -i "/\[module\]/,/\[/ s/^address\s*=.*/address=$DM_BITCOIN/" $CONF_FILES
fi
if [ "$DM_FEE" ]; then
sed -i "/\[module\]/,/\[/ s/^#\?fee\s*=.*/fee=$DM_FEE/" $CONF_FILES
fi
if [ "$DM_PGP_PASSWORD" ] ; then
## Escaping the '/' in password line for use it in `sed`
DM_PGP_PASSWORD="$(echo $DM_PGP_PASSWORD | sed 's/\//\\\//g')"
sed -i "/\[pgp\]/,/\[/ s/^passphrase\s*=.*/passphrase=$DM_PGP_PASSWORD/" $CONF_FILES
fi
if [ "$DM_TESTNET" = 1 -o "$DM_TESTNET" = true ]; then
sed -i "/\[main\]/,/\[/ s/^testnet\s*=.*/testnet=true/" $CONF_FILES
else
sed -i "/\[main\]/,/\[/ s/^testnet\s*=.*/testnet=false/" $CONF_FILES
fi
## Write PGP key variables to files
if [ "$DM_BITDEALS_PGP" ]; then
echo "$BITDEALS_PGP" > "$BITDEALS_PGP_FILE"
fi
if [ "$DM_BITDEALS_TESTNET_PGP" ]; then
echo "$BITDEALS_TESTNET_PGP" > "$BITDEALS_TESTNET_PGP_FILE"
fi
if [ "$DM_PGP_SEC" ]; then
echo "$DM_PGP_SEC" > "$PGP_SEC_FILE"
fi
[ "$DM_LC_ALL" ] && \
export LC_ALL="$DM_LC_ALL"
## Setup testnet settings in libbitcoin-explorer config for new user bitcoin address generation
[ "$DM_TESTNET" = 1 -o "$DM_TESTNET" = true ] && \
sed -i -e "/\[wallet\]/,/\[/ s/wif_version? \s*=.*/wif_version = 239/" \
-e "/\[wallet\]/,/\[/ s/hd_public_version \s*=.*/hd_public_version = 70617039/" \
-e "/\[wallet\]/,/\[/ s/hd_secret_version \s*=.*/hd_secret_version = 70615956/" \
-e "/\[wallet\]/,/\[/ s/pay_to_public_key_hash_version \s*=.*/pay_to_public_key_hash_version = 111/" \
-e "/\[wallet\]/,/\[/ s/pay_to_script_hash_version \s*=.*/pay_to_script_hash_version = 196/" \
-e "/\[network\]/,/\[/ s/identifier \s*=.*/identifier = 118034699/" \
-e "/seed = mainnet[0-9].libbitcoin.net:8333/ s/^/#/" \
-e "/url = tcp:\/\/mainnet.libbitcoin.net:9091/ s/^/#/" \
-e "/block_url = tcp:\/\/mainnet.libbitcoin.net:9093/ s/^/#/" \
-e "/transaction_url = tcp:\/\/mainnet.libbitcoin.net:9094/ s/^/#/" \
-e "/#seed = testnet[0-9].libbitcoin.net:18333/ s/^#//" \
-e "/#url = tcp:\/\/testnet.libbitcoin.net:19091/ s/^#//" \
-e "/#block_url = tcp:\/\/testnet.libbitcoin.net:19093/ s/^#//" \
-e "/#transaction_url = tcp:\/\/testnet.libbitcoin.net:19094/ s/^#//" "$BX_CONF_FILE"
}
## Add DM_FORWEB to dm oauth config
cat $WEB_CONF_OAUTH | \
jq --arg host "$DM_FORWEB" '.web | .redirect_uris=[$host+"/oauth2/code",$host+"/oauth2/callback"]' | \
