btcpayserver
How can I set BTCPayServer up behind an existing nginx reverse proxy container?
I have an existing reverse proxy configured for other services on my server. I'd like to add BTCPayServer as well, but it wants to set up its own nginx instance. What configs would I need to change in order to have my existing nginx container point a subdomain to BTCPayServer?
I'm in the same boat.
There is an optional fragment that exposes BTCPay directly and forgoes nginx altogether: https://github.com/btcpayserver/btcpayserver-docker/blob/master/docker-compose-generator/docker-fragments/btcpayserver-noreverseproxy.yml
Do not expose BTCPay Server directly, this is complicated.
The best is having your NGINX which forward requests to the NGINX of BTCPay Server.
Read https://docs.btcpayserver.org/FAQ/FAQ-Deployment/#can-i-use-an-existing-nginx-server-as-a-reverse-proxy-with-ssl-termination
I've been playing with this custom setup and found that a pre existing nginx container can be made to proxy_pass to the btcpayserver container, but that the btcpayserver's nginx container would glom onto port 80. You can prevent btcpay's nginx container from being brought up by setting the relevant env var to "(empty)" instead of "nginx" (which is also the default if it isn't set) and then re-running btcpay-setup.sh.
The problem I'm dealing with now is that the two setups use different Docker networks. This is fixed in one of several ways, but now I'm faced with bringing up containers in two ways, one for each setup (my app's and btcpay's) and am wondering what the ramifications are of losing the btcpay-foo.sh scripts and pushing the BTCPAY_FOO env vars into a .env file directly, which is how the rest of my app works.
Using external nginx server on top of internal btcpay nginx server still gives me this:
BTCPay is expecting you to access this website from https://btcpay.*.com:443/. If you use a reverse proxy, please set the X-Forwarded-Proto header to https
Of course i have proxy_set_header X-Forwarded-Proto $scheme;. Is there any way to get rid of this warning?
The warning is right, you probably forgot something
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
server {
server_name btcpay.<..>.com;
ssl_certificate /etc/nginx/ssl/*.<..>.com.crt.pem;
ssl_certificate_key /etc/nginx/ssl/*.<..>.com.key.pem;
include conf/ssl.conf;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
port_in_redirect off;
proxy_pass http://127.0.0.1:10080;
}
}
It seems to me everything is in order. Any idea what else i could check on?
@rokups since it looks like you've been playing with NGINX quite a lot, is there a way to modify the default.conf in /var/lib/docker/volumes/generated_nginx_conf/_data and prevent BTCPAY from overwritting it each time you start the nginx container?
I would try mounting my custom file at that location as read-only via docker volumes. No idea if that would work or not though.
I would try mounting my custom file at that location as read-only via docker volumes. No idea if that would work or not though.
Good idea @rokups , creative one! I'll try it.
I tried to understand how the different docker related parts worked, the composer creator, etc, but it's not easy to follow ...
There has to be a way to change something in the source configuration files of BTCPayServer so it generates the configuration the way I want .
If no one comes up with a "definitive" way, I'll close the issue, as it's not a software issue really.