nginx config scripts update

Author: openoms

nginx/bonus.SSL_for_RTL.sh

@@ -2,16 +2,27 @@
 # To download and run:
 # $ wget https://github.com/openoms/bitcoin-tutorials/raw/master/nginx/bonus.SSL_for_RTL.sh && bash bonus.SSL_for_RTL.sh
 
-
 # For the certificate to be obtained successfully a dynamic DNS and port forwarding is needed
 # Need to forward port 80 to the IP of your RaspiBlitz for certbot
 # Forward port 3002 to be able to access RTL from outside of your LAN
 
 # https://www.raspberrypi.org/documentation/remote-access/web-server/nginx.md
 
+# check for certbot and nginx
+if dpkg -l | grep -qw "certbot"; then
+  echo "# certbot is already installed"
+else
+  sudo apt install -y certbot
+fi
+if dpkg -l | grep -qw "nginx"; then
+  echo "# nginx is already installed"
+else
+  sudo apt install -y nginx
+fi
+
 echo ""
 echo "***"
-echo "Please confirm that the port 80 is forwarded to the IP of the RaspiBlitz by pressing [ENTER]" 
+echo "Please confirm that the port 80 is forwarded to the IP of the RaspiBlitz by pressing [ENTER]"
 read key
 
 echo ""
@@ -74,7 +85,6 @@ RestartSec=60
 
 sudo systemctl enable certbot.timer
 
-
 echo "Setting up nginx.conf"
 echo "***"
 echo ""
@@ -88,7 +98,7 @@ elif [ ${isRTL} -eq 0 ]; then
         isStream=$(sudo cat /etc/nginx/nginx.conf 2>/dev/null | grep -c 'stream {')
         if [ ${isStream} -eq 0 ]; then
 
-        echo "
+                echo "
 stream {
         upstream RTL {
                 server 127.0.0.1:3000;

nginx/btcpayserver_subdomain.sh

@@ -3,6 +3,18 @@
 # WORK IN PROGRESS
 # see https://gist.github.com/NicolasDorier/1a7fce6836ee55a7fa2c7f65417b88b5
 
+# check for certbot and nginx
+if dpkg -l | grep -qw "certbot"; then
+  echo "# certbot is already installed"
+else
+  sudo apt install -y certbot
+fi
+if dpkg -l | grep -qw "nginx"; then
+  echo "# nginx is already installed"
+else
+  sudo apt install -y nginx
+fi
+
 echo "
 Input your email:
 "

nginx/custom_website_subdomain.sh

@@ -1,5 +1,17 @@
 #!/bin/bash
 
+# check for certbot and nginx
+if dpkg -l | grep -qw "certbot"; then
+  echo "# certbot is already installed"
+else
+  sudo apt install -y certbot
+fi
+if dpkg -l | grep -qw "nginx"; then
+  echo "# nginx is already installed"
+else
+  sudo apt install -y nginx
+fi
+
 echo "
 Input your email:
 "

nginx/electrum_server_subdomain.sh

@@ -1,5 +1,17 @@
 #!/bin/bash
 
+# check for certbot and nginx
+if dpkg -l | grep -qw "certbot"; then
+  echo "# certbot is already installed"
+else
+  sudo apt install -y certbot
+fi
+if dpkg -l | grep -qw "nginx"; then
+  echo "# nginx is already installed"
+else
+  sudo apt install -y nginx
+fi
+
 echo "
 Input your email:
 "

nginx/https_redirect_to_subdomain.sh

@@ -1,5 +1,17 @@
 #!/bin/bash
 
+# check for certbot and nginx
+if dpkg -l | grep -qw "certbot"; then
+  echo "# certbot is already installed"
+else
+  sudo apt install -y certbot
+fi
+if dpkg -l | grep -qw "nginx"; then
+  echo "# nginx is already installed"
+else
+  sudo apt install -y nginx
+fi
+
 echo "
 Input your email:
 "

nginx/mempool_subdomain.sh

@@ -1,5 +1,17 @@
 #!/bin/bash
 
+# check for certbot and nginx
+if dpkg -l | grep -qw "certbot"; then
+  echo "# certbot is already installed"
+else
+  sudo apt install -y certbot
+fi
+if dpkg -l | grep -qw "nginx"; then
+  echo "# nginx is already installed"
+else
+  sudo apt install -y nginx
+fi
+
 echo "
 Input your email:"
 read EMAIL

nginx/nostr-relay.sh

@@ -1,5 +1,17 @@
 #!/bin/bash
 
+# check for certbot and nginx
+if dpkg -l | grep -qw "certbot"; then
+  echo "# certbot is already installed"
+else
+  sudo apt install -y certbot
+fi
+if dpkg -l | grep -qw "nginx"; then
+  echo "# nginx is already installed"
+else
+  sudo apt install -y nginx
+fi
+
 echo "
 Input your email:
 "
@@ -24,8 +36,8 @@ eg.: /nostrrelay/nNZ59JFH
 read RELAY
 
 sudo certbot certonly -a standalone -m $EMAIL --agree-tos \
--d $SUBDOMAIN --expand -n --pre-hook "service nginx stop" \
---post-hook "service nginx start" || exit 1
+  -d $SUBDOMAIN --expand -n --pre-hook "service nginx stop" \
+  --post-hook "service nginx start" || exit 1
 
 # copy in place on a remote machine if needed
 #sudo cat /etc/letsencrypt/live/$SUBDOMAIN/fullchain.pem
@@ -51,29 +63,21 @@ server {
   ssl_trusted_certificate /etc/letsencrypt/live/$SUBDOMAIN/chain.pem;
 
   location / {
-    proxy_pass      https://${SUBDOMAIN}${RELAY};
-    # to allow wss:// connections
+    proxy_pass ${SERVER}${RELAY};
+
+    # WebSocket support
     proxy_http_version 1.1;
-    proxy_set_header Upgrade \$http_upgrade;
-    proxy_set_header Connection \"upgrade\";
+    proxy_set_header Upgrade \$http_upgrade; # Upgrade header for WebSocket
+    proxy_set_header Connection \"upgrade\"; # Connection header for WebSocket
 
-    # from https://github.com/rootzoll/raspiblitz/blob/v1.7/home.admin/assets/nginx/snippets/ssl-proxy-params.conf
-    proxy_SERVER off;
-    proxy_set_header Host \$http_host;
+    # Additional headers
+    proxy_set_header Host \$host;
     proxy_set_header X-Real-IP \$remote_addr;
     proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto https;
-  }
 
-  location $RELAY {
-    proxy_pass      $SERVER;
-    proxy_http_version 1.1;
-    proxy_set_header Upgrade \$http_upgrade;
-    proxy_set_header Connection \"upgrade\";
-    proxy_set_header Host \$host;
-    proxy_set_header X-Real-IP \$remote_addr;
-    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
-    proxy_set_header X-Forwarded-Proto \$scheme;
+    # Disable proxy redirects
+    proxy_redirect off;
   }
 }" | sudo tee /etc/nginx/sites-available/$SUBDOMAIN