sponge $WEB_CONF_OAUTH
cat $WEB_CONF_SITES | \
jq --arg host "$(basename $DM_FORWEB)" '.hosts = [$host]' | \
sponge $WEB_CONF_SITES
## Write the PGP keys locations to dm config
sed -i "/\[pgp\]/,/\[/ s%^private=.*%private=$PGP_SEC_FILE%" $CONF_FILES
if [ "$DM_TESTNET" = 1 -o "$DM_TESTNET" = true ]; then
sed -i "/\[pgp\]/,/\[/ s%^public=.*%public=$BITDEALS_TEST_PGP_FILE%" $CONF_FILES
else
sed -i "/\[pgp\]/,/\[/ s%^public=.*%public=$BITDEALS_PGP_FILE%" $CONF_FILES
fi
## Write a user variables to the daemon config files.
if [ "$DM_BITCOIN" ]; then
sed -i "/\[module\]/,/\[/ s/^address=.*/address=$DM_BITCOIN/" $CONF_FILES
fi
if [ "$DM_FEE" ]; then
sed -i "/\[module\]/,/\[/ s/^#\?fee=.*/fee=$DM_FEE/" $CONF_FILES
fi
if [ "$DM_PGP_PASSWORD" ] ; then
#escaping the '/' in password line for use it in `sed`
DM_PGP_PASSWORD="$(echo $DM_PGP_PASSWORD | sed 's/\//\\\//g')"
sed -i "/\[pgp\]/,/\[/ s/^passphrase=.*/passphrase=$DM_PGP_PASSWORD/" $CONF_FILES
fi
if [ "$DM_TESTNET" = 1 -o "$DM_TESTNET" = true ]; then
sed -i "/\[main\]/,/\[/ s/.*testnet=.*/testnet=true/" $CONF_FILES
else
sed -i "/\[main\]/,/\[/ s/.*testnet=.*/testnet=false/" $CONF_FILES
fi
## Write PGP key variables to files
if [ "$DM_BITDEALS_PGP" ]; then
echo "$BITDEALS_PGP" > "$BITDEALS_PGP_FILE"
fi
if [ "$DM_BITDEALS_TEST_PGP" ]; then
echo "$BITDEALS_TEST_PGP" > "$BITDEALS_TEST_PGP_FILE"
fi
if [ "$DM_PGP_SEC" ]; then
echo "$DM_PGP_SEC" > "$PGP_SEC_FILE"
fi
## Create user PGP key if the file is empty
if [ ! -f "$PGP_SEC_FILE" ]
then
[ "$DM_ACCOUNT_URL" ] || \
{ echo -en "\nGenerating new PGP key...\nPlease enter your site URL like https://example.com : " ; \
read DM_ACCOUNT_URL ;}
#GNUPGHOME="$(mktemp -d)" ;# works for gpg2
gpg --faked-system-time $(TZ=UTC date --date=$(date +'%Y-%m-%d') +%s) \
--pinentry-mode loopback --passphrase "$DM_PGP_PASSWORD" \
--openpgp --batch --gen-key 2>/dev/null <<-EOF
Key-Type: RSA
Key-Usage: cert,sign
Key-Length: 1024
Subkey-Type: RSA
Subkey-Usage: encr
Subkey-Length: 1024
Name-Real: Account_URL
Name-Comment: ${DM_ACCOUNT_URL:-https://example-$RANDOM$RANDOM.com}
Expire-Date: 0
generate_pgp_key()
{
## Create user PGP key if the file is empty
if [ ! -f "$PGP_SEC_FILE" ]
then
[ "$DM_ACCOUNT_URL" ] || \
{ echo -en "\nGenerating new PGP key...\nPlease enter your site URL like https://example.com : " ; \
read DM_ACCOUNT_URL ;}
#GNUPGHOME="$(mktemp -d)" ; ## Works for gpg2
gpg --faked-system-time $(TZ=UTC date --date=$(date +'%Y-%m-%d') +%s) \
--pinentry-mode loopback --passphrase "$DM_PGP_PASSWORD" \
--openpgp --batch --gen-key 2>/dev/null <<-EOF
Key-Type: RSA
Key-Usage: cert,sign
Key-Length: 1024
Subkey-Type: RSA
Subkey-Usage: encr
Subkey-Length: 1024
Name-Real: Account_URL
Name-Comment: ${DM_ACCOUNT_URL:-https://example-$RANDOM$RANDOM.com}
