diff --git a/docker-compose.yml b/docker-compose.yml index d88319d..162c444 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,10 +1,9 @@ version: "3" services: - bitdeals-module: + apostol-dm: image: bitdeals/apostol-dm environment: - DM_FORWEB=https://127.0.0.1 - - DM_WEBAUTH=0 - DM_TESTNET=1 - DM_BITCOIN= - DM_FEE=0.1% diff --git a/docker/.env b/docker/.env new file mode 100644 index 0000000..4925654 --- /dev/null +++ b/docker/.env @@ -0,0 +1,6 @@ +# +# Docker Compose environment file +# + +COMPOSE_PROJECT_NAME="bitdeals" + diff --git a/docker/Dockerfile b/docker/Dockerfile index 035bac8..3168321 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -19,7 +19,7 @@ ARG DEBIAN_FRONTEND="noninteractive" \ DEBCONF_NOWARNINGS="yes" RUN apt-get update -y ; \ apt-get upgrade -y ; \ - apt-get -y install --no-install-recommends locales tzdata jq moreutils; \ + apt-get -y install --no-install-recommends locales tzdata jq gettext-base; \ apt-get -y install --no-install-recommends gpg gpg-agent ; \ apt-get -y install --no-install-recommends nginx ; \ apt-get -y install --no-install-recommends openssl ca-certificates ; \ @@ -111,13 +111,30 @@ COPY --from=development /etc/init.d/dm /etc/init.d/dm COPY --from=development --chown=www-data:www-data $UHOME/web-build/build /var/www/web COPY --from=development --chown=$UNAME:$UNAME $UHOME/apostol-dm/docker/bitdeals-testnet.asc /etc/dm/bitdeals-testnet.asc COPY --from=development --chown=$UNAME:$UNAME $UHOME/apostol-dm/docker/bitdeals.asc /etc/dm/bitdeals.asc -COPY --from=development $UHOME/apostol-dm/docker/entrypoint.sh /entrypoint.sh +COPY --from=development $UHOME/apostol-dm/docker/run.sh /run.sh COPY nginx.conf /etc/nginx/sites-enabled/default +## Generate bx testnet config +RUN sed -e "/\[wallet\]/,/\[/ s/wif_version? =.*/wif_version = 239/" \ + -e "/\[wallet\]/,/\[/ s/hd_public_version =.*/hd_public_version = 70617039/" \ + -e "/\[wallet\]/,/\[/ s/hd_secret_version =.*/hd_secret_version = 70615956/" \ + -e "/\[wallet\]/,/\[/ s/pay_to_public_key_hash_version =.*/pay_to_public_key_hash_version = 111/" \ + -e "/\[wallet\]/,/\[/ s/pay_to_script_hash_version =.*/pay_to_script_hash_version = 196/" \ + -e "/\[network\]/,/\[/ s/identifier =.*/identifier = 118034699/" \ + -e "/seed = mainnet[0-9].libbitcoin.net:8333/ s/^#*/#/" \ + -e "/url = tcp:\/\/mainnet.libbitcoin.net:9091/ s/^#*/#/" \ + -e "/block_url = tcp:\/\/mainnet.libbitcoin.net:9093/ s/^#*/#/" \ + -e "/transaction_url = tcp:\/\/mainnet.libbitcoin.net:9094/ s/^#*/#/" \ + -e "/#seed = testnet[0-9].libbitcoin.net:18333/ s/^#*#//" \ + -e "/#url = tcp:\/\/testnet.libbitcoin.net:19091/ s/^#*#//" \ + -e "/#block_url = tcp:\/\/testnet.libbitcoin.net:19093/ s/^#*#//" \ + -e "/#transaction_url = tcp:\/\/testnet.libbitcoin.net:19094/ s/^#*#//" \ + /usr/local/etc/libbitcoin/bx.cfg > /usr/local/etc/libbitcoin/bx-testnet.cfg + #dm: error while loading shared libraries: libOpenPGP.so: cannot open shared object file: No such file or directory RUN ldconfig -RUN chmod 755 /entrypoint.sh +RUN chmod 755 /run.sh -CMD ["/entrypoint.sh"] +CMD ["/run.sh"] diff --git a/docker/dm/conf/bitcoin.conf b/docker/dm/conf/bitcoin.conf new file mode 100644 index 0000000..0b38fa6 --- /dev/null +++ b/docker/dm/conf/bitcoin.conf @@ -0,0 +1,30 @@ +[main] +## Bitcoin testnet +## default: false +testnet=$DM_TESTNET + +[endpoint] +## default: tcp://mainnet.libbitcoin.net:9091 +#url=tcp://testnet.libbitcoin.net:19091 + +[transaction] +## Transaction minimum output value +## default: 200 +#min_output=200 + +[miner] +## Transaction fee as a percentage of the deal amount +## ATTENTION: If the value is specified as a percentage, you MUST indicate the sign “%”, +## otherwise it will be a FIXED value in satoshi. + +## Transaction fee for miner +## default: 1% +#fee=1% + +## Transaction fee for miner (minimal) +## default: 200 +#min=200 + +## Transaction fee for miner (maximum) +## default: 2000 +#max=2000 diff --git a/docker/dm/dm.conf b/docker/dm/dm.conf new file mode 100644 index 0000000..c34c32e --- /dev/null +++ b/docker/dm/dm.conf @@ -0,0 +1,105 @@ +## Bitcoin Payment Service (Deal Module) config file + +[main] +user=$UNAME +group=$UNAME + +limitnofile=8192 + +## Count worker process +## default: 1 +workers=$WORKERS + +## Create helper process +## default: false +#helper=false + +## Create master process +## Master process run processes: +## - worker (if count not equal 0) +## - helper (if value equal true) +## - process/* (if enabled) +## default: true +master=true + +## Module: Web Service +[module/WebService] +## default: true +enable=true + +## Module: Web Socket +[module/WebSocket] +## default: false +enable=true + +[daemon] +## Run as daemon +## default: true +daemon=false + +## Pid file +## default: logs/dm.pid +pid=/run/dm.pid + +[log] +## Log files +## Available keys: alert, crit, error, warn, notice, info, debug +## default: error=logs/error.log +#alert=logs/error.log +crit=/var/log/dm/crit.log +error=/var/log/dm/error.log +#warn=/var/log/dm/error.log +#notice=/var/log/dm/message.log +#info=/var/log/dm/message.log +#debug=/var/log/dm/debug.log + +[stream] +log=/var/log/dm/stream.log + +## HTTP (Server) config section +[server] +## Listen address +## default: 0.0.0.0 +listen=0.0.0.0 + +## Listen port number +## default: 4977 +port=4999 + +## Connection timeout +## default: 5000 +#timeout=5000 + +## Default web server file path +root=www + +## Access log file +log=/var/log/dm/access.log + +[module] +## Module Bitcoin address +## default: empty +address=$DM_BITCOIN + +## OAuth2 configuration file +## default: service.json +oauth2=oauth2/service.json + +## Module transaction fee as a percentage of the deal amount +## ATTENTION: If the value is specified as a percentage, you MUST indicate the sign “%”, +## otherwise it will be a FIXED value in satoshi. +## default: 0.1% +fee=$DM_FEE + +[pgp] +## Path to PGP private file key +## default: empty +private=$PGP_SEC_FILE + +## Path to PGP public file key +## default: empty +public=$BITDEALS_PGP_FILE + +## PGP passphrase +## default: empty +passphrase=$DM_PGP_PASSWORD diff --git a/docker/dm/oauth2/default.json b/docker/dm/oauth2/default.json new file mode 100644 index 0000000..f869d4f --- /dev/null +++ b/docker/dm/oauth2/default.json @@ -0,0 +1,17 @@ +{ + "web": { + "issuers": ["accounts.bitdeals.org"], + "scopes": ["api","openid","profile","email"], + "client_id": "web-bitdeals.org", + "client_secret": "4aJEJi3dsSypeUSRCah4gIIs", + "algorithm": "HS256", + "auth_uri": "/oauth2/authorize", + "token_uri": "/oauth2/token", + "redirect_uris": [ + "http://127.0.0.1/oauth2/code", + "http://127.0.0.1/oauth2/callback", + "https://127.0.0.1/oauth2/code", + "https://127.0.0.1/oauth2/callback" + ] + } +} diff --git a/docker/dm/oauth2/service.json b/docker/dm/oauth2/service.json new file mode 100644 index 0000000..5e517bc --- /dev/null +++ b/docker/dm/oauth2/service.json @@ -0,0 +1,10 @@ +{ + "type": "service_account", + "issuers": ["accounts.bitdeals.org"], + "scopes": ["bitdeals"], + "client_id": "dm-bitdeals.org", + "client_secret": "TypQHP4TK44khO3cvOyuHYg3", + "algorithm": "HS256", + "auth_uri": "/oauth2/authorize", + "token_uri": "/oauth2/token" +} diff --git a/docker/dm/sites/default.json b/docker/dm/sites/default.json new file mode 100644 index 0000000..fcb4808 --- /dev/null +++ b/docker/dm/sites/default.json @@ -0,0 +1,11 @@ +{ + "hosts": ["127.0.0.1"], + "root": "/var/www/web", + "oauth2": { + "identifier": "/oauth/identifier", + "secret": "/oauth/secret", + "callback": "/", + "error": "/oauth/error", + "debug": "http://localhost:3000/" + } +} diff --git a/docker/dm/web-config.js b/docker/dm/web-config.js new file mode 100644 index 0000000..a28648b --- /dev/null +++ b/docker/dm/web-config.js @@ -0,0 +1,48 @@ +var appConfig = { + defaultLanguage: "$DM_WEB_LANG", + + creditsText: "BitDeals © $YEAR.", + creditsShortText: "BitDeals", + + confAuthorize: false, + signIn: "/signin", + signUp: "/signup", + + apiTokenUrl: "https://$BITDEALS_SERVER/oauth2/token", + apiDomain: "https://$BITDEALS_SERVER", + wsDomain: "wss://$BITDEALS_SERVER", + apiPath: "/api/v1", + apiClientId: "web-bitdeals.org", + + dmHost: "$DM_FORWEB", + dmPath: "/api/v1", + + publicContentPath: "/content/md", + publicContentMenu: { + "menu.about": "/info/about", + "menu.manual": "/info/manual", + "menu.faq": "/info/faq", + "menu.terms": "/info/terms", + }, + + docLinks: { + "https://git.bitdeals.org/private/apostol-dm/src/branch/master/doc/REST-API-ru.md": "API Documentation", + "https://git.bitdeals.org/private/apostol-dm/issues": "DM Issues", + "https://matrix.bitdeals.org/#/room/#chan:matrix.bitdeals.org": "Users chat room", + }, + + confPrivateDash: true, + confDealModule: true, + + confAdmin: true, + adminReferences: { + agent: {}, + version: {}, + server: {}, + system: {}, + }, + + maxFileSize: 512000, +}; + +var appMessages = {}; diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh deleted file mode 100755 index a6b858b..0000000 --- a/docker/entrypoint.sh +++ /dev/null @@ -1,280 +0,0 @@ -#!