feat: bitcoin-ui CSS fix, HTTPS proxy support, deploy script improvements
Bitcoin UI: - Replace cdn.tailwindcss.com with locally bundled tailwind.css (CSP blocks external scripts) - Make all asset paths relative for nginx proxy compatibility - Add bitcoin-ui build/deploy to deploy-to-target.sh (was missing entirely) - Use --network host (bitcoin-ui proxies Bitcoin RPC at 127.0.0.1:8332) HTTPS mixed content fix: - Add HTTPS_PROXY_PATHS in AppSession.vue — when parent page is HTTPS, iframe loads through nginx proxy instead of direct HTTP port - Prevents browser blocking HTTP iframes inside HTTPS pages - All Tailscale servers use HTTPS, this was breaking all app iframes Deploy & first-boot improvements: - first-boot-containers.sh auto-detects disk size for pruning vs txindex - first-boot-containers.sh checks fallback source path for UI containers - Added mempool-electrs to APP_PORTS mapping - ElectrumX container creation in first-boot - Podman doctor/fix/uptime skills added Also includes: session persistence, identity management, LND transactions, ElectrumX status UI, nostr-provider improvements, Web5 enhancements Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -607,10 +607,10 @@ PYEOF
|
||||
' 2>&1 | sed 's/^/ /' || true
|
||||
fi
|
||||
|
||||
# Rebuild and recreate Electrs UI container (port 50002)
|
||||
echo "$(timestamp) Rebuilding Electrs UI..."
|
||||
# Rebuild and recreate ElectrumX UI container (port 50002)
|
||||
echo "$(timestamp) Rebuilding ElectrumX UI..."
|
||||
if ssh $SSH_OPTS "$TARGET_HOST" "cd $TARGET_DIR/docker/electrs-ui && (command -v podman >/dev/null 2>&1 && sudo podman build --no-cache -t electrs-ui:latest . || sudo docker build --no-cache -t electrs-ui:latest .)" 2>&1 | tail -12 | sed 's/^/ /'; then
|
||||
echo " Recreating Electrs UI container (port 50002, host network)..."
|
||||
echo " Recreating ElectrumX UI container (port 50002, host network)..."
|
||||
ssh $SSH_OPTS "$TARGET_HOST" '
|
||||
DOCKER=podman
|
||||
command -v podman >/dev/null 2>&1 || DOCKER=docker
|
||||
@@ -621,7 +621,22 @@ PYEOF
|
||||
' 2>&1 | sed 's/^/ /' || true
|
||||
fi
|
||||
|
||||
# Bitcoin Knots: required for Mempool, Electrs, BTCPay, Fedimint
|
||||
# Rebuild and recreate Bitcoin UI container (host network, port 8334 in nginx.conf)
|
||||
# Host network required: bitcoin-ui proxies Bitcoin RPC at 127.0.0.1:8332
|
||||
echo "$(timestamp) Rebuilding Bitcoin UI..."
|
||||
if ssh $SSH_OPTS "$TARGET_HOST" "cd $TARGET_DIR/docker/bitcoin-ui && (command -v podman >/dev/null 2>&1 && sudo podman build --no-cache -t bitcoin-ui:latest . || sudo docker build --no-cache -t bitcoin-ui:latest .)" 2>&1 | tail -12 | sed 's/^/ /'; then
|
||||
echo " Recreating Bitcoin UI container (port 8334, host network)..."
|
||||
ssh $SSH_OPTS "$TARGET_HOST" '
|
||||
DOCKER=podman
|
||||
command -v podman >/dev/null 2>&1 || DOCKER=docker
|
||||
for c in $(sudo $DOCKER ps -a --format "{{.Names}}" 2>/dev/null | grep -i bitcoin-ui); do
|
||||
[ -n "$c" ] && sudo $DOCKER stop "$c" 2>/dev/null; sudo $DOCKER rm -f "$c" 2>/dev/null
|
||||
done
|
||||
sudo $DOCKER run -d --name archy-bitcoin-ui --network host --restart unless-stopped bitcoin-ui:latest
|
||||
' 2>&1 | sed 's/^/ /' || true
|
||||
fi
|
||||
|
||||
# Bitcoin Knots: required for Mempool, ElectrumX, BTCPay, Fedimint
|
||||
TARGET_IP="$(echo "$TARGET_HOST" | cut -d@ -f2)"
|
||||
echo "$(timestamp) Ensuring Bitcoin Knots..."
|
||||
ssh $SSH_OPTS "$TARGET_HOST" "
|
||||
@@ -632,7 +647,7 @@ PYEOF
|
||||
if ! sudo \$DOCKER ps --format '{{.Names}}' 2>/dev/null | grep -qE 'bitcoin-knots|archy-bitcoin-knots'; then
|
||||
echo ' Creating Bitcoin Knots (mainnet, archipelago RPC)...'
|
||||
sudo mkdir -p /var/lib/archipelago/bitcoin
|
||||
# Demo mode: prune=550 saves ~194GB disk, but disables txindex (incompatible with electrs)
|
||||
# Demo mode: prune=550 saves ~194GB disk, but disables txindex (incompatible with electrumx)
|
||||
if [ "$DEMO" = "true" ]; then
|
||||
BTC_EXTRA_ARGS="-prune=550"
|
||||
BTC_DBCACHE=512
|
||||
@@ -664,7 +679,7 @@ PYEOF
|
||||
TARGET_IP='$TARGET_IP'
|
||||
NET_OPT='--network archy-net'
|
||||
# Clean any duplicate/old mempool containers (user may have two versions)
|
||||
# EXCLUDE mempool-electrs - indexing takes days, do not recreate on every deploy
|
||||
# EXCLUDE electrumx/mempool-electrs - indexing takes days, do not recreate on every deploy
|
||||
for c in mempool mempool-api mempool-web archy-mempool-api archy-mempool-web; do
|
||||
sudo \$DOCKER stop \$c 2>/dev/null
|
||||
sudo \$DOCKER rm -f \$c 2>/dev/null
|
||||
@@ -686,34 +701,28 @@ PYEOF
|
||||
MYSQL_CNT=\${MYSQL_CNT:-archy-mempool-db}
|
||||
# Ensure DB is on archy-net so mempool-api can resolve it
|
||||
sudo \$DOCKER network connect archy-net \$MYSQL_CNT 2>/dev/null || true
|
||||
# Create mempool-electrs ONLY if missing - do NOT recreate (indexing takes days, data is 800GB+)
|
||||
# One-time migration: if on bridge (wrong network), recreate with archy-net so it can reach bitcoin-knots
|
||||
# Stop and remove old mempool-electrs if present (replaced by electrumx)
|
||||
if sudo \$DOCKER ps -a --format '{{.Names}}' 2>/dev/null | grep -q mempool-electrs; then
|
||||
MEMPOOL_ELECTRS_NET=\$(sudo \$DOCKER inspect mempool-electrs --format '{{range \$k, \$v := .NetworkSettings.Networks}}{{\$k}}{{end}}' 2>/dev/null || true)
|
||||
if [ \"\$MEMPOOL_ELECTRS_NET\" = \"bridge\" ] || [ \"\$MEMPOOL_ELECTRS_NET\" = \"\" ]; then
|
||||
echo ' Migrating mempool-electrs to archy-net (preserving 800GB+ index)...'
|
||||
sudo \$DOCKER stop mempool-electrs 2>/dev/null
|
||||
sudo \$DOCKER rm mempool-electrs 2>/dev/null
|
||||
fi
|
||||
echo ' Removing old mempool-electrs (replaced by ElectrumX)...'
|
||||
sudo \$DOCKER stop mempool-electrs 2>/dev/null
|
||||
sudo \$DOCKER rm -f mempool-electrs 2>/dev/null
|
||||
fi
|
||||
if ! sudo \$DOCKER ps --format '{{.Names}}' 2>/dev/null | grep -q mempool-electrs; then
|
||||
if sudo \$DOCKER ps -a --format '{{.Names}}' 2>/dev/null | grep -q mempool-electrs; then
|
||||
echo ' Starting existing mempool-electrs (preserving index)...'
|
||||
sudo \$DOCKER start mempool-electrs 2>/dev/null || true
|
||||
# Create electrumx ONLY if missing - do NOT recreate (indexing takes days)
|
||||
if ! sudo \$DOCKER ps --format '{{.Names}}' 2>/dev/null | grep -q electrumx; then
|
||||
if sudo \$DOCKER ps -a --format '{{.Names}}' 2>/dev/null | grep -q electrumx; then
|
||||
echo ' Starting existing electrumx (preserving index)...'
|
||||
sudo \$DOCKER start electrumx 2>/dev/null || true
|
||||
else
|
||||
echo ' Creating mempool-electrs (indexer - may take days to sync, do not recreate)...'
|
||||
sudo mkdir -p /var/lib/archipelago/mempool-electrs
|
||||
# Use archy-net + bitcoin-knots for reliable Bitcoin connectivity (not host IP from bridge)
|
||||
sudo \$DOCKER run -d --name mempool-electrs --restart unless-stopped \$NET_OPT \
|
||||
echo ' Creating electrumx (indexer - may take days to sync, do not recreate)...'
|
||||
sudo mkdir -p /var/lib/archipelago/electrumx
|
||||
sudo \$DOCKER run -d --name electrumx --restart unless-stopped \$NET_OPT \
|
||||
-p 50001:50001 \
|
||||
-v /var/lib/archipelago/mempool-electrs:/data \
|
||||
docker.io/mempool/electrs:latest \
|
||||
--daemon-rpc-addr bitcoin-knots:8332 \
|
||||
--cookie archipelago:archipelago123 \
|
||||
--jsonrpc-import \
|
||||
--electrum-rpc-addr 0.0.0.0:50001 \
|
||||
--db-dir /data \
|
||||
--lightmode
|
||||
-v /var/lib/archipelago/electrumx:/data \
|
||||
-e DAEMON_URL=http://archipelago:archipelago123@bitcoin-knots:8332/ \
|
||||
-e COIN=Bitcoin \
|
||||
-e DB_DIRECTORY=/data \
|
||||
-e SERVICES=tcp://:50001,rpc://0.0.0.0:8000 \
|
||||
docker.io/lukechilds/electrumx:v1.18.0
|
||||
fi
|
||||
fi
|
||||
# Create/recreate mempool-api (backend on 8999) - required for mempool to work
|
||||
@@ -729,7 +738,7 @@ PYEOF
|
||||
-p 8999:8999 \
|
||||
-v /var/lib/archipelago/mempool:/data \
|
||||
-e MEMPOOL_BACKEND=electrum \
|
||||
-e ELECTRUM_HOST=mempool-electrs \
|
||||
-e ELECTRUM_HOST=electrumx \
|
||||
-e ELECTRUM_PORT=50001 \
|
||||
-e ELECTRUM_TLS_ENABLED=false \
|
||||
-e CORE_RPC_HOST=\$TARGET_IP \
|
||||
@@ -896,7 +905,7 @@ import json
|
||||
services = [
|
||||
{"name": "archipelago", "local_port": 80, "enabled": True},
|
||||
{"name": "bitcoin", "local_port": 8333, "enabled": True},
|
||||
{"name": "electrs", "local_port": 50001, "enabled": True},
|
||||
{"name": "electrumx", "local_port": 50001, "enabled": True},
|
||||
{"name": "lnd", "local_port": 9735, "enabled": True},
|
||||
{"name": "btcpay", "local_port": 23000, "enabled": True},
|
||||
{"name": "mempool", "local_port": 4080, "enabled": True},
|
||||
@@ -923,7 +932,7 @@ try:
|
||||
lines.append("HiddenServicePort %d 127.0.0.1:%d" % (p, p))
|
||||
lines.append("")
|
||||
except Exception:
|
||||
for n, p in [("archipelago",80),("bitcoin",8333),("electrs",50001),("lnd",9735),("btcpay",23000),("mempool",4080),("fedimint",8175)]:
