Content Comparison

...

1. Open port 80 (HTTP) in UFW to enable the Let’s Encrypt certbot domain-control-check.

   1. See: Configuring Server Firewalls

2. Open port 443 in UFW to expose/enable HTTPS.

   1. See: Configuring Server Firewalls

3. You must own and control a valid DNS domain,

   1. for example, agent86.yourcasdomain.com must resolve (to your CAS public IP).

   2. See below: Create an “A” record

   3. The script will fail if you cannot supply a valid DNS domain. If the script fails for this reason, then:

      1. add the domain (e.g. agent86.yourcasdomain.com) to your DNS records, and

      2. run sudo certbot --nginx to try again.

4. The /batm/config/hostname file must point to that valid domain to be used.

   1. See: https://generalbytes.atlassian.net/wiki/x/CICpz

   2. The script will fail if this file is missing. If the file is missing:

      1. create the file (with the correct contents),

      2. restart CAS, and

      3. run install-reverse-proxy again.

5. Disable version reporting in NGINX to improve security:

   1. Edit the file: /etc/nginx/nginx.conf

   2. Find the line: # server_tokens off;

   3. Delete the leading hashtag “#" (only the hashtag) to disable version reporting.

   4. Test the configuration and restart NGINX: sudo nginx -t && sudo systemctl reload nginx

...

Testing

URL path examples Enter one of the following testing URLs into a browser.

Examples (replace “agent86.yourcasdomain.com" with your actual domain):

• Veriff example: https://agent86.yourcasdomain.com/server/serverapi/apiv1/identity-check/veriffwh/

• lnurl example: https://agent86.yourcasdomain.com/server/extensions/lnurl/

When properly configured, either URL should connect to their respective REST API

...

without errors.

Example of testing success in Chrome:

...

...

...