nostr/strfry
1
0
Fork 0
mirror of https://github.com/hoytech/strfry.git synced 2025-06-17 16:58:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
old-web
strfry/docs/DEPLOYMENT.md
Overload3910 1de5d6d754 Update DEPLOYMENT.md 
command needs sudo permissions or otherwise errors out
2023-09-20 12:33:20 +02:00

168 lines
4.4 KiB
Markdown
Raw Permalink Blame History

# Deployment
This document will explain how to get an instance of strfry installed on its own VM, for example on a cloud provider like DigitalOcean, Linode, AWS or Vultr.
## Starting & Endpoint
We'll assume you have a running VPS that you have access to:
- You can ssh to the node
- You have the IP address of the node
- You can use some kind of DNS registrar to point some domain at the node
The goal is to have:
- A running strfry relay
- With a letsencrypt certificate
## Provision your server
The remainder of the document assumes a plain VPS.
Vultr - $12/mo
- High performance Intel
- 1 vCPU
- 2048 MB Ram
- 50 GB NVMe SSD
- OS Ubuntu 22.04 LTS
- Disable automatic backup
## Point DNS at your server
While you wait for your server to provision, go to your DNS provider and point an address at it. An A record of `relay.yourdomain.com` should point to the IP address of your VPS.
## Connect to your server
# Update deps
sudo apt update
# Download strfry
git clone https://github.com/hoytech/strfry.git
cd strfry
# Install complication dependencies
sudo apt install -y git build-essential libyaml-perl libtemplate-perl libregexp-grammars-perl libssl-dev zlib1g-dev liblmdb-dev libflatbuffers-dev libsecp256k1-dev libzstd-dev ufw
# Build it
git submodule update --init
make setup-golpe
make -j2
# Go get coffee, this takes a few minutes on a single vCPU
# Install strfry
sudo cp strfry /usr/local/bin
# Install web hosting dependencies
sudo apt install nginx certbot python3-certbot-nginx
# Remove the default nginx file
sudo rm -rf /etc/nginx/sites-available/default
# Provide the following settings file
sudo vim /etc/nginx/sites-available/default
sudo service nginx restart
Note, at this point your nginx will just try to pass all connections to a nonexistent strfry endpoint, get frustrated, and refuse the connection.
### Configure Strfry
- Create user
sudo useradd -M -s /usr/sbin/nologin strfry
- Create data directory
sudo mkdir /var/lib/strfry
sudo chown strfry:strfry /var/lib/strfry
sudo chmod 755 /var/lib/strfry
### Sample NGINX Starter Config
Note here you'll use the DNS name you configured above
server{
server_name relay.yourdomain.com;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:7777;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
### Install strfry.conf
Edit the `db = "./strfry-db/"` line to: `db = "/var/lib/strfry/"`
Check system hard limit `ulimit -Hn`
If for example `524288` can set this to `nofiles = 524288` in strfry.conf (or set to 0)
Copy the strfry.conf file to /etc and change ownership:
sudo cp strfry.conf /etc/strfry.conf
sudo chown strfry:strfry /etc/strfry.conf
### Install Systemd File
Put the following file at /etc/systemd/system/strfry.service
[Unit]
Description=strfry relay service
[Service]
User=strfry
ExecStart=/usr/local/bin/strfry relay
Restart=on-failure
RestartSec=5
ProtectHome=yes
NoNewPrivileges=yes
ProtectSystem=full
LimitCORE=1000000000
[Install]
WantedBy=multi-user.target
Now enable this service and start it
sudo systemctl enable strfry.service
sudo systemctl start strfry
sudo systemctl status strfry
You can curl to ensure things are running:
curl localhost:7777
Tells you that strfry is running
curl localhost:80
Tells you that nginx is running
### Firewall and Certificate
Now let's open the port to the outside world:
sudo ufw allow 'Nginx Full'
sudo ufw status
sudo ufw default deny incoming
sudo ufw default allow outgoing
ufw allow 22/tcp # allow incoming SSH traffic
sudo ufw enable
For added security you can `sudo apt install -y fail2ban`
sudo certbot --nginx -d relay.yourdomain.com
### Next steps
At this point you should have a running relay. Point your client at it, tell a few friends, post some notes, or whatever you want.
Reference in New Issue View Git Blame Copy Permalink