Last active
July 8, 2023 12:11
-
-
Save Zackptg5/08ee7cf5e1e77709b3c05472468798b1 to your computer and use it in GitHub Desktop.
DNSCrypt Server Setup for Debian
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
set -x | |
server="$(hostname)" | |
server_ip="$(hostname -I | awk '{print $1}')" | |
server_ip6="$(hostname -I | awk '{print $NF}')" | |
sshport=1024 | |
# Update and configure ssh | |
apt update && apt upgrade -y | |
apt install htop speedtest-cli -y | |
sed -ri -e "s/^#Port.*|^Port.*/Port $sshport/" \ | |
-e 's/^#PrintMotd .*|^PrintMotd no/PrintMotd yes/' /etc/ssh/sshd_config | |
service sshd restart | |
# Configure firewall | |
apt install ufw -y | |
ufw --force enable | |
ufw allow $sshport/tcp | |
ufw allow 443/tcp | |
ufw allow 443/udp | |
ufw allow 9100/tcp | |
# Install docker | |
apt remove docker docker-engine docker.io containerd runc -y | |
apt install apt-transport-https ca-certificates curl gnupg-agent software-properties-common -y | |
curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add - | |
apt-key fingerprint 0EBFCD88 | |
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | |
apt update | |
apt install docker-ce docker-ce-cli containerd.io -y | |
# Install docker compose | |
curl -L "https://github.com/docker/compose/releases/download/1.28.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose | |
chmod +x /usr/local/bin/docker-compose | |
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose | |
# Install/run dnscrypt-server | |
mkdir -p /etc/encrypted-dns/keys | |
docker run \ | |
--ulimit nofile=90000:90000 \ | |
-v /etc/encrypted-dns/keys:/opt/encrypted-dns/etc/keys \ | |
--name=dnscrypt-server -p 443:443/udp -p 443:443/tcp --net=host \ | |
jedisct1/dnscrypt-server init -A -N "$server" -E "${server_ip}:443,[${server_ip6}]:443" | |
docker start dnscrypt-server | |
cat /etc/encrypted-dns/keys/provider-info.txt | |
docker update --restart=unless-stopped dnscrypt-server | |
docker run -d --name watchtower -v /var/run/docker.sock:/var/run/docker.sock v2tec/watchtower dnscrypt-server | |
docker update --restart=unless-stopped watchtower | |
ln -sf /etc/encrypted-dns/keys /root | |
echo 3 >/proc/sys/vm/drop_caches | |
rm -f /etc/motd | |
ln -s /etc/encrypted-dns/keys/provider-info.txt /etc/motd | |
reboot | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment