2020-06-17 21:19:50 +00:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
2020-06-19 12:31:31 +00:00
|
|
|
install_destination=/opt/epicyon-onion
|
2020-06-19 12:44:39 +00:00
|
|
|
username='epicyon-onion'
|
2020-06-19 12:17:02 +00:00
|
|
|
|
2020-06-17 21:28:36 +00:00
|
|
|
if [[ "$1" == 'remove' ]]; then
|
|
|
|
|
echo 'Removing Epicyon onion instance'
|
|
|
|
|
systemctl stop tor
|
|
|
|
|
rm /etc/torrc.d/epicyon
|
|
|
|
|
rm -rf /var/lib/tor/hidden_service_epicyon
|
|
|
|
|
systemctl restart tor
|
|
|
|
|
|
2020-06-19 13:01:18 +00:00
|
|
|
systemctl stop "${username}.service"
|
|
|
|
|
systemctl disable "${username}.service"
|
2020-06-19 12:44:39 +00:00
|
|
|
rm "/etc/nginx/sites-enabled/${username}"
|
|
|
|
|
rm "/etc/nginx/sites-availale/${username}"
|
2020-06-19 12:17:02 +00:00
|
|
|
rm -rf ${install_destination}
|
2020-06-17 21:28:36 +00:00
|
|
|
if [ -d /var/www/cache ]; then
|
|
|
|
|
rm -rf /var/www/cache
|
|
|
|
|
fi
|
|
|
|
|
if [ -d /srv/http/cache ]; then
|
|
|
|
|
rm -rf /srv/http/cache
|
|
|
|
|
fi
|
2020-06-19 13:01:18 +00:00
|
|
|
userdel -r ${username}
|
2020-06-17 21:28:36 +00:00
|
|
|
echo 'Epicyon onion instance removed'
|
|
|
|
|
exit 0
|
|
|
|
|
fi
|
|
|
|
|
|
2020-06-17 21:19:50 +00:00
|
|
|
clear
|
|
|
|
|
echo 'Installing Epicyon on an onion domain'
|
|
|
|
|
|
2020-06-19 12:33:27 +00:00
|
|
|
NGINX_PORT=9553
|
|
|
|
|
EPICYON_PORT=7157
|
2020-06-17 21:19:50 +00:00
|
|
|
|
2020-06-18 19:17:40 +00:00
|
|
|
echo 'Adding Epicyon dependencies'
|
2020-06-17 21:19:50 +00:00
|
|
|
if [ -f /usr/bin/pacman ]; then
|
|
|
|
|
pacman -Syy
|
|
|
|
|
pacman -S --noconfirm tor python-pip python-pysocks python-pycryptodome \
|
|
|
|
|
imagemagick python-pillow python-requests \
|
|
|
|
|
perl-image-exiftool python-numpy python-dateutil \
|
2020-06-22 16:55:19 +00:00
|
|
|
certbot flake8 git qrencode
|
|
|
|
|
pip3 install pyLD pyqrcode pypng
|
2020-06-17 21:19:50 +00:00
|
|
|
else
|
|
|
|
|
apt-get update
|
2020-06-19 20:38:51 +00:00
|
|
|
apt-get -y install imagemagick python3-crypto python3-pycryptodome \
|
2020-06-17 21:19:50 +00:00
|
|
|
python3-dateutil python3-idna python3-requests \
|
|
|
|
|
python3-numpy python3-pil.imagetk python3-pip \
|
|
|
|
|
python3-setuptools python3-socks python3-idna \
|
|
|
|
|
libimage-exiftool-perl python3-flake8 python3-pyld \
|
2020-06-20 19:37:44 +00:00
|
|
|
python3-django-timezone-field tor nginx git qrencode \
|
|
|
|
|
python3-pyqrcode python3-png
|
2020-06-17 21:19:50 +00:00
|
|
|
fi
|
|
|
|
|
|
2020-06-18 19:17:40 +00:00
|
|
|
echo 'Cloning the epicyon repo'
|
2020-06-19 12:17:02 +00:00
|
|
|
if [ ! -d ${install_destination} ]; then
|
|
|
|
|
git clone https://gitlab.com/bashrc2/epicyon ${install_destination}
|
2020-06-17 21:19:50 +00:00
|
|
|
|
2020-06-19 12:17:02 +00:00
|
|
|
if [ ! -d ${install_destination} ]; then
|
2020-06-17 21:19:50 +00:00
|
|
|
echo 'Epicyon repo failed to clone'
|
|
|
|
|
exit 3
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
|
2020-06-18 19:17:40 +00:00
|
|
|
echo 'Adding an epicyon system user account'
|
2020-06-17 21:19:50 +00:00
|
|
|
if [ -f /usr/bin/pacman ]; then
|
2020-06-19 13:01:18 +00:00
|
|
|
groupadd ${username}
|
|
|
|
|
useradd --system -g ${username} --home-dir=${install_destination} $username
|
2020-06-17 21:19:50 +00:00
|
|
|
groupadd www-data
|
|
|
|
|
useradd --system -g www-data --home-dir=/srv/http www-data
|
|
|
|
|
else
|
2020-06-19 12:17:02 +00:00
|
|
|
adduser --system --home=${install_destination} --group $username
|
2020-06-17 21:19:50 +00:00
|
|
|
fi
|
|
|
|
|
|
2020-06-19 12:36:31 +00:00
|
|
|
chown -R ${username}:${username} ${install_destination}
|
2020-06-17 21:19:50 +00:00
|
|
|
|
2020-06-18 19:17:40 +00:00
|
|
|
echo 'Creating onion site configuration'
|
2020-06-17 21:19:50 +00:00
|
|
|
if [ ! -d /etc/torrc.d ]; then
|
|
|
|
|
mkdir /etc/torrc.d
|
|
|
|
|
fi
|
|
|
|
|
if ! grep -q '%include /etc/torrc.d' /etc/tor/torrc; then
|
|
|
|
|
echo '%include /etc/torrc.d' >> /etc/tor/torrc
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ ! -f /etc/torrc.d/epicyon ]; then
|
|
|
|
|
{ echo 'HiddenServiceDir /var/lib/tor/hidden_service_epicyon/';
|
|
|
|
|
echo 'HiddenServiceVersion 3';
|
|
|
|
|
echo "HiddenServicePort 80 127.0.0.1:${NGINX_PORT}"; } > /etc/torrc.d/epicyon
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
systemctl restart tor
|
|
|
|
|
|
2020-06-18 19:17:40 +00:00
|
|
|
echo 'Waiting for tor daemon to restart'
|
|
|
|
|
|
2020-06-17 21:19:50 +00:00
|
|
|
sleep 5
|
|
|
|
|
|
|
|
|
|
if [ ! -f /var/lib/tor/hidden_service_epicyon/hostname ]; then
|
2020-06-18 19:17:40 +00:00
|
|
|
echo 'Waiting for tor daemon to restart...'
|
2020-06-17 21:19:50 +00:00
|
|
|
sleep 5
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ ! -f /var/lib/tor/hidden_service_epicyon/hostname ]; then
|
|
|
|
|
echo 'Could not create onion address for epicyon'
|
|
|
|
|
fi
|
|
|
|
|
ONION_DOMAIN=$(cat /var/lib/tor/hidden_service_epicyon/hostname)
|
|
|
|
|
if [ ! "$ONION_DOMAIN" ]; then
|
|
|
|
|
echo 'No onion domain at /var/lib/tor/hidden_service_epicyon/hostname'
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
2020-06-18 19:17:40 +00:00
|
|
|
echo "Onion domain created: $ONION_DOMAIN"
|
2020-06-17 21:19:50 +00:00
|
|
|
|
2020-06-18 19:17:40 +00:00
|
|
|
echo 'Creating Epicyon daemon'
|
2020-06-17 21:19:50 +00:00
|
|
|
{ echo '[Unit]';
|
|
|
|
|
echo "Description=$username";
|
|
|
|
|
echo 'After=syslog.target';
|
|
|
|
|
echo 'After=network.target';
|
|
|
|
|
echo '';
|
|
|
|
|
echo '[Service]';
|
|
|
|
|
echo 'Type=simple';
|
|
|
|
|
echo "User=$username";
|
|
|
|
|
echo "Group=$username";
|
2020-06-19 12:17:02 +00:00
|
|
|
echo "WorkingDirectory=${install_destination}";
|
|
|
|
|
echo "ExecStart=/usr/bin/python3 ${install_destination}/epicyon.py --http --port 80 --proxy ${EPICYON_PORT} --domain ${ONION_DOMAIN} --registration open";
|
2020-06-17 21:19:50 +00:00
|
|
|
echo "Environment=USER=$username";
|
|
|
|
|
echo 'Environment=PYTHONUNBUFFERED=true';
|
|
|
|
|
echo 'Restart=always';
|
|
|
|
|
echo 'StandardError=syslog';
|
|
|
|
|
echo '';
|
|
|
|
|
echo '[Install]';
|
2020-06-19 12:44:39 +00:00
|
|
|
echo 'WantedBy=multi-user.target'; } > "/etc/systemd/system/${username}.service"
|
2020-06-17 21:19:50 +00:00
|
|
|
|
|
|
|
|
systemctl daemon-reload
|
2020-06-19 13:01:18 +00:00
|
|
|
systemctl enable "${username}.service"
|
|
|
|
|
systemctl restart "${username}.service"
|
2020-06-17 21:19:50 +00:00
|
|
|
|
2020-06-18 19:17:40 +00:00
|
|
|
echo 'Creating nginx configuration'
|
2020-06-17 21:19:50 +00:00
|
|
|
if [ ! -f /etc/nginx/nginx.conf ]; then
|
|
|
|
|
{ echo 'user www-data;';
|
|
|
|
|
echo 'pid /run/nginx.pid;';
|
|
|
|
|
echo '';
|
|
|
|
|
echo 'events {';
|
|
|
|
|
echo ' worker_connections 50;';
|
|
|
|
|
echo ' # multi_accept on;';
|
|
|
|
|
echo '}';
|
|
|
|
|
echo '';
|
|
|
|
|
echo 'http {';
|
|
|
|
|
echo ' # limit the number of connections per single IP';
|
|
|
|
|
echo " limit_conn_zone \$binary_remote_addr zone=conn_limit_per_ip:10m;";
|
|
|
|
|
echo '';
|
|
|
|
|
echo ' # limit the number of requests for a given session';
|
|
|
|
|
echo " limit_req_zone \$binary_remote_addr zone=req_limit_per_ip:10m rate=140r/s;";
|
|
|
|
|
echo '';
|
|
|
|
|
echo ' # if the request body size is more than the buffer size, then the entire (or partial) request body is written into a temporary file';
|
|
|
|
|
echo ' client_body_buffer_size 128k;';
|
|
|
|
|
echo '';
|
|
|
|
|
echo ' # headerbuffer size for the request header from client, its set for testing purpose';
|
|
|
|
|
echo ' client_header_buffer_size 3m;';
|
|
|
|
|
echo '';
|
|
|
|
|
echo ' # maximum number and size of buffers for large headers to read from client request';
|
|
|
|
|
echo ' large_client_header_buffers 4 256k;';
|
|
|
|
|
echo '';
|
|
|
|
|
echo ' # read timeout for the request body from client, its set for testing purpose';
|
|
|
|
|
echo ' client_body_timeout 3m;';
|
|
|
|
|
echo '';
|
|
|
|
|
echo ' # how long to wait for the client to send a request header, its set for testing purpose';
|
|
|
|
|
echo ' client_header_timeout 3m;';
|
|
|
|
|
echo '';
|
|
|
|
|
echo ' sendfile on;';
|
|
|
|
|
echo ' tcp_nopush on;';
|
|
|
|
|
echo ' tcp_nodelay on;';
|
|
|
|
|
echo ' keepalive_timeout 65;';
|
|
|
|
|
echo ' types_hash_max_size 2048;';
|
|
|
|
|
echo ' server_tokens off;';
|
|
|
|
|
echo '';
|
|
|
|
|
echo ' include /etc/nginx/mime.types;';
|
|
|
|
|
echo ' default_type application/octet-stream;';
|
|
|
|
|
echo '';
|
|
|
|
|
echo ' access_log /dev/null;';
|
|
|
|
|
echo ' error_log /dev/null;';
|
|
|
|
|
echo '';
|
|
|
|
|
echo ' gzip on;';
|
|
|
|
|
echo ' gzip_disable "msie6";';
|
|
|
|
|
echo '';
|
|
|
|
|
echo ' include /etc/nginx/conf.d/*.conf;';
|
|
|
|
|
echo ' include /etc/nginx/sites-enabled/*;';
|
|
|
|
|
echo '}'; } > /etc/nginx/nginx.conf
|
|
|
|
|
else
|
|
|
|
|
