What's all this about? Until quite recently a parent would return home at the end of the week with an actual packet with dollars in it, this was called a pay packet. Financial privacy did not need to be protected, because it was already present in this system. When a group of people got together to discuss what they thought about a subject, it was a private conversation. And the outcome of a conversation would only be known by the participants. Now all financial transactions are monitored, and conversations are scanned and processed by centralised computer systems. A virtual profile is built up online about us for the purpose of marketing, rating, and worse than that political manipulation. This website is here to educate anyone who might feel their human rights being chipped away, and to let them know our humanity and freedoms are not to be taken. Technology is a tool for freedom, not oppression. How to regain online privacy. And provide professional bitcoin invoices with btcpayserver. To receive payments in bitcoin, and lightning. From multiple websites with one local bitcoin node. The focus here is establishing yourself online with privacy, then invoicing and accepting online payments in bitcoin. Remember every journey begins with a single step, and to not let perfect be the enemy of good. Privacy Steps: Purchase a new or used mobile phone that supports grapheneOS, maybe Pixel pro 6 or greater - https://grapheneos.org/faq#supported-devices Install grapheneOS onto it, don't buy pre installed - https://grapheneos.org Buy an eSim with phone number using mixed or non kyc bitcoin, bitcoin-lightning or monero - https://silent.link to get confirmation text messages (note that twitter and telegram don't appear to accept these non-kyc numbers for verification, why do they need to know where we live?) Buy a vpn service, pay with mixed or non kyc bitcoin, or swap for monero(https://unstoppableswap.net) - https://mullvad.net Anything is better than nothing here, PIA is decent for easy install onto lots of different devices. Setup a new email address with proton.me. Confirm you account with sms to your new phone eSim number. Only use this new email for setting up the website for now. Use you new website email address for worry free communication. Be sure ssl encryption is turned on in mail smtp connection in your mobile device. Don't use google. Don't use facebook. Don't use snapchat. Remain anon on twitter. Use nostr. Use brave browser. Use your own mail server. Receiving Payments Steps: One Privacy Concern - the DNS record for your subdomain will point to your fixed IP and can be looked up with whois. Your main domain is not linked to your fixed IP however. Look into using a VPS to obscure this IP, I thought VPS's were complex and expensive but that's not the case. I found many on this page https://bitcoin-vps.com/ and I chose https://1984.hosting myself at $6/mth payable in bitcoin, but not in lightning. If a VPS is used, all the settings below will be the same except port redirects, just use 80 and 443, and change the 127.0.0.1 in nginx config to your home fixed IP, point subdomain a-name to the vps IP. I will continue now assuming you are using your local node, you can upgrade security later with a VPS later. I hope to make a seperate link for this. Buy a web domain from orange.net. Confirm your identity with you new proton.me email address. RapidSSL Standard for a green tick website with privacy. Pay for the website with bitcoin lighting, pay>bitpay>electrum>bitcoin lightning. About $40/yr. Use new web domain to setup your daily email address. Use this new domain email on your new phone. Use Thunderbird on phone and pc for email. Navigate to name servers to use if hosting domains>my domains>down arrow next to spanner>manage domain>nameservers>custom siti.ns.orangewebsite.com buffy.ns.orangewebsite.com don't manage dns or subdomains here, there is no cpanel. Instead go to services>MyServices>Click In Bronze Hosting Area>login to cpanel domain>zone editor>manage add subdomain .btcpay , add an a-name for it, direct it to your fixed IP. You will need a fixed IP for the home network, so your webpage subdomain can point to it. Use these port fowards on your personal router, point them to the local linux server we will set up. 80 and 443 are the web data coming from your new website subdomain's 'a-name' ie btcpay.fubar.com 15080 and 15443 will be the ports on your server that nginx looks at for incoming connections. You can use different ports here, but they must match the nginx further below. Service Name External Port Start External Port End Protocol Internal Port Start Internal Port End Server IP Address BTCPay NGINX HTTP 80 80 TCP 15080 15080 10.0.1.57 BTCPay NGINX HTTPS 443 443 TCP 15443 15443 10.0.1.57 internal ip is your server, give it a fixed ip or have your dhcp allocate the same ip every time. Following parmanode instructions, buy a cheap pc or laptop. Or install oracleVM and spin up a linux machine. Must be always on pc, or online server. On your new linux mint lts server, must be always on. install parmanode visit https://parmanode.com/install to learn curl https://parmanode.com/install.sh | sh from parmanode install bitcoin/electrum/lightning and install Install btcpay server. remove the need for sudo password if you want sudo visudo add this line to the file with your username
yourusername ALL=(ALL) NOPASSWD: ALL
