Guide on how to build compact, silent and energy-efficient GNU/Linux home server that runs:

Unbound as a forwarding DNS server that forwards queries to the DNS server of your choice and uses DNS-over-TLS and DNSSEC for extra security and privacy.
NFS server secured with Kerberos (clean NFSv4-only server).
Nextcloud accessible over HTTP(S) with Let's Encrypt certificates (renewed automatically using Certbot with DNS challenge).
Transmission BitTorent client that communicates only over a VPN connection.
SOCKS5 proxy server that proxies traffic securely over a VPN connection.
Git server for hosting Git repositories.
Borg and Rclone for automatic encrypted incremental backups (both on-site and off-site).
Reverse proxy server with HTTPS (using wildcard certificate) and basic authentication to access internal services.
Firefly III for personal finances management.
Monit for system monitoring and notifications.
Script to automatically update DNS record pointing to server's public IP address (in case of dynamic IP).

The server also runs:

SSH server.
Docker engine (as most of the workloads are run as containers).

The latest HTML version of the guide is hosted online using GitHub Pages and can be viewed here: https://ovk.github.io/silverbox

Compiling

The guide is written in AsciiDoc format and can be compiled into different output formats, such as HTML or PDF.

If you have Docker installed, you can use Asciidoctor Docker container. For example, to build HTML version:

git clone https://github.com/ovk/silverbox.git
docker run -it --rm -v $(pwd)/silverbox:/documents asciidoctor/docker-asciidoctor asciidoctor silverbox-server.adoc

Or to build a PDF:

docker run -it --rm -v $(pwd)/silverbox:/documents asciidoctor/docker-asciidoctor asciidoctor-pdf silverbox-server.adoc

This should produce output file (silverbox-server.html or silverbox-server.pdf) in the silverbox directory, where all the placeholders replaced with your values.

See Generating Custom Document section for more details.

Customizing Document

Most of the configuration-specific parameters (such as IP addresses, host names, port numbers etc.) are not hardcoded, but defined using AsciiDoc attributes. This way you can redefine these attributes with your specific parameter values and build your very own version of this document.

By default these parameter values contain simple placeholders, such as {SERVER_IP_ADDR} for the server local IP address. You can replace them with the values you want by editing parameters.adoc file and then compiling the document.

License

This document is licensed under Creative Commons Attribution-NonCommercial 4.0 International (CC BY-NC 4.0) License.

For more details see:

Docker VPN entry point syntax error

Hello!

Thank you for this project, I've been creating a homelab based on your guide using Ansible. I can't seem to get the Docker VPN working. Whenever I start the docker container it gets stuck on "restarting".

I ran docker logs --tail 50 --follow --timestamps vpn to see what the error is. This is what I get: 2022-12-05T20:41:13.493172422Z /usr/local/bin/docker-entrypoint.sh: 5: Syntax error: "(" unexpected

I've been looking at the docker-entrypoint.sh file for about an hour and I can't figure it out. Here is what that file looks like. Below I added my docker-compose file, if that helps.

#!/usr/bin/env bash

function configure_iptables()
{
    set -e

    local config_file="$1"
    local host=$(awk '/^remote / {print $2}' "$config_file")
    local port=$(awk '/^remote / && NF ~ /^[0-9]*$/ {print $NF}' "$config_file")

    if [ -z "$port" ]; then
        echo "-- No port number specified in the VPN profile file"
        exit 1
    else
        echo "-- Setting up firewall rules for VPN server $host on port $port"
    fi

    iptables --flush
    iptables --delete-chain

    iptables --policy INPUT DROP
    iptables --policy OUTPUT DROP
    iptables --policy FORWARD DROP

    iptables -A INPUT -i lo -j ACCEPT
    iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

    iptables -A INPUT -p tcp --dport 8888 -m conntrack --ctstate NEW -m recent --set --name SSH --mask 255.255.255.255 --rsource
    iptables -A INPUT -p tcp --dport 8888  -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 --name SSH --mask 255.255.255.255 --rsource -j DROP
    iptables -A INPUT -p tcp --dport 8888  -m conntrack --ctstate NEW -j ACCEPT

    iptables -A OUTPUT -o lo -j ACCEPT
    iptables -A OUTPUT -o tun0 -j ACCEPT
    iptables -A OUTPUT -o eth0 -d 192.168.0.0/24 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT 
    iptables -A OUTPUT -o eth0 -p tcp -d $host --dport $port -m owner --gid-owner vpn -j ACCEPT

    set +e
}

function run_sshd()
{
    set -e

    if [ ! -f "/etc/ssh/ssh_host_ed25519_key" ]; then
        if [ ! -f "/ssh-host-key/ssh_host_ed25519_key" ]; then
          echo "-- Generating host key"
          ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -N '' -t ed25519
          cp /etc/ssh/ssh_host_ed25519_key /ssh-host-key/ssh_host_ed25519_key
        else
          cp /ssh-host-key/ssh_host_ed25519_key /etc/ssh/ssh_host_ed25519_key
        fi
    fi

    echo "-- Adding route back to LAN"
    ip route add 192.168.0.0/24 via 172.18.0.1 
    echo "-- Starting SSH server"
    /usr/sbin/sshd

    set +e
}

if [[ $# -ge 1 ]]; then
    exec "$@"
else
    if [ -f /vpn-profiles/profile ]; then
        echo "-- Profile file found: only it will be used"
        PROFILE_FILE="/vpn-profiles/profile"
    else
        echo "-- Profile file not found: random profile file will be picked"
        PROFILE_FILE="$(ls -1 /vpn-profiles/*.ovpn | shuf -n 1)"
        echo "-- Selected profile file: $PROFILE_FILE"
    fi

    configure_iptables "$PROFILE_FILE"
    run_sshd

    exec sg vpn -c "openvpn --config $PROFILE_FILE --verb 1 --auth-user-pass /vpn-credentials/credentials --auth-nocache"
fi

Docker Compose:

version: '3.8'

networks:
  default:
    name: vpn
    external: true

services:
  vpn-proxy:
    container_name: vpn
    init: true
    build:
      context: /root/anacreon/containers/vpn-proxy
      args:
        version: '11.5-slim' 
    restart: on-failure:15
    logging:
      driver: json-file
      options:
        max-size: 10mb
    ports:
      - 192.168.0.31:8888:8888/tcp 
    networks:
      default:
        ipv4_address: 172.18.0.100 
    devices:
      - /dev/net/tun
    cap_add:
      - NET_ADMIN
    volumes:
      - /root/anacreon/vpn/proxy:/vpn-profiles
      - /root/anacreon/vpn/auth:/vpn-credentials
      - /root/anacreon/containers/vpn-proxy/host-key:/ssh-host-key

Thank you for your help!

ovk / silverbox Goto Github PK

silverbox's Introduction

Compiling

Customizing Document

License

silverbox's People

Contributors

Stargazers

Watchers

Forkers

silverbox's Issues

Images placeholder

Docker VPN entry point syntax error

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent