littleshop/DEPLOY_BTCPAY_SERVER.md

BTCPay Server Deployment Instructions

Infrastructure Status

• Target Server: portainer-01 (10.0.0.51)
• Domain: https://pay.silverlabs.uk
• HAProxy Router: VyOS (10.0.0.1)

Prerequisites

1. Access to portainer-01 server (10.0.0.51) with sysadmin/Phenom12# credentials
2. Access to VyOS router (10.0.0.1) for HAProxy configuration
3. Docker and Docker Compose installed on portainer-01

Step 1: Deploy BTCPay Server to Portainer

Option A: Via Portainer Web UI

1. Access Portainer at https://10.0.0.51:9443
2. Login with admin credentials (may need to reset if infrastructure was reset)
3. Navigate to "Stacks" → "Add Stack"
4. Name: btcpay-server
5. Copy the contents of btcpay-server-compose.yml into the web editor
6. Upload the environment file btcpay.env or add environment variables manually
7. Deploy the stack

Option B: Via SSH/Command Line (if SSH access is available)

# Copy deployment files to server
scp btcpay-server-compose.yml sysadmin@10.0.0.51:/tmp/
scp btcpay.env sysadmin@10.0.0.51:/tmp/

# SSH to server
ssh sysadmin@10.0.0.51

# Create deployment directory
sudo mkdir -p /opt/btcpay
sudo cp /tmp/btcpay-server-compose.yml /opt/btcpay/docker-compose.yml
sudo cp /tmp/btcpay.env /opt/btcpay/.env

# Deploy BTCPay Server
cd /opt/btcpay
sudo docker-compose up -d

Option C: Via Docker API (if accessible)

# Copy files and use docker-compose remotely
export DOCKER_HOST=tcp://10.0.0.51:2376
docker-compose -f btcpay-server-compose.yml --env-file btcpay.env up -d

Step 2: Configure HAProxy on VyOS Router

SSH to VyOS router (10.0.0.1) and configure routing:

ssh sysadmin@10.0.0.1

# Enter configuration mode
configure

# Configure backend for BTCPay Server
set load-balancing reverse-proxy service btcpay-backend backend btcpay-server address 10.0.0.51
set load-balancing reverse-proxy service btcpay-backend backend btcpay-server port 49392
set load-balancing reverse-proxy service btcpay-backend backend btcpay-server check

# Configure frontend rule for pay.silverlabs.uk
set load-balancing reverse-proxy service btcpay-frontend bind 0.0.0.0 port 443
set load-balancing reverse-proxy service btcpay-frontend rule pay-silverlabs domain-name pay.silverlabs.uk
set load-balancing reverse-proxy service btcpay-frontend rule pay-silverlabs set backend btcpay-backend
set load-balancing reverse-proxy service btcpay-frontend ssl certificate selfsigned

# Also configure HTTP redirect to HTTPS
set load-balancing reverse-proxy service btcpay-frontend-http bind 0.0.0.0 port 80
set load-balancing reverse-proxy service btcpay-frontend-http rule pay-silverlabs-redirect domain-name pay.silverlabs.uk
set load-balancing reverse-proxy service btcpay-frontend-http rule pay-silverlabs-redirect redirect location https://pay.silverlabs.uk

# Commit and save
commit
save

Step 3: Verify Deployment

1. Check container status:

   ssh sysadmin@10.0.0.51
   sudo docker ps | grep btcpay
   

2. Check logs:

   sudo docker logs btcpayserver
   sudo docker logs btcpay-postgres
   sudo docker logs btcpay-nbxplorer
   

3. Test local access:

   curl -k http://10.0.0.51:49392/api/v1/health
   

4. Test domain access:

   curl -k https://pay.silverlabs.uk/api/v1/health
   

Step 4: Complete BTCPay Server Setup

1. Access https://pay.silverlabs.uk
2. Create admin account (suggest using jamie@silverlabs.uk as before)
3. Complete initial setup wizard:
   • Set up Bitcoin wallet (hot wallet for development)
   • Configure store settings
   • Generate API keys for LittleShop integration
4. Configure webhooks pointing to LittleShop instance

Step 5: Update LittleShop Configuration

Update LittleShop's appsettings.json:

{
  "BTCPayServer": {
    "BaseUrl": "https://pay.silverlabs.uk",
    "ApiKey": "GENERATED_API_KEY_FROM_BTCPAY",
    "StoreId": "STORE_ID_FROM_BTCPAY",
    "WebhookSecret": "WEBHOOK_SECRET_FROM_BTCPAY"
  }
}

Troubleshooting

If Portainer access is needed:

• Reset Portainer admin password via Docker:

  sudo docker exec -it portainer /portainer --admin-password='$2y$10$HASH_OF_NEW_PASSWORD'
  

If deployment fails:

• Check Docker logs: sudo docker logs btcpayserver
• Verify network connectivity between containers
• Check if ports are already in use: sudo netstat -tulpn | grep 49392

If domain routing doesn't work:

• Verify HAProxy configuration: show configuration in VyOS
• Check if SSL certificate is valid
• Test direct IP access first: http://10.0.0.51:49392

Security Considerations

• Change all default passwords in btcpay.env
• Use proper SSL certificates (Let's Encrypt recommended)
• Ensure Bitcoin node is properly secured
• Monitor logs for any suspicious activity
• Regular backups of BTCPay data and Bitcoin blockchain data

Post-Deployment

After successful deployment:

1. Test payment flow end-to-end
2. Configure additional cryptocurrencies if needed
3. Set up monitoring and alerting
4. Schedule regular backups
5. Update DNS records if necessary

Container Services Overview

Service	Port	Purpose
btcpayserver	49392	Main BTCPay Server application
postgres	5432	Database for BTCPay data
nbxplorer	32838	Bitcoin blockchain explorer
bitcoind	8332/8333	Bitcoin node (RPC/P2P)
tor	9050	Tor proxy for privacy

All services are connected via Docker network btcpaynetwork.