SilverLABS/littleshop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
51cc0463de
littleshop/Hostinger/DEBIAN13_SETUP_GUIDE.md
SysAdmin e1b377a042 Initial commit of LittleShop project (excluding large archives) 
- BTCPay Server integration
- TeleBot Telegram bot
- Review system
- Admin area
- Docker deployment configuration

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-17 15:07:38 +01:00

300 lines
8.1 KiB
Markdown
Raw Blame History

# DEBIAN 13 VPS SETUP GUIDE
## Complete BTCPay Server + Tor Restoration
**Target:** Hostinger VPS thebankofdebbie.giize.com (31.97.57.205)
**Date:** September 10, 2025
**Status:** Ready for Debian 13 OS rebuild
---
## 🎯 **QUICK START (30 Minutes)**
### Step 1: Fresh Debian 13 Installation
1. Reinstall Debian 13 via Hostinger control panel
2. Use password: `Th3fa1r13sd1d1t.` (keep this initially)
3. Wait for OS installation to complete
### Step 2: Copy SSH Key and Scripts
```bash
# On your local machine
scp -P 22 vps_hardening_key* root@thebankofdebbie.giize.com:/tmp/
scp -P 22 debian13_vps_hardening.sh root@thebankofdebbie.giize.com:/tmp/
scp -P 22 btcpay_tor_installer.sh root@thebankofdebbie.giize.com:/tmp/
```
### Step 3: Run VPS Hardening (5 minutes)
```bash
# SSH to fresh Debian 13 server
ssh root@thebankofdebbie.giize.com
# Make scripts executable
chmod +x /tmp/*.sh
# Run hardening script
/tmp/debian13_vps_hardening.sh
# Add your SSH public key
cat /tmp/vps_hardening_key.pub > /home/ubuntu/.ssh/authorized_keys
chown ubuntu:ubuntu /home/ubuntu/.ssh/authorized_keys
chmod 600 /home/ubuntu/.ssh/authorized_keys
```
### Step 4: Test SSH Keys (CRITICAL)
```bash
# Test SSH key access on new port
ssh -i vps_hardening_key -p 2255 ubuntu@thebankofdebbie.giize.com
# If successful, disable password auth:
sudo sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
sudo systemctl restart ssh
```
### Step 5: Install BTCPay Server + Tor (15 minutes)
```bash
# Run as root
sudo su -
/tmp/btcpay_tor_installer.sh
```
### Step 6: Monitor Installation
```bash
# Check status
./monitor-btcpay.sh
# Watch Bitcoin sync progress
docker logs btcpayserver_bitcoind -f
```
---
## 🔧 **DETAILED CONFIGURATION**
### Previous Working Configuration
```
BTCPay Onion: njoc2ubkk7ymgqfg6plt3wcltvcvuv3j4eemixnovicegrlwhq2zwfad.onion
Bitcoin P2P Onion: s7n55wptvooma4gqsbdo5vn6v6nphjffqsmlufoa3fzqhwkqgeasslad.onion
Note: New installation will generate NEW onion addresses
```
### Bitcoin Configuration
```bash
# Verified working config in BITCOIN_EXTRA_ARGS:
prune=10000 # 10GB max blockchain storage
rpcport=43782
rpcbind=0.0.0.0:43782
rpcallowip=0.0.0.0/0
port=39388
whitelist=0.0.0.0/0
maxmempool=500
onion=tor:9050
```
### Security Configuration
```bash
# SSH
Port 2255
PermitRootLogin no
AllowUsers ubuntu
PubkeyAuthentication yes
# UFW Firewall
2255/tcp ALLOW SSH-Hardened
80/tcp ALLOW HTTP-BTCPay
443/tcp ALLOW HTTPS-BTCPay
9050 ALLOW Tor-Local (127.0.0.0/8)
# Fail2Ban
SSH: 3 attempts -> 2 hour ban
Web: monitoring nginx logs
```
---
## 🚨 **CRITICAL SUCCESS POINTS**
### ✅ **Must Work Before Proceeding:**
1. SSH key authentication on port 2255
2. UFW firewall active with correct rules
3. Fail2Ban monitoring logs
4. Docker running and ubuntu in docker group
### ✅ **BTCPay Installation Success Indicators:**
1. All Docker containers running (8 containers)
2. Bitcoin logs show: "Prune configured to target 10000 MiB"
3. Tor onion addresses generated in 5 minutes
4. Web interface accessible on both clearnet and onion
### ⚠️ **Common Issues & Solutions:**
**Issue:** Bitcoin not in pruned mode
```bash
# Solution: Clear blockchain and restart
sudo btcpay-down.sh
docker run --rm -v generated_bitcoin_datadir:/data alpine rm -rf /data/blocks /data/chainstate
sudo btcpay-up.sh
```
**Issue:** Port conflicts
```bash
# Solution: Stop conflicting services first
sudo docker stop $(sudo docker ps -aq) 2>/dev/null || true
sudo btcpay-up.sh
```
**Issue:** Onion services not generating
```bash
# Solution: Restart Tor container
sudo docker restart tor tor-gen
# Wait 5 minutes, then check:
sudo cat /var/lib/docker/volumes/generated_tor_servicesdir/_data/BTCPayServer/hostname
