Installing (and moving) ZeroNet to Debian Jessie with autostarting in screen

in zeronet •  2 years ago 

As (kinda) active ZeroNet user I decided to move it from my local PC to server where it will be available 24/7. This post will guide you thru this process.

I decided to use screen for autolaunching on server startup because it's easier to do so than write systemd unit.

This guide will assume that you executing commands as root, if nothing else specified.

Installing ZeroNet

First of all we should install required dependencies:

apt-get install msgpack-python python-gevent screen

It's always a good measure to launch software on unices as separate user, so we should add one:

useradd -d /home/zeronet -m -s /bin/bash zeronet

Note: /home/zeronet path can be different according to your needs. If you want another path for ZeroNet home directory - change it after -d option.

Note: all other actions should be done as just-created user!

Authing as just-created user:

su zeronet

Downloading and extracting latest version of ZeroNet:

wget https://github.com/HelloZeroNet/ZeroNet/archive/master.tar.gz
tar xvpfz master.tar.gz
cd ZeroNet-master

Launching and checking that everything is good:

python zeronet.py --ui_ip 0.0.0.0

Try to access http://zeronet_server:43110/. If everything is good - you'll see "Hello ZeroNet" page. This indicates that ZeroNet installed successfully, so we can proceed. Press CTRL+C in server's console to stop ZeroNet.

Moving old ZeroNet data to new server.

Note: this paragraph can be skipped for new installations.

When moving ZeroNet instance from one PC to another we should move not ZeroNet installation itself but data it produces. I'm using Arch Linux and ZeroNet was installed with yaourt, so my moving strategy will be:

tar -cjf /root/zeronet.tar.bz2 /var/lib/zeronet/*
scp /root/zeronet.tar.bz2 [email protected]:/root/

Find your data directory by yourself and copy it to server.

After that you should replace data directory contents on server with backed up one.

Warning: it should be performed when ZeroNet is stopped!

Don't forget to restore permissions if needed:

chown -R zeronet /home/zeronet

ZeroNet autolaunching

I'm launching it with /etc/rc.local file. First - enable it in systemd:

systemctl enable rc.local

Then add this line to your /etc/rc.local:

/bin/su - zeronet -c "/usr/bin/screen -dmS zeronet /bin/bash -c 'cd /home/zeronet/ZeroNet-master; python zeronet.py --ui_ip 0.0.0.0'"

This is enough to get ZeroNet up and running.

Port passthru

Note: if you running ZeroNet not on virtual machine - you can skip this paragraph.

If you have firewall installed or even run ZeroNet in virtual machine it is required to passthru port it listens for other clients to download sites. And this is an iptables rule that should be executed on physical server:

iptables -t nat -A PREROUTING -d $YOUR_EXTERNAL_IP/32 -p tcp -m tcp --dport 15441 -j DNAT --to-destination $YOUR_VM_IP:15441

Where:

  • $YOUR_EXTERNAL_IP - publicly accessible IP address of your server.
  • $YOUR_VM_IP - private address of your virtual machine.

This rule can be read as: "while prerouting packages if they're going to $YOUR_EXTERNAL_IP/32 using protocol TCP and port 15441 - redirect them to $YOUR_VM_IP:15441".

Securing ZeroNet

By default ZeroNet doesn't do any authentication. There is a plugin which supposed to do that, but authors says that it can ruin everything and eat your cat. I would recommend to put ZeroNet behind nginx web server and set up HTTP basic authentication, so only you can have access. This is a pretty good article on how to do that.

In my case I have VPN between my home network and server, so I don't need it, I run ZeroNet on isolated VM. But if you haven't here are some things you should know before you started to secure your ZeroNet installation:

  1. It uses websockets for communication between client (you) and server. Nginx should be aware of that (google for "nginx websocket proxy")
  2. Set really strong password. I know chinese guys always nearby to bruteforce your password on web or SSH.
  3. Configure fail2ban to ban IP addresses that trying to brutforce you. Good strategy is to ban IP address if at least 5 bad attempts within a hour was made.
Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!