mirror of
https://github.com/hackerschoice/segfault.git
synced 2024-06-30 02:31:27 +00:00
109 lines
4.0 KiB
Markdown
109 lines
4.0 KiB
Markdown
# segfault.net - A Server Centre Depoyment
|
|
|
|
This page is for server administrators and those folks who like to run their own segfault.net server centre. Running your own Segfault Server Centre allows you to offer root-servers to other users.
|
|
|
|
If this is not what you want and you just like to get a root-shell on your own server then please go to [https://www.thc.org/segfault](http://www.thc.org/segfault) or try our demo deployment:
|
|
```shell
|
|
ssh root@segfault.net # the password is 'segfault'
|
|
```
|
|
|
|
---
|
|
|
|
## Deploy a Server Centre:
|
|
```shell
|
|
git clone https://github.com/hackerschoice/segfault.git && \
|
|
cd segfault && \
|
|
docker build -t sf-guest guest && \
|
|
SF_BASEDIR=$(pwd) SF_SSH_PORT=2222 docker-compose up
|
|
```
|
|
|
|
Then log in to a new root server
|
|
```shell
|
|
ssh -p 2222 root@127.1 # password is 'segfault'
|
|
```
|
|
Every new SSH connection creates a ***new dedicated root server.***
|
|
|
|
Take a look at ```provision/env.example``` for a sample ```.env``` file.
|
|
|
|
---
|
|
* JOIN US ON TELEGRAM. LET US KNOW WHAT YOU WANT AND NEED *
|
|
---
|
|
|
|
# Provisioning Deployment
|
|
|
|
Provisioning turns a bare minimum Linux into a Segfault Server Centre. The provisioning script installs docker, creates a dedicated user and sets up the ```.env``` file. We use this script to 'ready' a freshly created AWS instance like so:
|
|
|
|
```shell
|
|
git clone https://github.com/hackerschoice/segfault.git
|
|
SF_SEED=XXX \
|
|
SF_FQDN=us.segfault.net \
|
|
SF_MAXOUT=10Mbit \
|
|
SF_NORDVPN_PRIVATE_KEY=YYY \
|
|
segfault/provision/init-ubuntu.sh
|
|
```
|
|
|
|
The ```SF_SEED``` is the master seed from which many cryptographical keys are derived. We do not store the ```SF_SEED=``` in the ```.env``` file (however, this is possible but not advisable). The Server Centre won't start without the SF_SEED. A manual start is needed if the AWS instance reboots:
|
|
|
|
```
|
|
cd segfault
|
|
SF_SEED=XXX docker-compose up -d
|
|
```
|
|
|
|
Other environment variables can be set:
|
|
```
|
|
SF_SEED= The master seed. [default=$(head -c 1024 /dev/urandom | tr -dc '[:alpha:]' | head -c 32)]
|
|
SF_HOST_USER= The user name in root@segfault.net. [default=root]
|
|
SF_FQDN= A unique domain name to reach the Server Centre [default=auto]
|
|
SF_MAXOUT= Limit outgoing traffic. [default=unlimited]
|
|
SF_MAXIN= Limit incoming traffic. [default=unlimited]
|
|
SF_HOST_PASSWORD= The user password for root@segfault.net. [default=segfault]
|
|
SF_BASEDIR= A location to store configuration data. [default=~ubuntu/segfault]
|
|
SF_SHMDIR= A volatile location. [default=/dev/shm/sf-*]
|
|
SF_SSH_PORT= The TCP port on which the Server Centre should run on [default=22]
|
|
SF_SSH_PORT_MASTER= Move the hosting server's SSH port to this port [default=64222]
|
|
SF_DEBUG=1 Turn on debug output.
|
|
```
|
|
|
|
---
|
|
# BETA TESTING BETA TESTING
|
|
|
|
Please report back
|
|
1. Tools missing
|
|
1. Features needed
|
|
|
|
Some suggestions by others:
|
|
1. Allow user to share data via webserver accessible by normal Internet and TOR (.onion) [thanks 0xD1G, L]
|
|
1. Allow email access [thanks L]
|
|
1. Proxychain [thanks DrWho]
|
|
1. **PM me if you have more suggestions**
|
|
---
|
|
|
|
Cluster can be deployed in various regions for less latency.
|
|
Misc infos:
|
|
1. https://docs.docker.com/engine/security/userns-remap/
|
|
1. On small deployments the ```OpenVPN Server``` can be the same as Server[12]. This allows to run *everything* off 1 single server.
|
|
1. AWS Fargate could be utilized by nesting the entire setup in a Docker-in-Docker (dind) configuration.
|
|
|
|
Helpful links
|
|
1. https://github.com/nicolaka/netshoot
|
|
1. https://www.linuxserver.io/ and https://github.com/just-containers/s6-overlay
|
|
1. https://jordanelver.co.uk/blog/2019/06/03/routing-docker-traffic-through-a-vpn-connection/
|
|
1. https://hub.docker.com/r/alexaso/dnsmasq-dnscrypt and https://github.com/crazy-max/docker-cloudflared
|
|
2. https://wiki.archlinux.org/title/EncFS
|
|
3. https://www.supertechcrew.com/wetty-browser-ssh-terminal/
|
|
|
|
VPN Providers:
|
|
1. ProtonVPN
|
|
1. NordVPN
|
|
1. https://www.cryptostorm.is/
|
|
1. https://mullvad.net/en/
|
|
|
|
Hosting providers:
|
|
1. https://www.linode.com/
|
|
1. https://1984hosting.com/
|
|
|
|
---
|
|
Telegram: https://t.me/thcorg
|
|
Twitter: https://twitter.com/hackerschoice
|
|
|