Expire-Date: 0
EOF
tput setaf 2
cat <<-EOF
$(gpg -k --keyid-format long 2>/dev/null | tail -n5)
$(gpg --armor --export-secret-keys --passphrase "$DM_PGP_PASSWORD" | tee "$PGP_SEC_FILE")
tput setaf 2
cat <<-EOF
$(gpg -k --keyid-format long 2>/dev/null | tail -n5)
$(gpg --armor --export-secret-keys --passphrase "$DM_PGP_PASSWORD" | tee "$PGP_SEC_FILE")
EOF
tput sgr0
gpgconf --kill all
else
echo -e "NOTE: Your PGP key location: $PGP_SEC_FILE"
fi
## Change PGP keyfile owner
if [ -f "$PGP_SEC_FILE" ]; then
chown $UNAME:$UNAME "$PGP_SEC_FILE"
chmod 600 "$PGP_SEC_FILE"
fi
## Setup testnet settings in libbitcoin-explorer config for new user bitcoin address generation
[ "$DM_TESTNET" = 1 -o "$DM_TESTNET" = true ] && \
sed -i -e "/\[wallet\]/,/\[/ s/wif_version? =.*/wif_version = 239/" \
-e "/\[wallet\]/,/\[/ s/hd_public_version =.*/hd_public_version = 70617039/" \
-e "/\[wallet\]/,/\[/ s/hd_secret_version =.*/hd_secret_version = 70615956/" \
-e "/\[wallet\]/,/\[/ s/pay_to_public_key_hash_version =.*/pay_to_public_key_hash_version = 111/" \
-e "/\[wallet\]/,/\[/ s/pay_to_script_hash_version =.*/pay_to_script_hash_version = 196/" \
-e "/\[network\]/,/\[/ s/identifier =.*/identifier = 118034699/" \
-e "/seed = mainnet[0-9].libbitcoin.net:8333/ s/^/#/" \
-e "/url = tcp:\/\/mainnet.libbitcoin.net:9091/ s/^/#/" \
-e "/block_url = tcp:\/\/mainnet.libbitcoin.net:9093/ s/^/#/" \
-e "/transaction_url = tcp:\/\/mainnet.libbitcoin.net:9094/ s/^/#/" \
-e "/#seed = testnet[0-9].libbitcoin.net:18333/ s/^#//" \
-e "/#url = tcp:\/\/testnet.libbitcoin.net:19091/ s/^#//" \
-e "/#block_url = tcp:\/\/testnet.libbitcoin.net:19093/ s/^#//" \
-e "/#transaction_url = tcp:\/\/testnet.libbitcoin.net:19094/ s/^#//" "$BX_CONF_FILE"
## Create new Bitcoin keys. If user address (_DM_BITCOIN var) is empty.
_DM_BITCOIN="$(sed -n '/^[ \t]*\[module\]/,/\[/s/^[ \t]*address[ \t]*=[ \t]*//p' $CONF_FILES)"
B=$(tput bold ; tput setaf 1)
N=$(tput sgr0)
if [ -z "$_DM_BITCOIN" ]
then
## Generate bitcoin keys
PRIVKEY="$(cat /dev/random | tr -cd "[:digit:]" | head -c 64)"
PUBKEY="$(bx ec-to-public $PRIVKEY)"
BITCOIN="$(bx ec-to-address $PUBKEY)"
PRIVKEYWIF="$(bx ec-to-wif $PRIVKEY)"
## Write the bitcoin address to the daemon config
sed -i "/\[module\]/,/\[/ s/^address=.*/address=$BITCOIN/" $CONF_FILES
## Show bitcoin key
tee -a $BITCOIN_KEYS_BACKUP <<-EOF
${B}Please backup this BITCOIN KEY:${N}
Private key (WIF form): $PRIVKEYWIF
Public key: $PUBKEY
Bitcoin address: $BITCOIN
tput sgr0
gpgconf --kill all
else
echo -e "NOTE: Your PGP key location: $PGP_SEC_FILE"
fi
## Change PGP keyfile owner
if [ -f "$PGP_SEC_FILE" ]; then
chown $UNAME:$UNAME "$PGP_SEC_FILE"
chmod 600 "$PGP_SEC_FILE"
fi
}
generate_btc_key()
