From 6c2f7379455bbd3b8566e10dca6ea4ff32f6a2d8 Mon Sep 17 00:00:00 2001 From: Steven Foerster Date: Sun, 22 Mar 2020 08:32:28 -0400 Subject: [PATCH] adding docs and bugfixes --- README.md | 6 ++++-- scripts/services/Mistborn-base.service | 12 ++++++------ scripts/services/Mistborn-bitwarden.service | 2 +- scripts/services/Mistborn-rocketchat.service | 2 +- scripts/services/Mistborn-syncthing.service | 4 ++-- scripts/services/Mistborn-tor.service | 2 +- 6 files changed, 15 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index a83951b..2d208cd 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,7 @@ Within Mistborn is a panel to enable and manage these free extra services, local - [Tor](https://www.torproject.org): The Onion Router. One tool in the arsenal of online security and privacy. # Installation -Mistborn is regularly tested on Ubuntu 18.04 LTS. It has also been successfully used on Debian and Raspbian systems (though not regularly tested). +Mistborn is regularly tested on Ubuntu 18.04 LTS (DigitalOcean droplet with 2 GB RAM). It has also been successfully used on Debian Buster and Raspbian Buster systems (though not regularly tested). Clone the git repository and run the install script: ``` @@ -43,7 +43,7 @@ sudo bash ./mistborn/scripts/install.sh Running `install.sh` will do the following: - create a `mistborn` system user - clone the mistborn repo to `/opt/mistborn` -- setup iptables and ip6tables rules +- setup iptables and ip6tables rules and chains - install iptables-persistent - install Docker - install OpenSSH @@ -51,6 +51,7 @@ Running `install.sh` will do the following: - install Cockpit - create a `cockpit` system user - configure unattended-upgrades +- create and populate traefik.toml - create `/opt/mistborn_volumes` and setup folders for services that will be mounted within - backup original contents of `/opt/mistborn_volumes` in `/opt/mistborn_backup` - Pull docker images for base.yml @@ -105,6 +106,7 @@ Endpoint = :39207 - Run `sudo systemctl enable wg-quick@wg_admin` - Open your browser and go to "http://home.mistborn" - Browse your Mistborn system! +**Note:** The home.mistborn server takes a minute to come up after Mistborn is up (collectstatic on all that frontend JavaScript and CSS) ## Wireguard Management Mistborn users can be added (non-privileged or superuser) and removed by superusers. Multiple Wireguard profiles can be created for each user. A non-privileged user can create profiles for themselves. diff --git a/scripts/services/Mistborn-base.service b/scripts/services/Mistborn-base.service index 8f23fa1..7e2cecd 100644 --- a/scripts/services/Mistborn-base.service +++ b/scripts/services/Mistborn-base.service @@ -24,12 +24,12 @@ ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/base.yml up # Stop container when unit is stopped ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/base.yml down # Post stop -ExecStopPost=/sbin/iptables -D DOCKER-USER -i DIFACE -p udp --dport 53 -j MISTBORN_LOG_DROP -ExecStopPost=/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 53 -j MISTBORN_LOG_DROP -ExecStopPost=/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 80 -j MISTBORN_LOG_DROP -ExecStopPost=/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 5555 -j MISTBORN_LOG_DROP -ExecStopPost=/sbin/iptables -D OUTPUT -o DIFACE -p udp --dport 53 -j MISTBORN_LOG_DROP -ExecStopPost=/sbin/ip6tables -D OUTPUT -p udp --dport 53 -j MISTBORN_LOG_DROP +ExecStopPost=/sbin/iptables -D DOCKER-USER -i DIFACE -p udp --dport 53 -j MISTBORN_LOG_DROP || true +ExecStopPost=/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 53 -j MISTBORN_LOG_DROP || true +ExecStopPost=/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 80 -j MISTBORN_LOG_DROP || true +ExecStopPost=/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 5555 -j MISTBORN_LOG_DROP || true +ExecStopPost=/sbin/iptables -D OUTPUT -o DIFACE -p udp --dport 53 -j MISTBORN_LOG_DROP || true +ExecStopPost=/sbin/ip6tables -D OUTPUT -p udp --dport 53 -j MISTBORN_LOG_DROP || true [Install] WantedBy=multi-user.target diff --git a/scripts/services/Mistborn-bitwarden.service b/scripts/services/Mistborn-bitwarden.service index 49c144d..50c0e16 100644 --- a/scripts/services/Mistborn-bitwarden.service +++ b/scripts/services/Mistborn-bitwarden.service @@ -17,7 +17,7 @@ ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/bitwarden.yml up # Stop container when unit is stopped ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/extra/bitwarden.yml down # Post stop -ExecStopPost=/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 3012 -j MISTBORN_LOG_DROP +ExecStopPost=/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 3012 -j MISTBORN_LOG_DROP || true [Install] WantedBy=multi-user.target diff --git a/scripts/services/Mistborn-rocketchat.service b/scripts/services/Mistborn-rocketchat.service index e99e307..d603c6a 100644 --- a/scripts/services/Mistborn-rocketchat.service +++ b/scripts/services/Mistborn-rocketchat.service @@ -17,7 +17,7 @@ ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/rocketchat.yml up # Stop container when unit is stopped ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/extra/rocketchat.yml down # Post stop -ExecStopPost=/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 3001 -j MISTBORN_LOG_DROP +ExecStopPost=/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 3001 -j MISTBORN_LOG_DROP || true [Install] WantedBy=multi-user.target diff --git a/scripts/services/Mistborn-syncthing.service b/scripts/services/Mistborn-syncthing.service index 9dcfbbf..721b3f2 100644 --- a/scripts/services/Mistborn-syncthing.service +++ b/scripts/services/Mistborn-syncthing.service @@ -18,8 +18,8 @@ ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/syncthing.yml up # Stop container when unit is stopped ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/extra/syncthing.yml down # Post stop -ExecStopPost=/sbin/iptables -D DOCKER-USER -i DIFACE -p udp --dport 21027 -j MISTBORN_LOG_DROP -ExecStopPost=/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 22000 -j MISTBORN_LOG_DROP +ExecStopPost=/sbin/iptables -D DOCKER-USER -i DIFACE -p udp --dport 21027 -j MISTBORN_LOG_DROP || true +ExecStopPost=/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 22000 -j MISTBORN_LOG_DROP || true [Install] WantedBy=multi-user.target diff --git a/scripts/services/Mistborn-tor.service b/scripts/services/Mistborn-tor.service index c67fb85..a1c2272 100644 --- a/scripts/services/Mistborn-tor.service +++ b/scripts/services/Mistborn-tor.service @@ -17,7 +17,7 @@ ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/tor.yml up --buil # Stop container when unit is stopped ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/extra/tor.yml down # Post stop -ExecStopPost=/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 9150 -j MISTBORN_LOG_DROP +ExecStopPost=/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 9150 -j MISTBORN_LOG_DROP || true [Install] WantedBy=multi-user.target