sudo apt update sudo apt upgrade sudo apt-get install nginx #Error port80 bacause config to 15080 isnt changed yet sudo sed -i 's/80 default_server/15080/g' /etc/nginx/sites-available/default sudo apt install net-tools sudo netstat -tulnp | grep :80 #Check what is using 80 sudo systemctl restart nginx install certbot this is for linux mint lts - use snapd for ubuntu sudo apt install python3-acme python3-certbot python3-mock python3-openssl python3-pkg-resources python3-pyparsing python3-zope.interface python3-certbot-nginx nginx sudo apt install -f service nginx status sudo tail -f /var/log/nginx/error.log certonly means your nginx config file will not be edited by certbot, the config file we will copy in below contains the location of the *.pen files already. the certbot test run sudo certbot certonly --webroot -w /var/www/html -d btcpay.fubarhome.com -m webmaster@fubarhome.com --agree-tos --debug-challenges --dry-run -v sudo certbot certonly --webroot -w /var/www/html -d btcpay.fubarwork.com -m webmaster@fubarwork.com --agree-tos --debug-challenges --dry-run -v the certbot live certification sudo certbot certonly --webroot -w /var/www/html -d btcpay.fubarhome.com -m webmaster@fubarhome.com --agree-tos sudo certbot certonly --webroot -w /var/www/html -d btcpay.fubarwork.com -m webmaster@fubarwork.com --agree-tos If using ubuntuLTS install with snap use this, this failed on new linux mint version due to jammy drivers sudo apt-get install software-properties-common sudo add-apt-repository universe sudo add-apt-repository ppa:certbot/certbot # failed older system , jammy snap --version sudo snap install --classic certbot sudo ln -s /snap/bin/certbot /usr/bin/certbot sudo mkdir -p /var/www/html/.well-known/acme-challenge/ sudo bash -c 'echo "test" > /var/www/html/.well-known/acme-challenge/test' If using on ubuntuLTS installed with snap use this, this fails on the current linux mint due to file permissions --nginx command caused errors, but --webroot worked well. sudo certbot --nginx -d btcpay.fubarhome.com -m webmaster@fubarhome.com --agree-tos sudo certbot --nginx -d btcpay.fubarwork.com.au -m letsencrypt@fubarwork.com.au --agree-tos sudo certbot renew --dry-run sudo certbot renew --force-renewal edit the nginx config file for reverse proxy, and certbot setup sudo nano /etc/nginx/sites-available/btcpay2sites Copy and paste details from below, edit domain names etc. If you only have one site, put # in front of all the lines referencing the second site, if you have more sites, add more sections. 23001 is default on parmanode btcpay server, this is 3003 on an umbrel
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
client_header_buffer_size 500k;
large_client_header_buffers 4 500k;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
server_name btcpay.fubarwork.com.au;
listen [::]:15443 ssl ipv6only=on;
listen 15443 ssl;
location / {
proxy_pass http://127.0.0.1:23001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
ssl_certificate /etc/letsencrypt/live/btcpay.fubarwork.com.au/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/btcpay.fubarwork.com.au/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
server_name btcpay.fubarhome.com;
listen [::]:15443 ssl; # ipv6only=on;
listen 15443 ssl;
location / {
proxy_pass http://127.0.0.1:23001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
ssl_certificate /etc/letsencrypt/live/btcpay.fubarhome.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/btcpay.fubarhome.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
# http to https for btcpay.fubarwork.com.au
server {
listen 15080;
listen [::]:15080;
server_name btcpay.fubarwork.com.au;
# ACME challenge configuration
location ~ /.well-known/acme-challenge/ {
allow all;
root /var/www/html;
try_files $uri =444;
}
location / {
return 301 https://$host$request_uri;
}
}
# http to https for btcpay.fubarhome.com
server {
listen 15080;
listen [::]:15080;
server_name btcpay.fubarhome.com;
# ACME challenge configuration
location ~ /.well-known/acme-challenge/ {
allow all;
root /var/www/html;
try_files $uri =444;
}
location / {
return 301 https://$host$request_uri;
}
}
# Default server block for unknown hosts
server {
listen 15080 default_server;
listen [::]:15080 default_server;
#return 404; # 404 too chatty
return 444; # just closes the connection
}
enable the config sudo ln -sf /etc/nginx/sites-available/btcpay2sites /etc/nginx/sites-enabled/ #creates new symbolic link sudo rm /etc/nginx/sites-enabled/default #removes the default nginx symbolic link to test the currently linked config sudo nginx -t activate the config in nginx sudo systemctl reload nginx or sudo systemctl restart nginx that's it! If you had success your btcpay subdomain is now ssl certified and points to your ip on the correct ports, only network traffic that is from your btcpay subdomain is accepted by your node, all other traffic is blocked or ignored. You can manage your btcpayserver by browsing to your btcpay subdomain. btcpay released a fix - if you see a btcpayserver error when connecting remotely. find and change into directory /app-data/btcpay-server/ then type nano .env.app_proxy paste in this line
PROXY_TRUST_UPSTREAM=true
Then save using: Control + X, then: Y, then: >enter<
restart BTCPay Server, reboot if you don't know how.
To receive lightning payments on btcpayserver into your lightning wallet, you will require 'inbound liquidity' this is value you can pull back after
sending it. One way to get inbound liquidity is to send lighting value out, so I send onchain bitcoin to myself from an exchange, then send lightning payment
back to the exchange, this is now all inbound liquidity. Some services sell inbound liquidity.
My first steps to privacy is thanks to @_k3tan's website https://k3tan.com
Reverse DNS proxy concept from Jorijn, his original link is no longer active, but now references https://docs.btcpayserver.org/FAQ/Deployment/
@parman_the for developing a no bs bitcoin node, and for everything else here https://armantheparman.com
All the best!
@freeonlineuser
nostr npub1myh7r64lemswzc055slpg2kcy33wj04qgphely2sx08w5dkqjp8scpmpph
If you've found value here you can let me know with a lightning payment message of support.
Lightning Link
Why not test my operational btcpay button below.