littleshop/DEPLOY_BTCPAY_SERVER.md

# BTCPay Server Deployment Instructions

## Infrastructure Status
- **Target Server**: portainer-01 (10.0.0.51)
- **Domain**: https://pay.silverlabs.uk
- **HAProxy Router**: VyOS (10.0.0.1)

## Prerequisites
1. Access to portainer-01 server (10.0.0.51) with sysadmin/Phenom12# credentials
2. Access to VyOS router (10.0.0.1) for HAProxy configuration
3. Docker and Docker Compose installed on portainer-01

## Step 1: Deploy BTCPay Server to Portainer

### Option A: Via Portainer Web UI
1. Access Portainer at https://10.0.0.51:9443
2. Login with admin credentials (may need to reset if infrastructure was reset)
3. Navigate to "Stacks" → "Add Stack"
4. Name: `btcpay-server`
5. Copy the contents of `btcpay-server-compose.yml` into the web editor
6. Upload the environment file `btcpay.env` or add environment variables manually
7. Deploy the stack

### Option B: Via SSH/Command Line (if SSH access is available)
```bash
# Copy deployment files to server
scp btcpay-server-compose.yml sysadmin@10.0.0.51:/tmp/
scp btcpay.env sysadmin@10.0.0.51:/tmp/

# SSH to server
ssh sysadmin@10.0.0.51

# Create deployment directory
sudo mkdir -p /opt/btcpay
sudo cp /tmp/btcpay-server-compose.yml /opt/btcpay/docker-compose.yml
sudo cp /tmp/btcpay.env /opt/btcpay/.env

# Deploy BTCPay Server
cd /opt/btcpay
sudo docker-compose up -d
```

### Option C: Via Docker API (if accessible)
```bash
# Copy files and use docker-compose remotely
export DOCKER_HOST=tcp://10.0.0.51:2376
docker-compose -f btcpay-server-compose.yml --env-file btcpay.env up -d
```

## Step 2: Configure HAProxy on VyOS Router

SSH to VyOS router (10.0.0.1) and configure routing:

```bash
ssh sysadmin@10.0.0.1

# Enter configuration mode
configure

# Configure backend for BTCPay Server
set load-balancing reverse-proxy service btcpay-backend backend btcpay-server address 10.0.0.51
set load-balancing reverse-proxy service btcpay-backend backend btcpay-server port 49392
set load-balancing reverse-proxy service btcpay-backend backend btcpay-server check

# Configure frontend rule for pay.silverlabs.uk
set load-balancing reverse-proxy service btcpay-frontend bind 0.0.0.0 port 443
set load-balancing reverse-proxy service btcpay-frontend rule pay-silverlabs domain-name pay.silverlabs.uk
set load-balancing reverse-proxy service btcpay-frontend rule pay-silverlabs set backend btcpay-backend
set load-balancing reverse-proxy service btcpay-frontend ssl certificate selfsigned

# Also configure HTTP redirect to HTTPS
set load-balancing reverse-proxy service btcpay-frontend-http bind 0.0.0.0 port 80
set load-balancing reverse-proxy service btcpay-frontend-http rule pay-silverlabs-redirect domain-name pay.silverlabs.uk
set load-balancing reverse-proxy service btcpay-frontend-http rule pay-silverlabs-redirect redirect location https://pay.silverlabs.uk

# Commit and save
commit
save
```

## Step 3: Verify Deployment

1. **Check container status**:
   ```bash
   ssh sysadmin@10.0.0.51
   sudo docker ps | grep btcpay
   ```

2. **Check logs**:
   ```bash
   sudo docker logs btcpayserver
   sudo docker logs btcpay-postgres
   sudo docker logs btcpay-nbxplorer
   ```

3. **Test local access**:
   ```bash
   curl -k http://10.0.0.51:49392/api/v1/health
   ```

4. **Test domain access**:
   ```bash
   curl -k https://pay.silverlabs.uk/api/v1/health
   ```

## Step 4: Complete BTCPay Server Setup

1. Access https://pay.silverlabs.uk
2. Create admin account (suggest using jamie@silverlabs.uk as before)
3. Complete initial setup wizard:
   - Set up Bitcoin wallet (hot wallet for development)
   - Configure store settings
   - Generate API keys for LittleShop integration
4. Configure webhooks pointing to LittleShop instance

## Step 5: Update LittleShop Configuration

Update LittleShop's `appsettings.json`:
```json
{
  "BTCPayServer": {
    "BaseUrl": "https://pay.silverlabs.uk",
    "ApiKey": "GENERATED_API_KEY_FROM_BTCPAY",
    "StoreId": "STORE_ID_FROM_BTCPAY",
    "WebhookSecret": "WEBHOOK_SECRET_FROM_BTCPAY"
  }
}
```

## Troubleshooting

### If Portainer access is needed:
- Reset Portainer admin password via Docker: 
  ```bash
  sudo docker exec -it portainer /portainer --admin-password='$2y$10$HASH_OF_NEW_PASSWORD'
  ```

### If deployment fails:
- Check Docker logs: `sudo docker logs btcpayserver`
- Verify network connectivity between containers
- Check if ports are already in use: `sudo netstat -tulpn | grep 49392`

### If domain routing doesn't work:
- Verify HAProxy configuration: `show configuration` in VyOS
- Check if SSL certificate is valid
- Test direct IP access first: http://10.0.0.51:49392

## Security Considerations

- Change all default passwords in btcpay.env
- Use proper SSL certificates (Let's Encrypt recommended)
- Ensure Bitcoin node is properly secured
- Monitor logs for any suspicious activity
- Regular backups of BTCPay data and Bitcoin blockchain data

## Post-Deployment

After successful deployment:
1. Test payment flow end-to-end
2. Configure additional cryptocurrencies if needed
3. Set up monitoring and alerting
4. Schedule regular backups
5. Update DNS records if necessary

## Container Services Overview

| Service | Port | Purpose |
|---------|------|---------|
| btcpayserver | 49392 | Main BTCPay Server application |
| postgres | 5432 | Database for BTCPay data |
| nbxplorer | 32838 | Bitcoin blockchain explorer |
| bitcoind | 8332/8333 | Bitcoin node (RPC/P2P) |
| tor | 9050 | Tor proxy for privacy |

All services are connected via Docker network `btcpaynetwork`.