docker-monero-node/cloud-init.sh

#!/bin/bash

sleep 30

# Install packages
apt-get update
apt-get upgrade -y
apt-get install software-properties-common sudo git make -y
apt-get install certbot nginx python3 python3-virtualenv -y
apt-get install docker.io docker-compose -y

# Setup certs and Nginx
mkdir -p /etc/nginx/conf.d
mkdir -p /etc/ssl/certs
rm -f /etc/nginx/sites-enabled/default
openssl dhparam -out /etc/ssl/certs/dhparam.pem -2 2048
cat << EOF > /etc/nginx/conf.d/ssl.conf
## SSL Certs are referenced in the actual Nginx config per-vhost
# Disable insecure SSL v2. Also disable SSLv3, as TLS 1.0 suffers a downgrade attack, allowing an attacker to force a connection to use SSLv3 and therefore disable forward secrecy.
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# Strong ciphers for PFS
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
# Use server's preferred cipher, not the client's
# ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
# Use ephemeral 4096 bit DH key for PFS
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Use OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1 valid=300s;
resolver_timeout 5s;
EOF
cat << EOF > /etc/nginx/sites-enabled/${DOMAIN}.conf
# Redirect inbound http to https
server {
    listen 80 default_server;
    server_name ${DOMAIN};
    index index.php index.html;
    return 301 https://${DOMAIN}$request_uri;
}

# Load SSL configs and serve SSL site
server {
    listen 443 ssl;
    server_name ${DOMAIN};
    error_log /var/log/nginx/${DOMAIN}-error.log warn;
    access_log /var/log/nginx/${DOMAIN}-access.log;
    client_body_in_file_only clean;
    client_body_buffer_size 32K;
    # set max upload size
    client_max_body_size 8M;
    sendfile on;
    send_timeout 600s;

    location / {
        proxy_pass http://127.0.0.1:3000;
        proxy_set_header Host \$host;
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header X-Frame-Options "SAMEORIGIN";
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto \$scheme;
        proxy_redirect off;
    }

    include conf.d/ssl.conf;
    ssl_certificate /etc/letsencrypt/live/${DOMAIN}/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/${DOMAIN}/privkey.pem;
}
EOF
service nginx stop
certbot certonly --standalone -d ${DOMAIN} --agree-tos -m ${ACME_EMAIL} -n
service nginx start

# Setup app users
useradd -m -s $(which false) monero
usermod -aG docker monero

# Setup Monero node
umount /dev/sda
mkdir -p /opt/monero
mount /dev/sda /opt/monero
rm -rf /opt/monero/*
git clone https://github.com/lalanza808/docker-monero-node /opt/monero
cat << EOF > /opt/monero/.env
DATA_DIR=/opt/monero/data
GRAFANA_URL=https://${DOMAIN}
P2P_PORT=18080
RESTRICTED_PORT=18081
ZMQ_PORT=18082
UNRESTRICTED_PORT=18083
EOF
chown -R monero:monero /opt/monero

# Run Monero node as monero user
sudo -u monero bash -c "cd /opt/monero && docker-compose up -d"
Setup cloud-init script for DO droplets (#1) * adding init script and example/soon to be used configs * uncomment and get ready for launch * update monero node setup cmds * include deletion of base data * remove auth from grafana altogether * remove unused var * remove hsts reqs * remove unused confs 4 years ago			`#!/bin/bash`

			`sleep 30`

			`# Install packages`
			`apt-get update`
			`apt-get upgrade -y`
include make package in droplet setup 4 years ago			`apt-get install software-properties-common sudo git make -y`
Setup cloud-init script for DO droplets (#1) * adding init script and example/soon to be used configs * uncomment and get ready for launch * update monero node setup cmds * include deletion of base data * remove auth from grafana altogether * remove unused var * remove hsts reqs * remove unused confs 4 years ago			`apt-get install certbot nginx python3 python3-virtualenv -y`
			`apt-get install docker.io docker-compose -y`

			`# Setup certs and Nginx`
			`mkdir -p /etc/nginx/conf.d`
			`mkdir -p /etc/ssl/certs`
			`rm -f /etc/nginx/sites-enabled/default`
			`openssl dhparam -out /etc/ssl/certs/dhparam.pem -2 2048`
			`cat << EOF > /etc/nginx/conf.d/ssl.conf`
			`## SSL Certs are referenced in the actual Nginx config per-vhost`
			`# Disable insecure SSL v2. Also disable SSLv3, as TLS 1.0 suffers a downgrade attack, allowing an attacker to force a connection to use SSLv3 and therefore disable forward secrecy.`
			`# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;`
			`# Strong ciphers for PFS`
			`ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';`
			`# Use server's preferred cipher, not the client's`
			`# ssl_prefer_server_ciphers on;`
			`ssl_session_cache shared:SSL:10m;`
			`# Use ephemeral 4096 bit DH key for PFS`
			`ssl_dhparam /etc/ssl/certs/dhparam.pem;`
			`# Use OCSP stapling`
			`ssl_stapling on;`
			`ssl_stapling_verify on;`
			`resolver 1.1.1.1 valid=300s;`
			`resolver_timeout 5s;`
			`EOF`
			`cat << EOF > /etc/nginx/sites-enabled/${DOMAIN}.conf`
			`# Redirect inbound http to https`
			`server {`
			`listen 80 default_server;`
			`server_name ${DOMAIN};`
			`index index.php index.html;`
			`return 301 https://${DOMAIN}$request_uri;`
			`}`

			`# Load SSL configs and serve SSL site`
			`server {`
			`listen 443 ssl;`
			`server_name ${DOMAIN};`
			`error_log /var/log/nginx/${DOMAIN}-error.log warn;`
			`access_log /var/log/nginx/${DOMAIN}-access.log;`
			`client_body_in_file_only clean;`
			`client_body_buffer_size 32K;`
			`# set max upload size`
			`client_max_body_size 8M;`
			`sendfile on;`
			`send_timeout 600s;`

			`location / {`
			`proxy_pass http://127.0.0.1:3000;`
			`proxy_set_header Host \$host;`
			`proxy_set_header X-Real-IP \$remote_addr;`
			`proxy_set_header X-Frame-Options "SAMEORIGIN";`
			`proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Proto \$scheme;`
			`proxy_redirect off;`
			`}`

			`include conf.d/ssl.conf;`
			`ssl_certificate /etc/letsencrypt/live/${DOMAIN}/fullchain.pem;`
			`ssl_certificate_key /etc/letsencrypt/live/${DOMAIN}/privkey.pem;`
			`}`
			`EOF`
			`service nginx stop`
			`certbot certonly --standalone -d ${DOMAIN} --agree-tos -m ${ACME_EMAIL} -n`
			`service nginx start`

			`# Setup app users`
			`useradd -m -s $(which false) monero`
			`usermod -aG docker monero`

			`# Setup Monero node`
			`umount /dev/sda`
			`mkdir -p /opt/monero`
			`mount /dev/sda /opt/monero`
			`rm -rf /opt/monero/*`
			`git clone https://github.com/lalanza808/docker-monero-node /opt/monero`
			`cat << EOF > /opt/monero/.env`
			`DATA_DIR=/opt/monero/data`
			`GRAFANA_URL=https://${DOMAIN}`
			`P2P_PORT=18080`
			`RESTRICTED_PORT=18081`
			`ZMQ_PORT=18082`
			`UNRESTRICTED_PORT=18083`
			`EOF`
			`chown -R monero:monero /opt/monero`

			`# Run Monero node as monero user`
			`sudo -u monero bash -c "cd /opt/monero && docker-compose up -d"`