SilverLABS/littleshop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6cd8e7255d
littleshop/Hostinger/CONFIG_BACKUP.txt
SysAdmin e1b377a042 Initial commit of LittleShop project (excluding large archives) 
- BTCPay Server integration
- TeleBot Telegram bot
- Review system
- Admin area
- Docker deployment configuration

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-17 15:07:38 +01:00

270 lines
9.9 KiB
Plaintext
Raw Blame History

================================================================================
CURRENT BTCPAY CONFIGURATION BACKUP
================================================================================
Backup Date: September 10, 2025
Source: Ubuntu 24.04 BTCPay Setup (to be replaced with Debian 13)
Status: WORKING - Bitcoin pruning active, Tor fully operational
================================================================================
TOR ONION ADDRESSES
================================================================================
🧅 CURRENT ONION ADDRESSES (will change with new installation):
BTCPay Server: njoc2ubkk7ymgqfg6plt3wcltvcvuv3j4eemixnovicegrlwhq2zwfad.onion
Bitcoin P2P: s7n55wptvooma4gqsbdo5vn6v6nphjffqsmlufoa3fzqhwkqgeasslad.onion
⚠️ NOTE: New Debian 13 installation will generate NEW onion addresses
These addresses will be lost and cannot be recovered.
================================================================================
BTCPAY ENVIRONMENT BACKUP
================================================================================
Working BTCPay Environment Variables (/opt/.env):
BTCPAY_PROTOCOL=https
BTCPAY_HOST=srv1002428.hstgr.cloud
BTCPAY_LIGHTNING_HOST=
BTCPAY_ADDITIONAL_HOSTS=
BTCPAY_ANNOUNCEABLE_HOST=srv1002428.hstgr.cloud
REVERSEPROXY_HTTP_PORT=80
REVERSEPROXY_HTTPS_PORT=443
REVERSEPROXY_DEFAULT_HOST=none
NOREVERSEPROXY_HTTP_PORT=
BTCPAY_IMAGE=
ACME_CA_URI=production
NBITCOIN_NETWORK=mainnet
LETSENCRYPT_EMAIL=
LIGHTNING_ALIAS=
BTCPAY_SSHTRUSTEDFINGERPRINTS=
BTCPAY_SSHKEYFILE=/datadir/host_id_ed25519
BTCPAY_SSHAUTHORIZEDKEYS=/datadir/host_authorized_keys
BTCPAY_HOST_SSHAUTHORIZEDKEYS=/home/ubuntu/.ssh/authorized_keys
LIBREPATRON_HOST=
TALLYCOIN_APIKEY=
TALLYCOIN_PASSWD=
TALLYCOIN_PASSWD_CLEARTEXT=
CLOUDFLARE_TUNNEL_TOKEN=
================================================================================
WORKING BITCOIN CONFIGURATION
================================================================================
CRITICAL: Working Bitcoin Configuration in Docker Compose:
BITCOIN_EXTRA_ARGS: |-
rpcport=43782
rpcbind=0.0.0.0:43782
rpcallowip=0.0.0.0/0
port=39388
whitelist=0.0.0.0/0
maxmempool=500
prune=10000 ⭐ CRITICAL: Pruning enabled (10GB max)
onion=tor:9050 ⭐ CRITICAL: Tor-only networking
rpcauth=btcrpc:a6a5d29a3f44f02e4cd8cabb5b10a234$ab6152915515f6a9cca806d2ab5f0e2794c346ba74f812c61e48241d523778b8
mempoolfullrbf=1
HIDDEN SERVICES:
HIDDENSERVICE_NAME: BTC-P2P,BTC-RPC
BTC-P2P_HIDDENSERVICE_VIRTUAL_PORT: 8333
BTC-P2P_HIDDENSERVICE_PORT: 39388
BTC-RPC_HIDDENSERVICE_VIRTUAL_PORT: 8332
================================================================================
SSH SECURITY BACKUP
================================================================================
Working SSH Configuration:
Port 2255 ⭐ CRITICAL: Custom port
PermitRootLogin no ⭐ CRITICAL: Root disabled
PubkeyAuthentication yes ⭐ CRITICAL: Key auth
PasswordAuthentication yes ⚠️ Enabled for safety (disable after key test)
AuthorizedKeysFile .ssh/authorized_keys
MaxAuthTries 3
LoginGraceTime 30
MaxStartups 3
ChallengeResponseAuthentication no
UsePAM yes
Protocol 2
Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr
MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com
X11Forwarding no
AllowTcpForwarding no
AllowAgentForwarding no
PermitTunnel no
AllowUsers ubuntu ⭐ CRITICAL: Only ubuntu user
Banner /etc/ssh/ssh-banner
SSH Public Key (for ubuntu user):
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDoUnUn5wsJyelx5NAzP1lrcTBKAV93m8R1hlR0ZU07Z vps-hardening-20250910
================================================================================
FIREWALL CONFIGURATION
================================================================================
Working UFW Rules:
Status: active
To Action From
-- ------ ----
2255/tcp ALLOW Anywhere # SSH-Hardened
80/tcp ALLOW Anywhere # HTTP-BTCPay
443/tcp ALLOW Anywhere # HTTPS-BTCPay
3000/tcp DENY Anywhere # Block-Dokploy-External
9050/tcp ALLOW 127.0.0.0/8 # Tor-Local
================================================================================
FAIL2BAN CONFIGURATION
================================================================================
