private/apostol-dm
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Docker fix: add ensubst

Browse Source
This commit is contained in:
status404
2024-02-20 13:09:09 +03:00
parent 68ce2f1358
commit 7eaeb727c3
11 changed files with 443 additions and 286 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docker-compose.yml
View File

@@ -1,10 +1,9 @@
version: "3"
services:
bitdeals-module:
apostol-dm:
image: bitdeals/apostol-dm
environment:
- DM_FORWEB=https://127.0.0.1
- DM_WEBAUTH=0
- DM_TESTNET=1
- DM_BITCOIN=
- DM_FEE=0.1%

6
docker/.env Normal file
View File

@@ -0,0 +1,6 @@
#
# Docker Compose environment file
#
COMPOSE_PROJECT_NAME="bitdeals"

25
docker/Dockerfile
View File

@@ -19,7 +19,7 @@ ARG DEBIAN_FRONTEND="noninteractive" \
DEBCONF_NOWARNINGS="yes"
RUN apt-get update -y ; \
apt-get upgrade -y ; \
apt-get -y install --no-install-recommends locales tzdata jq moreutils; \
apt-get -y install --no-install-recommends locales tzdata jq gettext-base; \
apt-get -y install --no-install-recommends gpg gpg-agent ; \
apt-get -y install --no-install-recommends nginx ; \
apt-get -y install --no-install-recommends openssl ca-certificates ; \
@@ -111,13 +111,30 @@ COPY --from=development /etc/init.d/dm /etc/init.d/dm
COPY --from=development --chown=www-data:www-data $UHOME/web-build/build /var/www/web
COPY --from=development --chown=$UNAME:$UNAME $UHOME/apostol-dm/docker/bitdeals-testnet.asc /etc/dm/bitdeals-testnet.asc
COPY --from=development --chown=$UNAME:$UNAME $UHOME/apostol-dm/docker/bitdeals.asc /etc/dm/bitdeals.asc
COPY --from=development $UHOME/apostol-dm/docker/entrypoint.sh /entrypoint.sh
COPY --from=development $UHOME/apostol-dm/docker/run.sh /run.sh
COPY nginx.conf /etc/nginx/sites-enabled/default
## Generate bx testnet config
RUN sed -e "/\[wallet\]/,/\[/ s/wif_version? =.*/wif_version = 239/" \
-e "/\[wallet\]/,/\[/ s/hd_public_version =.*/hd_public_version = 70617039/" \
-e "/\[wallet\]/,/\[/ s/hd_secret_version =.*/hd_secret_version = 70615956/" \
-e "/\[wallet\]/,/\[/ s/pay_to_public_key_hash_version =.*/pay_to_public_key_hash_version = 111/" \
-e "/\[wallet\]/,/\[/ s/pay_to_script_hash_version =.*/pay_to_script_hash_version = 196/" \
-e "/\[network\]/,/\[/ s/identifier =.*/identifier = 118034699/" \
-e "/seed = mainnet[0-9].libbitcoin.net:8333/ s/^#*/#/" \
-e "/url = tcp:\/\/mainnet.libbitcoin.net:9091/ s/^#*/#/" \
-e "/block_url = tcp:\/\/mainnet.libbitcoin.net:9093/ s/^#*/#/" \
-e "/transaction_url = tcp:\/\/mainnet.libbitcoin.net:9094/ s/^#*/#/" \
-e "/#seed = testnet[0-9].libbitcoin.net:18333/ s/^#*#//" \
-e "/#url = tcp:\/\/testnet.libbitcoin.net:19091/ s/^#*#//" \
-e "/#block_url = tcp:\/\/testnet.libbitcoin.net:19093/ s/^#*#//" \
-e "/#transaction_url = tcp:\/\/testnet.libbitcoin.net:19094/ s/^#*#//" \
/usr/local/etc/libbitcoin/bx.cfg > /usr/local/etc/libbitcoin/bx-testnet.cfg
#dm: error while loading shared libraries: libOpenPGP.so: cannot open shared object file: No such file or directory
RUN ldconfig
RUN chmod 755 /entrypoint.sh
RUN chmod 755 /run.sh
CMD ["/entrypoint.sh"]
CMD ["/run.sh"]

