diff --git a/docker-compose.yml b/docker-compose.yml index 709f56b..d88319d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,9 @@ services: bitdeals-module: image: bitdeals/apostol-dm environment: - - DM_TESTNET=0 + - DM_FORWEB=https://127.0.0.1 + - DM_WEBAUTH=0 + - DM_TESTNET=1 - DM_BITCOIN= - DM_FEE=0.1% - | @@ -13,10 +15,11 @@ services: -----END PGP PRIVATE KEY BLOCK----- volumes: - - dm:/etc/dm + - dm:/home/dm ports: - - 4999:4999 - - 80:80 + - 127.0.0.1:4999:4999 + - 127.0.0.1:80:80 + - 127.0.0.1:443:443 volumes: dm: diff --git a/docker/Dockerfile b/docker/Dockerfile index ef6c1df..37b7385 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,9 +1,9 @@ -# syntax=docker/dockerfile:3 +## syntax=docker/dockerfile:3 ## BitDeals Module Dockerfile ## the Module user -ARG UNAME="module" +ARG UNAME="dm" ARG UHOME="/home/$UNAME" ## Base image @@ -12,15 +12,17 @@ FROM debian:bullseye AS updated-debian SHELL ["/bin/bash", "-exo", "pipefail", "-c"] LABEL name="BitDeals Module" -EXPOSE 4999/tcp 80/tcp +EXPOSE 4999/tcp 80/tcp 443/tcp ## Debian update; install dependencies -ARG DEBIAN_FRONTEND=noninteractive +ARG DEBIAN_FRONTEND="noninteractive" \ + DEBCONF_NOWARNINGS="yes" RUN apt-get update -y ; \ apt-get upgrade -y ; \ - apt-get -y install --no-install-recommends locales ; \ + apt-get -y install --no-install-recommends locales jq moreutils; \ apt-get -y install --no-install-recommends gpg gpg-agent ; \ apt-get -y install --no-install-recommends nginx ; \ + apt-get -y install --no-install-recommends openssl ca-certificates ; \ apt-get clean ; \ rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* @@ -36,7 +38,8 @@ RUN useradd --create-home --home-dir $UHOME $UNAME FROM updated-debian AS development ## Debian update; install dependencies for: C++ compiler; OpenPGP; Libbitcoin -ARG DEBIAN_FRONTEND=noninteractive +ARG DEBIAN_FRONTEND="noninteractive" \ + DEBCONF_NOWARNINGS="yes" RUN apt-get -y update RUN apt-get -y install --no-install-recommends build-essential libssl-dev libcurl4-openssl-dev make cmake gcc g++ git RUN apt-get -y install --no-install-recommends libgmp-dev libbz2-dev libzip-dev @@ -71,9 +74,10 @@ RUN su -l --shell /bin/bash $UNAME -c 'wget https://raw.githubusercontent.com/li cd $UHOME ; \ sed -i '/git clone / s/git.*$/while true; do & \&\& break; done/' install.sh ; \ sed -i '/$WGET / s/$WGET.*$/while true; do & \&\& break; done/' install.sh ; \ - ./install.sh --build-boost --build-zmq --disable-shared + ./install.sh --verbose --build-boost --build-zmq --disable-shared ## Install BitDeals module (apostol-dm) +#cmake -DCMAKE_BUILD_TYPE=Debug . -B cmake-build-debug' ; \ RUN su -l --shell /bin/bash $UNAME -c 'cd '$UHOME' ; \ git clone https://git.bitdeals.org/private/apostol-dm.git ; \ cd apostol-dm ; \ @@ -97,16 +101,15 @@ FROM updated-debian ARG UNAME ARG UHOME - ENV UNAME=$UNAME -ENV LC_ALL=ru_RU.UTF-8 +ENV UHOME=$UHOME COPY --from=development /usr/local/ /usr/local/ COPY --from=development /etc/dm/ /etc/dm/ COPY --from=development /usr/sbin/dm /usr/sbin/dm COPY --from=development /etc/init.d/dm /etc/init.d/dm COPY --from=development --chown=www-data:www-data $UHOME/web-build/build /var/www/web -COPY --from=development --chown=$UNAME:$UNAME $UHOME/apostol-dm/docker/bitdeals-test.asc /etc/dm/bitdeals-test.asc +COPY --from=development --chown=$UNAME:$UNAME $UHOME/apostol-dm/docker/bitdeals-testnet.asc /etc/dm/bitdeals-testnet.asc #COPY --from=development --chown=$UNAME:$UNAME $UHOME/apostol-dm/docker/bitdeals.asc /etc/dm/bitdeals.asc COPY --from=development $UHOME/apostol-dm/docker/entrypoint.sh /entrypoint.sh COPY nginx.conf /etc/nginx/sites-enabled/default diff --git a/docker/README.md b/docker/README.md index ff6520e..8874a72 100644 --- a/docker/README.md +++ b/docker/README.md @@ -7,13 +7,15 @@ Deal Module (dm) - the Bitdeals daemon that provides a special interfaces for cr # Running DM docker container -On first run the initialization script will create (if it is empty), a new bitcoin and PGP keys and start the daemon. +On first run the initialization script will create, a new bitcoin and PGP keys and start the daemon. -Daemon settings which may specified by an environment variables are saved to the daemon config files on the Docker Volume. +Daemon settings may specified by an environment variables. PGP secret key is stored on a Docker volume. + +First run example: `docker run -i -t -e DM_TESTNET=1 -p 127.0.0.1:443:443 bitdeals/apostol-dm` - register new user, open WebUI port. # Usage -Here are some example snippets to help you get started creating a container. +Here are some example snippets to help you get started creating a container at localhost. ## docker-compose @@ -26,8 +28,7 @@ services: - DM_TESTNET=0 - DM_BITCOIN=
- DM_FEE=<0.1%> - - DM_PGP_PASSWORD= - - DM_FORWEB=http://127.0.0.1:4999 + - DM_FORWEB=https://127.0.0.1 - DM_WEBAUTH=0 - | DM_PGP_SEC= @@ -36,10 +37,11 @@ services: -----END PGP PRIVATE KEY BLOCK----- volumes: - - dm:/etc/dm + - dm:/home/dm ports: - 127.0.0.1:4999:4999 - - 80:80 + - 127.0.0.1:80:80 + - 127.0.0.1:443:443 volumes: dm: ``` @@ -56,7 +58,8 @@ docker run -d \ -e DM_LC_ALL=en_US.UTF-8 \ -p 127.0.0.1:4999:4999 \ -p 127.0.0.1:80:80 \ - -v /home/dm/:/etc/dm/ \ + -p 127.0.0.1:443:443 \ + -v /home/dm/:/home/dm/ \ bitdeals/apostol-dm ``` @@ -66,14 +69,15 @@ Container images are configured using parameters passed at runtime. |Parameter|Function| |:--------|:-------| -|-p 80|WebUI port TCP| +|-p 80|WebUI port| +|-p 443|WebUI port| |-p 4999|dm API port [(API documentation)](/private/apostol-dm/src/branch/master/doc/REST-API-ru.md)| |-e DM_TESTNET=|Enable bitcoin testnet mode. Default: `0`| |-e DM_BITCOIN=|User account bitcoin address. Will be created if empty.| |-e DM_FEE=|User fee for created deals. You MUST indicate the sign "%" for a percentage of the deal amount or FIXED value in satoshi. Default: `0.1%`| |-e DM_PGP_SEC=|Variable with ASCII armored PGP user secret key. Will be created if empty (with Account_URL in the key details).