if ! grep -q 'include /etc/nginx/sites-enabled' /etc/nginx/nginx.conf; then
|
|
|
|
|
echo 'include /etc/nginx/sites-enabled/*.conf;' >> /etc/nginx/nginx.conf
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
if [ ! -d /etc/nginx/conf.d ]; then
|
|
|
|
|
mkdir /etc/nginx/conf.d
|
|
|
|
|
fi
|
|
|
|
|
if [ ! -d /etc/nginx/sites-available ]; then
|
|
|
|
|
mkdir /etc/nginx/sites-available
|
|
|
|
|
fi
|
|
|
|
|
if [ ! -d /etc/nginx/sites-enabled ]; then
|
|
|
|
|
mkdir /etc/nginx/sites-enabled
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ -f /usr/bin/pacman ]; then
|
|
|
|
|
if [ ! -f /lib/systemd/system/nginx.service ]; then
|
2020-06-18 19:17:40 +00:00
|
|
|
echo 'Creating nginx daemon'
|
2020-06-17 21:19:50 +00:00
|
|
|
{ echo '[Unit]';
|
|
|
|
|
echo 'Description=A high performance web server and a reverse proxy server';
|
|
|
|
|
echo 'Documentation=man:nginx(8)';
|
|
|
|
|
echo 'After=network.target nss-lookup.target';
|
|
|
|
|
echo ''
|
|
|
|
|
echo '[Service]';
|
|
|
|
|
echo 'Type=forking';
|
|
|
|
|
echo 'PIDFile=/run/nginx.pid';
|
|
|
|
|
echo "ExecStartPre=$(which nginx) -t -q -g 'daemon on; master_process on;'";
|
|
|
|
|
echo "ExecStart=$(which nginx) -g 'daemon on; master_process on;'";
|
|
|
|
|
echo "ExecReload=$(which nginx) -g 'daemon on; master_process on;' -s reload";
|
|
|
|
|
echo 'ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid';
|
|
|
|
|
echo 'TimeoutStopSec=5';
|
|
|
|
|
echo 'KillMode=mixed';
|
|
|
|
|
echo '';
|
|
|
|
|
echo '[Install]';
|
|
|
|
|
echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/nginx.service
|
|
|
|
|
systemctl enable nginx
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
web_dir=/var/www
|
|
|
|
|
if [ -f /usr/bin/pacman ]; then
|
|
|
|
|
web_dir=/srv/http
|
|
|
|
|
fi
|
|
|
|
|
if [ ! -d ${web_dir}/cache ]; then
|
|
|
|
|
mkdir ${web_dir}/cache
|
|
|
|
|
fi
|
|
|
|
|
|
2020-06-18 19:17:40 +00:00
|
|
|
echo "Creating nginx virtual host for ${ONION_DOMAIN}"
|
2020-06-17 21:19:50 +00:00
|
|
|
{ echo "proxy_cache_path ${web_dir}/cache levels=1:2 keys_zone=my_cache:10m max_size=10g";
|
|
|
|
|
echo ' inactive=60m use_temp_path=off;'
|
|
|
|
|
echo '';
|
|
|
|
|
echo 'server {';
|
|
|
|
|
echo " listen 127.0.0.1:${NGINX_PORT} default_server;";
|
|
|
|
|
echo " server_name ${ONION_DOMAIN};"
|
|
|
|
|
echo '';
|
|
|
|
|
echo ' gzip on;';
|
|
|
|
|
echo ' gzip_min_length 1000;';
|
|
|
|
|
echo ' gzip_proxied expired no-cache no-store private auth;';
|
|
|
|
|
echo ' gzip_types text/plain application/xml;';
|
|
|
|
|
echo '';
|
|
|
|
|
echo ' add_header X-Content-Type-Options nosniff;';
|
|
|
|
|
echo ' add_header X-XSS-Protection "1; mode=block";';
|
|
|
|
|
echo ' add_header X-Download-Options noopen;';
|
|
|
|
|
echo ' add_header X-Permitted-Cross-Domain-Policies none;';
|
|
|
|
|
echo '';
|
|
|
|
|
echo ' access_log /dev/null;';
|
|
|
|
|
echo ' error_log /dev/null;';
|
|
|
|
|
echo '';
|
2020-06-18 19:17:40 +00:00
|
|
|