30
docker/dm/conf/bitcoin.conf Normal file
View File

@@ -0,0 +1,30 @@
[main]
## Bitcoin testnet
## default: false
testnet=$DM_TESTNET
[endpoint]
## default: tcp://mainnet.libbitcoin.net:9091
#url=tcp://testnet.libbitcoin.net:19091
[transaction]
## Transaction minimum output value
## default: 200
#min_output=200
[miner]
## Transaction fee as a percentage of the deal amount
## ATTENTION: If the value is specified as a percentage, you MUST indicate the sign “%”,
## otherwise it will be a FIXED value in satoshi.
## Transaction fee for miner
## default: 1%
#fee=1%
## Transaction fee for miner (minimal)
## default: 200
#min=200
## Transaction fee for miner (maximum)
## default: 2000
#max=2000

105
docker/dm/dm.conf Normal file
View File

@@ -0,0 +1,105 @@
## Bitcoin Payment Service (Deal Module) config file
[main]
user=$UNAME
group=$UNAME
limitnofile=8192
## Count worker process
## default: 1
workers=$WORKERS
## Create helper process
## default: false
#helper=false
## Create master process
## Master process run processes:
## - worker (if count not equal 0)
## - helper (if value equal true)
## - process/* (if enabled)
## default: true
master=true
## Module: Web Service
[module/WebService]
## default: true
enable=true
## Module: Web Socket
[module/WebSocket]
## default: false
enable=true
[daemon]
## Run as daemon
## default: true
daemon=false
## Pid file
## default: logs/dm.pid
pid=/run/dm.pid
[log]
## Log files
## Available keys: alert, crit, error, warn, notice, info, debug
## default: error=logs/error.log
#alert=logs/error.log
crit=/var/log/dm/crit.log
error=/var/log/dm/error.log
#warn=/var/log/dm/error.log
#notice=/var/log/dm/message.log
#info=/var/log/dm/message.log
#debug=/var/log/dm/debug.log
[stream]
log=/var/log/dm/stream.log
## HTTP (Server) config section
[server]
## Listen address
## default: 0.0.0.0
listen=0.0.0.0
## Listen port number
## default: 4977
port=4999
## Connection timeout
## default: 5000
#timeout=5000
## Default web server file path
root=www
## Access log file
log=/var/log/dm/access.log
[module]
## Module Bitcoin address
## default: empty
address=$DM_BITCOIN
## OAuth2 configuration file
## default: service.json
oauth2=oauth2/service.json
## Module transaction fee as a percentage of the deal amount
## ATTENTION: If the value is specified as a percentage, you MUST indicate the sign “%”,
## otherwise it will be a FIXED value in satoshi.
## default: 0.1%
fee=$DM_FEE
[pgp]
## Path to PGP private file key
## default: empty
private=$PGP_SEC_FILE
## Path to PGP public file key
## default: empty
public=$BITDEALS_PGP_FILE
## PGP passphrase
## default: empty
passphrase=$DM_PGP_PASSWORD

17
docker/dm/oauth2/default.json Normal file
View File

@@ -0,0 +1,17 @@
{
"web": {
"issuers": ["accounts.bitdeals.org"],
"scopes": ["api","openid","profile","email"],
"client_id": "web-bitdeals.org",
"client_secret": "4aJEJi3dsSypeUSRCah4gIIs",
"algorithm": "HS256",
"auth_uri": "/oauth2/authorize",
"token_uri": "/oauth2/token",
"redirect_uris": [
"http://127.0.0.1/oauth2/code",
"http://127.0.0.1/oauth2/callback",
"https://127.0.0.1/oauth2/code",
"https://127.0.0.1/oauth2/callback"
]
}
}

10
docker/dm/oauth2/service.json Normal file
View File

@@ -0,0 +1,10 @@
{
"type": "service_account",
"issuers": ["accounts.bitdeals.org"],
"scopes": ["bitdeals"],
"client_id": "dm-bitdeals.org",
"client_secret": "TypQHP4TK44khO3cvOyuHYg3",
"algorithm": "HS256",
"auth_uri": "/oauth2/authorize",
"token_uri": "/oauth2/token"
}

11
docker/dm/sites/default.json Normal file
View File

@@ -0,0 +1,11 @@
{
"hosts": ["127.0.0.1"],
"root": "/var/www/web",
"oauth2": {
"identifier": "/oauth/identifier",
"secret": "/oauth/secret",
"callback": "/",
"error": "/oauth/error",
"debug": "http://localhost:3000/"
}
}

