From 6631c6fac670e639a7ea5a6f6066d256f92d821e Mon Sep 17 00:00:00 2001 From: wiz Date: Mon, 6 Jan 2020 01:14:53 +0900 Subject: [PATCH 1/8] Move Tor configuration into installation script, make clearnet optional --- README.md | 39 ++++++---------------------------- install_bsq_explorer_debian.sh | 26 ++++++++++++++++++++++- nginx.conf | 23 +++----------------- 3 files changed, 35 insertions(+), 53 deletions(-) diff --git a/README.md b/README.md index c496d3d..25ace43 100644 --- a/README.md +++ b/README.md @@ -18,11 +18,15 @@ Next, run the intallation script from this repo to install BSQ explorer as a sys ```bash curl -s https://raw.githubusercontent.com/bisq-network/bisq-explorer/master/install_bsq_explorer_debian.sh | sudo bash ``` -It will start the BSQ Explorer service and output the generated content as static HTML. You'll setup a webserver to serve this HTML in the next step. +It will start the BSQ Explorer service and serve the generated content as static HTML on a Tor hiddenservice onion hostname. +``` +[*] Done! +[*] Your BSQ Explorer hostname: http://qwertyuiop.onion +``` -### NGINX + Let's Encrypt +### Let's Encrypt (optional) -For the next step, you'll need to open ports 80 and 443 on your firewall for HTTP and HTTPS +If you also want to serve BSQ explorer on clearnet, you'll need to open ports 80 and 443 on your firewall for HTTP and HTTPS ```bash sudo ufw allow 80/tcp sudo ufw allow 443/tcp @@ -33,33 +37,4 @@ Request an SSL certificate for your server's hostname using certbot sudo certbot --nginx --agree-tos --non-interactive -m ssl@example.com -d explorer.example.com ``` -After you successfully obtain the SSL certificate, install the nginx.conf from this repo, and substite explorer.example.com with your server hostname -```bash -sudo wget -O /etc/nginx/nginx.conf https://raw.githubusercontent.com/bisq-network/bisq-explorer/master/nginx.conf -sudo sed -i -e 's!__HOSTNAME__!explorer.example.com!g' /etc/nginx/nginx.conf -sudo service nginx restart -``` - Now you should be able to access your BSQ explorer at https://explorer.example.com/ - -### Tor onion (optional) - -Add these lines to the bottom of /etc/tor/torrc -``` -HiddenServiceDir /var/lib/tor/bsqexplorer/ -HiddenServicePort 81 127.0.0.1:81 -HiddenServiceVersion 2 -``` - -Then restart Tor with the following command -```bash -sudo service tor restart -``` - -After Tor restarts, it will generate your onion hostname, get it by doing: - -```bash -sudo cat /var/lib/tor/bsqexplorer/hostname -``` - -Then you'll also be able to access your BSQ explorer over Tor at http://foo.onion/ diff --git a/install_bsq_explorer_debian.sh b/install_bsq_explorer_debian.sh index c1361d3..7875c12 100755 --- a/install_bsq_explorer_debian.sh +++ b/install_bsq_explorer_debian.sh @@ -15,14 +15,21 @@ ROOT_HOME=~root BISQ_USER=bisq BISQ_HOME=~bisq + EXPLORER_REPO_URL=https://github.com/bisq-network/bisq-explorer EXPLORER_REPO_NAME=bisq-explorer EXPLORER_REPO_TAG=master -EXPLORER_DEBIAN_PKG="python3-pip inotify-tools rsync nginx-core python-certbot-nginx" +EXPLORER_DEBIAN_PKG="python3-pip inotify-tools rsync nginx-core python-certbot-nginx tor" EXPLORER_PYTHON_PKG="simplejson gitpython" EXPLORER_BIN_PATH="/usr/local/bin" +EXPLORER_HIDDENSVC=bsqexplorer + +NGINX_CONFIGURATION=/etc/nginx/nginx.conf +TOR_CONFIGURATION=/etc/tor/torrc +TOR_RESOURCES=/var/lib/tor + ##### echo "[*] Cloning BSQ Explorer repo" @@ -36,6 +43,19 @@ sudo -H -i -u "${ROOT_USER}" DEBIAN_FRONTEND=noninteractive apt-get install -qq echo "[*] Installing BSQ Explorer python packages" sudo python3 -m pip install ${EXPLORER_PYTHON_PKG} +echo "[*] Adding Nginx configuration" +sudo -H -i -u "${ROOT_USER}" install -c -o "${ROOT_USER}" -g "${ROOT_GROUP}" -m 644 "${BISQ_HOME}/${EXPLORER_REPO_NAME}/nginx.conf" "${NGINX_CONFIGURATION}" + +echo "[*] Adding Tor configuration" +if ! grep bsqexplorer /etc/tor/torrc >/dev/null 2>&1;then + sudo -H -i -u "${ROOT_USER}" /bin/sh -c "echo HiddenServiceDir ${TOR_RESOURCES}/${EXPLORER_HIDDENSVC}/ >> ${TOR_CONFIGURATION}" + sudo -H -i -u "${ROOT_USER}" /bin/sh -c "echo HiddenServicePort 81 >> ${TOR_CONFIGURATION}" + sudo -H -i -u "${ROOT_USER}" /bin/sh -c "echo HiddenServiceVersion 2 >> ${TOR_CONFIGURATION}" +fi + +echo "[*] Restarting Tor" +sudo -H -i -u "${ROOT_USER}" service tor restart + echo "[*] Installing BSQ Explorer scripts" for script in bsq-index bsq-explorer;do sudo -H -i -u "${ROOT_USER}" install -c -o "${ROOT_USER}" -g "${ROOT_GROUP}" -m 755 "${BISQ_HOME}/${EXPLORER_REPO_NAME}/${script}" "${EXPLORER_BIN_PATH}" @@ -52,7 +72,11 @@ sudo -H -i -u "${ROOT_USER}" systemctl enable bsq-explorer.service echo "[*] Starting BSQ Explorer service" sudo -H -i -u "${ROOT_USER}" systemctl start bsq-explorer.service +sleep 5 sudo -H -i -u "${ROOT_USER}" journalctl --no-pager --unit bsq-explorer echo '[*] Done!' +echo -n '[*] Access your BSQ explorer at http://' +cat "${TOR_RESOURCES}/${EXPLORER_HIDDENSVC}/hostname" + exit 0 diff --git a/nginx.conf b/nginx.conf index 5ba6236..0092e33 100644 --- a/nginx.conf +++ b/nginx.conf @@ -34,17 +34,6 @@ http { listen [::]:80; server_name __HOSTNAME__; - if ($host = __HOSTNAME__) { - return 301 https://$host$request_uri; - } # managed by Certbot - - return 404; # managed by Certbot - } - - server { - listen 127.0.0.1:81; - server_name __HOSTNAME__; - index index.html; root /bisq/bisq-explorer/www; @@ -55,21 +44,15 @@ http { } server { - listen [::]:443 ssl http2; # managed by Certbot - listen 443 ssl http2; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/__HOSTNAME__/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/__HOSTNAME__/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot - - server_name __HOSTNAME__; # managed by Certbot + listen 127.0.0.1:81; + server_name __HOSTNAME__; index index.html; root /bisq/bisq-explorer/www; location / { expires 10s; - try_files $uri $uri/ =404; + try_files $uri $uri/ /index.html =404; } } } From 85ed8e539b441690f5dab66fa84f078bf9774945 Mon Sep 17 00:00:00 2001 From: wiz Date: Mon, 6 Jan 2020 01:26:33 +0900 Subject: [PATCH 2/8] Use certbot's interactive mode so user has to agree to LE's ToS --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 25ace43..1fa0946 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ sudo ufw allow 443/tcp Request an SSL certificate for your server's hostname using certbot ```bash -sudo certbot --nginx --agree-tos --non-interactive -m ssl@example.com -d explorer.example.com +sudo certbot --nginx -d explorer.example.com ``` Now you should be able to access your BSQ explorer at https://explorer.example.com/ From fb9e975d1e68bb854fc7de9174dec53e528286df Mon Sep 17 00:00:00 2001 From: wiz Date: Mon, 6 Jan 2020 01:29:39 +0900 Subject: [PATCH 3/8] Remove placeholder for server hostname in nginx.conf --- nginx.