/bin/bash - -## -## BitDeals Module configuration helper script for Docker Container. -## It writes an Environment variables to the daemon config files. -## And can generate a Bitcoin and PGP key filies at first start. -## - -## Web app requires the dmHost address should be accessable from your browser -DM_FORWEB=${DM_FORWEB:-https://127.0.0.1} -DM_WEBAUTH=${DM_WEBAUTH:-0} -DM_TESTNET=${DM_TESTNET:-0} -DM_LC_ALL=${DM_LC_ALL:-"en_US.UTF-8"} -DM_TZ=${DM_TZ:-"Etc/UTC"} - -BITDEALS_SERVER="${BITDEALS_SERVER:-https://mainnet.bitdeals.org}" -BITDEALS_SERVER_TESTNET="${BITDEALS_SERVER_TESTNET:-https://testnet.bitdeals.org}" -DM_OAUTH_WEB_SECRET="${DM_OAUTH_WEB_SECRET:-vTcvnpHbTmxxGP8AfRTHETXG}" -DM_OAUTH_MODULE_SECRET="${DM_OAUTH_MODULE_SECRET:-6DbqdnrJEDeSmaBMuZZde9ec}" -DM_OAUTH_WEB_SECRET_TESTNET="${DM_OAUTH_WEB_SECRET_TESTNET:-4aJEJi3dsSypeUSRCah4gIIs}" -DM_OAUTH_MODULE_SECRET_TESTNET="${DM_OAUTH_MODULE_SECRET_TESTNET:-TypQHP4TK44khO3cvOyuHYg3}" - -## Daemon config files -CONF_FILES=$(find /etc/dm/ -type f -name "*.conf" -not -name "default.conf") -BITDEALS_PGP_FILE="/etc/dm/bitdeals.asc" -BITDEALS_TESTNET_PGP_FILE="/etc/dm/bitdeals-testnet.asc" -PGP_SEC_FILE="$UHOME/pgp-key.sec" -BX_CONF_FILE="/usr/local/etc/libbitcoin/bx.cfg" -WEB_CONF_FILE="/var/www/web/config.js" -WEB_CONF_SITES="/etc/dm/sites/default.json" -WEB_CONF_OAUTH="/etc/dm/oauth2/default.json" -WEB_CONF_OAUTH_SERVICE="/etc/dm/oauth2/service.json" -WEB_CERT="$UHOME/ssl-fullchain.pem" -WEB_KEY="$UHOME/ssl-privkey.pem" -WEB_DH="/etc/ssl/dhparam.pem" -BITCOIN_KEYS_BACKUP="$UHOME/bitcoin.backup_and_remove" - -## Variable for tput color output -export TERM=xterm - -set_locale() -{ - ## Setup locale - if [ "$DM_LC_ALL" ]; then - update-locale LC_ALL="$DM_LC_ALL" LANG="$DM_LC_ALL" - fi - - ## Setup Timezone - if [ "$DM_TZ" ]; then - echo $DM_TZ > /etc/timezone - ln -snf /usr/share/zoneinfo/$DM_TZ /etc/localtime - dpkg-reconfigure -f noninteractive tzdata - fi -} - -init_config() -{ - ## Write a default variables to dm config - sed -i -e "/\[main\]/,/\[/ s/^#*user=.*/user=$UNAME/" \ - -e "/\[main\]/,/\[/ s/^#*group=.*/group=$UNAME/" \ - -e "/\[main\]/,/\[/ s/^#*workers=.*/workers=$(nproc)/" \ - -e "/\[module\/WebSocket\]/,/\[/ s/^#*enable=.*/enable=true/" \ - -e "/\[daemon\]/,/\[/ s/^#*daemon=.*/daemon=false/" \ - -e "/\[server\]/,/\[/ s/^#*listen=.*/listen=0.0.0.0/" \ - -e "/\[server\]/,/\[/ s/^#*port=.*/port=4999/" $CONF_FILES - - ## Change dm Website config - sed -i "s|dmHost:.*|dmHost: \"$DM_FORWEB\",|" $WEB_CONF_FILE - - if [ "$DM_WEBAUTH" = 1 -o "$DM_WEBAUTH" = true ]; then - sed -i 's/confAuthorize:.*/confAuthorize: true,/' $WEB_CONF_FILE - else - sed -i 's/confAuthorize:.*/confAuthorize: false,/' $WEB_CONF_FILE - fi - - if [ "$DM_LC_ALL" = "ru_RU.UTF-8" ]; then - sed -i 's/defaultLanguage:.*/defaultLanguage: "ru",/' $WEB_CONF_FILE - else - sed -i 's/defaultLanguage:.*/defaultLanguage: "en",/' $WEB_CONF_FILE - fi - - if [ "$DM_TESTNET" = 1 -o "$DM_TESTNET" = true ]; then - cat $WEB_CONF_OAUTH_SERVICE | \ - jq --arg i $DM_OAUTH_MODULE_SECRET_TESTNET '.client_secret=$i' | sponge $WEB_CONF_OAUTH_SERVICE - cat $WEB_CONF_OAUTH | \ - jq --arg i $DM_OAUTH_WEB_SECRET_TESTNET '.web.client_secret=$i' | sponge $WEB_CONF_OAUTH - cat $WEB_CONF_FILE | - sed -e "s|apiTokenUrl:.*|apiTokenUrl: \"$BITDEALS_SERVER_TESTNET/oauth2/token\",|" \ - -e "s|apiDomain:.*|apiDomain: \"$BITDEALS_SERVER_TESTNET\",|" \ - -e "s|wsDomain:.