add selfhosting tutorials

2025-05-20 01:40:22 -04:00 · 2025-05-06 19:51:39 +02:00 · 2025-05-06 19:51:39 +02:00 · cc3824e6a2
commit cc3824e6a2
parent 95c33c8b41
1900 changed files with 32727 additions and 0 deletions
--- a/portforwarding/index.md
+++ b/portforwarding/index.md
@ -0,0 +1,221 @@
+# portforwarding Setup 
+
+In this tutorial we're going to look at how to port forward services from being local to VPSes.
+
+## **Initial Setup**
+
+Situation: you want to run some services locally. But you want them to be publicly accessible without revealing your public IP.
+
+Solution 1: install openvpn, and port forward through iptables, as seen on [](../mailprivate/index.md)
+    
+    
+    wget https://raw.githubusercontent.com/ech1/serverside/master/ovpn/openvpn-install.sh
+    chmod +x openvpn-install.sh
+    ./openvpn-install.sh
+    
+    #then install it, then run it again to add an user
+    
+    ./openvpn-install.sh
+    
+    Tell me a name for the client.
+    Use one word only, no special characters.
+    Client name: nothing
+    
+    Do you want to protect the configuration file with a password?
+    (e.g. encrypt the private key with a password)
+       1) Add a passwordless client
+       2) Use a password for the client
+    Select an option [1-2]: 2
+    ⚠️ You will be asked for the client password below ⚠️
+    
+    Note: using Easy-RSA configuration from: /etc/openvpn/easy-rsa/vars
+    Using SSL: openssl OpenSSL 1.1.1j  16 Feb 2021
+    Generating an EC private key
+    writing new private key to '/etc/openvpn/easy-rsa/pki/easy-rsa-4185644.tXXER0/tmp.mzvtcc'
+    Enter PEM pass phrase:
+    Verifying - Enter PEM pass phrase:
+    -----
+    Using configuration from /etc/openvpn/easy-rsa/pki/easy-rsa-4185644.tXXER0/tmp.prBOSr
+    Check that the request matches the signature
+    Signature ok
+    The Subject's Distinguished Name is as follows
+    commonName            :ASN.1 12:'nothing'
+    Certificate is to be certified until Apr 13 15:51:09 2024 GMT (825 days)
+    
+    Write out database with 1 new entries
+    Data Base Updated
+    
+    Client nothing added.
+    
+    The configuration file has been written to /root/nothing.ovpn.
+    Download the .ovpn file and import it in your OpenVPN client.
+    
+    
+    
+    
+    
+    #then  make it a systemd service to run openvpn on the client (from where the service runs):
+    
+    [ 10.8.0.5/24 ] [ /dev/pts/22 ] [~]
+    → sudo vim /etc/systemd/system/vpn.service
+    
+    [ 10.8.0.5/24 ] [ /dev/pts/22 ] [~]
+    → cat /etc/systemd/system/vpn.service
+    [Unit]
+    Description=VPN
+    After=network-online.target
+    Wants=network-online.target
+    
+    [Service]
+    Type=simple
+    ExecStart=/usr/bin/openvpn /root/nothing.ovpn
+    ExecStop=kill -9 $(pidof openvpn)
+    Restart=always
+    
+    [Install]
+    WantedBy=multi-user.target
+    
+    [ 10.8.0.5/24 ] [ /dev/pts/22 ] [~]
+    → systemctl daemon-reload ; systemctl enable --now vpn ; ping 10.8.0.1
+    
+    
+    
+    
+    
+    
+    #on the VPN server we forward the ports to the local VM via iptables: (change ens3 to the correct network interface + the correct ip)
+    
+    root@mail-gw:~# cat iptables_forwardrules.sh
+    #!/bin/bash
+    iptables -A PREROUTING -t nat -i ens3 -p tcp -d 23.137.250.140 --dport 25 -j DNAT --to-destination 10.8.0.2:25
+    iptables -A PREROUTING -t nat -i ens3 -p tcp -d 23.137.250.140 --dport 80 -j DNAT --to-destination 10.8.0.2:80
+    iptables -A PREROUTING -t nat -i ens3 -p tcp -d 23.137.250.140 --dport 443 -j DNAT --to-destination 10.8.0.2:443
+    iptables -A PREROUTING -t nat -i ens3 -p tcp -d 23.137.250.140 --dport 143 -j DNAT --to-destination 10.8.0.2:143
+    iptables -A PREROUTING -t nat -i ens3 -p tcp -d 23.137.250.140 --dport 465 -j DNAT --to-destination 10.8.0.2:465
+    iptables -A PREROUTING -t nat -i ens3 -p tcp -d 23.137.250.140 --dport 587 -j DNAT --to-destination 10.8.0.2:587
+    iptables -A PREROUTING -t nat -i ens3 -p tcp -d 23.137.250.140 --dport 993 -j DNAT --to-destination 10.8.0.2:993
+    
+    root@mail:~# chmod +x iptables_forwardrules.sh
+    root@mail:~# ./iptables_forwardrules.sh
+    
+    #from the VM we allow the packets to be forwarded to us:
+    
+    root@mail-nihilism:~# cat iptables_forwardrules.sh
+    #!/bin/bash
+    iptables -A FORWARD -p tcp -d 10.8.0.2 --dport 25 -j ACCEPT
+    iptables -A FORWARD -p tcp -d 10.8.0.2 --dport 143 -j ACCEPT
+    iptables -A FORWARD -p tcp -d 10.8.0.2 --dport 465 -j ACCEPT
+    iptables -A FORWARD -p tcp -d 10.8.0.2 --dport 587 -j ACCEPT
+    iptables -A FORWARD -p tcp -d 10.8.0.2 --dport 993 -j ACCEPT
+    iptables -A FORWARD -p tcp -d 10.8.0.2 --dport 443 -j ACCEPT
+    iptables -A FORWARD -p tcp -d 10.8.0.2 --dport 80 -j ACCEPT
+    
+    root@mail-nihilism:~# chmod +x iptables_forwardrules.sh
+    root@mail-nihilism:~# ./iptables_forwardrules.sh
+    	
+    
+
+you also need to allow the ip forwarding (change ens3 to the correct network interface):
+    
+    
+    root@mail-gw:~# sysctl net.ipv4.conf.ens3.forwarding=1
+    net.ipv4.conf.ens3.forwarding = 1
+    root@mail-gw:~# sysctl net.ipv6.conf.ens3.forwarding=1
+    net.ipv6.conf.ens3.forwarding = 1
+    root@mail-gw:~# echo " net.ipv6.conf.ens3.forwarding=1" >>/etc/sysctl.conf
+    root@mail-gw:~# echo " net.ipv4.conf.ens3.forwarding=1" >>/etc/sysctl.conf
+    root@mail-gw:~# sysctl -p
+    net.ipv6.conf.ens3.forwarding = 1
+    net.ipv4.conf.ens3.forwarding = 1
+    
+    #for arch users, install libvirt:
+    sudo pacman -S libvirt
+    vim /etc/sysctl.d/30-ipforward.conf
+    cat /etc/sysctl.d/30-ipforward.conf
+    net.ipv4.ip_forward=1
+    net.ipv6.conf.default.forwarding=1
+    net.ipv6.conf.all.forwarding=1
+    
+    [ nihilism ] [ /dev/pts/1 ] [~]
+    → sysctl net.ipv4.ip_forward=1
+    net.ipv4.ip_forward = 1
+    	
+    
+
+If that doesnt work, do it via nginx:
+    
+    
+    #on the server:
+    
+    apt install nginx libnginx-mod-stream -y
+    systemctl stop nginx
+    
+    [ nowhere.moe ] [ /dev/pts/7 ] [~]
+    → vim /etc/nginx/nginx.conf
+    
+    [ nowhere.moe ] [ /dev/pts/7 ] [~]
+    → cat /etc/nginx/nginx.conf
+    user www-data;
+    worker_processes auto;
+    pid /run/nginx.pid;
+    error_log /var/log/nginx/error.log;
+    include /etc/nginx/modules-enabled/*.conf;
+    
+    events {
+    	[...]
+    }
+    
+    http {
+    	[...]
+    }
+    
+    stream {
+            server {
+                    listen 3389; # tcp port forwarding
+                    proxy_pass 10.8.0.3:3389;
+            }
+            server {
+                    listen 25565; # tcp port forwarding
+                    proxy_pass 10.8.0.2:25565;
+            }
+        server {
+                    listen 25565 udp; # udp port forwarding
+                    proxy_pass 10.8.0.2:25565;
+                    proxy_responses 0;
+            }
+    }
+    
+    [ nowhere.moe ] [ /dev/pts/7 ] [~]
+    → nginx -t
+    nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
+    nginx: configuration file /etc/nginx/nginx.conf test is successful
+    
+    [ nowhere.moe ] [ /dev/pts/7 ] [~]
+    → systemctl start nginx
+    	
+    # then just test if the ports are opened:
+    
+    [ nowhere.moe ] [ /dev/pts/7 ] [~]
+    → nmap 10.8.0.2 -p 25565
+    Starting Nmap 7.93 ( https://nmap.org ) at 2023-08-21 17:15 CEST
+    Nmap scan report for 10.8.0.2
+    Host is up (0.022s latency).
+    
+    PORT      STATE SERVICE
+    25565/tcp open  minecraft
+    
+    Nmap done: 1 IP address (1 host up) scanned in 0.21 seconds
+    
+    [ 10.0.2.2/24 ] [ /dev/pts/26 ] [~/Nextcloud/blog]
+    → nmap nowhere.moe -p 25565
+    Starting Nmap 7.94 ( https://nmap.org ) at 2023-08-21 17:15 CEST
+    Nmap scan report for nowhere.moe (116.202.216.190)
+    Host is up (0.023s latency).
+    
+    PORT      STATE SERVICE
+    25565/tcp open  minecraft
+    
+    Nmap done: 1 IP address (1 host up) scanned in 0.12 seconds
+    
+    
+