Skip to content

Instantly share code, notes, and snippets.

@insanity54

insanity54/part_1.md

Last active June 10, 2016 11:25
Show Gist options
  • Save insanity54/63faa63ebc0535a85d2d026138aa92c4 to your computer and use it in GitHub Desktop.
Save insanity54/63faa63ebc0535a85d2d026138aa92c4 to your computer and use it in GitHub Desktop.
Download ZIP
Installing OpenBazaar on Ubuntu 14.04 VPS
Raw
part_1.md

Part 1- General Setup https://www.youtube.com/watch?v=GIL0-R1PRsQ

User setup

log in as root

ssh root@x.x.x.x -i ~/.ssh/openbazaar

create openbazaar user

useradd -m -s /bin/bash openbazaar

give openbazaaar user sudo access

usermod -a -G sudo openbazaar

give openbazaar user a password

passwd openbazaar

give openbazaar user the pubkey

mkdir /home/openbazaar/.ssh
cp /root/.ssh/authorized_keys /home/openbazaar/.ssh/
chown -R openbazaar:openbazaar /home/openbazaar/.ssh/

Dependency Installation

Set your system's locale

more locale info if you need it-- https://askubuntu.com/questions/162391/how-do-i-fix-my-locale-issue

locale-gen "en_US.UTF-8"
dpkg-reconfigure locales

update Ubuntu's lists of known software

apt-get -y update

Install apt-add-repository

apt-get -y install software-properties-common

add third party dependencies to known software lists

apt-add-repository ppa:chris-lea/libsodium

install system updataes

apt-get -y upgrade

install OpenBazaar Server dependencies available through apt

apt-get -y install git build-essential libssl-dev libffi-dev python-dev openssl python-pip libzmq3-dev autoconf pkg-config libtool automake python-virtualenv

install OpenBazaar Server deps only available through 3rd party source code

git clone https://github.com/zeromq/libzmq
cd libzmq
./autogen.sh && ./configure && make -j 4
make check && sudo make install && sudo ldconfig

Get the OpenBazaar Server source code

cd
git clone https://github.com/OpenBazaar/OpenBazaar-Server.git
cd OpenBazaar-Server

create a Python virtualenv for the OpenBazaar Server's dependencies

virtualenv observer
source ./observer/bin/activate

install OpenBazaar server python deps

pip install -r requirements.txt

Add a username and password to your OpenBazaar server

nano ob.cfg

Start OpenBazaar server

python openbazaard.py start
Raw
part_2.md

Part 2 - Hardening https://www.youtube.com/watch?v=D2mYcFOzfRc

harden sshd

make sure we can log in using ssh

disable password authentication

disable root login

make openbazaar the only allowed remote user

nano /etc/ssh/sshd_config

setup SSL

  • make sure openbazaar daemon is stopped

generate SSL keys

create a Certificate Authority key openssl subcommand genrsa output to the file rootCA.key and make it 4096 bits long

openssl genrsa -out rootCA.key 4096

create a rootCA self-signed certificate

create a self-signed certificate against the Certificate Authority key you can replace locality info if you want, but it doesnt really matter as long as the C,ST,L,CN values are populated

openssl req -x509 -new -nodes -key rootCA.key -days 1024 -out rootCA.crt -subj "/C=DE/ST=Germany/L=Walldorf/O=SAPSE/OU=Tools/CN=rootCA"

generate a server private key

openssl genrsa -out server.key 4096

convert certificite request into a self signed certificate

openssl req -new -key server.key -out server.csr -subj "/C=DE/ST=Germany/L=Walldorf/O=SAP SE/OU=Tools/CN=localhost"

openssl x509 -req -in server.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out server.crt

edit ob.cfg to enable SSL

nano ob.cfg

contents of ob.cfg--

[AUTHENTICATION]
SSL = True

SSL_CERT = server.crt
SSL_KEY = server.key

Copy SSL keys to their places

server is already done, we just need to copy the client key to our local computer If you haven't done so already, install the OpenBazaar client on your local machine.

exit the ssh session or just open a new terminal tab

copy rootCA.crt to local computer. Run this command from your local computer, NOT the VPS. If you are using Windows, you can use the program WinSCP instead of running this scp command.

scp -i ~/.ssh/openbazaar openbazaar@108.61.229.111:/home/openbazaar/OpenBazaar-Server/rootCA.crt ~/Downloads/

Add the rootCA.crt to your system's keychain (just click rootCA.crt in finder or run open)

open rootCA.crt

Test the setup

SSL keys are in place, now we can do a test run.

Now we are ready to run the server

Make OpenBazaar Server a system service

this keeps openbazaar server running as long as the VPS is running.

Download an upstart script

cd ~
wget https://gist.github.com/insanity54/0d24e3c483fdd3f4ce25bb3c2d4c0e37/raw/7277bc57a555a53df9c5a920500b812cb7ec602e/openbazaar.conf

copy the upstart script to the init directory and set permissions

cp openbazaar.conf /etc/init/
chmod 644 /etc/init/openbazaar.conf

the service is now installed. start the service

sudo service openbazaar start

Run the client

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment