- Caddy
- On Demand TLS - Guide
- Nginx
- Guide
- Want to learn more about How I did it? Click here
A discord bot allowing anyone to implement BYOD (bring your own domain) into their service (semi) easily.
- Ruby 3.0.0 or higher
- Bundler
- PostgreSQL server
- Discord bot token Or use the Docker image to skip:
- Ruby
- Bundler
- PostgreSQL server
There are two ways to install the bot, either by using Docker RECOMMENDED or by installing it manually.
- Get the
docker-compose.ymlfile from the repository here. - Edit the environment variables in the
docker-compose.ymlfile. - Run
docker-compose up -dto start the bot.
- Clone the repository.
- Get the
docker-compose.build.ymlfile from the repository here. - Edit the environment variables in the
docker-compose.build.ymlfile. - Run
docker-compose -f docker-compose.build.yml buildto build the bot. - Run
docker-compose -f docker-compose.build.yml up -dto start the bot.
Note
When setting up manually, you can use sqlite3 instead of PostgreSQL.
To use sqlite, just pass the --sqlite flag to the bundle exec ruby cli/cli.rb start command.
Example: bundle exec ruby cli/cli.rb start --sqlite
This is not recommended for production use.
- Clone the repository.
- Run
bundle installto install the required gems. - Run
bundle exec ruby cli/cli.rb startto start the bot. You will be prompted to enter the required environment variables.
- Caddy is the easiest reverse proxy to setup with the bot.
- Install Caddy by following the instructions here.
- Create a new file in the Caddyfile format.
- Add the following configuration to the file:
{
on_demand_tls {
ask http://yourIPToTheBotServer:9292/domainCheck/
interval 2m
burst 5
}
}
https:// {
tls {
on_demand
}
reverse_proxy yourserversip:port
}- Replace
yourIPToTheBotServerwith the IP address of the server running the bot. - Replace
yourserversip:portwith the IP address and port of the server you want to reverse proxy to.
- NGINX is slightly more involved to setup with the bot.
- One caveat is that you will need to use openresty over standard NGINX.
- Install openresty by following the instructions here.
- Or, if you are using Ubuntu 22.04 LTS, you can use our bash script to install openresty (and other dependencies):
curl -s https://raw.githubusercontent.com/ruby-network/byod-bot/main/scripts/nginx.sh | bash- Using the script will allow you to skip step 1 through 3.
1a. Also install OPM if your distribution does not have it.
- If you were previously using NGINX, you will need to disable it:
sudo systemctl stop nginx
sudo systemctl disable nginx- Then you need to generate some fallback certificates:
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -out /etc/openresty/account.key openssl req -newkey rsa:2048 -nodes -keyout /etc/openresty/default.key -x509 -days 365 -out /etc/openresty/default.pemor as one command:
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -out /etc/openresty/account.key && openssl req -newkey rsa:2048 -nodes -keyout /etc/openresty/default.key -x509 -days 365 -out /etc/openresty/default.pem - If you have a complicated nginx config, you should back it up:
sudo cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bakand then move it to the openresty directory:
sudo mv /etc/nginx/nginx.conf /etc/openresty/nginx.conf #(or /usr/local/openresty/nginx.conf)- Then, in which ever way you configure your sites, add what you need from the following example:
resolver 8.8.8.8 ipv6=off;
lua_shared_dict acme 16m;
lua_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
lua_ssl_verify_depth 2;
init_by_lua_block {
require("resty.acme.autossl").init({
tos_accepted = true,
account_key_path = "/etc/openresty/account.key",
account_email = "[email protected]",
domain_whitelist = nil,
blocking = true,
staging = true,
})
}
init_worker_by_lua_block {
require("resty.acme.autossl").init_worker()
}
server {
#listen 80 default_server;
#listen [::]:80 default_server;
listen 443 ssl;
listen [::]:443 ssl;
server_name yourmainserver.com;
ssl_certificate /etc/openresty/default.pem;
ssl_certificate_key /etc/openresty/default.key;
ssl_certificate_by_lua_block {
require("resty.acme.autossl").ssl_certificate()
}
location / {
access_by_lua_block {
local res = ngx.location.capture("/domainCheck/?domain=" .. ngx.escape_uri(ngx.var.host))
if res.status ~= 200 then
ngx.log(ngx.WARN, "Domain not allowed: ", ngx.var.host)
return ngx.exit(ngx.HTTP_FORBIDDEN)
end
}
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'Upgrade';
proxy_connect_timeout 10;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_pass http://localhost:9292; # Adjust the URL if needed
}
location /.well-known {
access_by_lua_block {
local res = ngx.location.capture("/domainCheck/?domain=" .. ngx.escape_uri(ngx.var.host))
if res.status ~= 200 then
ngx.log(ngx.WARN, "Domain not allowed: ", ngx.var.host)
return ngx.exit(ngx.HTTP_FORBIDDEN)
end
}
content_by_lua_block {
require("resty.acme.autossl").serve_http_challenge()
}
}
location /domainCheck {
internal;
proxy_pass http://localhost:9292/domainCheck; # Adjust the URL if needed
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}- Voila! You should now have a working NGINX reverse proxy with the bot. Feel free to ask for help in the Discord Server.