123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163 |
- ### OpenBSD Server Installation Guide ###
- ##################################################
- # Connecting to Server
- ssh root@207.246.121.231
- ##################################################
- # Configuring Users
- passwd &&
- useradd -G wheel -m user &&
- passwd user &&
- # Configuring Doas
- echo -e "permit persist user as root" | tee /etc/doas.conf
- ##################################################
- # Configuring SSH Authentication
- ssh-keygen -t rsa -b 4096 &&
- ssh-copy-id -i ~/.ssh/id_rsa.pub user@207.246.121.231 &&
- ssh user@207.246.121.231
- ##################################################
- # Updating Server
- doas pkg_add -Uu &&
- # Installing Packages
- doas pkg_add rsync-3.2.7p1 tor i2pd &&
- # Configuring Editor
- echo -e "set number\nset verbose showmode" | tee ~/.nexrc &&
- # Configuring Editor
- doas rm /etc/motd &&
- # Configuring Firewall
- # Configuring SSH
- doas sed -i 's/#Port 22/Port 2356/' /etc/ssh/sshd_config &&
- doas sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config &&
- doas sed -i 's/#StrictModes yes/StrictModes yes/' /etc/ssh/sshd_config &&
- doas sed -i 's/#MaxAuthTries 6/MaxAuthTries 1/' /etc/ssh/sshd_config &&
- doas sed -i 's/#MaxSessions 10/MaxSessions 1/' /etc/ssh/sshd_config &&
- doas sed -i 's/#KbdInteractiveAuthentication yes/KbdInteractiveAuthentication no/' /etc/ssh/sshd_config &&
- doas sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config &&
- doas sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/' /etc/ssh/sshd_config &&
- doas rcctl reload sshd &&
- # httpd
- doas cp /etc/examples/httpd.conf /etc/ &&
- doas chmod -R 777 /var/www/htdocs &&
- mkdir /var/www/htdocs/website.com &&
- # http
- echo 'server "website.com" {
- listen on * port 80
- root "/htdocs/website.com"
- location "/.well-known/acme-challenge/*" {
- root "/acme"
- request strip 2
- }
- }
- server "www.website.com" {
- listen on * port 80
- block return 301 "http://website.com$REQUEST_URI"
- }' | doas tee /etc/httpd.conf &&
- doas rcctl enable httpd && doas rcctl start httpd && doas httpd -n &&
- # ACME Client
- doas cp /etc/examples/acme-client.conf /etc/ &&
- doas sed -i 's/domain example.com/domain website.com/' /etc/acme-client.conf &&
- doas sed -i 's/alternative names { secure.example.com }/alternative names { www.website.com }/' /etc/acme-client.conf &&
- doas sed -i 's/domain key "\/etc\/ssl\/private\/example.com.key"/domain key "\/etc\/ssl\/private\/website.com.key"/' /etc/acme-client.conf &&
- doas sed -i 's/domain full chain certificate "\/etc\/ssl\/example.com.fullchain.pem"/domain full chain certificate "\/etc\/ssl\/website.com.fullchain.pem"/' /etc/acme-client.conf &&
- doas acme-client -v website.com &&
- # https
- echo 'server "website.com" {
- listen on * tls port 443
- root "/htdocs/website.com"
- tls {
- certificate "/etc/ssl/website.com.fullchain.pem"
- key "/etc/ssl/private/website.com.key"
- }
- location "/.well-known/acme-challenge/*" {
- root "/acme"
- request strip 2
- }
- }
- server "www.website.com" {
- listen on * tls port 443
- tls {
- certificate "/etc/ssl/website.com.fullchain.pem"
- key "/etc/ssl/private/website.com.key"
- }
- block return 301 "https://website.com$REQUEST_URI"
- }
- server "www.website.com" {
- listen on * port 80
- alias "website.com"
- block return 301 "https://www.website.com$REQUEST_URI"
- }
- # Include additional MIME types
- types {
- include "/usr/share/misc/mime.types"
- }' | doas tee /etc/httpd.conf &&
- doas rcctl reload httpd && doas httpd -n &&
- # TOR
- doas sed -i 's/#HiddenServiceDir \/var\/tor\/hidden_service/HiddenServiceDir \/var\/tor\/hidden_service/' /etc/tor/torrc &&
- doas sed -i 's/#HiddenServicePort 80 127.0.0.1:80/HiddenServicePort 80 127.0.0.1:80/' /etc/tor/torrc &&
- doas rcctl enable tor &&
- doas rcctl start tor &&
- sleep 5 &&
- onion_url=$(doas cat /var/tor/hidden_service/hostname) &&
- echo "\nserver \"$onion_url\" {
- listen on * port 80
- root \"/htdocs/website.com\"
- }" | doas tee -a /etc/httpd.conf &&
- doas rcctl reload httpd && doas httpd -n &&
- # I2P
- doas sed -i 's/# notransit = true/notransit = true/' /etc/i2pd/i2pd.conf &&
- echo -e "\n[website]
- type = http
- host = 127.0.0.1
- port = 8080
- keys = website.dat" | doas tee -a /etc/i2pd/tunnels.conf &&
- doas rcctl enable i2pd &&
- doas rcctl start i2pd &&
- sleep 5 &&
- ftp -o hostname http://127.0.0.1:7070/?page=i2p_tunnels && grep -oE '[^"[:space:]]+.b32.i2p:8080' hostname | sed 's/:8080//' | doas tee hostname &&
- sleep 120 &&
- i2p_url=$(doas cat hostname) &&
- echo "\nserver \"$i2p_url\" {
- listen on * port 8080
- root \"/htdocs/website.com\"
- }" | doas tee -a /etc/httpd.conf &&
- doas rm hostname &&
- doas rcctl reload httpd && doas httpd -n &&
- # Crontab
- echo "0 0 * * 0 /usr/local/bin/backupscript" | crontab - &&
- echo "0 */6 * * * pkg_add -Uu && syspatch && reboot\n0 0 * * 0 acme-client -v website.com && rcctl reload httpd" | doas crontab - &&
- # Backups
- mkdir ~/backups &&
- echo '#!/bin/sh
- openrsync -artv /var/www/htdocs/website.com ~/backups/$(date "+%d_%m_%Y")' | doas tee /usr/local/bin/backupscript &&
- doas chmod +x /usr/local/bin/backupscript
- ##################################################
- # Syncing Website
- rsync -rtvzPe 'ssh -p 2356' ~/documents/websites/website.com user@207.246.121.231:/var/www/htdocs/ --delete
|