echo ' index index.html;';
|
|
|
|
|
echo ' location / {';
|
|
|
|
|
echo ' proxy_http_version 1.1;';
|
|
|
|
|
echo ' client_max_body_size 31M;';
|
2020-06-19 19:48:47 +00:00
|
|
|
echo " proxy_hide_header Upgrade;";
|
|
|
|
|
echo ' proxy_hide_header Connection;';
|
2020-06-18 19:17:40 +00:00
|
|
|
echo " proxy_set_header Host \$http_host;";
|
|
|
|
|
echo " proxy_set_header X-Real-IP \$remote_addr;";
|
|
|
|
|
echo " proxy_set_header X-Forward-For \$proxy_add_x_forwarded_for;";
|
|
|
|
|
echo ' proxy_set_header X-Forward-Proto http;';
|
|
|
|
|
echo ' proxy_set_header X-Nginx-Proxy true;';
|
2020-06-17 21:19:50 +00:00
|
|
|
echo ' expires epoch;';
|
|
|
|
|
echo ' proxy_no_cache 1;';
|
2020-06-18 19:17:40 +00:00
|
|
|
echo ' proxy_temp_file_write_size 64k;';
|
|
|
|
|
echo ' proxy_connect_timeout 10080s;';
|
|
|
|
|
echo ' proxy_send_timeout 10080;';
|
|
|
|
|
echo ' proxy_read_timeout 10080;';
|
|
|
|
|
echo ' proxy_buffer_size 64k;';
|
|
|
|
|
echo ' proxy_buffers 16 32k;';
|
|
|
|
|
echo ' proxy_busy_buffers_size 64k;';
|
|
|
|
|
echo ' proxy_redirect off;';
|
|
|
|
|
echo ' proxy_request_buffering off;';
|
|
|
|
|
echo ' proxy_buffering on;';
|
|
|
|
|
echo ' proxy_cache my_cache;';
|
|
|
|
|
echo ' proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;';
|
|
|
|
|
echo " location ~ ^/(icons|images|media|emoji)/(.*)/(.*).(png|jpg|gif|webp|mp3|ogv|ogg|mp4) {";
|
|
|
|
|
echo ' expires 7d;';
|
|
|
|
|
echo " proxy_pass http://localhost:${EPICYON_PORT};";
|
|
|
|
|
echo ' }';
|
|
|
|
|
echo " location ~ ^/icons/(.*)/(like|repeat|calendar)(.*).(png|jpg|gif|webp|mp3|ogv|ogg|mp4) {";
|
|
|
|
|
echo ' expires epoch;';
|
|
|
|
|
echo ' proxy_no_cache 1;';
|
|
|
|
|
echo " proxy_pass http://localhost:${EPICYON_PORT};";
|
|
|
|
|
echo ' }';
|
|
|
|
|
echo " location ~ ^/icons/(like|repeat|calendar)(.*).(png|jpg|gif|webp|mp3|ogv|ogg|mp4) {";
|
|
|
|
|
echo ' expires epoch;';
|
|
|
|
|
echo ' proxy_no_cache 1;';
|
|
|
|
|
echo " proxy_pass http://localhost:${EPICYON_PORT};";
|
|
|
|
|
echo ' }';
|
|
|
|
|
echo " location ~ ^/users/(.*)/(image|banner).(png|jpg|gif|webp|mp3|ogv|ogg|mp4) {";
|
|
|
|
|
echo ' expires epoch;';
|
|
|
|
|
echo ' proxy_no_cache 1;';
|
|
|
|
|
echo " proxy_pass http://localhost:${EPICYON_PORT};";
|
|
|
|
|
echo ' }';
|
2020-06-17 21:19:50 +00:00
|
|
|
echo " proxy_pass http://localhost:${EPICYON_PORT};";
|
|
|
|
|
echo ' }';
|
2020-06-19 12:44:39 +00:00
|
|
|
echo '}'; } > "/etc/nginx/sites-available/${username}"
|
2020-06-17 21:19:50 +00:00
|
|
|
|
2020-06-19 12:44:39 +00:00
|
|
|
ln -s "/etc/nginx/sites-available/${username}" /etc/nginx/sites-enabled/
|
2020-06-17 21:19:50 +00:00
|
|
|
systemctl restart nginx
|
|
|
|
|
|
2020-06-19 12:49:13 +00:00
|
|
|
echo -n "$ONION_DOMAIN" | qrencode -t ANSI
|
2020-06-17 21:19:50 +00:00
|
|
|
echo "Your onion Epicyon instance is now installed."
|
|
|
|
|
echo "In a Tor browser navigate to $ONION_DOMAIN and register an account"
|
|
|
|
|
exit 0
|
