Git-Mirrors/xmr.sh
1
0
Fork 0
mirror of https://github.com/lalanza808/xmr.sh.git synced 2025-05-10 21:45:00 -04:00
Code Issues Projects Releases Packages Wiki Activity

Configure cors, tor, explorer, watchtower

Browse source
This commit is contained in:
vdo 2022-05-27 11:43:08 +01:00
parent 168c0bba97
commit d46b04c943
No known key found for this signature in database
GPG key ID: F10AD1E5C08EA7E2
5 changed files with 193 additions and 161 deletions
Download patch file Download diff file Expand all files Collapse all files

59
docker-compose.le.yml
View file

@ -1,59 +0,0 @@
version: "3.7"
services:
traefik:
image: traefik:${TRAEFIK_TAG}
container_name: traefik
ports:
- 80:80
- 443:443
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
command:
- "--log.level=${TRAEFIK_LOGLEVEL}"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
- "--entrypoints.web.http.redirections.entrypoint.permanent=true"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.le.acme.httpchallenge=true"
- "--certificatesresolvers.le.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.le.acme.email=${TRAEFIK_ACME_EMAIL}"
- "--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json"
restart: always
monerod:
container_name: monerod
image: sethsimmons/simple-monerod:${MONEROD_TAG}
command: >-
--restricted-rpc --public-node --no-igd --no-zmq
--enable-dns-blocklist --rpc-restricted-bind-ip=0.0.0.0 --rpc-restricted-bind-port=18089 --confirm-external-bind
--prune-blockchain
ports:
- "18080:18080" # Exposes P2P port
- "18089"
volumes:
- "monerod-data:/home/monero/.bitmonero"
labels:
- "traefik.enable=true"
- "traefik.http.routers.monerod.rule=(Host(`${DOMAIN}`))"
- "traefik.http.routers.monerod.entrypoints=websecure"
- "traefik.http.routers.monerod.tls.certresolver=le"
- "traefik.http.routers.monerod.service=monerod"
- "traefik.http.services.monerod.loadbalancer.server.port=18089"
- "traefik.http.middlewares.corsheader.headers.accessControlAllowOriginList=*"
- "traefik.http.routers.monerod.middlewares=corsheader"
restart: unless-stopped
watchtower:
container_name: watchtower
image: containrrr/watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
labels:
- com.centurylinklabs.watchtower.enable="false"
command: --interval 360 --include-stopped
volumes:
monerod-data: {}

56
docker-compose.nole.yml
View file

@ -1,56 +0,0 @@
services:
traefik:
image: traefik:${TRAEFIK_TAG}
container_name: traefik
ports:
- 80:80
- 443:443
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
command:
- "--log.level=${TRAEFIK_LOGLEVEL}"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
- "--entrypoints.web.http.redirections.entrypoint.permanent=true"
- "--entrypoints.websecure.address=:443"
restart: always
monerod:
container_name: monerod
image: sethsimmons/simple-monerod:${MONEROD_TAG}
command: >-
--restricted-rpc --public-node --no-igd --no-zmq
--enable-dns-blocklist --rpc-restricted-bind-ip=0.0.0.0 --rpc-restricted-bind-port=18089 --confirm-external-bind
--prune-blockchain
ports:
- "18080:18080" # Exposes P2P port
- "18089"
volumes:
- "monerod-data:/home/monero/.bitmonero"
labels:
- "traefik.enable=true"
- "traefik.http.routers.monerod.rule=(PathPrefix(`/`))"
- "traefik.http.routers.monerod.entrypoints=websecure"
- "traefik.http.routers.monerod.tls"
- "traefik.http.routers.monerod.service=monerod"
- "traefik.http.services.monerod.loadbalancer.server.port=18089"
- "traefik.http.middlewares.corsheader.headers.accessControlAllowOriginList=*"
- "traefik.http.routers.monerod.middlewares=corsheader"
restart: unless-stopped
watchtower:
image: containrrr/watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
labels:
- com.centurylinklabs.watchtower.enable="false"
command: --interval 360 --include-stopped
volumes:
monerod-data: {}
networks:
xmrsh:
name: xmrsh

26
docker-compose.tor.yml
View file

@ -1,26 +0,0 @@
version: "3.7"
services:
tor:
container_name: tor
image: vdo1138/tor-hidden-service:${THS_TAG}
links:
- monerod
environment:
MONEROD_TOR_SERVICE_HOSTS: "80:monerod:18089"
volumes:
- tor-keys:/var/lib/tor/hidden_service/
# secrets:
# - monerod
volumes:
tor-keys:
{}
# driver: local
# secrets:
# monerod:
# file: ./private_key_monerod_v3
networks:
default:
name: ${NETWORK:-xmrsh_default}

113
docker-compose.yml Normal file
View file

@ -0,0 +1,113 @@
version: "3.7"
x-traefik-command-le: &traefik-command-le
command:
- "--log.level=${TRAEFIK_LOGLEVEL}"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:${TRAEFIK_HTTP_PORT}"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
- "--entrypoints.web.http.redirections.entrypoint.permanent=true"
- "--entrypoints.websecure.address=:${TRAEFIK_TLS_PORT}"
- "--certificatesresolvers.le.acme.httpchallenge=true"
- "--certificatesresolvers.le.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.le.acme.email=${TRAEFIK_ACME_EMAIL}"
- "--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json"
x-traefik-command-nole: &traefik-command-nole
command:
- "--log.level=${TRAEFIK_LOGLEVEL}"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:${TRAEFIK_HTTP_PORT}"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
- "--entrypoints.web.http.redirections.entrypoint.permanent=true"
- "--entrypoints.websecure.address=:${TRAEFIK_TLS_PORT}"
x-monerod-mainnet-command: &monerod-mainnet-command
command: >-
--restricted-rpc --public-node --no-igd --no-zmq
--enable-dns-blocklist --rpc-restricted-bind-ip=0.0.0.0
--rpc-restricted-bind-port=${MONEROD_RPC_PORT} --confirm-external-bind
--prune-blockchain
x-tor-service: &tor-service
tor:
container_name: tor
image: vdo1138/tor-hidden-service:${TOR_TAG}
links:
- monerod
environment:
MONEROD_TOR_SERVICE_HOSTS: "${TOR_HTTP_PORT}:monerod:${MONEROD_RPC_PORT}"
volumes:
- tor-keys:/var/lib/tor/hidden_service/
x-explorer-service: &explorer-service
explorer:
image: sethsimmons/xmrblocks:latest
container_name: explorer
restart: unless-stopped
volumes:
- monerod-data:/home/monero/.bitmonero
ports:
- ${EXPLORER_PORT}
labels:
- "traefik.enable=true"
- "traefik.http.routers.explorer.rule=(Host(`${DOMAIN}`) && PathPrefix(`/explorer`) )"
- "traefik.http.routers.explorer.entrypoints=websecure"
- "traefik.http.routers.explorer.tls"
- "traefik.http.routers.explorer.service=explorer"
- "traefik.http.services.explorer.loadbalancer.server.port=${EXPLORER_PORT}"
# - "traefik.http.routers.explorer.tls.certresolver=le" #!le
x-watchtower-service: &watchtower-service
watchtower:
container_name: watchtower
image: containrrr/watchtower:latest
volumes:
- /var/run/docker.sock:/var/run/docker.sock
labels:
- com.centurylinklabs.watchtower.enable="false"
command: --interval 360 --include-stopped
services:
traefik:
image: traefik:${TRAEFIK_TAG}
container_name: traefik
ports:
- ${TRAEFIK_HTTP_PORT}:${TRAEFIK_HTTP_PORT}
- ${TRAEFIK_TLS_PORT}:${TRAEFIK_TLS_PORT}
volumes:
# - "./letsencrypt:/letsencrypt" #!le
- "/var/run/docker.sock:/var/run/docker.sock:ro"
<<: *traefik-command-nole #!traefik-command
restart: always
monerod:
container_name: monerod
image: sethsimmons/simple-monerod:${MONEROD_TAG}
<<: *monerod-mainnet-command #!monerod-command
ports:
- "${MONEROD_P2P_PORT}:${MONEROD_P2P_PORT}" # Exposes P2P port
- "${MONEROD_RPC_PORT}"
volumes:
- "monerod-data:/home/monero/.bitmonero"
labels:
- "traefik.enable=true"
- "traefik.http.routers.monerod.rule=(Host(`${DOMAIN}`))"
- "traefik.http.routers.monerod.entrypoints=websecure"
- "traefik.http.routers.monerod.tls"
- "traefik.http.routers.monerod.service=monerod"
- "traefik.http.services.monerod.loadbalancer.server.port=${MONEROD_RPC_PORT}"
# - "traefik.http.routers.monerod.tls.certresolver=le" #!le
# - "traefik.http.middlewares.corsheader.headers.accessControlAllowOriginList=${MONEROD_accessControlAllowOriginList}" #!cors
# - "traefik.http.routers.monerod.middlewares=corsheader" #!cors
restart: unless-stopped
# <<: *tor-service #!tor
# <<: *explorer-service #!explorer
# <<: *watchtower-service #!watchtower
volumes:
monerod-data: {}
# tor-keys: {} #!tor

