# BTCPay Server with Nginx Proxy Manager - Final Configuration **Date**: September 16, 2025 ## ✅ Successfully Migrated from BTCPay nginx to NPM ### Current Architecture ``` Internet → NPM (80/443) → BTCPay (49392) ↓ SSL Termination ``` ## Server Access - **SSH**: `ssh -p 2255 -i vps_hardening_key sysadmin@thebankofdebbie.giize.com` - **Password**: Phenom12#. (note the period) - **Sudo**: Same password ## Service URLs - **BTCPay Direct**: http://thebankofdebbie.giize.com:8080 - **NPM Admin**: http://thebankofdebbie.giize.com:81 - **BTCPay via NPM**: https://thebankofdebbie.giize.com (after proxy configuration) ## NPM Configuration Required ### 1. Access NPM Admin Panel - URL: http://thebankofdebbie.giize.com:81 - Default Login: admin@example.com / changeme - **CHANGE PASSWORD IMMEDIATELY** ### 2. Create Proxy Host Navigate to Proxy Hosts → Add Proxy Host **Details Tab:** - Domain Names: thebankofdebbie.giize.com - Scheme: http - Forward IP: 172.20.0.4 - Forward Port: 49392 - Cache Assets: OFF - Block Common Exploits: ON - Websockets Support: ON ✅ (Critical for BTCPay) **SSL Tab:** - SSL Certificate: Request Let's Encrypt - Force SSL: ON - HTTP/2 Support: ON - HSTS Enabled: ON - Email: admin@thebankofdebbie.giize.com **Advanced Tab (if needed):** ```nginx proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 100M; ``` ## Docker Container Status ```bash # Check all services sudo docker ps # Current containers: - nginx-proxy-manager (ports 80,443,81) - generated_btcpayserver_1 (port 8080→49392) - generated_nbxplorer_1 (blockchain explorer) - generated_postgres_1 (database) - tor (privacy network) - portainer (management) ``` ## BTCPay Environment Configuration ```bash # /opt/.env BTCPAY_HOST=thebankofdebbie.giize.com BTCPAY_CRYPTOS=btc NBITCOIN_NETWORK=mainnet BTCPAYGEN_CRYPTO1=btc BTCPAYGEN_REVERSEPROXY=none # Changed from nginx BTCPAY_PROTOCOL=http # NPM handles SSL NOREVERSEPROXY_HTTP_PORT=8080 # Avoid conflict with NPM ``` ## Network Configuration - NPM connected to btcpayserver-docker_default network - BTCPay IP: 172.20.0.4 - All containers can communicate internally ## Backup Locations - Configuration backup: `~/btcpay-backup-20250916/` - Original .env: `/opt/.env.backup` - Docker compose files: `~/btcpay-backup-20250916/` ## Troubleshooting Commands ### Check BTCPay Logs ```bash sudo docker logs generated_btcpayserver_1 --tail 50 ``` ### Check NPM Logs ```bash sudo docker logs nginx-proxy-manager --tail 50 ``` ### Restart Services ```bash # BTCPay cd /opt/btcpayserver-docker sudo docker-compose restart # NPM sudo docker restart nginx-proxy-manager ``` ### Test Connectivity ```bash # From server curl -I http://172.20.0.4:49392 curl -I http://localhost:8080 # From outside curl -I https://thebankofdebbie.giize.com ``` ## Monero Integration (TODO) - Monero plugin needs to be installed in BTCPay - Wallet already created: 49TnBo2VHbncxvrMFbX5uMS9mtAGkiG1L4N6i7MMz4MhA9AXfyRqBdmf1XrFtGXq2v2G72TNtiVFo2kot5SHnBBz3gwoMj9 - RPC Password: password ## Benefits of NPM over BTCPay nginx ✅ Web-based management interface ✅ Easy SSL certificate management ✅ Multiple domain support ✅ Better logging and monitoring ✅ Access lists and IP filtering ✅ Custom error pages ✅ Stream (TCP/UDP) proxy support ## Next Steps 1. Login to NPM admin panel 2. Change default admin password 3. Create proxy host for thebankofdebbie.giize.com 4. Test BTCPay access through HTTPS 5. Install Monero plugin in BTCPay 6. Configure additional security in NPM (access lists, etc.) ## Security Notes ⚠️ Change NPM admin password immediately ⚠️ Consider IP whitelisting for admin panels ⚠️ Regular backup of NPM configuration ⚠️ Monitor logs for suspicious activity ## Recovery If issues arise: 1. Backup available at ~/btcpay-backup-20250916/ 2. Can restore original nginx setup: ```bash sudo cp /opt/.env.backup /opt/.env cd /opt/btcpayserver-docker . /opt/.env && ./btcpay-setup.sh -i ```