| |-e DM_PGP_PASSWORD=|User PGP key password.| -|-e DM_FORWEB=|dm host for dm Web app (the host should be accessable from your browser). Default: `http://127.0.0.1:4999`| +|-e DM_FORWEB=|dm host for dm Web app (the host should be accessable from your browser). Default: `https://127.0.0.1`| |-e DM_WEBAUTH=|Enable Web app user interface authentication. Default: `0`| |-e DM_LC_ALL=|Set locale for dm. Default: `en_US.UTF-8`| |-e DM_ACCOUNT_URL=|Set Account_URL for a new account registration. Format: `http[s]://[:]`| diff --git a/docker/bitdeals-test.asc b/docker/bitdeals-testnet.asc similarity index 100% rename from docker/bitdeals-test.asc rename to docker/bitdeals-testnet.asc diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index 87013cb..7475b0b 100755 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -7,21 +7,25 @@ ## ## Web app requires the dmHost address should be accessable from your browser -DM_FORWEB=${DM_FORWEB:-http://127.0.0.1:4999} +DM_FORWEB=${DM_FORWEB:-https://127.0.0.1} DM_WEBAUTH=${DM_WEBAUTH:-0} DM_TESTNET=${DM_TESTNET:-0} ## Daemon config files CONF_FILES=$(find /etc/dm/ -type f -name "*.conf" -not -name "default.conf") BITDEALS_PGP_FILE="/etc/dm/bitdeals.asc" -BITDEALS_TEST_PGP_FILE="/etc/dm/bitdeals-test.asc" -PGP_SEC_FILE="/etc/dm/pgp.sec" +BITDEALS_TEST_PGP_FILE="/etc/dm/bitdeals-testnet.asc" +PGP_SEC_FILE="$UHOME/pgp-key.sec" BX_CONF_FILE="/usr/local/etc/libbitcoin/bx.cfg" WEB_CONF_FILE="/var/www/web/config.js" WEB_CONF_SITES="/etc/dm/sites/default.json" WEB_CONF_OAUTH="/etc/dm/oauth2/default.json" +WEB_CERT="$UHOME/ssl-fullchain.pem" +WEB_KEY="$UHOME/ssl-privkey.pem" +WEB_DH="/etc/ssl/dhparam.pem" +BITCOIN_KEYS_BACKUP="$UHOME/bitcoin.backup_and_remove" -#tput variable for log color output +#variable for tput color output export TERM=xterm ## Write a default variables to dm config @@ -49,12 +53,12 @@ fi export LC_ALL="$DM_LC_ALL" ## Add DM_FORWEB to dm oauth config -if ! grep -q "$DM_FORWEB" $WEB_CONF_SITES; then - sed -i "/\"hosts\":/ s|]|, \"$(basename $DM_FORWEB)\"]|" $WEB_CONF_SITES - sed -i -e "/\"redirect_uris\":/ s|$|\n\t\"$DM_FORWEB/oauth2/callback\",|" \ - -e "/\"redirect_uris\":/ s|$|\n\t\"$DM_FORWEB/oauth2/code\",|" $WEB_CONF_OAUTH -fi - +cat $WEB_CONF_OAUTH | \ + jq --arg host "$DM_FORWEB" '.web | .redirect_uris=[$host+"/oauth2/code",$host+"/oauth2/callback"]' | \ + sponge $WEB_CONF_OAUTH +cat $WEB_CONF_SITES | \ + jq --arg host "$(basename $DM_FORWEB)" '.hosts = [$host]' | \ + sponge $WEB_CONF_SITES ## Write the PGP keys locations to dm config sed -i "/\[pgp\]/,/\[/ s%^private=.*%private=$PGP_SEC_FILE%" $CONF_FILES @@ -82,6 +86,8 @@ if [ "$DM_TESTNET" = 1 -o "$DM_TESTNET" = true ]; then else sed -i "/\[main\]/,/\[/ s/.*testnet=.*/testnet=false/" $CONF_FILES fi + +## Write PGP key variables to files if [ "$DM_BITDEALS_PGP" ]; then echo "$BITDEALS_PGP" > "$BITDEALS_PGP_FILE" fi @@ -93,7 +99,7 @@ if [ "$DM_PGP_SEC" ]; then fi ## Create user PGP key if the file is empty -if [ ! -e "$PGP_SEC_FILE" ] +if [ ! -f "$PGP_SEC_FILE" ] then [ "$DM_ACCOUNT_URL" ] || \ { echo -en "\nGenerating new PGP key...\nPlease enter your site URL like https://example.com : " ; \ @@ -152,11 +158,11 @@ fi ## Create new Bitcoin keys. If user address (_DM_BITCOIN var) is empty. _DM_BITCOIN="$(sed -n '/^[ \t]*\[module\]/,/\[/s/^[ \t]*address[ \t]*=[ \t]*//p' $CONF_FILES)" +B=$(tput bold ; tput setaf 1) +N=$(tput sgr0) + if [ -z "$_DM_BITCOIN" ] then - B=$(tput bold ; tput setaf 1) - N=$(tput sgr0) - ## Generate bitcoin keys PRIVKEY="$(cat /dev/random | tr -cd "[:digit:]" | head -c 64)" PUBKEY="$(bx ec-to-public $PRIVKEY)" @@ -167,17 +173,30 @@ then sed -i "/\[module\]/,/\[/ s/^address=.*/address=$BITCOIN/" $CONF_FILES ## Show bitcoin key - cat <<-EOF + tee -a $BITCOIN_KEYS_BACKUP <<-EOF - Please backup this BITCOIN KEY: - Private key (raw form): $PRIVKEY - Private key (WIF form): ${B}$PRIVKEYWIF${N} - Public key: $PUBKEY - Bitcoin address: $BITCOIN + ${B}Please backup this BITCOIN KEY:${N} + Private key (WIF form): $PRIVKEYWIF + Public key: $PUBKEY + Bitcoin address: $BITCOIN EOF + chmod 600 $BITCOIN_KEYS_BACKUP else - echo -e "NOTE: Your Bitcoin address: $_DM_BITCOIN" + test -f $BITCOIN_KEYS_BACKUP \ + && echo -e "NOTE: Your Bitcoin key saved to $(dirname $BITCOIN_KEYS_BACKUP)/${B}$(basename $BITCOIN_KEYS_BACKUP)${N}"\ + || echo -e "NOTE: Your Bitcoin address: $_DM_BITCOIN" +fi + +## Generate self-signed certificate +if ! [ -f $WEB_KEY -a -f $WEB_CERT ]; then + openssl req -x509 -nodes -days 365 -newkey rsa:2048 -batch \ + -keyout $WEB_KEY \ + -out $WEB_CERT +fi +if ! [ -f $WEB_DH ]; then + echo "Generating DH parameters, 1024 bit long safe prime" + openssl dhparam -out $WEB_DH 1024 2>/dev/null fi ## Run the daemon diff --git a/docker/nginx.conf b/docker/nginx.conf index 06678f7..d31daa1 100644 --- a/docker/nginx.conf +++ b/docker/nginx.conf @@ -12,17 +12,48 @@ server { root /var/www/web; index index.html; try_files $uri $uri/ /index.html; - -# location ^~ /api/ { -# proxy_pass http://127.0.0.1:4999; -# proxy_http_version 1.1; -# proxy_set_header Host $host; -# proxy_set_header Connection "close"; -# proxy_set_header X-Forwarded-Proto $scheme; -# proxy_set_header X-Real-IP $remote_addr; -# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -# } - } + + location ^~ /api/ { + proxy_pass http://127.0.0.1:4999; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header Connection "close"; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +} + +server { + + index index.html; + + server_name _; + + rewrite ^/$ /dm/ permanent; + + location / { + root /var/www/web; + index index.html; + try_files $uri $uri/ /index.html; + } + + location ^~ /api/ { + proxy_pass http://127.0.0.1:4999; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header Connection "close"; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + listen [::]:443 ssl ipv6only=on; + listen 443 ssl; + ssl_certificate /home/dm/fullchain.pem; + ssl_certificate_key /home/dm/privkey.pem; + ssl_dhparam /etc/ssl/dhparam.pem; + }