openbsd_install 5.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163
  1. ### OpenBSD Server Installation Guide ###
  2. ##################################################
  3. # Connecting to Server
  4. ssh root@207.246.121.231
  5. ##################################################
  6. # Configuring Users
  7. passwd &&
  8. useradd -G wheel -m user &&
  9. passwd user &&
  10. # Configuring Doas
  11. echo -e "permit persist user as root" | tee /etc/doas.conf
  12. ##################################################
  13. # Configuring SSH Authentication
  14. ssh-keygen -t rsa -b 4096 &&
  15. ssh-copy-id -i ~/.ssh/id_rsa.pub user@207.246.121.231 &&
  16. ssh user@207.246.121.231
  17. ##################################################
  18. # Updating Server
  19. doas pkg_add -Uu &&
  20. # Installing Packages
  21. doas pkg_add rsync-3.2.7p1 tor i2pd &&
  22. # Configuring Editor
  23. echo -e "set number\nset verbose showmode" | tee ~/.nexrc &&
  24. # Configuring Editor
  25. doas rm /etc/motd &&
  26. # Configuring Firewall
  27. # Configuring SSH
  28. doas sed -i 's/#Port 22/Port 2356/' /etc/ssh/sshd_config &&
  29. doas sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config &&
  30. doas sed -i 's/#StrictModes yes/StrictModes yes/' /etc/ssh/sshd_config &&
  31. doas sed -i 's/#MaxAuthTries 6/MaxAuthTries 1/' /etc/ssh/sshd_config &&
  32. doas sed -i 's/#MaxSessions 10/MaxSessions 1/' /etc/ssh/sshd_config &&
  33. doas sed -i 's/#KbdInteractiveAuthentication yes/KbdInteractiveAuthentication no/' /etc/ssh/sshd_config &&
  34. doas sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config &&
  35. doas sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/' /etc/ssh/sshd_config &&
  36. doas rcctl reload sshd &&
  37. # httpd
  38. doas cp /etc/examples/httpd.conf /etc/ &&
  39. doas chmod -R 777 /var/www/htdocs &&
  40. mkdir /var/www/htdocs/website.com &&
  41. # http
  42. echo 'server "website.com" {
  43. listen on * port 80
  44. root "/htdocs/website.com"
  45. location "/.well-known/acme-challenge/*" {
  46. root "/acme"
  47. request strip 2
  48. }
  49. }
  50. server "www.website.com" {
  51. listen on * port 80
  52. block return 301 "http://website.com$REQUEST_URI"
  53. }' | doas tee /etc/httpd.conf &&
  54. doas rcctl enable httpd && doas rcctl start httpd && doas httpd -n &&
  55. # ACME Client
  56. doas cp /etc/examples/acme-client.conf /etc/ &&
  57. doas sed -i 's/domain example.com/domain website.com/' /etc/acme-client.conf &&
  58. doas sed -i 's/alternative names { secure.example.com }/alternative names { www.website.com }/' /etc/acme-client.conf &&
  59. doas sed -i 's/domain key "\/etc\/ssl\/private\/example.com.key"/domain key "\/etc\/ssl\/private\/website.com.key"/' /etc/acme-client.conf &&
  60. doas sed -i 's/domain full chain certificate "\/etc\/ssl\/example.com.fullchain.pem"/domain full chain certificate "\/etc\/ssl\/website.com.fullchain.pem"/' /etc/acme-client.conf &&
  61. doas acme-client -v website.com &&
  62. # https
  63. echo 'server "website.com" {
  64. listen on * tls port 443
  65. root "/htdocs/website.com"
  66. tls {
  67. certificate "/etc/ssl/website.com.fullchain.pem"
  68. key "/etc/ssl/private/website.com.key"
  69. }
  70. location "/.well-known/acme-challenge/*" {
  71. root "/acme"
  72. request strip 2
  73. }
  74. }
  75. server "www.website.com" {
  76. listen on * tls port 443
  77. tls {
  78. certificate "/etc/ssl/website.com.fullchain.pem"
  79. key "/etc/ssl/private/website.com.key"
  80. }
  81. block return 301 "https://website.com$REQUEST_URI"
  82. }
  83. server "www.website.com" {
  84. listen on * port 80
  85. alias "website.com"
  86. block return 301 "https://www.website.com$REQUEST_URI"
  87. }
  88. # Include additional MIME types
  89. types {
  90. include "/usr/share/misc/mime.types"
  91. }' | doas tee /etc/httpd.conf &&
  92. doas rcctl reload httpd && doas httpd -n &&
  93. # TOR
  94. doas sed -i 's/#HiddenServiceDir \/var\/tor\/hidden_service/HiddenServiceDir \/var\/tor\/hidden_service/' /etc/tor/torrc &&
  95. doas sed -i 's/#HiddenServicePort 80 127.0.0.1:80/HiddenServicePort 80 127.0.0.1:80/' /etc/tor/torrc &&
  96. doas rcctl enable tor &&
  97. doas rcctl start tor &&
  98. sleep 5 &&
  99. onion_url=$(doas cat /var/tor/hidden_service/hostname) &&
  100. echo "\nserver \"$onion_url\" {
  101. listen on * port 80
  102. root \"/htdocs/website.com\"
  103. }" | doas tee -a /etc/httpd.conf &&
  104. doas rcctl reload httpd && doas httpd -n &&
  105. # I2P
  106. doas sed -i 's/# notransit = true/notransit = true/' /etc/i2pd/i2pd.conf &&
  107. echo -e "\n[website]
  108. type = http
  109. host = 127.0.0.1
  110. port = 8080
  111. keys = website.dat" | doas tee -a /etc/i2pd/tunnels.conf &&
  112. doas rcctl enable i2pd &&
  113. doas rcctl start i2pd &&
  114. sleep 5 &&
  115. ftp -o hostname http://127.0.0.1:7070/?page=i2p_tunnels && grep -oE '[^"[:space:]]+.b32.i2p:8080' hostname | sed 's/:8080//' | doas tee hostname &&
  116. sleep 120 &&
  117. i2p_url=$(doas cat hostname) &&
  118. echo "\nserver \"$i2p_url\" {
  119. listen on * port 8080
  120. root \"/htdocs/website.com\"
  121. }" | doas tee -a /etc/httpd.conf &&
  122. doas rm hostname &&
  123. doas rcctl reload httpd && doas httpd -n &&
  124. # Crontab
  125. echo "0 0 * * 0 /usr/local/bin/backupscript" | crontab - &&
  126. echo "0 */6 * * * pkg_add -Uu && syspatch && reboot\n0 0 * * 0 acme-client -v website.com && rcctl reload httpd" | doas crontab - &&
  127. # Backups
  128. mkdir ~/backups &&
  129. echo '#!/bin/sh
  130. openrsync -artv /var/www/htdocs/website.com ~/backups/$(date "+%d_%m_%Y")' | doas tee /usr/local/bin/backupscript &&
  131. doas chmod +x /usr/local/bin/backupscript
  132. ##################################################
  133. # Syncing Website
  134. rsync -rtvzPe 'ssh -p 2356' ~/documents/websites/website.com user@207.246.121.231:/var/www/htdocs/ --delete