100
installer.sh
View file

@ -68,6 +68,7 @@ DOCKER_COMPOSE_INSTALLED=false
DOCKER_COMPOSE_VERSION="v2.5.0"
DEPENDENCIES="git curl"
ONION="Not Available"
TLS_PORT="443"
TLS_DOMAIN=""
TLS_EMAIL=""
@ -181,18 +182,18 @@ install_xmrsh() {
if [ ! -d "$XMRSH_DIR" ]; then
git clone -b "${XMRSH_BRANCH}" "${XMRSH_URL}" "${XMRSH_DIR}" >>"${XMRSH_LOG_FILE}" 2>&1
check_return $?
pushd "${XMRSH_DIR}" >>"${XMRSH_LOG_FILE}" 2>&1 || return
else
echo -e "${Ok}"
echo -e "${WarnBullet}Warning: xmr.sh already present in ${XMRSH_DIR}"
echo -e "${WarnBullet}Warning: xmr.sh already present in ${XMRSH_DIR}" #FIXME: This should probably exit
return
fi
echo -e "${Ok}"
}
read_tls_domain() {
configure_tls_domain() {
echo -e "${OkBullet}Enter the desired domain for the Let's Encrypt SSL certificate."
read -r -e -p " Leave empty to use a self signed certificate []: " TLS_DOMAIN
pushd "${XMRSH_DIR}" >>"${XMRSH_LOG_FILE}" 2>&1 || return
if [ -n "${TLS_DOMAIN}" ]; then
while ! echo "${TLS_DOMAIN}" | grep -qP '(?=^.{5,254}$)(^(?:(?!\d+\.)[a-zA-Z0-9_\-]{1,63}\.?)+(?:[a-zA-Z]{2,})$)'; do
echo -e "${WarnBullet}Domain not valid."
@ -208,11 +209,73 @@ read_tls_domain() {
sed -i "s/DOMAIN=.*/DOMAIN=${TLS_DOMAIN}/g" .env
sed -i "s/TRAEFIK_ACME_EMAIL=.*/TRAEFIK_ACME_EMAIL=${TLS_EMAIL}/g" .env
# Enable LE settings in compose
sed -i '/#!le/s/# //g' docker-compose.template.yml
sed -i "/#\!traefik-command/s/\*traefik-command-nole/\*traefik-command-le/g" docker-compose.template.yml
sed -i '/#!le/s/# //g' docker-compose.yml
sed -i "/#\!traefik-command/s/\*traefik-command-nole/\*traefik-command-le/g" docker-compose.yml
fi
}
configure_cors() {
echo -e "${OkBullet}Configuring CORS..."
while true; do
read -r -e -p " Do you want to enabe CORS headers so the node can be used in webapps? [y/n]: " yn
case $yn in
[Yy]*)
sed -i '/#!cors/s/# //g' docker-compose.yml
break
;;
[Nn]*) break ;;
*) echo " Please answer yes or no." ;;
esac
done
}
configure_tor() {
echo -e "${OkBullet}Configuring tor..."
while true; do
read -r -e -p " Do you want to enable a Tor hidden service? [y/n]: " yn
case $yn in
[Yy]*)
sed -i '/#!tor/s/# //g' docker-compose.yml
ENABLE_TOR=true
break
;;
[Nn]*) break ;;
*) echo " Please answer yes or no." ;;
esac
done
}
configure_explorer() {
echo -e "${OkBullet}Configuring explorer..."
while true; do