```
---
## 📊 **EXPECTED RESULTS**
### Disk Usage After Complete Setup:
```
System + Docker: ~5GB
BTCPay Services: ~3GB
Bitcoin (pruned): ~10GB (max)
Available: ~369GB
Total Used: ~18GB / 387GB (5%)
```
### Performance Expectations:
```
Initial Bitcoin Sync: 12-24 hours (over Tor)
Bitcoin Storage: 10GB maximum (pruned)
Web Response: Normal (slight Tor overhead for onion)
Payment Processing: Real-time
```
### Services Running (8 containers):
```
✅ btcpayserver_bitcoind - Bitcoin Core (pruned, Tor-only)
✅ generated_btcpayserver_1 - BTCPay Server application
✅ generated_nbxplorer_1 - Blockchain explorer
✅ generated_postgres_1 - PostgreSQL database
✅ nginx - Reverse proxy with SSL
✅ tor - Tor daemon + onion services
✅ tor-gen - Tor configuration generator
✅ letsencrypt-... - SSL certificate manager
```
---
## 🔐 **SECURITY FEATURES RESTORED**
### Network Security:
- ✅ SSH on port 2255 with key auth only
- ✅ UFW firewall with minimal allowed ports
- ✅ Fail2Ban monitoring SSH and web attacks
- ✅ Bitcoin P2P traffic only via Tor network
- ✅ BTCPay accessible via both clearnet and Tor
### Privacy Features:
- ✅ Bitcoin node uses onlynet=onion (no clearnet P2P)
- ✅ BTCPay Server accessible via .onion address
- ✅ Customer payments can be completely anonymous
- ✅ No DNS leaks (Bitcoin doesn't use clearnet DNS)
### Storage Management:
- ✅ Bitcoin blockchain limited to 10GB (pruned)
- ✅ Automatic old block removal
- ✅ Safe for 387GB VPS with room to grow
- ✅ Full validation capability maintained
---
## 🔄 **MAINTENANCE COMMANDS**
### Daily Monitoring:
```bash
~/monitor-btcpay.sh # Overall status
sudo docker ps | grep btcpay # Container status
df -h / # Disk usage
sudo fail2ban-client status # Security status
```
### Maintenance:
```bash
sudo btcpay-restart.sh # Restart all services
sudo btcpay-update.sh # Update BTCPay Server
sudo btcpay-clean.sh # Clean old Docker images
docker logs btcpayserver_bitcoind # Check Bitcoin sync
```
### Emergency Recovery:
```bash
sudo btcpay-down.sh # Stop everything
sudo btcpay-up.sh # Start everything
# If needed: Re-run btcpay_tor_installer.sh
```
---
## 📞 **SUPPORT INFORMATION**
### If Something Goes Wrong:
1. **SSH Issues:** Contact Hostinger for console access
2. **Bitcoin Storage:** Monitor with `df -h` - should never exceed 15GB total
3. **BTCPay Problems:** Check `docker logs generated_btcpayserver_1`
4. **Tor Issues:** Restart tor containers, wait 5 minutes for onion addresses
### Key Files Backup:
- SSH Keys: `/home/ubuntu/.ssh/`
- BTCPay Config: `/opt/.env`
- Docker Compose: `/opt/btcpayserver-docker/Generated/docker-compose.generated.yml`
- Tor Keys: `/var/lib/docker/volumes/generated_tor_servicesdir/`
---
## 🎯 **SUCCESS CRITERIA**
**✅ Installation Complete When:**
1. SSH key access works on port 2255
2. All 8 Docker containers running
3. Bitcoin logs show pruning active
4. BTCPay accessible on both clearnet and onion
5. Disk usage under 20GB total
6. New onion addresses generated and documented
**🚀 Ready for LittleShop Integration When:**
1. Bitcoin initial sync completed (24 hours)
2. BTCPay setup wizard completed
3. Test payment successful
4. API endpoints responding
5. Webhook configuration tested
---
## 📋 **FINAL CHECKLIST**
**Before Declaring Success:**
- [ ] SSH key authentication working on port 2255
- [ ] Password authentication disabled
- [ ] UFW firewall active with 4 rules
- [ ] Fail2Ban showing 2+ active jails
- [ ] 8 Docker containers running
- [ ] Bitcoin pruning confirmed in logs
- [ ] BTCPay onion address generated
- [ ] Disk usage under 20GB
- [ ] Web interface accessible
- [ ] Monitoring script working
**Debian 13 advantages over Ubuntu:**
- More granular security controls
- Better systemd hardening options
- Reduced attack surface (minimal packages)
- More predictable package management
- Enhanced AppArmor/SELinux integration
---
**🎉 Total Setup Time: ~30 minutes + 24 hours Bitcoin sync**
**🔒 Security Level: Maximum (Tor + hardened OS + pruned storage)**
**💾 Storage Safe: Yes (10GB max Bitcoin + 10GB overhead = 20GB total)**
Ready to deploy! 🚀
Reference in New Issue View Git Blame Copy Permalink