diff --git a/docker-compose.le.yml b/docker-compose.le.yml deleted file mode 100644 index 90c7895..0000000 --- a/docker-compose.le.yml +++ /dev/null @@ -1,59 +0,0 @@ -version: "3.7" - -services: - traefik: - image: traefik:${TRAEFIK_TAG} - container_name: traefik - ports: - - 80:80 - - 443:443 - volumes: - - "./letsencrypt:/letsencrypt" - - "/var/run/docker.sock:/var/run/docker.sock:ro" - command: - - "--log.level=${TRAEFIK_LOGLEVEL}" - - "--providers.docker=true" - - "--providers.docker.exposedbydefault=false" - - "--entrypoints.web.address=:80" - - "--entrypoints.web.http.redirections.entryPoint.to=websecure" - - "--entrypoints.web.http.redirections.entryPoint.scheme=https" - - "--entrypoints.web.http.redirections.entrypoint.permanent=true" - - "--entrypoints.websecure.address=:443" - - "--certificatesresolvers.le.acme.httpchallenge=true" - - "--certificatesresolvers.le.acme.httpchallenge.entrypoint=web" - - "--certificatesresolvers.le.acme.email=${TRAEFIK_ACME_EMAIL}" - - "--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json" - restart: always - monerod: - container_name: monerod - image: sethsimmons/simple-monerod:${MONEROD_TAG} - command: >- - --restricted-rpc --public-node --no-igd --no-zmq - --enable-dns-blocklist --rpc-restricted-bind-ip=0.0.0.0 --rpc-restricted-bind-port=18089 --confirm-external-bind - --prune-blockchain - ports: - - "18080:18080" # Exposes P2P port - - "18089" - volumes: - - "monerod-data:/home/monero/.bitmonero" - labels: - - "traefik.enable=true" - - "traefik.http.routers.monerod.rule=(Host(`${DOMAIN}`))" - - "traefik.http.routers.monerod.entrypoints=websecure" - - "traefik.http.routers.monerod.tls.certresolver=le" - - "traefik.http.routers.monerod.service=monerod" - - "traefik.http.services.monerod.loadbalancer.server.port=18089" - - "traefik.http.middlewares.corsheader.headers.accessControlAllowOriginList=*" - - "traefik.http.routers.monerod.middlewares=corsheader" - restart: unless-stopped - - watchtower: - container_name: watchtower - image: containrrr/watchtower - volumes: - - /var/run/docker.sock:/var/run/docker.sock - labels: - - com.centurylinklabs.watchtower.enable="false" - command: --interval 360 --include-stopped -volumes: - monerod-data: {} diff --git a/docker-compose.nole.yml b/docker-compose.nole.yml deleted file mode 100644 index 5a5754d..0000000 --- a/docker-compose.nole.yml +++ /dev/null @@ -1,56 +0,0 @@ -services: - traefik: - image: traefik:${TRAEFIK_TAG} - container_name: traefik - ports: - - 80:80 - - 443:443 - volumes: - - "./letsencrypt:/letsencrypt" - - "/var/run/docker.sock:/var/run/docker.sock:ro" - command: - - "--log.level=${TRAEFIK_LOGLEVEL}" - - "--providers.docker=true" - - "--providers.docker.exposedbydefault=false" - - "--entrypoints.web.address=:80" - - "--entrypoints.web.http.redirections.entryPoint.to=websecure" - - "--entrypoints.web.http.redirections.entryPoint.scheme=https" - - "--entrypoints.web.http.redirections.entrypoint.permanent=true" - - "--entrypoints.websecure.address=:443" - restart: always - monerod: - container_name: monerod - image: sethsimmons/simple-monerod:${MONEROD_TAG} - command: >- - --restricted-rpc --public-node --no-igd --no-zmq - --enable-dns-blocklist --rpc-restricted-bind-ip=0.0.0.0 --rpc-restricted-bind-port=18089 --confirm-external-bind - --prune-blockchain - ports: - - "18080:18080" # Exposes P2P port - - "18089" - volumes: - - "monerod-data:/home/monero/.bitmonero" - labels: - - "traefik.enable=true" - - "traefik.http.routers.monerod.rule=(PathPrefix(`/`))" - - "traefik.http.routers.monerod.entrypoints=websecure" - - "traefik.http.routers.monerod.tls" - - "traefik.http.routers.monerod.service=monerod" - - "traefik.http.services.monerod.loadbalancer.server.port=18089" - - "traefik.http.middlewares.corsheader.headers.accessControlAllowOriginList=*" - - "traefik.http.routers.monerod.middlewares=corsheader" - restart: unless-stopped - - watchtower: - image: containrrr/watchtower - volumes: - - /var/run/docker.sock:/var/run/docker.sock - labels: - - com.centurylinklabs.watchtower.enable="false" - command: --interval 360 --include-stopped -volumes: - monerod-data: {} - -networks: - xmrsh: - name: xmrsh diff --git a/docker-compose.tor.yml b/docker-compose.tor.yml deleted file mode 100644 index 24493c1..0000000 --- a/docker-compose.tor.yml +++ /dev/null @@ -1,26 +0,0 @@ -version: "3.7" - -services: - tor: - container_name: tor - image: vdo1138/tor-hidden-service:${THS_TAG} - links: - - monerod - environment: - MONEROD_TOR_SERVICE_HOSTS: "80:monerod:18089" - volumes: - - tor-keys:/var/lib/tor/hidden_service/ - # secrets: - # - monerod - -volumes: - tor-keys: - {} - # driver: local - -# secrets: -# monerod: -# file: ./private_key_monerod_v3 -networks: - default: - name: ${NETWORK:-xmrsh_default} diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..58b0ab2 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,113 @@ +version: "3.7" + +x-traefik-command-le: &traefik-command-le + command: + - "--log.level=${TRAEFIK_LOGLEVEL}" + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--entrypoints.web.address=:${TRAEFIK_HTTP_PORT}" + - "--entrypoints.web.http.redirections.entryPoint.to=websecure" + - "--entrypoints.web.http.redirections.entryPoint.scheme=https" + - "--entrypoints.web.http.redirections.entrypoint.permanent=true" + - "--entrypoints.websecure.address=:${TRAEFIK_TLS_PORT}" + - "--certificatesresolvers.le.acme.httpchallenge=true" + - "--certificatesresolvers.le.acme.httpchallenge.entrypoint=web" + - "--certificatesresolvers.le.acme.email=${TRAEFIK_ACME_EMAIL}" + - "--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json" + +x-traefik-command-nole: &traefik-command-nole + command: + - "--log.level=${TRAEFIK_LOGLEVEL}" + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--entrypoints.web.address=:${TRAEFIK_HTTP_PORT}" + - "--entrypoints.web.http.redirections.entryPoint.to=websecure" + - "--entrypoints.web.http.redirections.entryPoint.scheme=https" + - "--entrypoints.web.http.redirections.entrypoint.permanent=true" + - "--entrypoints.websecure.address=:${TRAEFIK_TLS_PORT}" + +x-monerod-mainnet-command: &monerod-mainnet-command + command: >- + --restricted-rpc --public-node --no-igd --no-zmq + --enable-dns-blocklist --rpc-restricted-bind-ip=0.0.0.0 + --rpc-restricted-bind-port=${MONEROD_RPC_PORT} --confirm-external-bind + --prune-blockchain + +x-tor-service: &tor-service + tor: + container_name: tor + image: vdo1138/tor-hidden-service:${TOR_TAG} + links: + - monerod + environment: + MONEROD_TOR_SERVICE_HOSTS: "${TOR_HTTP_PORT}:monerod:${MONEROD_RPC_PORT}" + volumes: + - tor-keys:/var/lib/tor/hidden_service/ + +x-explorer-service: &explorer-service + explorer: + image: sethsimmons/xmrblocks:latest + container_name: explorer + restart: unless-stopped + volumes: + - monerod-data:/home/monero/.bitmonero + ports: + - ${EXPLORER_PORT} + labels: + - "traefik.enable=true" + - "traefik.http.routers.explorer.rule=(Host(`${DOMAIN}`) && PathPrefix(`/explorer`) )" + - "traefik.http.routers.explorer.entrypoints=websecure" + - "traefik.http.routers.explorer.tls" + - "traefik.http.routers.explorer.service=explorer" + - "traefik.http.services.explorer.loadbalancer.server.port=${EXPLORER_PORT}" + # - "traefik.http.routers.explorer.tls.certresolver=le" #!le + +x-watchtower-service: &watchtower-service + watchtower: + container_name: watchtower + image: containrrr/watchtower:latest + volumes: + - /var/run/docker.sock:/var/run/docker.sock + labels: + - com.centurylinklabs.watchtower.enable="false" + command: --interval 360 --include-stopped + +services: + traefik: + image: traefik:${TRAEFIK_TAG} + container_name: traefik + ports: + - ${TRAEFIK_HTTP_PORT}:${TRAEFIK_HTTP_PORT} + - ${TRAEFIK_TLS_PORT}:${TRAEFIK_TLS_PORT} + volumes: + # - "./letsencrypt:/letsencrypt" #!le + - "/var/run/docker.sock:/var/run/docker.sock:ro" + <<: *traefik-command-nole #!traefik-command + restart: always + monerod: + container_name: monerod + image: sethsimmons/simple-monerod:${MONEROD_TAG} + <<: *monerod-mainnet-command #!monerod-command + ports: + - "${MONEROD_P2P_PORT}:${MONEROD_P2P_PORT}" # Exposes P2P port + - "${MONEROD_RPC_PORT}" + volumes: + - "monerod-data:/home/monero/.bitmonero" + labels: + - "traefik.enable=true" + - "traefik.http.routers.monerod.rule=(Host(`${DOMAIN}`))" + - "traefik.http.routers.monerod.entrypoints=websecure" + - "traefik.http.routers.monerod.tls" + - "traefik.http.routers.monerod.service=monerod" + - "traefik.http.services.monerod.loadbalancer.server.port=${MONEROD_RPC_PORT}" + # - "traefik.http.routers.monerod.tls.certresolver=le" #!le + # - "traefik.http.middlewares.corsheader.headers.accessControlAllowOriginList=${MONEROD_accessControlAllowOriginList}" #!cors + # - "traefik.http.routers.monerod.middlewares=corsheader" #!cors + restart: unless-stopped + + # <<: *tor-service #!tor + # <<: *explorer-service #!explorer + # <<: *watchtower-service #!watchtower +volumes: + monerod-data: {} + # tor-keys: {} #!tor diff --git a/installer.sh b/installer.sh index f66615e..eb7f8e3 100755 --- a/installer.sh +++ b/installer.sh @@ -68,6 +68,7 @@ DOCKER_COMPOSE_INSTALLED=false DOCKER_COMPOSE_VERSION="v2.5.0" DEPENDENCIES="git curl" ONION="Not Available" +TLS_PORT="443" TLS_DOMAIN="" TLS_EMAIL="" @@ -181,18 +182,18 @@ install_xmrsh() { if [ ! -d "$XMRSH_DIR" ]; then git clone -b "${XMRSH_BRANCH}" "${XMRSH_URL}" "${XMRSH_DIR}" >>"${XMRSH_LOG_FILE}" 2>&1 check_return $? + pushd "${XMRSH_DIR}" >>"${XMRSH_LOG_FILE}" 2>&1 || return else echo -e "${Ok}" - echo -e "${WarnBullet}Warning: xmr.sh already present in ${XMRSH_DIR}" + echo -e "${WarnBullet}Warning: xmr.sh already present in ${XMRSH_DIR}" #FIXME: This should probably exit return fi echo -e "${Ok}" } -read_tls_domain() { +configure_tls_domain() { echo -e "${OkBullet}Enter the desired domain for the Let's Encrypt SSL certificate." read -r -e -p " Leave empty to use a self signed certificate []: " TLS_DOMAIN - pushd "${XMRSH_DIR}" >>"${XMRSH_LOG_FILE}" 2>&1 || return if [ -n "${TLS_DOMAIN}" ]; then while ! echo "${TLS_DOMAIN}" | grep -qP '(?=^.{5,254}$)(^(?:(?!\d+\.)[a-zA-Z0-9_\-]{1,63}\.?)+(?:[a-zA-Z]{2,})$)'; do echo -e "${WarnBullet}Domain not valid." @@ -208,11 +209,73 @@ read_tls_domain() { sed -i "s/DOMAIN=.*/DOMAIN=${TLS_DOMAIN}/g" .env sed -i "s/TRAEFIK_ACME_EMAIL=.