Zackptg5/DNSCrypt_Server_Setup.bash

## DNSCrypt_Server_Setup.bash
#!/usr/bin/env bash
set -x
server="$(hostname)"
server_ip="$(hostname -I | awk '{print $1}')"
server_ip6="$(hostname -I | awk '{print $NF}')"
sshport=1024

# Update and configure ssh
apt update && apt upgrade -y
apt install htop speedtest-cli -y

sed -ri -e "s/^#Port.*|^Port.*/Port $sshport/" \
-e 's/^#PrintMotd .*|^PrintMotd no/PrintMotd yes/' /etc/ssh/sshd_config
service sshd restart

# Configure firewall
apt install ufw -y
ufw --force enable
ufw allow $sshport/tcp
ufw allow 443/tcp
ufw allow 443/udp
ufw allow 9100/tcp

# Install docker
apt remove docker docker-engine docker.io containerd runc -y
apt install apt-transport-https ca-certificates curl gnupg-agent software-properties-common -y
curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
apt-key fingerprint 0EBFCD88
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
apt update
apt install docker-ce docker-ce-cli containerd.io -y
# Install docker compose
curl -L "https://github.com/docker/compose/releases/download/1.28.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose

# Install/run dnscrypt-server
mkdir -p /etc/encrypted-dns/keys
docker run \
  --ulimit nofile=90000:90000 \
  -v /etc/encrypted-dns/keys:/opt/encrypted-dns/etc/keys \
  --name=dnscrypt-server -p 443:443/udp -p 443:443/tcp --net=host \
  jedisct1/dnscrypt-server init -A -N "$server" -E "${server_ip}:443,[${server_ip6}]:443"
docker start dnscrypt-server

cat /etc/encrypted-dns/keys/provider-info.txt

docker update --restart=unless-stopped dnscrypt-server

docker run -d --name watchtower -v /var/run/docker.sock:/var/run/docker.sock v2tec/watchtower dnscrypt-server
docker update --restart=unless-stopped watchtower

ln -sf /etc/encrypted-dns/keys /root

echo 3 >/proc/sys/vm/drop_caches

rm -f /etc/motd
ln -s /etc/encrypted-dns/keys/provider-info.txt /etc/motd
reboot
	#!/usr/bin/env bash
	set -x
	server="$(hostname)"
	server_ip="$(hostname -I \| awk '{print $1}')"
	server_ip6="$(hostname -I \| awk '{print $NF}')"
	sshport=1024

	# Update and configure ssh
	apt update && apt upgrade -y
	apt install htop speedtest-cli -y

	sed -ri -e "s/^#Port.\|^Port./Port $sshport/" \
	-e 's/^#PrintMotd .*\|^PrintMotd no/PrintMotd yes/' /etc/ssh/sshd_config
	service sshd restart

	# Configure firewall
	apt install ufw -y
	ufw --force enable
	ufw allow $sshport/tcp
	ufw allow 443/tcp
	ufw allow 443/udp
	ufw allow 9100/tcp

	# Install docker
	apt remove docker docker-engine docker.io containerd runc -y
	apt install apt-transport-https ca-certificates curl gnupg-agent software-properties-common -y
	curl -fsSL https://download.docker.com/linux/debian/gpg \| apt-key add -
	apt-key fingerprint 0EBFCD88
	add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
	apt update
	apt install docker-ce docker-ce-cli containerd.io -y
	# Install docker compose
	curl -L "https://github.com/docker/compose/releases/download/1.28.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
	chmod +x /usr/local/bin/docker-compose
	ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose

	# Install/run dnscrypt-server
	mkdir -p /etc/encrypted-dns/keys
	docker run \
	--ulimit nofile=90000:90000 \
	-v /etc/encrypted-dns/keys:/opt/encrypted-dns/etc/keys \
	--name=dnscrypt-server -p 443:443/udp -p 443:443/tcp --net=host \
	jedisct1/dnscrypt-server init -A -N "$server" -E "${server_ip}:443,[${server_ip6}]:443"
	docker start dnscrypt-server

	cat /etc/encrypted-dns/keys/provider-info.txt

	docker update --restart=unless-stopped dnscrypt-server

	docker run -d --name watchtower -v /var/run/docker.sock:/var/run/docker.sock v2tec/watchtower dnscrypt-server
	docker update --restart=unless-stopped watchtower

	ln -sf /etc/encrypted-dns/keys /root

	echo 3 >/proc/sys/vm/drop_caches

	rm -f /etc/motd
	ln -s /etc/encrypted-dns/keys/provider-info.txt /etc/motd
	reboot