{
## Create new Bitcoin keys. If user address (_DM_BITCOIN var) is empty.
_DM_BITCOIN="$(sed -n '/^[ \t]*\[module\]/,/\[/s/^[ \t]*address[ \t]*=[ \t]*//p' $CONF_FILES)"
B=$(tput bold ; tput setaf 1)
N=$(tput sgr0)
if [ -z "$_DM_BITCOIN" ]
then
## Generate bitcoin keys
PRIVKEY="$(cat /dev/random | tr -cd "[:digit:]" | head -c 64)"
PUBKEY="$(bx ec-to-public $PRIVKEY)"
BITCOIN="$(bx ec-to-address $PUBKEY)"
PRIVKEYWIF="$(bx ec-to-wif $PRIVKEY)"
## Write the bitcoin address to the daemon config
sed -i "/\[module\]/,/\[/ s/^address\s*=.*/address=$BITCOIN/" $CONF_FILES
## Show bitcoin key
tee -a $BITCOIN_KEYS_BACKUP <<-EOF
${B}Please backup this BITCOIN KEY:${N}
Private key (WIF form): $PRIVKEYWIF
Public key: $PUBKEY
Bitcoin address: $BITCOIN
EOF
chmod 600 $BITCOIN_KEYS_BACKUP
else
test -f $BITCOIN_KEYS_BACKUP \
&& echo -e "NOTE: Your Bitcoin key saved to $(dirname $BITCOIN_KEYS_BACKUP)/${B}$(basename $BITCOIN_KEYS_BACKUP)${N}"\
|| echo -e "NOTE: Your Bitcoin address: $_DM_BITCOIN"
fi
chmod 600 $BITCOIN_KEYS_BACKUP
else
test -f $BITCOIN_KEYS_BACKUP \
&& echo -e "NOTE: Your Bitcoin key saved to $(dirname $BITCOIN_KEYS_BACKUP)/${B}$(basename $BITCOIN_KEYS_BACKUP)${N}"\
|| echo -e "NOTE: Your Bitcoin address: $_DM_BITCOIN"
fi
}
generate_ssl_key()
{
## Generate self-signed certificate
if ! [ -f $WEB_KEY -a -f $WEB_CERT ]; then
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -batch \
-keyout $WEB_KEY \
-out $WEB_CERT
fi
if ! [ -f $WEB_DH ]; then
echo "Generating DH parameters, 1024 bit long safe prime"
openssl dhparam -out $WEB_DH 1024 2>/dev/null
fi
}
set_locale
init_config
generate_pgp_key
generate_btc_key
generate_ssl_key
## Generate self-signed certificate
if ! [ -f $WEB_KEY -a -f $WEB_CERT ]; then
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -batch \
-keyout $WEB_KEY \
-out $WEB_CERT
fi
if ! [ -f $WEB_DH ]; then
echo "Generating DH parameters, 1024 bit long safe prime"
openssl dhparam -out $WEB_DH 1024 2>/dev/null
fi
## Run the daemon
/etc/init.d/nginx start

22
docker/nginx.conf
View File

@@ -2,27 +2,11 @@ server {
listen 80 default_server;
listen [::]:80 default_server;
index index.html;
server_name _;
rewrite ^/$ /dm/ permanent;
location / {
root /var/www/web;
index index.html;
try_files $uri $uri/ /index.html;
return 301 https://$host$request_uri;
}
location ^~ /api/ {
proxy_pass http://127.0.0.1:4999;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header Connection "close";
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
@@ -51,8 +35,8 @@ server {
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
ssl_certificate /home/dm/fullchain.pem;
ssl_certificate_key /home/dm/privkey.pem;
ssl_certificate /home/dm/ssl-fullchain.pem;
ssl_certificate_key /home/dm/ssl-privkey.pem;
ssl_dhparam /etc/ssl/dhparam.pem;
}