sad/segfault
1
0
Fork 0
mirror of https://github.com/hackerschoice/segfault.git synced 2024-07-03 08:37:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' of github.com:hackerschoice/segfault

Browse Source
This commit is contained in:
SkyperTHC 2022-09-19 14:59:22 +01:00
commit 1463dfda22
No known key found for this signature in database
GPG Key ID: A9BD386DF9113CD6
1 changed files with 19 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
README.md
View File

@ -1,6 +1,6 @@
# segfault.net - A Server Centre Depoyment
This page is for server administrators and those folks who like to run their own segfault.net server centre. Running your own Segfault Server Centre allows you to offer root-servers to other users.
This page is for server administrators and those folks who like to run their own Segfault.net Server Centre (SSC). Running your own SSC allows you to offer root-servers to other users.
If this is not what you want and you just like to get a root-shell on your own server then please go to [https://www.thc.org/segfault](http://www.thc.org/segfault) or try our demo deployment:
```shell
@ -14,7 +14,9 @@ ssh root@segfault.net # the password is 'segfault'
git clone --depth 1 https://github.com/hackerschoice/segfault.git && \
cd segfault && \
docker build -t sf-guest guest && \
SF_BASEDIR=$(pwd) SF_SSH_PORT=2222 docker-compose up
SF_SEED="$(head -c 1024 /dev/urandom | tr -dc '[:alpha:]' | head -c 32)" && \
echo "SF_SEED=${SF_SEED}" && \
SF_BASEDIR=$(pwd) SF_SEED=${SF_SEED} SF_SSH_PORT=2222 docker-compose up
```
Then log in to a new root server
@ -23,57 +25,21 @@ ssh -p 2222 root@127.1 # password is 'segfault'
```
Every new SSH connection creates a ***new dedicated root server.***
Take a look at ```provision/env.example``` for a sample ```.env``` file.
To stop press Ctrl-C and execute:
```
docker-compose down
```
To start execute:
```
SF_BASEDIR=$(pwd) SF_SEED=SecretFromAbove SF_SSH_PORT=2222 docker-compose up
```
Take a look at `provision/env.example` for a sample `.env` file. Configure the test of the variables in `config/etc/sf/sf.conf`.
# Provisioning
Provisioning turns a bare minimum Linux into a Segfault Server Centre. The provisioning script installs docker, creates a dedicated user and sets up the ```.env``` file and thereafter executes the same steps as in "Deploy a Server Centre". If you already have docker running then you do not need this step. We use this script to turn a freshly created AWS instance into a Segfault Server Centre:
```shell
git clone https://github.com/hackerschoice/segfault.git
SF_SEED=XXX \
SF_FQDN=us.segfault.net \
SF_MAXOUT=10Mbit \
SF_NORDVPN_PRIVATE_KEY=YYY \
segfault/provision/init-ubuntu.sh
```
We use Route53 so that the user always connects to the nearest Segfault Server Centre. E.g. ```segfault.net``` will resolve to ```us.segfault.net``` if you are in the US. The ```SF_FQDN=``` is the unique name for that region.
The ```SF_SEED``` is the master seed from which many cryptographical keys are derived. We do not store the ```SF_SEED=``` in the ```.env``` file (however, this is possible but not advisable). The Server Centre won't start without the SF_SEED. A manual start is needed if the AWS instance reboots:
```
cd segfault
SF_SEED=XXX docker-compose up -d
```
Other environment variables can be set:
```
SF_SEED= The master seed. [default=$(head -c 1024 /dev/urandom | tr -dc '[:alpha:]' | head -c 32)]
SF_HOST_USER= The user name in root@segfault.net. [default=root]
SF_FQDN= A unique domain name to reach the Server Centre [default=auto]
SF_MAXOUT= Limit outgoing traffic. [default=unlimited]
SF_MAXIN= Limit incoming traffic. [default=unlimited]
SF_HOST_PASSWORD= The user password for root@segfault.net. [default=segfault]
SF_BASEDIR= A location to store configuration data. [default=~ubuntu/segfault]
SF_SHMDIR= A volatile location. [default=/dev/shm/sf-*]
SF_SSH_PORT= The TCP port on which the Server Centre should run on [default=22]
SF_SSH_PORT_MASTER= Move the hosting server's SSH port to this port [default=64222]
SF_DEBUG=1 Turn on debug output.
```
The Segfault Server Centre routes all outgoing traffic through at VPN (if availabe) or TOR otherwise. The following environment variables can be set to configure the VPN (optional):
```
SF_NORDVPN_PRIVATE_KEY= NordVPN
SF_CRYPTOSTORM_
```
The Segfault Server Centre stores data in to locations.
1. ```segfault/config``` contains the configuration.
1. ```segfault/data``` contains encrypted user data.
Both locations (and the SF_SEED and .env file) should be backed up. All are needed to recreate the Server Centre and all user data from scatch.
Provisioning turns a freshly created Linux (a bare minimum Installation) into a SSC. It's how we 'ready' a newly launched AWS Instance for SSC deployment. You likely dont ever need this but [we wrote it down anyway](https://github.com/hackerschoice/segfault/wiki/AWS-Deployment).
---
# BETA TESTING BETA TESTING
@ -89,19 +55,15 @@ Some suggestions by others:
1. **PM me if you have more suggestions**
---
Cluster can be deployed in various regions for less latency.
Misc infos:
1. https://docs.docker.com/engine/security/userns-remap/
1. On small deployments the ```OpenVPN Server``` can be the same as Server[12]. This allows to run *everything* off 1 single server.
1. AWS Fargate could be utilized by nesting the entire setup in a Docker-in-Docker (dind) configuration.
SSC can be deployed in various regions using Route53 to reduce latency.
Helpful links
1. https://github.com/nicolaka/netshoot
1. https://www.linuxserver.io/ and https://github.com/just-containers/s6-overlay
1. https://jordanelver.co.uk/blog/2019/06/03/routing-docker-traffic-through-a-vpn-connection/
1. https://hub.docker.com/r/alexaso/dnsmasq-dnscrypt and https://github.com/crazy-max/docker-cloudflared
2. https://wiki.archlinux.org/title/EncFS
3. https://www.supertechcrew.com/wetty-browser-ssh-terminal/
1. https://wiki.archlinux.org/title/EncFS
1. https://www.supertechcrew.com/wetty-browser-ssh-terminal/
VPN Providers:
1. ProtonVPN