Working Jail Configuration (/etc/fail2ban/jail.local):
[DEFAULT]
bantime = 3600
findtime = 600
maxretry = 3
loglevel = INFO
[sshd]
enabled = true
port = 2255 ⭐ CRITICAL: Custom SSH port
filter = sshd
backend = systemd
bantime = 7200
maxretry = 3
[nginx-http-auth]
enabled = true
port = 80,443
filter = nginx-http-auth
logpath = /var/log/nginx/error.log
[nginx-noscript]
enabled = true
port = 80,443
filter = nginx-noscript
logpath = /var/log/nginx/access.log
[nginx-badbots]
enabled = true
port = 80,443
filter = nginx-badbots
logpath = /var/log/nginx/access.log
maxretry = 2
================================================================================
DOCKER SERVICES STATUS
================================================================================
Working Docker Containers (8 total):
✅ btcpayserver_bitcoind - Bitcoin Core (pruned + Tor)
✅ generated_btcpayserver_1 - BTCPay Server application
✅ generated_nbxplorer_1 - Blockchain explorer
✅ generated_postgres_1 - PostgreSQL database
✅ nginx - Reverse proxy + SSL
✅ tor - Tor daemon
✅ tor-gen - Tor config generator
✅ letsencrypt-nginx-proxy-companion - SSL certificate manager
All containers: UP and running
Bitcoin status: PRUNED mode confirmed in logs
Tor status: Hidden services active
================================================================================
DISK USAGE STATUS
================================================================================
Working Storage Allocation:
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 387G 11G 377G 3% /
Breakdown:
- System + Docker: ~5GB
- BTCPay Services: ~3GB
- Bitcoin (pruned): ~3GB (will grow to max 10GB)
- Available: 377GB
⭐ CRITICAL SUCCESS: Bitcoin pruning working - logs show:
"Config file arg: [main] prune="10000""
"Prune configured to target 10000 MiB on disk for block and undo files."
================================================================================
MONITORING COMMANDS
================================================================================
Working Commands for New Installation:
# Status monitoring
~/monitor-btcpay.sh # Overall status
docker ps | grep btcpay # Container status
df -h / # Disk usage
sudo fail2ban-client status # Security status
# Bitcoin specific
docker exec btcpayserver_bitcoind bitcoin-cli getblockchaininfo
docker logs btcpayserver_bitcoind | grep prune
# Tor addresses
sudo cat /var/lib/docker/volumes/generated_tor_servicesdir/_data/BTCPayServer/hostname
sudo cat /var/lib/docker/volumes/generated_tor_servicesdir/_data/BTC-P2P/hostname
# Maintenance
sudo btcpay-restart.sh # Restart services
sudo btcpay-update.sh # Update BTCPay
sudo btcpay-clean.sh # Clean Docker images
================================================================================
CRITICAL LESSONS
================================================================================
⭐ CRITICAL ISSUES RESOLVED:
1. BITCOIN PRUNING CONFIGURATION:
- Must add "prune=10000" to Docker Compose BITCOIN_EXTRA_ARGS
- BTCPay generator overwrites manual bitcoin.conf changes
- Required clearing blockchain data to activate pruning from scratch
- Logs must show: "Prune configured to target 10000 MiB"
2. TOR CONFIGURATION:
- opt-add-tor fragment works correctly
- Hidden services generate automatically within 5 minutes
- onion=tor:9050 in BITCOIN_EXTRA_ARGS enables Tor-only networking
3. SSH SECURITY:
- Port 2255 avoids common attacks on port 22
- Must disable systemd ssh.socket to use custom port
- Keep password auth enabled until SSH keys tested
- AllowUsers ubuntu prevents root access
4. FIREWALL SETUP:
- UFW must allow new SSH port before restarting SSH
- Tor port 9050 needs local access for Bitcoin
- Block unnecessary services (like Dokploy port 3000)
5. STORAGE MANAGEMENT:
- 387GB VPS is perfect with pruning (10GB Bitcoin max)
- Monitor disk usage during initial sync
- Clear blockchain data if pruning not working
================================================================================
BACKUP VERIFICATION
================================================================================
✅ Configuration backed up and verified working
✅ Automation scripts created and tested
✅ SSH keys preserved for new installation
✅ All critical settings documented
✅ Troubleshooting knowledge captured
✅ Ready for Debian 13 OS reinstallation
ESTIMATED RESTORATION TIME: 30 minutes + 24 hours Bitcoin sync
================================================================================
END OF BACKUP
================================================================================
Reference in New Issue View Git Blame Copy Permalink