48
docker/dm/web-config.js Normal file
View File

@@ -0,0 +1,48 @@
var appConfig = {
defaultLanguage: "$DM_WEB_LANG",
creditsText: "BitDeals © $YEAR.",
creditsShortText: "BitDeals",
confAuthorize: false,
signIn: "/signin",
signUp: "/signup",
apiTokenUrl: "https://$BITDEALS_SERVER/oauth2/token",
apiDomain: "https://$BITDEALS_SERVER",
wsDomain: "wss://$BITDEALS_SERVER",
apiPath: "/api/v1",
apiClientId: "web-bitdeals.org",
dmHost: "$DM_FORWEB",
dmPath: "/api/v1",
publicContentPath: "/content/md",
publicContentMenu: {
"menu.about": "/info/about",
"menu.manual": "/info/manual",
"menu.faq": "/info/faq",
"menu.terms": "/info/terms",
},
docLinks: {
"https://git.bitdeals.org/private/apostol-dm/src/branch/master/doc/REST-API-ru.md": "API Documentation",
"https://git.bitdeals.org/private/apostol-dm/issues": "DM Issues",
"https://matrix.bitdeals.org/#/room/#chan:matrix.bitdeals.org": "Users chat room",
},
confPrivateDash: true,
confDealModule: true,
confAdmin: true,
adminReferences: {
agent: {},
version: {},
server: {},
system: {},
},
maxFileSize: 512000,
};
var appMessages = {};

280
docker/entrypoint.sh
View File

@@ -1,280 +0,0 @@
#!/bin/bash
##
## BitDeals Module configuration helper script for Docker Container.
## It writes an Environment variables to the daemon config files.
## And can generate a Bitcoin and PGP key filies at first start.
##
## Web app requires the dmHost address should be accessable from your browser
DM_FORWEB=${DM_FORWEB:-https://127.0.0.1}
DM_WEBAUTH=${DM_WEBAUTH:-0}
DM_TESTNET=${DM_TESTNET:-0}
DM_LC_ALL=${DM_LC_ALL:-"en_US.UTF-8"}
DM_TZ=${DM_TZ:-"Etc/UTC"}
BITDEALS_SERVER="${BITDEALS_SERVER:-https://mainnet.bitdeals.org}"
BITDEALS_SERVER_TESTNET="${BITDEALS_SERVER_TESTNET:-https://testnet.bitdeals.org}"
DM_OAUTH_WEB_SECRET="${DM_OAUTH_WEB_SECRET:-vTcvnpHbTmxxGP8AfRTHETXG}"
DM_OAUTH_MODULE_SECRET="${DM_OAUTH_MODULE_SECRET:-6DbqdnrJEDeSmaBMuZZde9ec}"
DM_OAUTH_WEB_SECRET_TESTNET="${DM_OAUTH_WEB_SECRET_TESTNET:-4aJEJi3dsSypeUSRCah4gIIs}"
DM_OAUTH_MODULE_SECRET_TESTNET="${DM_OAUTH_MODULE_SECRET_TESTNET:-TypQHP4TK44khO3cvOyuHYg3}"
## Daemon config files
CONF_FILES=$(find /etc/dm/ -type f -name "*.conf" -not -name "default.conf")
BITDEALS_PGP_FILE="/etc/dm/bitdeals.asc"
BITDEALS_TESTNET_PGP_FILE="/etc/dm/bitdeals-testnet.asc"
PGP_SEC_FILE="$UHOME/pgp-key.sec"
BX_CONF_FILE="/usr/local/etc/libbitcoin/bx.cfg"
WEB_CONF_FILE="/var/www/web/config.js"
WEB_CONF_SITES="/etc/dm/sites/default.json"
WEB_CONF_OAUTH="/etc/dm/oauth2/default.json"
WEB_CONF_OAUTH_SERVICE="/etc/dm/oauth2/service.json"
WEB_CERT="$UHOME/ssl-fullchain.pem"
WEB_KEY="$UHOME/ssl-privkey.pem"
WEB_DH="/etc/ssl/dhparam.pem"
BITCOIN_KEYS_BACKUP="$UHOME/bitcoin.backup_and_remove"
## Variable for tput color output
export TERM=xterm
set_locale()
{
## Setup locale
if [ "$DM_LC_ALL" ]; then
update-locale LC_ALL="$DM_LC_ALL" LANG="$DM_LC_ALL"
fi
## Setup Timezone
if [ "$DM_TZ" ]; then
echo $DM_TZ > /etc/timezone
ln -snf /usr/share/zoneinfo/$DM_TZ /etc/localtime
dpkg-reconfigure -f noninteractive tzdata
fi
}
init_config()
{
## Write a default variables to dm config
sed -i -e "/\[main\]/,/\[/ s/^#*user=.*/user=$UNAME/" \
-e "/\[main\]/,/\[/ s/^#*group=.*/group=$UNAME/" \
-e "/\[main\]/,/\[/ s/^#*workers=.*/workers=$(nproc)/" \
-e "/\[module\/WebSocket\]/,/\[/ s/^#*enable=.*/enable=true/" \
-e "/\[daemon\]/,/\[/ s/^#*daemon=.*/daemon=false/" \
-e "/\[server\]/,/\[/ s/^#*listen=.*/listen=0.0.0.0/" \
-e "/\[server\]/,/\[/ s/^#*port=.*/port=4999/" $CONF_FILES
## Change dm Website config
sed -i "s|dmHost:.*|dmHost: \"$DM_FORWEB\",|" $WEB_CONF_FILE
if [ "$DM_WEBAUTH" = 1 -o "$DM_WEBAUTH" = true ]; then
sed -i 's/confAuthorize:.*/confAuthorize: true,/' $WEB_CONF_FILE
else
sed -i 's/confAuthorize:.*/confAuthorize: false,/' $WEB_CONF_FILE
fi
if [ "$DM_LC_ALL" = "ru_RU.UTF-8" ]; then
sed -i 's/defaultLanguage:.*/defaultLanguage: "ru",/' $WEB_CONF_FILE
else
sed -i 's/defaultLanguage:.*/defaultLanguage: "en",/' $WEB_CONF_FILE
fi
if [ "$DM_TESTNET" = 1 -o "$DM_TESTNET" = true ]; then
cat $WEB_CONF_OAUTH_SERVICE | \
jq --arg i $DM_OAUTH_MODULE_SECRET_TESTNET '.client_secret=$i' | sponge $WEB_CONF_OAUTH_SERVICE
cat $WEB_CONF_OAUTH | \
jq --arg i $DM_OAUTH_WEB_SECRET_TESTNET '.web.client_secret=$i' | sponge $WEB_CONF_OAUTH
cat $WEB_CONF_FILE |
sed -e "s|apiTokenUrl:.*|apiTokenUrl: \"$BITDEALS_SERVER_TESTNET/oauth2/token\",|" \
