DNSCrypt Server Setup for Debian
#!/usr/bin/env bash | |
set -x | |
server="$(hostname)" | |
server_ip="$(hostname -I | awk '{print $1}')" | |
server_ip6="$(hostname -I | awk '{print $2}')" | |
sshport=1024 | |
# Update and configure ssh | |
apt update && apt upgrade -y | |
apt install htop speedtest-cli -y | |
sed -ri -e "s/^#Port.*|^Port.*/Port $sshport/" \ | |
-e 's/^#PrintMotd .*|^PrintMotd no/PrintMotd yes/' /etc/ssh/sshd_config | |
service sshd restart | |
# Configure firewall | |
apt install ufw -y | |
ufw --force enable | |
ufw allow $sshport/tcp | |
ufw allow 443/tcp | |
ufw allow 443/udp | |
# Install docker | |
apt remove docker docker-engine docker.io containerd runc -y | |
apt install apt-transport-https ca-certificates curl gnupg-agent software-properties-common -y | |
curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add - | |
apt-key fingerprint 0EBFCD88 | |
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | |
apt update | |
apt install docker-ce docker-ce-cli containerd.io -y | |
# Install docker compose | |
curl -L "https://github.com/docker/compose/releases/download/1.28.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose | |
chmod +x /usr/local/bin/docker-compose | |
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose | |
# Install/run dnscrypt-server | |
mkdir -p /etc/encrypted-dns/keys | |
docker run \ | |
--ulimit nofile=90000:90000 \ | |
-v /etc/encrypted-dns/keys:/opt/encrypted-dns/etc/keys \ | |
--name=dnscrypt-server -p 443:443/udp -p 443:443/tcp --net=host \ | |
jedisct1/dnscrypt-server init -A -N "$server" -E "${server_ip}:443,[${server_ip6}]:443" | |
docker start dnscrypt-server | |
cat /etc/encrypted-dns/keys/provider-info.txt | |
docker update --restart=unless-stopped dnscrypt-server | |
docker run -d --name watchtower -v /var/run/docker.sock:/var/run/docker.sock v2tec/watchtower dnscrypt-server | |
docker update --restart=unless-stopped watchtower | |
ln -sf /etc/encrypted-dns/keys /root | |
echo 3 >/proc/sys/vm/drop_caches | |
rm -f /etc/motd | |
ln -s /etc/encrypted-dns/keys/provider-info.txt /etc/motd | |
reboot | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment