private/apostol-dm
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master'

Browse Source
This commit is contained in:
Преподобный Ален
2023-05-17 17:29:49 +03:00
parent 69af37c617 cd9bcb8c13
commit 7d8bc75c5e
6 changed files with 116 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
docker-compose.yml
View File

@@ -3,7 +3,9 @@ services:
bitdeals-module:
image: bitdeals/apostol-dm
environment:
- DM_TESTNET=0
- DM_FORWEB=https://127.0.0.1
- DM_WEBAUTH=0
- DM_TESTNET=1
- DM_BITCOIN=
- DM_FEE=0.1%
- |
@@ -13,10 +15,11 @@ services:
-----END PGP PRIVATE KEY BLOCK-----
volumes:
- dm:/etc/dm
- dm:/home/dm
ports:
- 4999:4999
- 80:80
- 127.0.0.1:4999:4999
- 127.0.0.1:80:80
- 127.0.0.1:443:443
volumes:
dm:

23
docker/Dockerfile
View File

@@ -1,9 +1,9 @@
# syntax=docker/dockerfile:3
## syntax=docker/dockerfile:3
## BitDeals Module Dockerfile
## the Module user
ARG UNAME="module"
ARG UNAME="dm"
ARG UHOME="/home/$UNAME"
## Base image
@@ -12,15 +12,17 @@ FROM debian:bullseye AS updated-debian
SHELL ["/bin/bash", "-exo", "pipefail", "-c"]
LABEL name="BitDeals Module"
EXPOSE 4999/tcp 80/tcp
EXPOSE 4999/tcp 80/tcp 443/tcp
## Debian update; install dependencies
ARG DEBIAN_FRONTEND=noninteractive
ARG DEBIAN_FRONTEND="noninteractive" \
DEBCONF_NOWARNINGS="yes"
RUN apt-get update -y ; \
apt-get upgrade -y ; \
apt-get -y install --no-install-recommends locales ; \
apt-get -y install --no-install-recommends locales jq moreutils; \
apt-get -y install --no-install-recommends gpg gpg-agent ; \
apt-get -y install --no-install-recommends nginx ; \
apt-get -y install --no-install-recommends openssl ca-certificates ; \
apt-get clean ; \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
@@ -36,7 +38,8 @@ RUN useradd --create-home --home-dir $UHOME $UNAME
FROM updated-debian AS development
## Debian update; install dependencies for: C++ compiler; OpenPGP; Libbitcoin
ARG DEBIAN_FRONTEND=noninteractive
ARG DEBIAN_FRONTEND="noninteractive" \
DEBCONF_NOWARNINGS="yes"
RUN apt-get -y update
RUN apt-get -y install --no-install-recommends build-essential libssl-dev libcurl4-openssl-dev make cmake gcc g++ git
RUN apt-get -y install --no-install-recommends libgmp-dev libbz2-dev libzip-dev
@@ -71,9 +74,10 @@ RUN su -l --shell /bin/bash $UNAME -c 'wget https://raw.githubusercontent.com/li
cd $UHOME ; \
sed -i '/git clone / s/git.*$/while true; do & \&\& break; done/' install.sh ; \
sed -i '/$WGET / s/$WGET.*$/while true; do & \&\& break; done/' install.sh ; \
./install.sh --build-boost --build-zmq --disable-shared
./install.sh --verbose --build-boost --build-zmq --disable-shared
## Install BitDeals module (apostol-dm)
#cmake -DCMAKE_BUILD_TYPE=Debug . -B cmake-build-debug' ; \
RUN su -l --shell /bin/bash $UNAME -c 'cd '$UHOME' ; \
git clone https://git.bitdeals.org/private/apostol-dm.git ; \
cd apostol-dm ; \
@@ -97,16 +101,15 @@ FROM updated-debian
ARG UNAME
ARG UHOME
ENV UNAME=$UNAME
ENV LC_ALL=ru_RU.UTF-8
ENV UHOME=$UHOME
COPY --from=development /usr/local/ /usr/local/
COPY --from=development /etc/dm/ /etc/dm/
COPY --from=development /usr/sbin/dm /usr/sbin/dm
COPY --from=development /etc/init.d/dm /etc/init.d/dm
COPY --from=development --chown=www-data:www-data $UHOME/web-build/build /var/www/web
COPY --from=development --chown=$UNAME:$UNAME $UHOME/apostol-dm/docker/bitdeals-test.asc /etc/dm/bitdeals-test.asc
COPY --from=development --chown=$UNAME:$UNAME $UHOME/apostol-dm/docker/bitdeals-testnet.asc /etc/dm/bitdeals-testnet.asc
#COPY --from=development --chown=$UNAME:$UNAME $UHOME/apostol-dm/docker/bitdeals.asc /etc/dm/bitdeals.asc
COPY --from=development $UHOME/apostol-dm/docker/entrypoint.sh /entrypoint.sh
COPY nginx.conf /etc/nginx/sites-enabled/default

24
docker/README.md
View File

@@ -7,13 +7,15 @@ Deal Module (dm) - the Bitdeals daemon that provides a special interfaces for cr
# Running DM docker container
On first run the initialization script will create (if it is empty), a new bitcoin and PGP keys and start the daemon.
On first run the initialization script will create, a new bitcoin and PGP keys and start the daemon.
Daemon settings which may specified by an environment variables are saved to the daemon config files on the Docker Volume.
Daemon settings may specified by an environment variables. PGP secret key is stored on a Docker volume.
First run example: `docker run -i -t -e DM_TESTNET=1 -p 127.0.0.1:443:443 bitdeals/apostol-dm` - register new user, open WebUI port.
# Usage
Here are some example snippets to help you get started creating a container.
Here are some example snippets to help you get started creating a container at localhost.
## docker-compose
@@ -26,8 +28,7 @@ services:
- DM_TESTNET=0
- DM_BITCOIN=<address>
- DM_FEE=<0.1%>
- DM_PGP_PASSWORD=<password>
- DM_FORWEB=http://127.0.0.1:4999
- DM_FORWEB=https://127.0.0.1
- DM_WEBAUTH=0
- |
DM_PGP_SEC=
@@ -36,10 +37,11 @@ services:
-----END PGP PRIVATE KEY BLOCK-----
volumes:
- dm:/etc/dm
- dm:/home/dm
ports:
- 127.0.0.1:4999:4999
- 80:80
- 127.0.0.1:80:80
- 127.0.0.1:443:443
volumes:
dm:
```
@@ -56,7 +58,8 @@ docker run -d \
-e DM_LC_ALL=en_US.UTF-8 \
-p 127.0.0.1:4999:4999 \
-p 127.0.0.1:80:80 \
-v /home/dm/:/etc/dm/ \
-p 127.0.0.1:443:443 \
-v /home/dm/:/home/dm/ \
bitdeals/apostol-dm
```
@@ -66,14 +69,15 @@ Container images are configured using parameters passed at runtime.
|Parameter|Function|
|:--------|:-------|
|-p 80|WebUI port TCP|
|-p 80|WebUI port|
|-p 443|WebUI port|
|-p 4999|dm API port [(API documentation)](/private/apostol-dm/src/branch/master/doc/REST-API-ru.md)|
|-e DM_TESTNET=|Enable bitcoin testnet mode. Default: `0`|
|-e DM_BITCOIN=|User account bitcoin address. Will be created if empty.|
|-e DM_FEE=|User fee for created deals. You MUST indicate the sign "%" for a percentage of the deal amount or FIXED value in satoshi. Default: `0.1%`|
|-e DM_PGP_SEC=|Variable with ASCII armored PGP user secret key. Will be created if empty (with Account_URL in the key details).|
|-e DM_PGP_PASSWORD=|User PGP key password.|
|-e DM_FORWEB=|dm host for dm Web app (the host should be accessable from your browser). Default: `http://127.0.0.1:4999`|
|-e DM_FORWEB=|dm host for dm Web app (the host should be accessable from your browser). Default: `https://127.0.0.1`|
|-e DM_WEBAUTH=|Enable Web app user interface authentication. Default: `0`|
|-e DM_LC_ALL=|Set locale for dm. Default: `en_US.UTF-8`|
|-e DM_ACCOUNT_URL=|Set Account_URL for a new account registration. Format: `http[s]://<host>[:<port>]`|

0
docker/bitdeals-test.asc → docker/bitdeals-testnet.asc
View File

61
docker/entrypoint.sh
View File

@@ -7,21 +7,25 @@
##
## Web app requires the dmHost address should be accessable from your browser
DM_FORWEB=${DM_FORWEB:-http://127.0.0.1:4999}
DM_FORWEB=${DM_FORWEB:-https://127.0.0.1}
DM_WEBAUTH=${DM_WEBAUTH:-0}
DM_TESTNET=${DM_TESTNET:-0}
## Daemon config files
CONF_FILES=$(find /etc/dm/ -type f -name "*.conf" -not -name "default.conf")
BITDEALS_PGP_FILE="/etc/dm/bitdeals.asc"
BITDEALS_TEST_PGP_FILE="/etc/dm/bitdeals-test.asc"
PGP_SEC_FILE="/etc/dm/pgp.sec"
BITDEALS_TEST_PGP_FILE="/etc/dm/bitdeals-testnet.asc"
PGP_SEC_FILE="$UHOME/pgp-key.sec"
BX_CONF_FILE="/usr/local/etc/libbitcoin/bx.cfg"
WEB_CONF_FILE="/var/www/web/config.js"
WEB_CONF_SITES="/etc/dm/sites/default.json"
WEB_CONF_OAUTH="/etc/dm/oauth2/default.json"
WEB_CERT="$UHOME/ssl-fullchain.pem"
WEB_KEY="$UHOME/ssl-privkey.pem"
WEB_DH="/etc/ssl/dhparam.pem"
BITCOIN_KEYS_BACKUP="$UHOME/bitcoin.backup_and_remove"
#tput variable for log color output
#variable for tput color output
export TERM=xterm
## Write a default variables to dm config
@@ -49,12 +53,12 @@ fi
export LC_ALL="$DM_LC_ALL"
## Add DM_FORWEB to dm oauth config
if ! grep -q "$DM_FORWEB" $WEB_CONF_SITES; then
sed -i "/\"hosts\":/ s|]|, \"$(basename $DM_FORWEB)\"]|" $WEB_CONF_SITES
sed -i -e "/\"redirect_uris\":/ s|$|\n\t\"$DM_FORWEB/oauth2/callback\",|" \
-e "/\"redirect_uris\":/ s|$|\n\t\"$DM_FORWEB/oauth2/code\",|" $WEB_CONF_OAUTH
fi
cat $WEB_CONF_OAUTH | \
jq --arg host "$DM_FORWEB" '.web | .redirect_uris=[$host+"/oauth2/code",$host+"/oauth2/callback"]' | \
sponge $WEB_CONF_OAUTH
cat $WEB_CONF_SITES | \
jq --arg host "$(basename $DM_FORWEB)" '.hosts = [$host]' | \
sponge $WEB_CONF_SITES
## Write the PGP keys locations to dm config
sed -i "/\[pgp\]/,/\[/ s%^private=.*%private=$PGP_SEC_FILE%" $CONF_FILES
@@ -82,6 +86,8 @@ if [ "$DM_TESTNET" = 1 -o "$DM_TESTNET" = true ]; then
else
sed -i "/\[main\]/,/\[/ s/.*testnet=.*/testnet=false/" $CONF_FILES
fi
## Write PGP key variables to files
if [ "$DM_BITDEALS_PGP" ]; then
echo "$BITDEALS_PGP" > "$BITDEALS_PGP_FILE"
fi
@@ -93,7 +99,7 @@ if [ "$DM_PGP_SEC" ]; then
fi
## Create user PGP key if the file is empty
if [ ! -e "$PGP_SEC_FILE" ]
if [ ! -f "$PGP_SEC_FILE" ]
then
[ "$DM_ACCOUNT_URL" ] || \
{ echo -en "\nGenerating new PGP key...\nPlease enter your site URL like https://example.com : " ; \
@@ -152,11 +158,11 @@ fi
