From bb01f95812a110835476cc354c510c66a52970aa Mon Sep 17 00:00:00 2001
From: Marcin Jachymiak <marcin.jachymiak1@gmail.com>
Date: Wed, 29 Jan 2020 16:41:20 -0500
Subject: [PATCH]  Add firewall/nginx setup

---
 setup.sh          | 22 +++++++++++++++++++++-
 skynet-nginx.conf | 31 +++++++++++++++++++++++++++++++
 2 files changed, 52 insertions(+), 1 deletion(-)
 create mode 100644 skynet-nginx.conf

diff --git a/setup.sh b/setup.sh
index d0f65031..05aae8f8 100755
--- a/setup.sh
+++ b/setup.sh
@@ -15,7 +15,8 @@ echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/source
 
 # Apt installations.
 sudo apt-get update
-sudo apt-get -y install tmux htop nload nginx nodejs gcc g++ make yarn git
+sudo apt-get -y install ufw tmux ranger htop nload nginx certbot \
+  python-certbot-nginx nodejs gcc g++ make yarn git
 
 # Install pm2
 sudo npm i -g pm2
@@ -36,3 +37,22 @@ go version
 # Install Sia
 git clone https://gitlab.com/NebulousLabs/Sia
 cd Sia && git checkout viewnode && make
+
+# Setup nginx config
+sudo cp ./skynet-nginx.conf /etc/nginx/sites-available/skynet
+sudo nginx -t
+sudo systemctl reload nginx
+
+# Setup firewall
+sudo ufw enable
+sudo ufw allow 'Nginx Full'
+sudo ufw delete allow 'Nginx HTTP'
+
+sudo certbot --nginx -d siasky.net -d www.siasky.net
+sudo certbot renew --dry-run
+sudo ln -s /etc/nginx/sites-available/skynet /etc/nginx/sites-enabled/skynet
+
+
+git clone https://gitlab.com/NebulousLabs/siawebviewer
+git checkout logging
+yarn
diff --git a/skynet-nginx.conf b/skynet-nginx.conf
new file mode 100644
index 00000000..ef0dc34c
--- /dev/null
+++ b/skynet-nginx.conf
@@ -0,0 +1,31 @@
+server {
+        listen 443 ssl;
+        listen [::]:443 ssl;
+
+        server_name siasky.net www.siasky.net;
+
+        location / {
+                proxy_pass http://localhost:3000;
+                proxy_http_version 1.1;
+                proxy_set_header Upgrade $http_upgrade;
+                proxy_set_header Connection 'upgrade';
+                proxy_set_header Host $host;
+                proxy_cache_bypass $http_upgrade;
+        }
+}
+
+server {
+        listen 80 default_server;
+        listen [::]:80 default_server ipv6only=on;
+
+        server_name siasky.net www.siasky.net;
+
+        location / {
+                proxy_pass http://localhost:3000;
+                proxy_http_version 1.1;
+                proxy_set_header Upgrade $http_upgrade;
+                proxy_set_header Connection 'upgrade';
+                proxy_set_header Host $host;
+                proxy_cache_bypass $http_upgrade;
+        }
+}