kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 26 Pull Requests 2 Projects 2 Activity

Allow BTCPay API access over private network

Browse Source
This commit is contained in:
Basti 2022-05-24 13:08:41 +02:00
parent 6a85c2d5c6
commit 7a52f2bd89
Signed by untrusted user: basti
GPG Key ID: 9F88009D31D99C72
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
site-cookbooks/kosmos-bitcoin/recipes/btcpay.rb
View File

@ -97,13 +97,23 @@ systemd_unit 'btcpayserver.service' do
action [:create, :enable, :start] action [:create, :enable, :start]
end end
firewall_rule "BTCPay API private access" do
command :allow
port 23001
protocol :tcp
source "10.1.1.0/24"
end
# #
# HTTPS Reverse Proxy # HTTPS Reverse Proxy
# TODO move to separate recipe, nginx proxy role
# #
include_recipe "kosmos-nginx" include_recipe "kosmos-nginx"
server_name = node["btcpay"]["domain"] server_name = node["btcpay"]["domain"]
nginx_certbot_site server_name
template "#{node["nginx"]["dir"]}/sites-available/#{server_name}" do template "#{node["nginx"]["dir"]}/sites-available/#{server_name}" do
source "nginx_conf_btcpayserver.erb" source "nginx_conf_btcpayserver.erb"
owner node["nginx"]["user"] owner node["nginx"]["user"]
@ -118,5 +128,3 @@ end
nginx_site server_name do nginx_site server_name do
action :enable action :enable
end end
nginx_certbot_site server_name