*|wsDomain: \"wss://$(basename $BITDEALS_SERVER_TESTNET)\",|" | sponge $WEB_CONF_FILE - else - cat $WEB_CONF_OAUTH_SERVICE | \ - jq --arg i $DM_OAUTH_MODULE_SECRET '.client_secret=$i' | sponge $WEB_CONF_OAUTH_SERVICE - cat $WEB_CONF_OAUTH | \ - jq --arg i $DM_OAUTH_WEB_SECRET '.web.client_secret=$i' | sponge $WEB_CONF_OAUTH - cat $WEB_CONF_FILE | - sed -e "s|apiTokenUrl:.*|apiTokenUrl: \"$BITDEALS_SERVER/oauth2/token\",|" \ - -e "s|apiDomain:.*|apiDomain: \"$BITDEALS_SERVER\",|" \ - -e "s|wsDomain:.*|wsDomain: \"wss://$(basename $BITDEALS_SERVER)\",|" | sponge $WEB_CONF_FILE - fi - - ## Add DM_FORWEB to dm oauth config - cat $WEB_CONF_OAUTH | \ - jq --arg host "$(basename $DM_FORWEB)" '.web.redirect_uris=[ - "http://"+$host+"/oauth2/code","http://"+$host+"/oauth2/callback", - "https://"+$host+"/oauth2/code","https://"+$host+"/oauth2/callback"]' | \ - sponge $WEB_CONF_OAUTH - cat $WEB_CONF_SITES | \ - jq --arg host "$(basename $DM_FORWEB)" '.hosts = [$host]' | \ - sponge $WEB_CONF_SITES - - ## Write the PGP keys locations to dm config - sed -i "/\[pgp\]/,/\[/ s%^#*private=.*%private=$PGP_SEC_FILE%" $CONF_FILES - - if [ "$DM_TESTNET" = 1 -o "$DM_TESTNET" = true ]; then - sed -i "/\[pgp\]/,/\[/ s%^#*public=.*%public=$BITDEALS_TESTNET_PGP_FILE%" $CONF_FILES - else - sed -i "/\[pgp\]/,/\[/ s%^#*public=.*%public=$BITDEALS_PGP_FILE%" $CONF_FILES - fi - - ## Write a user variables to the daemon config files. - if [ "$DM_BITCOIN" ]; then - sed -i "/\[module\]/,/\[/ s/^#*address=.*/address=$DM_BITCOIN/" $CONF_FILES - fi - if [ "$DM_FEE" ]; then - sed -i "/\[module\]/,/\[/ s/^#*fee=.*/fee=$DM_FEE/" $CONF_FILES - fi - if [ "$DM_PGP_PASSWORD" ] ; then - ## Escaping the '/' in password line for use it in `sed` - DM_PGP_PASSWORD="$(echo $DM_PGP_PASSWORD | sed 's/\//\\\//g')" - sed -i "/\[pgp\]/,/\[/ s/^#*passphrase=.*/passphrase=$DM_PGP_PASSWORD/" $CONF_FILES - fi - if [ "$DM_TESTNET" = 1 -o "$DM_TESTNET" = true ]; then - sed -i "/\[main\]/,/\[/ s/^#*testnet=.*/testnet=true/" $CONF_FILES - else - sed -i "/\[main\]/,/\[/ s/^#*testnet=.*/testnet=false/" $CONF_FILES - fi - - ## Download BitDeals key from keyserver - if [ "$DM_BITDEALS_PGP_FINGERPRINT" ]; then - test "$DM_TESTNET" = 1 -o "$DM_TESTNET" = true && LOCATION="$BITDEALS_TEST_PGP_FILE" || LOCATION="$BITDEALS_PGP_FILE" - for i in {1..2}; do gpg --keyserver keyserver.ubuntu.com --recv-keys "$BITDEALS_KEY_FINGERPRINT" && break; done && \ - gpg --armor --export "$BITDEALS_KEY_FINGERPRINT" > "$LOCATION" - gpgconf --kill all - fi - - ## Write PGP key variables to files - if [ "$DM_BITDEALS_PGP" ]; then - echo "$BITDEALS_PGP" > "$BITDEALS_PGP_FILE" - fi - if [ "$DM_BITDEALS_TESTNET_PGP" ]; then - echo "$BITDEALS_TESTNET_PGP" > "$BITDEALS_TESTNET_PGP_FILE" - fi - if [ "$DM_PGP_SEC" ]; then - echo "$DM_PGP_SEC" > "$PGP_SEC_FILE" - fi - - ## Setup testnet settings in libbitcoin-explorer config for new user bitcoin address generation - [ "$DM_TESTNET" = 1 -o "$DM_TESTNET" = true ] && \ - sed -i -e "/\[wallet\]/,/\[/ s/wif_version? =.*/wif_version = 239/" \ - -e "/\[wallet\]/,/\[/ s/hd_public_version =.*/hd_public_version = 70617039/" \ - -e "/\[wallet\]/,/\[/ s/hd_secret_version =.*/hd_secret_version = 70615956/" \ - -e "/\[wallet\]/,/\[/ s/pay_to_public_key_hash_version =.*/pay_to_public_key_hash_version = 111/" \ - -e "/\[wallet\]/,/\[/ s/pay_to_script_hash_version =.*/pay_to_script_hash_version = 196/" \ - -e "/\[network\]/,/\[/ s/identifier =.*/identifier = 118034699/" \ - -e "/seed = mainnet[0-9].libbitcoin.net:8333/ s/^#*/#/" \ - -e "/url = tcp:\/\/mainnet.libbitcoin.net:9091/ s/^#*/#/" \ - -e "/block_url = tcp:\/\/mainnet.libbitcoin.net:9093/ s/^#*/#/" \ - -e "/transaction_url = tcp:\/\/mainnet.libbitcoin.net:9094/ s/^#*/#/" \ - -e "/#seed = testnet[0-9].libbitcoin.net:18333/ s/^#*#//" \ - -e "/#url = tcp:\/\/testnet.libbitcoin.net:19091/ s/^#*#//" \ - -e "/#block_url = tcp:\/\/testnet.libbitcoin.net:19093/ s/^#*#//" \ - -e "/#transaction_url = tcp:\/\/testnet.libbitcoin.net:19094/ s/^#*#//" "$BX_CONF_FILE" -} - -generate_pgp_key() -{ - ## Create user PGP key if the file is empty - if [ ! -f "$PGP_SEC_FILE" ] - then - [ "$DM_ACCOUNT_URL" ] || \ - { echo -en "\nGenerating new PGP key...\nPlease enter your site URL like https://example.com : " ; \ - read DM_ACCOUNT_URL ;} - - #GNUPGHOME="$(mktemp -d)" ; ## Works for gpg2 - gpg --faked-system-time $(TZ=UTC date --date=$(date +'%Y-%m-%d') +%s) \ - --pinentry-mode loopback --passphrase "$DM_PGP_PASSWORD" \ - --openpgp --batch --gen-key 2>/dev/null <<-EOF - Key-Type: RSA - Key-Usage: cert,sign - Key-Length: 1024 - Subkey-Type: RSA - Subkey-Usage: encr - Subkey-Length: 1024 - Name-Real: Account_URL - Name-Comment: ${DM_ACCOUNT_URL:-https://example-$RANDOM$RANDOM.com} - Expire-Date: 0 -EOF - tput setaf 2 - cat <<-EOF - - $(gpg -k --keyid-format long 2>/dev/null | tail -n5) - $(gpg --armor --export-secret-keys --passphrase "$DM_PGP_PASSWORD" | tee "$PGP_SEC_FILE") - -EOF - tput sgr0 - gpgconf --kill all - else - echo -e "NOTE: Your PGP key location: $PGP_SEC_FILE" - fi - - ## Change PGP keyfile owner - if [ -f "$PGP_SEC_FILE" ]; then - chown $UNAME:$UNAME "$PGP_SEC_FILE" - chmod 600 "$PGP_SEC_FILE" - fi -} - -generate_btc_key() -{ - ## Create new Bitcoin keys. If user address (_DM_BITCOIN var) is empty. - _DM_BITCOIN="$(sed -n '/^[ \t]*\[module\]/,/\[/s/^[ \t]*address[ \t]*=[ \t]*//p' $CONF_FILES)" - - B=$(tput bold ; tput setaf 1) - N=$(tput sgr0) - - if [ -z "$_DM_BITCOIN" ] - then - ## Generate bitcoin keys - PRIVKEY="$(cat /dev/random | tr -cd "[:digit:]" | head -c 64)" - PUBKEY="$(bx ec-to-public $PRIVKEY)" - BITCOIN="$(bx ec-to-address $PUBKEY)" - PRIVKEYWIF="$(bx ec-to-wif $PRIVKEY)" - - ## Write the bitcoin address to the daemon config - sed -i "/\[module\]/,/\[/ s/^#*address=.*/address=$BITCOIN/" $CONF_FILES - - ## Show bitcoin key - tee -a $BITCOIN_KEYS_BACKUP <<-EOF - - ${B}Please backup this BITCOIN KEY:${N} - Private key (WIF form): $PRIVKEYWIF - Public key: $PUBKEY - Bitcoin address: $BITCOIN - -EOF - chmod 600 $BITCOIN_KEYS_BACKUP - else - test -f $BITCOIN_KEYS_BACKUP \ - && echo -e "NOTE: Your Bitcoin key saved to $(dirname $BITCOIN_KEYS_BACKUP)/${B}$(basename $BITCOIN_KEYS_BACKUP)${N}"\ - || echo -e "NOTE: Your Bitcoin address: $_DM_BITCOIN" - fi -} - -generate_ssl_key() -{ - ## Generate self-signed certificate - if ! [ -f $WEB_KEY -a -f $WEB_CERT ]; then - openssl req -x509 -nodes -days 365 -newkey rsa:2048 -batch \ - -keyout $WEB_KEY \ - -out $WEB_CERT - fi - if ! [ -f $WEB_DH ]; then - echo "Generating DH parameters, 1024 bit long safe prime" - openssl dhparam -out $WEB_DH 1024 2>/dev/null - fi -} - - -set_locale -init_config -generate_pgp_key -generate_btc_key -generate_ssl_key - - -## Run the daemon -/etc/init.d/nginx start -exec /usr/sbin/dm -p /etc/dm -c /etc/dm/dm.conf $@ - diff --git a/docker/run.sh b/docker/run.sh new file mode 100755 index 0000000..1956ec2 --- /dev/null +++ b/docker/run.sh @@ -0,0 +1,194 @@ +#!/bin/bash + +## +## BitDeals Module configuration helper script for Docker Container. +## It writes an Environment variables to the daemon config files. +## And can generate a Bitcoin and PGP key filies at first start. +## + +DM_LC_ALL=${DM_LC_ALL:-"en_US.UTF-8"} +DM_TZ=${DM_TZ:-"Etc/UTC"} + +export DM_FORWEB=${DM_FORWEB:-127.0.0.1} +export DM_TESTNET=${DM_TESTNET:-false} +export DM_WEB_LANG=${DM_WEB_LANG:-en} +export YEAR=$(date '+%Y') + +## Variable for tput color output +export TERM=xterm + +set_locale() +{ + ## Setup locale + if [ "$DM_LC_ALL" ]; then + update-locale LC_ALL="$DM_LC_ALL" LANG="$DM_LC_ALL" + fi + + ## Setup Timezone + if [ "$DM_TZ" ]; then + echo $DM_TZ > /etc/timezone + ln -snf /usr/share/zoneinfo/$DM_TZ /etc/localtime + dpkg-reconfigure -f noninteractive tzdata + fi +} + +init_config() +{ + BITCOIN_KEYS_BACKUP="$UHOME/bitcoin.backup_and_remove" + NPROC="$(nproc)" + export WORKERS="${WORKERS:-$NPROC}" + export PGP_SEC_FILE="$UHOME/pgp-key.sec" + + if [ "$DM_TESTNET" = false ] + then + export DM_OAUTH_WEB_SECRET="${DM_OAUTH_WEB_SECRET:-vTcvnpHbTmxxGP8AfRTHETXG}" + export DM_OAUTH_MODULE_SECRET="${DM_OAUTH_MODULE_SECRET:-6DbqdnrJEDeSmaBMuZZde9ec}" + export BITDEALS_PGP_FILE="/etc/dm/bitdeals.asc" + export BITDEALS_SERVER=mainnet.bitdeals.org + export BX_CONFIG="--config /usr/local/etc/libbitcoin/bx.cfg" + else + export DM_OAUTH_WEB_SECRET="${DM_OAUTH_WEB_SECRET:-4aJEJi3dsSypeUSRCah4gIIs}" + export DM_OAUTH_MODULE_SECRET="${DM_OAUTH_MODULE_SECRET:-TypQHP4TK44khO3cvOyuHYg3}" + export BITDEALS_PGP_FILE="/etc/dm/bitdeals-testnet.asc" + export BITDEALS_SERVER=testnet.bitdeals.org + export BX_CONFIG="--config /usr/local/etc/libbitcoin/bx-testnet.cfg" + fi + + # User PGP secret key + if [ "$DM_PGP_SEC" ]; then + echo "$DM_PGP_SEC" > "$PGP_SEC_FILE" + fi + + # BitDeals PGP public key + if [ "$DM_BITDEALS_PGP" ]; then + echo "$DM_BITDEALS_PGP" > "$BITDEALS_PGP_FILE" + fi + + if [ "$DM_BITDEALS_PGP_FINGERPRINT" ]; then + for i in {1..3}; do gpg --keyserver keyserver.ubuntu.com --recv-keys "$BITDEALS_KEY_FINGERPRINT" && break; done && \ + gpg --armor --export "$BITDEALS_KEY_FINGERPRINT" > "$BITDEALS_PGP_FILE" + gpgconf --kill all + fi + + # Create log directory + install --directory --mode=755 --owner=$UNAME --group=$UNAME /var/log/dm + + envsubst < /opt/dm.conf > /etc/dm/dm.conf + envsubst < /opt/conf/bitcoin.conf > /etc/dm/conf/bitcoin.conf + envsubst < /opt/oauth2/default.json > /etc/dm/oauth2/default.json + envsubst < /opt/oauth2/service.json > /etc/dm/oauth2/service.json + envsubst < /opt/sites/default.json > /etc/dm/sites/default.json + envsubst < /opt/web-config.js > /var/www/web/config.js +} + +generate_pgp_key() +{ + ## Create user PGP key if the file is empty + if [ ! -f "$PGP_SEC_FILE" ] + then + if [ ! "$DM_ACCOUNT_URL" ] + then + echo -en "Generating new PGP key...