Skip to content

AWS Deployment

Jump to bottom
SkyperTHC edited this page Sep 18, 2022 · 22 revisions

These instructions are for administrators who like to provision a Segfault.net Server Centre (SSC) onto a newly created AWS instance. The step by step instructions turn a fresh (vanilla) AWS Instance into a Segfault.net Server Centre.

This is how we deploy a SSC onto AWS.

Note: We use Route53 so that the user always connects to the nearest SSC. E.g. segfault.net resolves to us.segfault.net or de.segfault.net depending on your physical location. You likely wont need this.

1. Create EBS volumes

Create 3 EBS volumes

  1. 16GB, gp2, encrypted, name=sf-docker
  2. 1TB, sc1, encrypted, name=sf-data
  3. 1GB, gp2, encrypted, name=sf-config

2. Create an AWS instance

  1. Launch a t3a.medium instance (Ubuntu, amd64).
  2. Attach the 3 volumes (in order sf-docker, sf-data, sf-config).
  3. Assign an Elastic IP to the instance.

3. Setup the instance

Log in to the instance.

Download the SSC source:

mkdir /home/ubuntu/src
cd /home/ubuntu/src
git clone https://github.com/hackerschoice/segfault.git
cd segfault

Format the volumes:

source provision/funcs_aws.sh
aws_fs_add /dev/nvme1n1 /sf/docker
aws_fs_add /dev/nvme2n1 /sf/data
aws_fs_add /dev/nvme3n1 /sf/config

4. Setup SSC

4.1 NordVPN

This part is optional and only needed if you like to route all outgoing traffic via NordVPN. The default is to route through TOR if NordVPN is not configured (TCP only).

Execute the following on your workstation (not the AWS instance) to retrieve the NordVPN Private Key. Replace XXX and YYY with your NordVPN Username and Password:

docker run --rm --cap-add=NET_ADMIN -e USER=XXX -e PASS=YYY bubuntux/nordvpn:get_private_key

4.2 Build the SSC

The following command will:

  1. Install all software (docker, curl, git, ..) onto the AWS
  2. Move the SSHD to port 64222 and assign Port 22 to the SSC.
  3. Create a random MASTER SEED.
  4. Configure the SSC (generate tor secrets, ssh-keys, ...)
  • Replace ZZZ with your NordVPN Private Key or remove the line if NordVPN is not used.
  • Change SF_FQDN= to whatever domain you are using.
  • Change SF_PACKAGES="MINI_BASE NET HACK" for a smaller deployment (1 GB instead of 8 GB).
  • We limited outbound traffic to 10Mbit. Remove the SF_MAXOUT= line otherwise.
  • We Limit the user's root fs to 128MB. Remove the SF_USER_ROOT_FS_LIMIT= line otherwise.

Please refer to the list of all variables for more information.

SF_PACKAGES=ALL \
SF_BASEDIR=/sf \
SF_SEED="$(head -c 1024 /dev/urandom | tr -dc '[:alpha:]' | head -c 32)" \
SF_MAXOUT=10Mbit \
SF_USER_ROOT_FS_LIMIT=128MB \
SF_FQDN=mydomain.segfault.net \
SF_NORDVPN_PRIVATE_KEY=ZZZ \
provision/init-linux.sh

The script will finish with an output similar to this one:

--> System's SSHD was in the way and got moved to 64222
--> Basedir             : /sf
--> SF_SEED             : RandomlyCreatedMasterSeed1234567
--> Password            : segfault
--> SSH                 : ssh root@mydomain.segfault.net
--> SSH (gsocket)       : gsocket -s RandomSecret ssh root@mydomain.segfault.gsocket
  1. Write down the SF_SEED
  2. Log in to your SSC (ssh root@mydomain.segfault.net) with password "segfault" (without parentheses).

5 Stopping and Starting the SSC

Stopping:

cd /home/ubuntu/segfault
docker-compose down

The SSC wont start automatically if the AWS instance reboots. This is prevent the SF_SEED of needing to be stored with AWS. Instead a log in to the AWS Instance is needed to start the SSC manually:

Starting:

cd /home/ubuntu/segfault
SF_SEED=RandomlyCreatedMasterSeed1234567 docker-compose up

Join us on Telegram if you have any questions or comments.

Clone this wiki locally