-e "s|apiDomain:.*|apiDomain: \"$BITDEALS_SERVER_TESTNET\",|" \
-e "s|wsDomain:.*|wsDomain: \"wss://$(basename $BITDEALS_SERVER_TESTNET)\",|" | sponge $WEB_CONF_FILE
else
cat $WEB_CONF_OAUTH_SERVICE | \
jq --arg i $DM_OAUTH_MODULE_SECRET '.client_secret=$i' | sponge $WEB_CONF_OAUTH_SERVICE
cat $WEB_CONF_OAUTH | \
jq --arg i $DM_OAUTH_WEB_SECRET '.web.client_secret=$i' | sponge $WEB_CONF_OAUTH
cat $WEB_CONF_FILE |
sed -e "s|apiTokenUrl:.*|apiTokenUrl: \"$BITDEALS_SERVER/oauth2/token\",|" \
-e "s|apiDomain:.*|apiDomain: \"$BITDEALS_SERVER\",|" \
-e "s|wsDomain:.*|wsDomain: \"wss://$(basename $BITDEALS_SERVER)\",|" | sponge $WEB_CONF_FILE
fi
## Add DM_FORWEB to dm oauth config
cat $WEB_CONF_OAUTH | \
jq --arg host "$(basename $DM_FORWEB)" '.web.redirect_uris=[
"http://"+$host+"/oauth2/code","http://"+$host+"/oauth2/callback",
"https://"+$host+"/oauth2/code","https://"+$host+"/oauth2/callback"]' | \
sponge $WEB_CONF_OAUTH
cat $WEB_CONF_SITES | \
jq --arg host "$(basename $DM_FORWEB)" '.hosts = [$host]' | \
sponge $WEB_CONF_SITES
## Write the PGP keys locations to dm config
sed -i "/\[pgp\]/,/\[/ s%^#*private=.*%private=$PGP_SEC_FILE%" $CONF_FILES
if [ "$DM_TESTNET" = 1 -o "$DM_TESTNET" = true ]; then
sed -i "/\[pgp\]/,/\[/ s%^#*public=.*%public=$BITDEALS_TESTNET_PGP_FILE%" $CONF_FILES
else
sed -i "/\[pgp\]/,/\[/ s%^#*public=.*%public=$BITDEALS_PGP_FILE%" $CONF_FILES
fi
## Write a user variables to the daemon config files.
if [ "$DM_BITCOIN" ]; then
sed -i "/\[module\]/,/\[/ s/^#*address=.*/address=$DM_BITCOIN/" $CONF_FILES
fi
if [ "$DM_FEE" ]; then
sed -i "/\[module\]/,/\[/ s/^#*fee=.*/fee=$DM_FEE/" $CONF_FILES
fi
if [ "$DM_PGP_PASSWORD" ] ; then
## Escaping the '/' in password line for use it in `sed`
DM_PGP_PASSWORD="$(echo $DM_PGP_PASSWORD | sed 's/\//\\\//g')"
sed -i "/\[pgp\]/,/\[/ s/^#*passphrase=.*/passphrase=$DM_PGP_PASSWORD/" $CONF_FILES
fi
if [ "$DM_TESTNET" = 1 -o "$DM_TESTNET" = true ]; then
sed -i "/\[main\]/,/\[/ s/^#*testnet=.*/testnet=true/" $CONF_FILES
else
sed -i "/\[main\]/,/\[/ s/^#*testnet=.*/testnet=false/" $CONF_FILES
fi
## Download BitDeals key from keyserver
if [ "$DM_BITDEALS_PGP_FINGERPRINT" ]; then
test "$DM_TESTNET" = 1 -o "$DM_TESTNET" = true && LOCATION="$BITDEALS_TEST_PGP_FILE" || LOCATION="$BITDEALS_PGP_FILE"
for i in {1..2}; do gpg --keyserver keyserver.ubuntu.com --recv-keys "$BITDEALS_KEY_FINGERPRINT" && break; done && \
gpg --armor --export "$BITDEALS_KEY_FINGERPRINT" > "$LOCATION"
gpgconf --kill all
fi
## Write PGP key variables to files
if [ "$DM_BITDEALS_PGP" ]; then
echo "$BITDEALS_PGP" > "$BITDEALS_PGP_FILE"
fi
if [ "$DM_BITDEALS_TESTNET_PGP" ]; then
echo "$BITDEALS_TESTNET_PGP" > "$BITDEALS_TESTNET_PGP_FILE"
fi
if [ "$DM_PGP_SEC" ]; then
echo "$DM_PGP_SEC" > "$PGP_SEC_FILE"
fi
## Setup testnet settings in libbitcoin-explorer config for new user bitcoin address generation
[ "$DM_TESTNET" = 1 -o "$DM_TESTNET" = true ] && \
sed -i -e "/\[wallet\]/,/\[/ s/wif_version? =.*/wif_version = 239/" \
-e "/\[wallet\]/,/\[/ s/hd_public_version =.*/hd_public_version = 70617039/" \
-e "/\[wallet\]/,/\[/ s/hd_secret_version =.*/hd_secret_version = 70615956/" \
-e "/\[wallet\]/,/\[/ s/pay_to_public_key_hash_version =.*/pay_to_public_key_hash_version = 111/" \
-e "/\[wallet\]/,/\[/ s/pay_to_script_hash_version =.*/pay_to_script_hash_version = 196/" \
-e "/\[network\]/,/\[/ s/identifier =.*/identifier = 118034699/" \
-e "/seed = mainnet[0-9].libbitcoin.net:8333/ s/^#*/#/" \
-e "/url = tcp:\/\/mainnet.libbitcoin.net:9091/ s/^#*/#/" \
-e "/block_url = tcp:\/\/mainnet.libbitcoin.net:9093/ s/^#*/#/" \
-e "/transaction_url = tcp:\/\/mainnet.libbitcoin.net:9094/ s/^#*/#/" \
-e "/#seed = testnet[0-9].libbitcoin.net:18333/ s/^#*#//" \
-e "/#url = tcp:\/\/testnet.libbitcoin.net:19091/ s/^#*#//" \
-e "/#block_url = tcp:\/\/testnet.libbitcoin.net:19093/ s/^#*#//" \
-e "/#transaction_url = tcp:\/\/testnet.libbitcoin.net:19094/ s/^#*#//" "$BX_CONF_FILE"
}
generate_pgp_key()
{
## Create user PGP key if the file is empty
if [ ! -f "$PGP_SEC_FILE" ]
then
[ "$DM_ACCOUNT_URL" ] || \
{ echo -en "\nGenerating new PGP key...\nPlease enter your site URL like https://example.com : " ; \
read DM_ACCOUNT_URL ;}
#GNUPGHOME="$(mktemp -d)" ; ## Works for gpg2
gpg --faked-system-time $(TZ=UTC date --date=$(date +'%Y-%m-%d') +%s) \
--pinentry-mode loopback --passphrase "$DM_PGP_PASSWORD" \
--openpgp --batch --gen-key 2>/dev/null <<-EOF
Key-Type: RSA
Key-Usage: cert,sign
Key-Length: 1024
Subkey-Type: RSA
Subkey-Usage: encr
Subkey-Length: 1024
Name-Real: Account_URL
Name-Comment: ${DM_ACCOUNT_URL:-https://example-$RANDOM$RANDOM.com}
Expire-Date: 0
EOF
tput setaf 2
cat <<-EOF
$(gpg -k --keyid-format long 2>/dev/null | tail -n5)
$(gpg --armor --export-secret-keys --passphrase "$DM_PGP_PASSWORD" | tee "$PGP_SEC_FILE")
EOF
tput sgr0
gpgconf --kill all
else
echo -e "NOTE: Your PGP key location: $PGP_SEC_FILE"
fi
## Change PGP keyfile owner
if [ -f "$PGP_SEC_FILE" ]; then
chown $UNAME:$UNAME "$PGP_SEC_FILE"
chmod 600 "$PGP_SEC_FILE"
fi
}
generate_btc_key()
{
## Create new Bitcoin keys. If user address (_DM_BITCOIN var) is empty.
_DM_BITCOIN="$(sed -n '/^[ \t]*\[module\]/,/\[/s/^[ \t]*address[ \t]*=[ \t]*//p' $CONF_FILES)"
B=$(tput bold ; tput setaf 1)
N=$(tput sgr0)
if [ -z "$_DM_BITCOIN" ]
then
## Generate bitcoin keys
PRIVKEY="$(cat /dev/random | tr -cd "[:digit:]" | head -c 64)"
PUBKEY="$(bx ec-to-public $PRIVKEY)"
BITCOIN="$(bx ec-to-address $PUBKEY)"
PRIVKEYWIF="$(bx ec-to-wif $PRIVKEY)"
## Write the bitcoin address to the daemon config
sed -i "/\[module\]/,/\[/ s/^#*address=.*/address=$BITCOIN/" $CONF_FILES
## Show bitcoin key
tee -a $BITCOIN_KEYS_BACKUP <<-EOF
${B}Please backup this BITCOIN KEY:${N}
Private key (WIF form): $PRIVKEYWIF
Public key: $PUBKEY
Bitcoin address: $BITCOIN
EOF
chmod 600 $BITCOIN_KEYS_BACKUP
else
test -f $BITCOIN_KEYS_BACKUP \
&& echo -e "NOTE: Your Bitcoin key saved to $(dirname $BITCOIN_KEYS_BACKUP)/${B}$(basename $BITCOIN_KEYS_BACKUP)${N}"\
|| echo -e "NOTE: Your Bitcoin address: $_DM_BITCOIN"
fi
}
generate_ssl_key()
{
## Generate self-signed certificate
if ! [ -f $WEB_KEY -a -f $WEB_CERT ]; then
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -batch \
-keyout $WEB_KEY \
-out $WEB_CERT
fi
if ! [ -f $WEB_DH ]; then
echo "Generating DH parameters, 1024 bit long safe prime"
openssl dhparam -out $WEB_DH 1024 2>/dev/null
fi
}
set_locale
init_config
generate_pgp_key
generate_btc_key
generate_ssl_key
## Run the daemon
/etc/init.d/nginx start
exec /usr/sbin/dm -p /etc/dm -c /etc/dm/dm.conf $@