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nginx.conf b/nginx.conf index 0092e33..4d83c02 100644 --- a/nginx.conf +++ b/nginx.conf @@ -32,7 +32,7 @@ http { server { listen 80; listen [::]:80; - server_name __HOSTNAME__; + server_name _; index index.html; root /bisq/bisq-explorer/www; @@ -45,7 +45,7 @@ http { server { listen 127.0.0.1:81; - server_name __HOSTNAME__; + server_name _; index index.html; root /bisq/bisq-explorer/www; From 11c30c1f28daded8b6fc4a5f60a093935f9b65d4 Mon Sep 17 00:00:00 2001 From: wiz Date: Mon, 6 Jan 2020 01:30:19 +0900 Subject: [PATCH 4/8] Use Tor V3 onion hostname --- install_bsq_explorer_debian.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install_bsq_explorer_debian.sh b/install_bsq_explorer_debian.sh index 7875c12..98d17c8 100755 --- a/install_bsq_explorer_debian.sh +++ b/install_bsq_explorer_debian.sh @@ -50,7 +50,7 @@ echo "[*] Adding Tor configuration" if ! grep bsqexplorer /etc/tor/torrc >/dev/null 2>&1;then sudo -H -i -u "${ROOT_USER}" /bin/sh -c "echo HiddenServiceDir ${TOR_RESOURCES}/${EXPLORER_HIDDENSVC}/ >> ${TOR_CONFIGURATION}" sudo -H -i -u "${ROOT_USER}" /bin/sh -c "echo HiddenServicePort 81 >> ${TOR_CONFIGURATION}" - sudo -H -i -u "${ROOT_USER}" /bin/sh -c "echo HiddenServiceVersion 2 >> ${TOR_CONFIGURATION}" + sudo -H -i -u "${ROOT_USER}" /bin/sh -c "echo HiddenServiceVersion 3 >> ${TOR_CONFIGURATION}" fi echo "[*] Restarting Tor" From 733d9c6f1fe3b4cbe07fa5261f7029f78eae3e6c Mon Sep 17 00:00:00 2001 From: wiz Date: Mon, 6 Jan 2020 01:35:00 +0900 Subject: [PATCH 5/8] Update README with example Tor V3 hostname --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1fa0946..ca77080 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ curl -s https://raw.githubusercontent.com/bisq-network/bisq-explorer/master/inst It will start the BSQ Explorer service and serve the generated content as static HTML on a Tor hiddenservice onion hostname. ``` [*] Done! -[*] Your BSQ Explorer hostname: http://qwertyuiop.onion +[*] Access your BSQ explorer at http://jo5e5hqcpvbcw66djrmstb3yfcrqzcp4z4c6amqstp7acehcvc6ogsyd.onion ``` ### Let's Encrypt (optional) From 7dede048c01aff6443e6483c4a8219044ba9db08 Mon Sep 17 00:00:00 2001 From: wiz Date: Mon, 6 Jan 2020 01:37:41 +0900 Subject: [PATCH 6/8] Fix typo in Tor configuration --- install_bsq_explorer_debian.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install_bsq_explorer_debian.sh b/install_bsq_explorer_debian.sh index 98d17c8..286c9c2 100755 --- a/install_bsq_explorer_debian.sh +++ b/install_bsq_explorer_debian.sh @@ -49,7 +49,7 @@ sudo -H -i -u "${ROOT_USER}" install -c -o "${ROOT_USER}" -g "${ROOT_GROUP}" -m echo "[*] Adding Tor configuration" if ! grep bsqexplorer /etc/tor/torrc >/dev/null 2>&1;then sudo -H -i -u "${ROOT_USER}" /bin/sh -c "echo HiddenServiceDir ${TOR_RESOURCES}/${EXPLORER_HIDDENSVC}/ >> ${TOR_CONFIGURATION}" - sudo -H -i -u "${ROOT_USER}" /bin/sh -c "echo HiddenServicePort 81 >> ${TOR_CONFIGURATION}" + sudo -H -i -u "${ROOT_USER}" /bin/sh -c "echo HiddenServicePort 80 127.0.0.1:81 >> ${TOR_CONFIGURATION}" sudo -H -i -u "${ROOT_USER}" /bin/sh -c "echo HiddenServiceVersion 3 >> ${TOR_CONFIGURATION}" fi From 42b9d95e28a0c811de55e876bf934a2c89b612e7 Mon Sep 17 00:00:00 2001 From: wiz Date: Mon, 6 Jan 2020 01:49:10 +0900 Subject: [PATCH 7/8] Set default_server in nginx.conf for certbot parsing --- nginx.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nginx.conf b/nginx.conf index 4d83c02..a7e2646 100644 --- a/nginx.conf +++ b/nginx.conf @@ -30,8 +30,8 @@ http { gzip_types application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; # text/html is always compressed by gzip module server { - listen 80; - listen [::]:80; + listen 80 http2 default_server; + listen [::]:80 http2 ipv6only=on; server_name _; index index.html; From 18e5336a0ba36381765fff230cc2ef4a690b52e9 Mon Sep 17 00:00:00 2001 From: wiz Date: Mon, 6 Jan 2020 01:54:32 +0900 Subject: [PATCH 8/8] Move bisq-seednode configuration change into installation script as well --- README.md | 12 +----------- install_bsq_explorer_debian.sh | 4 ++++ 2 files changed, 5 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index ca77080..c9a1033 100644 --- a/README.md +++ b/README.md @@ -4,17 +4,7 @@ Follow these instructions to setup a [BSQ Explorer](https://explorer.bisq.networ ## Bisq Seednode -First, [setup your Bisq Seednode](https://github.com/bisq-network/bisq/tree/master/seednode#bisq-seed-node) so you have Tor, Bitcoin, and bisq-seednode running and fully synced. Then, enable BSQ data output on your Bisq Seednode with the following command -```bash -sudo sed -i -e 's!BISQ_DUMP_BLOCKCHAIN=false!BISQ_DUMP_BLOCKCHAIN=true!' /etc/default/bisq-seednode.env -sudo service bisq-seednode restart -``` - -It will take a few minutes before the seednode starts saving BSQ transaction data. - -## BSQ Explorer - -Next, run the intallation script from this repo to install BSQ explorer as a systemd service +First, [setup your Bisq Seednode](https://github.com/bisq-network/bisq/tree/master/seednode#bisq-seed-node) so you have Tor, Bitcoin, and bisq-seednode running and fully synced. Then, run the intallation script from this repo to install BSQ explorer as a systemd service ```bash curl -s https://raw.githubusercontent.com/bisq-network/bisq-explorer/master/install_bsq_explorer_debian.sh | sudo bash ``` diff --git a/install_bsq_explorer_debian.sh b/install_bsq_explorer_debian.sh index 286c9c2..f5337f5 100755 --- a/install_bsq_explorer_debian.sh +++ b/install_bsq_explorer_debian.sh @@ -32,6 +32,10 @@ TOR_RESOURCES=/var/lib/tor ##### +echo "[*] Enabling BSQ Explorer mode in Bisq-Seednode configuration" +sudo -H -i -u "${ROOT_USER}" sed -i -e 's!BISQ_DUMP_BLOCKCHAIN=false!BISQ_DUMP_BLOCKCHAIN=true!' "${SYSTEMD_ENV_HOME}/bisq-seednode.env" +sudo -H -i -u "${ROOT_USER}" service bisq-seednode restart + echo "[*] Cloning BSQ Explorer repo" sudo -H -i -u "${BISQ_USER}" git config --global advice.detachedHead false sudo -H -i -u "${BISQ_USER}" git clone --branch "${EXPLORER_REPO_TAG}" "${EXPLORER_REPO_URL}" "${BISQ_HOME}/${EXPLORER_REPO_NAME}"