From d44b163cc3006769d65d3bb59c61f97c53caac23 Mon Sep 17 00:00:00 2001
From: Jascha <jascha@relayable.org>
Date: Thu, 13 Jul 2023 11:32:59 -0700
Subject: [PATCH 1/2] Update DEPLOYMENT.md

Updated to add more ufw settings and fix ulimit issues on some systems
---
 docs/DEPLOYMENT.md | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/docs/DEPLOYMENT.md b/docs/DEPLOYMENT.md
index 21ef104..33d1c3c 100644
--- a/docs/DEPLOYMENT.md
+++ b/docs/DEPLOYMENT.md
@@ -42,7 +42,7 @@ While you wait for your server to provision, go to your DNS provider and point a
         cd strfry
 
         # Install complication dependencies
-        sudo apt install -y git build-essential libyaml-perl libtemplate-perl libregexp-grammars-perl libssl-dev zlib1g-dev liblmdb-dev libflatbuffers-dev libsecp256k1-dev libzstd-dev
+        sudo apt install -y git build-essential libyaml-perl libtemplate-perl libregexp-grammars-perl libssl-dev zlib1g-dev liblmdb-dev libflatbuffers-dev libsecp256k1-dev libzstd-dev ufw
 
         # Build it
         git submodule update --init
@@ -100,6 +100,10 @@ Note here you'll use the DNS name you configured above
 
 Edit the `db = "./strfry-db/"` line to: `db = "/var/lib/strfry/"`
 
+Check system hard limit `ulimit -Hn` 
+
+If for example `524288` can set this to `nofiles = 524288` in strfry.conf (or set to 0)
+
 Copy the strfry.conf file to /etc and change ownership:
 
         sudo cp strfry.conf /etc/strfry.conf
@@ -149,6 +153,13 @@ Now let's open the port to the outside world:
 
         sudo ufw allow 'Nginx Full'
         sudo ufw status
+        ufw default deny incoming  
+        ufw default allow outgoing
+        ufw allow 22/tcp # allow incoming SSH traffic  
+        ufw allow 80/tcp # allow incoming HTTP traffic  
+        ufw allow 443/tcp # allow incoming HTTPS traffic
+
+For added security you can `sudo apt install -y fail2ban`
 
         sudo certbot --nginx -d relay.yourdomain.com
 

From 62f3d2c72408f118f14ced96a38e3b4d500e630a Mon Sep 17 00:00:00 2001
From: Jascha <jascha@relayable.org>
Date: Thu, 13 Jul 2023 11:35:02 -0700
Subject: [PATCH 2/2] Update DEPLOYMENT.md

Fixed ufw section missing sudo and duplicate http and https
---
 docs/DEPLOYMENT.md | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/docs/DEPLOYMENT.md b/docs/DEPLOYMENT.md
index 33d1c3c..0dfbb2c 100644
--- a/docs/DEPLOYMENT.md
+++ b/docs/DEPLOYMENT.md
@@ -153,11 +153,10 @@ Now let's open the port to the outside world:
 
         sudo ufw allow 'Nginx Full'
         sudo ufw status
-        ufw default deny incoming  
-        ufw default allow outgoing
+        sudo ufw default deny incoming  
+        sudo ufw default allow outgoing
         ufw allow 22/tcp # allow incoming SSH traffic  
-        ufw allow 80/tcp # allow incoming HTTP traffic  
-        ufw allow 443/tcp # allow incoming HTTPS traffic
+        sudo ufw enable
 
 For added security you can `sudo apt install -y fail2ban`