Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
DNSCrypt Server Setup for Debian
#!/usr/bin/env bash
set -x
server="$(hostname)"
server_ip="$(hostname -I | awk '{print $1}')"
server_ip6="$(hostname -I | awk '{print $2}')"
sshport=1024
# Update and configure ssh
apt update && apt upgrade -y
apt install htop speedtest-cli -y
sed -ri -e "s/^#Port.*|^Port.*/Port $sshport/" \
-e 's/^#PrintMotd .*|^PrintMotd no/PrintMotd yes/' /etc/ssh/sshd_config
service sshd restart
# Configure firewall
apt install ufw -y
ufw --force enable
ufw allow $sshport/tcp
ufw allow 443/tcp
ufw allow 443/udp
# Install docker
apt remove docker docker-engine docker.io containerd runc -y
apt install apt-transport-https ca-certificates curl gnupg-agent software-properties-common -y
curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
apt-key fingerprint 0EBFCD88
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
apt update
apt install docker-ce docker-ce-cli containerd.io -y
# Install docker compose
curl -L "https://github.com/docker/compose/releases/download/1.28.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
# Install/run dnscrypt-server
mkdir -p /etc/encrypted-dns/keys
docker run \
--ulimit nofile=90000:90000 \
-v /etc/encrypted-dns/keys:/opt/encrypted-dns/etc/keys \
--name=dnscrypt-server -p 443:443/udp -p 443:443/tcp --net=host \
jedisct1/dnscrypt-server init -A -N "$server" -E "${server_ip}:443,[${server_ip6}]:443"
docker start dnscrypt-server
cat /etc/encrypted-dns/keys/provider-info.txt
docker update --restart=unless-stopped dnscrypt-server
docker run -d --name watchtower -v /var/run/docker.sock:/var/run/docker.sock v2tec/watchtower dnscrypt-server
docker update --restart=unless-stopped watchtower
ln -sf /etc/encrypted-dns/keys /root
echo 3 >/proc/sys/vm/drop_caches
rm -f /etc/motd
ln -s /etc/encrypted-dns/keys/provider-info.txt /etc/motd
reboot
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment