Skip to content
Setup files for my VPS
Dockerfile Shell
Branch: master
Clone or download
Latest commit 4deb075 Aug 4, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
fail2ban Adds fail2ban to ban DNS attacks Mar 16, 2019
nginx-conf Adds arpita.site May 5, 2019
smtp @ 49dbeb4 Builds the smtp service instead of fetching image Jul 7, 2018
webhooks Changes webhooks Dockerfile to use docker/compose as base image May 25, 2019
.gitignore
.gitmodules Builds the smtp service instead of fetching image Jul 7, 2018
README.md Adds fail2ban to ban DNS attacks Mar 16, 2019
docker-compose.yml
space.service

README.md

space

Setup files for my VPS

Steps to setup

Setup VM

  • login as root
  • disable ssh for root
  • add user: adduser <username>
  • move and chown ssh keys from root to the new user
  • add user to sudo: sudo usermod -aG sudo <username>
  • setup firewall to allow/disallow ports
  • logout and login as the new user

Install docker

$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
$ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
$ sudo apt-get update
$ sudo apt-get install -y docker-ce docker-compose
$ sudo gpasswd -a $USER docker

Install fail2ban

$ sudo apt-get install geoip-bin geoip-database fail2ban

Setup space

  • copy/clone this repo to ~/space
  • setup SSL certificates (optional)
$ wget https://dl.eff.org/certbot-auto
$ chmod a+x ./certbot-auto
$ sudo ./certbot-auto certonly --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns -d *.abhinavsarkar.net
$ sudo cp /etc/letsencrypt/live/abhinavsarkar.net/* ~/space/certs/
$ sudo chown -R $USER:$USER ~/space/certs/
  • stop and disable resolvd
$ sudo service systemd-resolved stop
$ sudo systemctl disable systemd-resolved.service
  • edit /etc/resolv.conf to set the nameserver to 8.8.8.8
  • edit ~/space/space.service to set environment variables
    • set passwords to random values if new setup
    • set passwords to the previous values if a copy setup
    • set PH_SERVER_IP to the static IP of the server
  • setup the service and start
$ sudo cp ~/space/space.service /etc/systemd/system/
$ sudo systemctl enable space
$ sudo systemctl start space
  • edit /etc/resolv.conf to set the nameserver to 127.0.0.1
  • setup and start fail2ban
$ sudo cp fail2ban/iptables-pihole-geoip-fence.conf /etc/fail2ban/action.d/iptables-pihole-geoip-fence.conf
$ sudo cp fail2ban/pihole-geoip.conf /etc/fail2ban/filter.d/pihole-geoip.conf
$ sudo cp fail2ban/jail.local /etc/fail2ban/jail.local
$ sudo service fail2ban start
You can’t perform that action at this time.