194
docker/run.sh Executable file
View File

@@ -0,0 +1,194 @@
#!/bin/bash
##
## BitDeals Module configuration helper script for Docker Container.
## It writes an Environment variables to the daemon config files.
## And can generate a Bitcoin and PGP key filies at first start.
##
DM_LC_ALL=${DM_LC_ALL:-"en_US.UTF-8"}
DM_TZ=${DM_TZ:-"Etc/UTC"}
export DM_FORWEB=${DM_FORWEB:-127.0.0.1}
export DM_TESTNET=${DM_TESTNET:-false}
export DM_WEB_LANG=${DM_WEB_LANG:-en}
export YEAR=$(date '+%Y')
## Variable for tput color output
export TERM=xterm
set_locale()
{
## Setup locale
if [ "$DM_LC_ALL" ]; then
update-locale LC_ALL="$DM_LC_ALL" LANG="$DM_LC_ALL"
fi
## Setup Timezone
if [ "$DM_TZ" ]; then
echo $DM_TZ > /etc/timezone
ln -snf /usr/share/zoneinfo/$DM_TZ /etc/localtime
dpkg-reconfigure -f noninteractive tzdata
fi
}
init_config()
{
BITCOIN_KEYS_BACKUP="$UHOME/bitcoin.backup_and_remove"
NPROC="$(nproc)"
export WORKERS="${WORKERS:-$NPROC}"
export PGP_SEC_FILE="$UHOME/pgp-key.sec"
if [ "$DM_TESTNET" = false ]
then
export DM_OAUTH_WEB_SECRET="${DM_OAUTH_WEB_SECRET:-vTcvnpHbTmxxGP8AfRTHETXG}"
export DM_OAUTH_MODULE_SECRET="${DM_OAUTH_MODULE_SECRET:-6DbqdnrJEDeSmaBMuZZde9ec}"
export BITDEALS_PGP_FILE="/etc/dm/bitdeals.asc"
export BITDEALS_SERVER=mainnet.bitdeals.org
export BX_CONFIG="--config /usr/local/etc/libbitcoin/bx.cfg"
else
export DM_OAUTH_WEB_SECRET="${DM_OAUTH_WEB_SECRET:-4aJEJi3dsSypeUSRCah4gIIs}"
export DM_OAUTH_MODULE_SECRET="${DM_OAUTH_MODULE_SECRET:-TypQHP4TK44khO3cvOyuHYg3}"
export BITDEALS_PGP_FILE="/etc/dm/bitdeals-testnet.asc"
export BITDEALS_SERVER=testnet.bitdeals.org
export BX_CONFIG="--config /usr/local/etc/libbitcoin/bx-testnet.cfg"
fi
# User PGP secret key
if [ "$DM_PGP_SEC" ]; then
echo "$DM_PGP_SEC" > "$PGP_SEC_FILE"
fi
# BitDeals PGP public key
if [ "$DM_BITDEALS_PGP" ]; then
echo "$DM_BITDEALS_PGP" > "$BITDEALS_PGP_FILE"
fi
if [ "$DM_BITDEALS_PGP_FINGERPRINT" ]; then
for i in {1..3}; do gpg --keyserver keyserver.ubuntu.com --recv-keys "$BITDEALS_KEY_FINGERPRINT" && break; done && \
gpg --armor --export "$BITDEALS_KEY_FINGERPRINT" > "$BITDEALS_PGP_FILE"
gpgconf --kill all
fi
# Create log directory
install --directory --mode=755 --owner=$UNAME --group=$UNAME /var/log/dm
envsubst < /opt/dm.conf > /etc/dm/dm.conf
envsubst < /opt/conf/bitcoin.conf > /etc/dm/conf/bitcoin.conf
envsubst < /opt/oauth2/default.json > /etc/dm/oauth2/default.json
envsubst < /opt/oauth2/service.json > /etc/dm/oauth2/service.json
envsubst < /opt/sites/default.json > /etc/dm/sites/default.json
envsubst < /opt/web-config.js > /var/www/web/config.js
}
generate_pgp_key()
{
## Create user PGP key if the file is empty
if [ ! -f "$PGP_SEC_FILE" ]
then
if [ ! "$DM_ACCOUNT_URL" ]