\nPlease enter your site URL like https://example.com : " + read DM_ACCOUNT_URL \ + || { echo -en "\n" ; DM_ACCOUNT_URL="https://example-$RANDOM$RANDOM.com" ;} + fi + + #GNUPGHOME="$(mktemp -d)" ; ## Works for gpg2 + gpg --faked-system-time $(TZ=UTC date --date=$(date +'%Y-%m-%d') +%s) \ + --pinentry-mode loopback --passphrase "$DM_PGP_PASSWORD" \ + --openpgp --batch --gen-key 2>/dev/null <<-EOF + Key-Type: RSA + Key-Usage: cert,sign + Key-Length: 1024 + Subkey-Type: RSA + Subkey-Usage: encr + Subkey-Length: 1024 + Name-Real: Account_URL + Name-Comment: $DM_ACCOUNT_URL + Expire-Date: 0 +EOF + tput setaf 2 + cat <<-EOF + + $(gpg -k --keyid-format long 2>/dev/null | tail -n5) + $(echo ; gpg --armor --export-secret-keys --passphrase "$DM_PGP_PASSWORD" | tee "$PGP_SEC_FILE") +EOF + tput sgr0 + gpgconf --kill all + else + echo -e "NOTE: Your PGP key location: $PGP_SEC_FILE" + fi + + ## Change PGP keyfile owner + if [ -f "$PGP_SEC_FILE" ]; then + chown $UNAME:$UNAME "$PGP_SEC_FILE" + chmod 600 "$PGP_SEC_FILE" + fi +} + +generate_btc_key() +{ + ## Create new Bitcoin keys. If user address (_DM_BITCOIN var) is empty. + _DM_BITCOIN="$(sed -n '/^[ \t]*\[module\]/,/\[/s/^[ \t]*address[ \t]*=[ \t]*//p' /etc/dm/dm.conf)" + + B=$(tput bold ; tput setaf 1) + N=$(tput sgr0) + + if [ -z "$_DM_BITCOIN" ] + then + ## Generate bitcoin key pair + PRIVKEY="$(cat /dev/random | tr -cd "[:digit:]" | head -c 64)" + PUBKEY="$(/usr/local/bin/bx ec-to-public $PRIVKEY $BX_CONFIG)" + BITCOIN="$(/usr/local/bin/bx ec-to-address $PUBKEY $BX_CONFIG)" + PRIVKEYWIF="$(/usr/local/bin/bx ec-to-wif $PRIVKEY $BX_CONFIG)" + + ## Write the bitcoin address to the daemon config + sed -i "/\[module\]/,/\[/ s/^#*address=.*/address=$BITCOIN/" /etc/dm/dm.conf + + ## Show bitcoin key + tee -a $BITCOIN_KEYS_BACKUP <<-EOF + +${B}Please backup this BITCOIN KEY:${N} +Private key (WIF form): $PRIVKEYWIF +Public key: $PUBKEY +Bitcoin address: $BITCOIN + +EOF + chmod 600 $BITCOIN_KEYS_BACKUP + else + test -f $BITCOIN_KEYS_BACKUP \ + && echo -e "NOTE: Your Bitcoin key saved to $(dirname $BITCOIN_KEYS_BACKUP)/${B}$(basename $BITCOIN_KEYS_BACKUP)${N}"\ + || echo -e "NOTE: Your Bitcoin address: $_DM_BITCOIN\n" + fi +} + +generate_ssl_key() +{ + WEB_CERT="$UHOME/ssl-fullchain.pem" + WEB_KEY="$UHOME/ssl-privkey.pem" + WEB_DH="/etc/ssl/dhparam.pem" + + ## Generate self-signed certificate + if ! [ -f $WEB_KEY -a -f $WEB_CERT ]; then + openssl req -x509 -nodes -days 365 -newkey rsa:2048 -batch \ + -keyout $WEB_KEY \ + -out $WEB_CERT + fi + if ! [ -f $WEB_DH ]; then + echo "Generating DH parameters, 1024 bit long safe prime" + openssl dhparam -out $WEB_DH 1024 2>/dev/null + fi +} + + +set_locale +init_config +generate_pgp_key +generate_btc_key +generate_ssl_key + + +## Run the daemon +/etc/init.d/nginx start +exec /usr/sbin/dm -p /etc/dm -c /etc/dm/dm.conf $@ +