search

btcpayserver / btcpayserver-docker

Docker resources for hosting BTCPayServer easily
MIT License
578 stars 355 forks source link

BTCPAY_ADDITIONAL_HOSTS redirects to main host #887

Closed thundervm closed 6 months ago

thundervm commented 6 months ago

Hi,

I've been using BTCPay for several months with a single domain. However, now i need to add a second domain, and i've encountered some issues.

My current BTCPay configuration: #!/bin/bash export COMPOSE_HTTP_TIMEOUT="180" export BTCPAYGEN_OLD_PREGEN="false" export BTCPAYGEN_CRYPTO1="btc" export BTCPAYGEN_CRYPTO2="xmr" export BTCPAYGEN_CRYPTO3="ltc" export BTCPAYGEN_LIGHTNING="none" export BTCPAYGEN_REVERSEPROXY="nginx" export BTCPAYGEN_ADDITIONAL_FRAGMENTS="opt-save-storage-xs;opt-add-cloudflared" export BTCPAYGEN_EXCLUDE_FRAGMENTS="" export BTCPAY_DOCKER_COMPOSE="/root/BTCPayServer/btcpayserver-docker/Generated/docker-compose.generated.yml" export BTCPAY_BASE_DIRECTORY="/root/BTCPayServer" export BTCPAY_ENV_FILE="/root/BTCPayServer/.env" export BTCPAY_HOST_SSHKEYFILE="" export BTCPAY_ENABLE_SSH=true export PIHOLE_SERVERIP="" export BTCPAY_ADDITIONAL_HOSTS="subdomain.newdomain.com" if cat "$BTCPAY_ENV_FILE" &> /dev/null; then while IFS= read -r line; do ! [[ "$line" == "#"* ]] && [[ "$line" == *"="* ]] && export "$line" done < "$BTCPAY_ENV_FILE" fi

As you can see, i'm using Cloudflare tunnels. However, i don't think the issue is related to that. I've correctly set the host header on the tunnel configuration.

When using the subdomain.newdomain.com to connect, i get a 503 error. Looking at the Nginx configuration on the container, i can see the subdomain is missing. I've tried deleting the Nginx container and running btcpay-update, but it didn't fix the issue.

Below is the Nginx config (removed the irrelevant part): `# Mitigate httpoxy attack (see README for details) proxy_set_header Proxy ""; server { servername ; # This is just an invalid value which will never trigger on a real hostname. listen 80; access_log /var/log/nginx/access.log vhost; return 503; } server { servername ; # This is just an invalid value which will never trigger on a real hostname. listen 443 ssl; http2 on; access_log /var/log/nginx/access.log vhost; return 503; ssl_session_tickets off; ssl_certificate /etc/nginx/certs/default.crt; ssl_certificate_key /etc/nginx/certs/default.key; } upstream btcpay {

Can be connected with "generated_default" network

    # generated_btcpayserver_1
    server 172.18.0.8:49392;

} server { client_max_body_size 100M; server_name censured.onion; listen 80 ; proxy_set_header X-Forwarded-Host $http_host; proxy_set_header Host $http_host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $proxy_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto; proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl; proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port; access_log /var/log/nginx/access.log vhost; include /etc/nginx/vhost.d/default; location / { proxy_pass http://btcpay; } set_real_ip_from 172.18.0.6; real_ip_header Cf-Connecting-Ip; } server { server_name main.domain.com; listen 80 ; access_log /var/log/nginx/access.log vhost; return 301 https://$host$request_uri; } server { proxy_set_header X-Forwarded-Host $http_host; proxy_set_header Host $http_host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $proxy_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto; proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl; proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port; client_max_body_size 100M; server_name main.domain.com; listen 443 ssl ; http2 on; access_log /var/log/nginx/access.log vhost; ssl_protocols TLSv1.2; ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; ssl_prefer_server_ciphers on; ssl_session_timeout 5m; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_certificate /etc/nginx/certs/main.domain.com.crt; ssl_certificate_key /etc/nginx/certs/main.domain.com.key; ssl_dhparam /etc/nginx/certs/main.domain.com.dhparam.pem; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/nginx/certs/main.domain.com.chain.pem; add_header Strict-Transport-Security "max-age=31536000" always; include /etc/nginx/vhost.d/default; location / { proxy_pass http://btcpay; } set_real_ip_from 172.18.0.6; real_ip_header Cf-Connecting-Ip; }`

thundervm commented 6 months ago

I just noticed github didn't properly format the configs :( Sorry about that

thundervm commented 6 months ago

Problem solved! I had to run btcpay-setup, not btcpay-update export BTCPAY_HOST="domain.com" export BTCPAY_ADDITIONAL_HOSTS="new.domain.com" . ./btcpay-setup.sh -i