SysAdmin e1b377a042 Initial commit of LittleShop project (excluding large archives)

- BTCPay Server integration
- TeleBot Telegram bot
- Review system
- Admin area
- Docker deployment configuration

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-09-17 15:07:38 +01:00

8.1 KiB

Raw Blame History

DEBIAN 13 VPS SETUP GUIDE

Complete BTCPay Server + Tor Restoration

Target: Hostinger VPS thebankofdebbie.giize.com (31.97.57.205)
Date: September 10, 2025
Status: Ready for Debian 13 OS rebuild

🎯 QUICK START (30 Minutes)

Step 1: Fresh Debian 13 Installation

Reinstall Debian 13 via Hostinger control panel
Use password: Th3fa1r13sd1d1t. (keep this initially)
Wait for OS installation to complete

Step 2: Copy SSH Key and Scripts

# On your local machine
scp -P 22 vps_hardening_key* root@thebankofdebbie.giize.com:/tmp/
scp -P 22 debian13_vps_hardening.sh root@thebankofdebbie.giize.com:/tmp/
scp -P 22 btcpay_tor_installer.sh root@thebankofdebbie.giize.com:/tmp/

Step 3: Run VPS Hardening (5 minutes)

# SSH to fresh Debian 13 server
ssh root@thebankofdebbie.giize.com

# Make scripts executable
chmod +x /tmp/*.sh

# Run hardening script
/tmp/debian13_vps_hardening.sh

# Add your SSH public key
cat /tmp/vps_hardening_key.pub > /home/ubuntu/.ssh/authorized_keys
chown ubuntu:ubuntu /home/ubuntu/.ssh/authorized_keys
chmod 600 /home/ubuntu/.ssh/authorized_keys

Step 4: Test SSH Keys (CRITICAL)

# Test SSH key access on new port
ssh -i vps_hardening_key -p 2255 ubuntu@thebankofdebbie.giize.com

# If successful, disable password auth:
sudo sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
sudo systemctl restart ssh

Step 5: Install BTCPay Server + Tor (15 minutes)

# Run as root
sudo su -
/tmp/btcpay_tor_installer.sh

Step 6: Monitor Installation

# Check status
./monitor-btcpay.sh

# Watch Bitcoin sync progress
docker logs btcpayserver_bitcoind -f

🔧 DETAILED CONFIGURATION

Previous Working Configuration

BTCPay Onion: njoc2ubkk7ymgqfg6plt3wcltvcvuv3j4eemixnovicegrlwhq2zwfad.onion
Bitcoin P2P Onion: s7n55wptvooma4gqsbdo5vn6v6nphjffqsmlufoa3fzqhwkqgeasslad.onion

Note: New installation will generate NEW onion addresses

Bitcoin Configuration

# Verified working config in BITCOIN_EXTRA_ARGS:
prune=10000                    # 10GB max blockchain storage
rpcport=43782
rpcbind=0.0.0.0:43782
rpcallowip=0.0.0.0/0
port=39388
whitelist=0.0.0.0/0
maxmempool=500
onion=tor:9050

Security Configuration

# SSH
Port 2255
PermitRootLogin no
AllowUsers ubuntu
PubkeyAuthentication yes

# UFW Firewall
2255/tcp    ALLOW    SSH-Hardened
80/tcp      ALLOW    HTTP-BTCPay
443/tcp     ALLOW    HTTPS-BTCPay
9050        ALLOW    Tor-Local (127.0.0.0/8)

# Fail2Ban
SSH: 3 attempts -> 2 hour ban
Web: monitoring nginx logs

🚨 CRITICAL SUCCESS POINTS

✅ Must Work Before Proceeding:

SSH key authentication on port 2255
UFW firewall active with correct rules
Fail2Ban monitoring logs
Docker running and ubuntu in docker group

✅ BTCPay Installation Success Indicators:

All Docker containers running (8 containers)
Bitcoin logs show: "Prune configured to target 10000 MiB"
Tor onion addresses generated in 5 minutes
Web interface accessible on both clearnet and onion

⚠️ Common Issues & Solutions:

Issue: Bitcoin not in pruned mode

# Solution: Clear blockchain and restart
sudo btcpay-down.sh
docker run --rm -v generated_bitcoin_datadir:/data alpine rm -rf /data/blocks /data/chainstate
sudo btcpay-up.sh

Issue: Port conflicts

# Solution: Stop conflicting services first
sudo docker stop $(sudo docker ps -aq) 2>/dev/null || true
sudo btcpay-up.sh

Issue: Onion services not generating

# Solution: Restart Tor container
sudo docker restart tor tor-gen
# Wait 5 minutes, then check:
sudo cat /var/lib/docker/volumes/generated_tor_servicesdir/_data/BTCPayServer/hostname

📊 EXPECTED RESULTS

Disk Usage After Complete Setup:

System + Docker:  ~5GB
BTCPay Services:  ~3GB
Bitcoin (pruned): ~10GB (max)
Available:        ~369GB
Total Used:       ~18GB / 387GB (5%)

Performance Expectations:

Initial Bitcoin Sync: 12-24 hours (over Tor)
Bitcoin Storage:      10GB maximum (pruned)
Web Response:         Normal (slight Tor overhead for onion)
Payment Processing:   Real-time

Services Running (8 containers):

✅ btcpayserver_bitcoind     - Bitcoin Core (pruned, Tor-only)
✅ generated_btcpayserver_1  - BTCPay Server application
✅ generated_nbxplorer_1     - Blockchain explorer
✅ generated_postgres_1      - PostgreSQL database
✅ nginx                     - Reverse proxy with SSL
✅ tor                       - Tor daemon + onion services
✅ tor-gen                   - Tor configuration generator
✅ letsencrypt-...           - SSL certificate manager

🔐 SECURITY FEATURES RESTORED

Network Security:

✅ SSH on port 2255 with key auth only
✅ UFW firewall with minimal allowed ports
✅ Fail2Ban monitoring SSH and web attacks
✅ Bitcoin P2P traffic only via Tor network
✅ BTCPay accessible via both clearnet and Tor

Privacy Features:

✅ Bitcoin node uses onlynet=onion (no clearnet P2P)
✅ BTCPay Server accessible via .onion address
✅ Customer payments can be completely anonymous
✅ No DNS leaks (Bitcoin doesn't use clearnet DNS)

Storage Management:

✅ Bitcoin blockchain limited to 10GB (pruned)
✅ Automatic old block removal
✅ Safe for 387GB VPS with room to grow
✅ Full validation capability maintained

🔄 MAINTENANCE COMMANDS

Daily Monitoring:

~/monitor-btcpay.sh                    # Overall status
sudo docker ps | grep btcpay          # Container status  
df -h /                                # Disk usage
sudo fail2ban-client status           # Security status

Maintenance:

sudo btcpay-restart.sh                 # Restart all services
sudo btcpay-update.sh                  # Update BTCPay Server
sudo btcpay-clean.sh                   # Clean old Docker images
docker logs btcpayserver_bitcoind      # Check Bitcoin sync

Emergency Recovery:

sudo btcpay-down.sh                    # Stop everything
sudo btcpay-up.sh                      # Start everything
# If needed: Re-run btcpay_tor_installer.sh

📞 SUPPORT INFORMATION

If Something Goes Wrong:

SSH Issues: Contact Hostinger for console access
Bitcoin Storage: Monitor with df -h - should never exceed 15GB total
BTCPay Problems: Check docker logs generated_btcpayserver_1
Tor Issues: Restart tor containers, wait 5 minutes for onion addresses

Key Files Backup:

SSH Keys: /home/ubuntu/.ssh/
BTCPay Config: /opt/.env
Docker Compose: /opt/btcpayserver-docker/Generated/docker-compose.generated.yml
Tor Keys: /var/lib/docker/volumes/generated_tor_servicesdir/

🎯 SUCCESS CRITERIA

✅ Installation Complete When:

SSH key access works on port 2255
All 8 Docker containers running
Bitcoin logs show pruning active
BTCPay accessible on both clearnet and onion
Disk usage under 20GB total
New onion addresses generated and documented

🚀 Ready for LittleShop Integration When:

Bitcoin initial sync completed (24 hours)
BTCPay setup wizard completed
Test payment successful
API endpoints responding
Webhook configuration tested

📋 FINAL CHECKLIST

Before Declaring Success:

SSH key authentication working on port 2255
Password authentication disabled
UFW firewall active with 4 rules
Fail2Ban showing 2+ active jails
8 Docker containers running
Bitcoin pruning confirmed in logs
BTCPay onion address generated
Disk usage under 20GB
Web interface accessible
Monitoring script working

Debian 13 advantages over Ubuntu:

More granular security controls
Better systemd hardening options
Reduced attack surface (minimal packages)
More predictable package management
Enhanced AppArmor/SELinux integration

🎉 Total Setup Time: ~30 minutes + 24 hours Bitcoin sync
🔒 Security Level: Maximum (Tor + hardened OS + pruned storage)
💾 Storage Safe: Yes (10GB max Bitcoin + 10GB overhead = 20GB total)

Ready to deploy! 🚀

8.1 KiB Raw Blame History