From 7ff983b8151f895163b1d57f446154eff8f4d7a7 Mon Sep 17 00:00:00 2001
From: Taylor Helsper <tehelsper@gmail.com>
Date: Mon, 17 Aug 2020 20:27:07 -0500
Subject: [PATCH] Add HTTPS for Mempool and BTC Pay Server

---
 .../sites-enabled/https_btcpayserver.conf     | 17 +++++++++++
 .../sites-enabled/https_mempoolspace.conf     | 17 +++++++++++
 rootfs/standard/usr/bin/mynode_firewall.sh    |  2 ++
 .../var/www/mynode/templates/main.html        | 30 +++++++++++++++----
 4 files changed, 61 insertions(+), 5 deletions(-)
 create mode 100644 rootfs/standard/etc/nginx/sites-enabled/https_btcpayserver.conf
 create mode 100644 rootfs/standard/etc/nginx/sites-enabled/https_mempoolspace.conf

diff --git a/rootfs/standard/etc/nginx/sites-enabled/https_btcpayserver.conf b/rootfs/standard/etc/nginx/sites-enabled/https_btcpayserver.conf
new file mode 100644
index 00000000..ff8dbb4a
--- /dev/null
+++ b/rootfs/standard/etc/nginx/sites-enabled/https_btcpayserver.conf
@@ -0,0 +1,17 @@
+server {
+    listen 49393 ssl;
+    server_name btcpayserver;
+
+    include /etc/nginx/mynode/mynode_ssl_params.conf;
+    include /etc/nginx/mynode/mynode_ssl_cert_key.conf;
+
+    access_log /var/log/nginx/access_btcpayserver.log;
+    error_log /var/log/nginx/error_btcpayserver.log;
+
+    location / {
+        proxy_pass http://127.0.0.1:49392;
+
+        include /etc/nginx/mynode/mynode_ssl_proxy_params.conf;
+    }
+
+}
\ No newline at end of file
diff --git a/rootfs/standard/etc/nginx/sites-enabled/https_mempoolspace.conf b/rootfs/standard/etc/nginx/sites-enabled/https_mempoolspace.conf
new file mode 100644
index 00000000..8cbcf338
--- /dev/null
+++ b/rootfs/standard/etc/nginx/sites-enabled/https_mempoolspace.conf
@@ -0,0 +1,17 @@
+server {
+    listen 4081 ssl;
+    server_name mempool;
+
+    include /etc/nginx/mynode/mynode_ssl_params.conf;
+    include /etc/nginx/mynode/mynode_ssl_cert_key.conf;
+
+    access_log /var/log/nginx/access_mempool.log;
+    error_log /var/log/nginx/error_mempool.log;
+
+    location / {
+        proxy_pass http://127.0.0.1:4080;
+
+        include /etc/nginx/mynode/mynode_ssl_proxy_params.conf;
+    }
+
+}
\ No newline at end of file
diff --git a/rootfs/standard/usr/bin/mynode_firewall.sh b/rootfs/standard/usr/bin/mynode_firewall.sh
index dd3c774c..5b8364b3 100755
--- a/rootfs/standard/usr/bin/mynode_firewall.sh
+++ b/rootfs/standard/usr/bin/mynode_firewall.sh
@@ -40,6 +40,7 @@ ufw allow 3020  comment 'allow Caravan'
 ufw allow 3030  comment 'allow Thunderhub'
 ufw allow 3031  comment 'allow Thunderhub HTTPS'
 ufw allow 4080  comment 'allow Mempool'
+ufw allow 4081  comment 'allow Mempool HTTPS'
 ufw allow 5000  comment 'allow LNBits'
 ufw allow 5001  comment 'allow LNBits HTTPS'
 ufw allow 5353  comment 'allow Avahi'
@@ -52,6 +53,7 @@ ufw allow 6771  comment 'allow myNode QuickSync (LPD)'
 ufw allow 19999 comment 'allow Netdata'
 ufw allow 25441 comment 'allow Specter Desktop'
 ufw allow 49392 comment 'allow BTCPay Server-direct'
+ufw allow 49393 comment 'allow BTCPay Server-direct HTTPS'
 ufw allow 51194 comment 'allow VPN'
 ufw allow 61208 comment 'allow Glances'
 ufw allow from 127.0.0.1 comment 'allow from localhost'
diff --git a/rootfs/standard/var/www/mynode/templates/main.html b/rootfs/standard/var/www/mynode/templates/main.html
index 5ada8fa1..573105ae 100644
--- a/rootfs/standard/var/www/mynode/templates/main.html
+++ b/rootfs/standard/var/www/mynode/templates/main.html
@@ -23,17 +23,29 @@
                 })
 
                 $("#rtl").on("click", function() {
-                    url = 'https://'+location.hostname+':3011'
+                    port="3010"
+                    if (location.protocol == "https:") {
+                        port="3011"
+                    }
+                    url = location.protocol+'//'+location.hostname+':'+port
                     window.open(url,'_blank');
                 })
 
                 $("#lnbits").on("click", function() {
-                    url = 'https://'+location.hostname+':5001'
+                    port="5000"
+                    if (location.protocol == "https:") {
+                        port="5001"
+                    }
+                    url = location.protocol+'//'+location.hostname+':'+port
                     window.open(url,'_blank');
                 })
 
                 $("#thunderhub").on("click", function() {
-                    url = 'https://'+location.hostname+':3031'
+                    port="3030"
+                    if (location.protocol == "https:") {
+                        port="3031"
+                    }
+                    url = location.protocol+'//'+location.hostname+':'+port
                     window.open(url,'_blank');
                 })
 
@@ -52,12 +64,20 @@
                 })
 
                 $("#mempoolspace").on("click", function() {
-                    url = 'http://'+location.hostname+':4080'
+                    port="4080"
+                    if (location.protocol == "https:") {
+                        port="4081"
+                    }
+                    url = location.protocol+'//'+location.hostname+':'+port
                     window.open(url,'_blank');
                 })
 
                 $("#btcpayserver").on("click", function() {
-                    url = 'http://'+location.hostname+':49392'
+                    port="49392"
+                    if (location.protocol == "https:") {
+                        port="49393"
+                    }
+                    url = location.protocol+'//'+location.hostname+':'+port
                     window.open(url,'_blank');
                 })