## Create new Bitcoin keys. If user address (_DM_BITCOIN var) is empty.
_DM_BITCOIN="$(sed -n '/^[ \t]*\[module\]/,/\[/s/^[ \t]*address[ \t]*=[ \t]*//p' $CONF_FILES)"
B=$(tput bold ; tput setaf 1)
N=$(tput sgr0)
if [ -z "$_DM_BITCOIN" ]
then
B=$(tput bold ; tput setaf 1)
N=$(tput sgr0)
## Generate bitcoin keys
PRIVKEY="$(cat /dev/random | tr -cd "[:digit:]" | head -c 64)"
PUBKEY="$(bx ec-to-public $PRIVKEY)"
@@ -167,17 +173,30 @@ then
sed -i "/\[module\]/,/\[/ s/^address=.*/address=$BITCOIN/" $CONF_FILES
## Show bitcoin key
cat <<-EOF
tee -a $BITCOIN_KEYS_BACKUP <<-EOF
Please backup this BITCOIN KEY:
Private key (raw form): $PRIVKEY
Private key (WIF form): ${B}$PRIVKEYWIF${N}
Public key: $PUBKEY
Bitcoin address: $BITCOIN
${B}Please backup this BITCOIN KEY:${N}
Private key (WIF form): $PRIVKEYWIF
Public key: $PUBKEY
Bitcoin address: $BITCOIN
EOF
chmod 600 $BITCOIN_KEYS_BACKUP
else
echo -e "NOTE: Your Bitcoin address: $_DM_BITCOIN"
test -f $BITCOIN_KEYS_BACKUP \
&& echo -e "NOTE: Your Bitcoin key saved to $(dirname $BITCOIN_KEYS_BACKUP)/${B}$(basename $BITCOIN_KEYS_BACKUP)${N}"\
|| echo -e "NOTE: Your Bitcoin address: $_DM_BITCOIN"
fi
## Generate self-signed certificate
if ! [ -f $WEB_KEY -a -f $WEB_CERT ]; then
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -batch \
-keyout $WEB_KEY \
-out $WEB_CERT
fi
if ! [ -f $WEB_DH ]; then
echo "Generating DH parameters, 1024 bit long safe prime"
openssl dhparam -out $WEB_DH 1024 2>/dev/null
fi
## Run the daemon

53
docker/nginx.conf
View File

@@ -12,17 +12,48 @@ server {
root /var/www/web;
index index.html;
try_files $uri $uri/ /index.html;
# location ^~ /api/ {
# proxy_pass http://127.0.0.1:4999;
# proxy_http_version 1.1;
# proxy_set_header Host $host;
# proxy_set_header Connection "close";
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# }
}
location ^~ /api/ {
proxy_pass http://127.0.0.1:4999;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header Connection "close";
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
index index.html;
server_name _;
rewrite ^/$ /dm/ permanent;
location / {
root /var/www/web;
index index.html;
try_files $uri $uri/ /index.html;
}
location ^~ /api/ {
proxy_pass http://127.0.0.1:4999;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header Connection "close";
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
ssl_certificate /home/dm/fullchain.pem;
ssl_certificate_key /home/dm/privkey.pem;
ssl_dhparam /etc/ssl/dhparam.pem;
}