Skip to content

Instantly share code, notes, and snippets.

@petzsch

petzsch/README.md

Last active May 15, 2025 16:14
Show Gist options
  • Save petzsch/32304778af54fda3a3788fafd84c75ce to your computer and use it in GitHub Desktop.
Save petzsch/32304778af54fda3a3788fafd84c75ce to your computer and use it in GitHub Desktop.
Download ZIP
Run BTCPay Server behind a custom Reverse Proxy (i.e. Apache)
Raw
README.md

Howto configure BTCPay behind a reverse proxy (Apache 2.x)

This configuration will disable the let's encrypt part of the configuration. Your BTCPay will still install a reverse proxy, which is needed to allow access to i.e. Ride The Lightning.

Please adapt the configuration to your environment:

Replace btcpay.DOMAIN.TLD with the actual vHost domain name you will be using to tunnel requests through. You may also want to change the pruning setting according to your needs.

mkdir BTCPayServer
cd BTCPayServer/
git clone https://github.com/btcpayserver/btcpayserver-docker
cd btcpayserver-docker/
export BTCPAY_HOST="btcpay.DOMAIN.TLD"
export NBITCOIN_NETWORK="mainnet"
export BTCPAYGEN_CRYPTO1="btc"
export BTCPAYGEN_ADDITIONAL_FRAGMENTS="opt-save-storage-s"
export BTCPAYGEN_LIGHTNING="lnd"
export BTCPAY_ENABLE_SSH="true"
export REVERSEPROXY_HTTP_PORT="127.0.0.1:8083"
export BTCPAYGEN_EXCLUDE_FRAGMENTS="$BTCPAYGEN_EXCLUDE_FRAGMENTS;nginx-https"
export BTCPAYGEN_REVERSEPROXY="nginx"
. ./btcpay-setup.sh -i

In your Apache configuration include the following:

  Header add X-Forwarded-Proto "https"
  RequestHeader set X-Forwarded-Proto "https"
  ProxyPreserveHost on

  RewriteEngine On
  RewriteCond %{HTTP:Upgrade} =websocket [NC]
  RewriteRule /(.*)           ws://localhost:8083/$1 [P,L]
  RewriteCond %{HTTP:Upgrade} !=websocket [NC]
  RewriteRule /(.*)           http://localhost:8083/$1 [P,L]
  ProxyPassReverse / http://localhost:3001/
@mar101xy
Copy link

How do we setup the RTL part?

I can't get RTL working,
When i click on the RTL i get "404 - Page not found"
This happens on apache only. If i switch to nginx as the "behind the reverse proxy" i can access RTL

its just apache, that RTL gives me that 404 page. is my config wrong?

example config


# Port 80 (HTTP) - Redirect to HTTPS
<VirtualHost *:80>
    ServerName mydomain.com
    ServerAlias www.mydomain.com

    # Redirect all HTTP traffic to HTTPS
    Redirect permanent / https://mydomain.com/
</VirtualHost>

# Port 443 (HTTPS) - Forward to Nginx
<VirtualHost *:443>
    ServerName mydomain.com
    ServerAlias www.mydomain.com

    # SSL Configuration (adjust paths if needed)
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem

    # Proxy Configuration for BTCPay
    Header add X-Forwarded-Proto "https"
    RequestHeader set X-Forwarded-Proto "https"
    ProxyPreserveHost On

    # Support WebSocket connections
    RewriteEngine On
    RewriteCond %{HTTP:Upgrade} =websocket [NC]
    RewriteRule /(.*)           ws://localhost:8083/$1 [P,L]
    RewriteCond %{HTTP:Upgrade} !=websocket [NC]
    RewriteRule /(.*)           http://localhost:8083/$1 [P,L]

    # Forward traffic to btcpay container
    ProxyPass / http://localhost:8083/

    # Forward traffic to rtl
    ProxyPass /rtl/ http://192.168.0.10:3000/
    ProxyPassReverse /rtl/ http://192.168.0.10:3000/

</VirtualHost>

@petzsch
Copy link
Author

petzsch commented Dec 28, 2024

config looks good to me. Though I don't quite understand why you introduced the proxyPass and proxyPassReverse for /rtl
RTL is configured as part of the nginx that BTCPay configures. No seperate rule should be required for it to work.

Sadly I can't repro as I run on a pretty low end VPS at the moment and don't have the ressources to run LND or CLN with RTL.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment