setup files for my VPS
Go to file
Abhinav Sarkar a19c004fc1 Removes pihole and cloudflared 2021-08-21 12:53:21 +05:30
fail2ban Changes fail2ban to use DOCKER-USER chain 2019-11-25 08:10:04 +05:30
nginx-conf Removes pihole and cloudflared 2021-08-21 12:53:21 +05:30
smtp@49dbeb4b31 Builds the smtp service instead of fetching image 2018-07-07 08:57:11 +00:00
webhooks Changes webhooks Dockerfile to use docker/compose as base image 2019-05-25 14:09:00 +00:00
.gitignore Adds arpita.site 2019-05-05 07:13:30 +00:00
.gitmodules Builds the smtp service instead of fetching image 2018-07-07 08:57:11 +00:00
README.md Adds fail2ban to ban DNS attacks 2019-03-16 05:11:23 +00:00
docker-compose.yml Removes pihole and cloudflared 2021-08-21 12:53:21 +05:30
space.service Adds drone.io for CI 2018-08-04 12:13:42 +00:00

README.md

space

Setup files for my VPS

Steps to setup

Setup VM

  • login as root
  • disable ssh for root
  • add user: adduser <username>
  • move and chown ssh keys from root to the new user
  • add user to sudo: sudo usermod -aG sudo <username>
  • setup firewall to allow/disallow ports
  • logout and login as the new user

Install docker

$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
$ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
$ sudo apt-get update
$ sudo apt-get install -y docker-ce docker-compose
$ sudo gpasswd -a $USER docker

Install fail2ban

$ sudo apt-get install geoip-bin geoip-database fail2ban

Setup space

  • copy/clone this repo to ~/space
  • setup SSL certificates (optional)
$ wget https://dl.eff.org/certbot-auto
$ chmod a+x ./certbot-auto
$ sudo ./certbot-auto certonly --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns -d *.abhinavsarkar.net
$ sudo cp /etc/letsencrypt/live/abhinavsarkar.net/* ~/space/certs/
$ sudo chown -R $USER:$USER ~/space/certs/
  • stop and disable resolvd
$ sudo service systemd-resolved stop
$ sudo systemctl disable systemd-resolved.service
  • edit /etc/resolv.conf to set the nameserver to 8.8.8.8
  • edit ~/space/space.service to set environment variables
    • set passwords to random values if new setup
    • set passwords to the previous values if a copy setup
    • set PH_SERVER_IP to the static IP of the server
  • setup the service and start
$ sudo cp ~/space/space.service /etc/systemd/system/
$ sudo systemctl enable space
$ sudo systemctl start space
  • edit /etc/resolv.conf to set the nameserver to 127.0.0.1
  • setup and start fail2ban
$ sudo cp fail2ban/iptables-pihole-geoip-fence.conf /etc/fail2ban/action.d/iptables-pihole-geoip-fence.conf
$ sudo cp fail2ban/pihole-geoip.conf /etc/fail2ban/filter.d/pihole-geoip.conf
$ sudo cp fail2ban/jail.local /etc/fail2ban/jail.local
$ sudo service fail2ban start