*/TRAEFIK_ACME_EMAIL=${TLS_EMAIL}/g" .env # Enable LE settings in compose - sed -i '/#!le/s/# //g' docker-compose.template.yml - sed -i "/#\!traefik-command/s/\*traefik-command-nole/\*traefik-command-le/g" docker-compose.template.yml + sed -i '/#!le/s/# //g' docker-compose.yml + sed -i "/#\!traefik-command/s/\*traefik-command-nole/\*traefik-command-le/g" docker-compose.yml fi } +configure_cors() { + echo -e "${OkBullet}Configuring CORS..." + while true; do + read -r -e -p " Do you want to enabe CORS headers so the node can be used in webapps? [y/n]: " yn + case $yn in + [Yy]*) + sed -i '/#!cors/s/# //g' docker-compose.yml + break + ;; + [Nn]*) break ;; + *) echo " Please answer yes or no." ;; + esac + done +} + +configure_tor() { + echo -e "${OkBullet}Configuring tor..." + while true; do + read -r -e -p " Do you want to enable a Tor hidden service? [y/n]: " yn + case $yn in + [Yy]*) + sed -i '/#!tor/s/# //g' docker-compose.yml + ENABLE_TOR=true + break + ;; + [Nn]*) break ;; + *) echo " Please answer yes or no." ;; + esac + done +} + +configure_explorer() { + echo -e "${OkBullet}Configuring explorer..." + while true; do + read -r -e -p " Do you want to enable an explorer service? [y/n]: " yn + case $yn in + [Yy]*) + sed -i '/#!explorer/s/# //g' docker-compose.yml + ENABLE_EXPLORER=true + break + ;; + [Nn]*) break ;; + *) echo " Please answer yes or no." ;; + esac + done +} + +configure_watchtower() { + echo -e "${OkBullet}Configuring watchtower..." + while true; do + read -r -e -p " Do you want to enable automatic updates using watchtower? [y/n]: " yn + case $yn in + [Yy]*) + sed -i '/#!watchtower/s/# //g' docker-compose.yml + break + ;; + [Nn]*) break ;; + *) echo " Please answer yes or no." ;; + esac + done +} + # get_public_ip() { # # Using dig: # # dig +short txt ch whoami.cloudflare @1.0.0.1 @@ -224,22 +287,16 @@ validate_domain() { } start_xmrsh() { - pushd "${XMRSH_DIR}" >>"${XMRSH_LOG_FILE}" 2>&1 || return - echo -ne "${OkBullet}Starting monero node... ${Off}" + echo -ne "${OkBullet}Starting monero node and services... ${Off}" docker-compose pull >>"${XMRSH_LOG_FILE}" 2>&1 check_return $? docker-compose up -d >>"${XMRSH_LOG_FILE}" 2>&1 check_return $? - echo -e "${Ok}" -} -start_xmrsh_tor() { - pushd "${XMRSH_DIR}" >>"${XMRSH_LOG_FILE}" 2>&1 || return - echo -ne "${OkBullet}Starting tor hidden service... ${Off}" - docker-compose -f docker-compose.yml -f docker-compose.tor.yml up -d >>"${XMRSH_LOG_FILE}" 2>&1 - check_return $? - sleep 3 - ONION=$(docker logs tor 2>&1 | grep Entrypoint | cut -d " " -f 8) + if ENABLE_TOR = true; then + sleep 3 + ONION=$(docker logs tor 2>&1 | grep Entrypoint | cut -d " " -f 8) + fi echo -e "${Ok}" } @@ -256,9 +313,9 @@ completed() { echo echo -e " ${Red}┌───────────────────────────────────────────────────────────────────────────[info]──" if [ -n "$TLS_DOMAIN" ]; then - echo -e " ${Red}│${Stat} URL: ${StatInfo}${TLS_DOMAIN}:443" + echo -e " ${Red}│${Stat} URL: ${StatInfo}${TLS_DOMAIN}:${TLS_PORT}" fi - echo -e " ${Red}│${Stat} Public IP: ${StatInfo}$(curl -s ifconfig.co 2>>"${XMRSH_LOG_FILE}"):443" + echo -e " ${Red}│${Stat} Public IP: ${StatInfo}$(curl -s ifconfig.co 2>>"${XMRSH_LOG_FILE}"):${TLS_PORT}" echo -e " ${Red}│${Stat} Onion Service: ${StatInfo}$ONION" echo -e " ${Red}│" echo @@ -280,9 +337,12 @@ if [ $DOCKER_INSTALLED = true ] && [ $DOCKER_COMPOSE_INSTALLED = false ]; then fi install_xmrsh -read_tls_domain +configure_tls_domain +configure_cors +configure_tor +configure_explorer +configure_watchtower start_xmrsh -start_xmrsh_tor completed exit 0