read -r -e -p " Do you want to enable an explorer service? [y/n]: " yn
case $yn in
[Yy]*)
sed -i '/#!explorer/s/# //g' docker-compose.yml
ENABLE_EXPLORER=true
break
;;
[Nn]*) break ;;
*) echo " Please answer yes or no." ;;
esac
done
}
configure_watchtower() {
echo -e "${OkBullet}Configuring watchtower..."
while true; do
read -r -e -p " Do you want to enable automatic updates using watchtower? [y/n]: " yn
case $yn in
[Yy]*)
sed -i '/#!watchtower/s/# //g' docker-compose.yml
break
;;
[Nn]*) break ;;
*) echo " Please answer yes or no." ;;
esac
done
}
# get_public_ip() {
# # Using dig:
# # dig +short txt ch whoami.cloudflare @1.0.0.1
@ -224,22 +287,16 @@ validate_domain() {
}
start_xmrsh() {
pushd "${XMRSH_DIR}" >>"${XMRSH_LOG_FILE}" 2>&1 || return
echo -ne "${OkBullet}Starting monero node... ${Off}"
echo -ne "${OkBullet}Starting monero node and services... ${Off}"
docker-compose pull >>"${XMRSH_LOG_FILE}" 2>&1
check_return $?
docker-compose up -d >>"${XMRSH_LOG_FILE}" 2>&1
check_return $?
echo -e "${Ok}"
}
start_xmrsh_tor() {
pushd "${XMRSH_DIR}" >>"${XMRSH_LOG_FILE}" 2>&1 || return
echo -ne "${OkBullet}Starting tor hidden service... ${Off}"
docker-compose -f docker-compose.yml -f docker-compose.tor.yml up -d >>"${XMRSH_LOG_FILE}" 2>&1
check_return $?
sleep 3
ONION=$(docker logs tor 2>&1 | grep Entrypoint | cut -d " " -f 8)
if ENABLE_TOR = true; then
sleep 3
ONION=$(docker logs tor 2>&1 | grep Entrypoint | cut -d " " -f 8)
fi
echo -e "${Ok}"
}
@ -256,9 +313,9 @@ completed() {
echo
echo -e " ${Red}┌───────────────────────────────────────────────────────────────────────────[info]──"
if [ -n "$TLS_DOMAIN" ]; then
echo -e " ${Red}${Stat} URL: ${StatInfo}${TLS_DOMAIN}:443"
echo -e " ${Red}${Stat} URL: ${StatInfo}${TLS_DOMAIN}:${TLS_PORT}"
fi
echo -e " ${Red}${Stat} Public IP: ${StatInfo}$(curl -s ifconfig.co 2>>"${XMRSH_LOG_FILE}"):443"
echo -e " ${Red}${Stat} Public IP: ${StatInfo}$(curl -s ifconfig.co 2>>"${XMRSH_LOG_FILE}"):${TLS_PORT}"
echo -e " ${Red}${Stat} Onion Service: ${StatInfo}$ONION"
echo -e " ${Red}"
echo
@ -280,9 +337,12 @@ if [ $DOCKER_INSTALLED = true ] && [ $DOCKER_COMPOSE_INSTALLED = false ]; then
fi
install_xmrsh
read_tls_domain
configure_tls_domain
configure_cors
configure_tor
configure_explorer
configure_watchtower
start_xmrsh
start_xmrsh_tor
completed
exit 0