then
echo -en "Generating new PGP key...\nPlease enter your site URL like https://example.com : "
read DM_ACCOUNT_URL \
|| { echo -en "\n" ; DM_ACCOUNT_URL="https://example-$RANDOM$RANDOM.com" ;}
fi
#GNUPGHOME="$(mktemp -d)" ; ## Works for gpg2
gpg --faked-system-time $(TZ=UTC date --date=$(date +'%Y-%m-%d') +%s) \
--pinentry-mode loopback --passphrase "$DM_PGP_PASSWORD" \
--openpgp --batch --gen-key 2>/dev/null <<-EOF
Key-Type: RSA
Key-Usage: cert,sign
Key-Length: 1024
Subkey-Type: RSA
Subkey-Usage: encr
Subkey-Length: 1024
Name-Real: Account_URL
Name-Comment: $DM_ACCOUNT_URL
Expire-Date: 0
EOF
tput setaf 2
cat <<-EOF
$(gpg -k --keyid-format long 2>/dev/null | tail -n5)
$(echo ; gpg --armor --export-secret-keys --passphrase "$DM_PGP_PASSWORD" | tee "$PGP_SEC_FILE")
EOF
tput sgr0
gpgconf --kill all
else
echo -e "NOTE: Your PGP key location: $PGP_SEC_FILE"
fi
## Change PGP keyfile owner
if [ -f "$PGP_SEC_FILE" ]; then
chown $UNAME:$UNAME "$PGP_SEC_FILE"
chmod 600 "$PGP_SEC_FILE"
fi
}
generate_btc_key()
{
## Create new Bitcoin keys. If user address (_DM_BITCOIN var) is empty.
_DM_BITCOIN="$(sed -n '/^[ \t]*\[module\]/,/\[/s/^[ \t]*address[ \t]*=[ \t]*//p' /etc/dm/dm.conf)"
B=$(tput bold ; tput setaf 1)
N=$(tput sgr0)
if [ -z "$_DM_BITCOIN" ]
then
## Generate bitcoin key pair
PRIVKEY="$(cat /dev/random | tr -cd "[:digit:]" | head -c 64)"
PUBKEY="$(/usr/local/bin/bx ec-to-public $PRIVKEY $BX_CONFIG)"
BITCOIN="$(/usr/local/bin/bx ec-to-address $PUBKEY $BX_CONFIG)"
PRIVKEYWIF="$(/usr/local/bin/bx ec-to-wif $PRIVKEY $BX_CONFIG)"
## Write the bitcoin address to the daemon config
sed -i "/\[module\]/,/\[/ s/^#*address=.*/address=$BITCOIN/" /etc/dm/dm.conf
## Show bitcoin key
tee -a $BITCOIN_KEYS_BACKUP <<-EOF
${B}Please backup this BITCOIN KEY:${N}
Private key (WIF form): $PRIVKEYWIF
Public key: $PUBKEY
Bitcoin address: $BITCOIN
EOF
chmod 600 $BITCOIN_KEYS_BACKUP
else
test -f $BITCOIN_KEYS_BACKUP \
&& echo -e "NOTE: Your Bitcoin key saved to $(dirname $BITCOIN_KEYS_BACKUP)/${B}$(basename $BITCOIN_KEYS_BACKUP)${N}"\
|| echo -e "NOTE: Your Bitcoin address: $_DM_BITCOIN\n"
fi
}
generate_ssl_key()
{
WEB_CERT="$UHOME/ssl-fullchain.pem"
WEB_KEY="$UHOME/ssl-privkey.pem"
WEB_DH="/etc/ssl/dhparam.pem"
## Generate self-signed certificate
if ! [ -f $WEB_KEY -a -f $WEB_CERT ]; then
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -batch \
-keyout $WEB_KEY \
-out $WEB_CERT
fi
if ! [ -f $WEB_DH ]; then
echo "Generating DH parameters, 1024 bit long safe prime"
openssl dhparam -out $WEB_DH 1024 2>/dev/null
fi
}
set_locale
init_config
generate_pgp_key
generate_btc_key
generate_ssl_key
## Run the daemon
/etc/init.d/nginx start
exec /usr/sbin/dm -p /etc/dm -c /etc/dm/dm.conf $@