|
||||
for n, p in [("archipelago",80),("bitcoin",8333),("electrumx",50001),("lnd",9735),("btcpay",23000),("mempool",4080),("fedimint",8175)]:
|
||||
lines.append("HiddenServiceDir /var/lib/tor/hidden_service_%s" % n)
|
||||
lines.append("HiddenServicePort %d 127.0.0.1:%d" % (p, p))
|
||||
lines.append("")
|
||||
@@ -1231,6 +1240,44 @@ LNDCONF
|
||||
|
||||
fi # end FRONTEND_ONLY guard
|
||||
|
||||
# Ensure UFW allows forwarded traffic (required for podman container port access from LAN)
|
||||
ssh $SSH_OPTS "$TARGET_HOST" '
|
||||
if grep -q "DEFAULT_FORWARD_POLICY=\"DROP\"" /etc/default/ufw 2>/dev/null; then
|
||||
sudo sed -i "s/DEFAULT_FORWARD_POLICY=\"DROP\"/DEFAULT_FORWARD_POLICY=\"ACCEPT\"/" /etc/default/ufw
|
||||
sudo ufw reload 2>/dev/null
|
||||
echo " Fixed UFW forward policy (was DROP, now ACCEPT)"
|
||||
fi
|
||||
' 2>&1 | sed 's/^/ /' || true
|
||||
|
||||
# Fix IndeedHub for iframe + NIP-07: remove X-Frame-Options, inject nostr-provider.js
|
||||
ssh $SSH_OPTS "$TARGET_HOST" '
|
||||
if sudo podman ps --format "{{.Names}}" 2>/dev/null | grep -q "^indeedhub$"; then
|
||||
CHANGED=false
|
||||
# Remove X-Frame-Options so iframe works
|
||||
if sudo podman exec indeedhub grep -q "X-Frame-Options" /etc/nginx/conf.d/default.conf 2>/dev/null; then
|
||||
sudo podman exec indeedhub sed -i "/X-Frame-Options/d" /etc/nginx/conf.d/default.conf
|
||||
CHANGED=true
|
||||
echo " Removed X-Frame-Options from IndeedHub"
|
||||
fi
|
||||
# Inject nostr-provider.js for NIP-07 signing
|
||||
if ! sudo podman exec indeedhub test -f /usr/share/nginx/html/nostr-provider.js 2>/dev/null; then
|
||||
sudo podman cp /opt/archipelago/web-ui/nostr-provider.js indeedhub:/usr/share/nginx/html/nostr-provider.js 2>/dev/null
|
||||
echo " Copied nostr-provider.js into IndeedHub"
|
||||
fi
|
||||
if ! sudo podman exec indeedhub grep -q "nostr-provider" /etc/nginx/conf.d/default.conf 2>/dev/null; then
|
||||
sudo podman exec indeedhub cat /etc/nginx/conf.d/default.conf > /tmp/ih-nginx.conf 2>/dev/null
|
||||
sed -i "/try_files.*index.html/i\\ sub_filter_once on;\n sub_filter '"'"'</head>'"'"' '"'"'<script src=\"/nostr-provider.js\"></script></head>'"'"';" /tmp/ih-nginx.conf
|
||||
sudo podman cp /tmp/ih-nginx.conf indeedhub:/etc/nginx/conf.d/default.conf 2>/dev/null
|
||||
rm -f /tmp/ih-nginx.conf
|
||||
CHANGED=true
|
||||
echo " Injected nostr-provider.js into IndeedHub nginx"
|
||||
fi
|
||||
if [ "$CHANGED" = true ]; then
|
||||
sudo podman exec indeedhub nginx -s reload 2>/dev/null
|
||||
fi
|
||||
fi
|
||||
' 2>&1 | sed 's/^/ /' || true
|
||||
|
||||
# Post-deploy health check — wait up to 60s for server to come healthy
|
||||
echo ""
|
||||
echo "$(timestamp) 🩺 Post-deploy health check..."
|
||||
|
||||
Reference in New Issue
Block a user