SilverLABS/littleshop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
b265c89a72
littleshop/Hostinger/Infrastructure.txt
SysAdmin e1b377a042 Initial commit of LittleShop project (excluding large archives) 
- BTCPay Server integration
- TeleBot Telegram bot
- Review system
- Admin area
- Docker deployment configuration

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-17 15:07:38 +01:00

248 lines
10 KiB
Plaintext
Raw Blame History

================================================================================
LITTLESHOP HOSTINGER VPS INFRASTRUCTURE
================================================================================
Last Updated: September 12, 2025
Status: BTCPAY SERVER MULTI-CRYPTO OPERATIONAL ✅
================================================================================
SERVER INFORMATION
================================================================================
🖥️ SERVER DETAILS:
Provider: Hostinger
Hostname: srv1002428.hstgr.cloud / thebankofdebbie.giize.com
IP Address: 31.97.57.205
Operating System: Debian 13 (upgraded from Ubuntu 24.04)
CPU: x86_64 architecture
RAM: 16GB
Storage: 394GB SSD (✅ SUFFICIENT with Bitcoin pruning enabled)
🔐 ACCESS CREDENTIALS:
SSH Port: 2255 (changed from default 22 for security)
SSH User: sysadmin (root login DISABLED, ubuntu user not present)
SSH Key: vps_hardening_key (stored in this directory)
Sudo Password: Phenom12#. (same as SSH user password)
🌐 DOKPLOY ADMIN:
Original Credentials: sysadmin@server.local / Th3fa1r13sd1d1t.
Web Interface: http://srv1002428.hstgr.cloud:3000 (BLOCKED externally)
Secure Access: SSH tunnel required (see commands below)
================================================================================
SECURITY CONFIGURATION
================================================================================
🔒 SSH HARDENING STATUS:
✅ Port changed: 22 → 2255
✅ Root login: DISABLED
✅ SSH key authentication: CONFIGURED
✅ Password authentication: ENABLED (for safety - disable after testing)
✅ Max auth attempts: 3
✅ Login grace time: 30 seconds
✅ SSH banner: Security warning configured
✅ Strong encryption: AES-256, ChaCha20-Poly1305
🛡️ FIREWALL (UFW) STATUS:
✅ Status: ACTIVE and enabled on startup
✅ SSH (2255/tcp): ALLOWED with comment "SSH-Hardened"
✅ HTTP (80/tcp): ALLOWED with comment "HTTP-Dokploy"
✅ HTTPS (443/tcp): ALLOWED with comment "HTTPS-Dokploy"
✅ Dokploy (3000/tcp): DENIED with comment "Block-Dokploy-External"
✅ Default policy: DENY all other incoming traffic
🚨 FAIL2BAN PROTECTION:
✅ Status: ACTIVE with 2 jails
✅ SSH jail: 3 attempts → 2 hour ban
✅ Nginx jails: HTTP auth, bad bots, noscript protection
✅ Ban time: 1 hour (SSH: 2 hours)
✅ Find time: 10 minutes
✅ Monitoring: Auth logs and web access attempts
🔧 SYSTEM SECURITY:
✅ Automatic security updates: ENABLED
✅ Non-root sudo user: ubuntu user configured
✅ Package security: Latest security packages installed
✅ Docker access: Ubuntu user added to docker group
================================================================================
DOCKER SERVICES
================================================================================
🪙 BTCPAY SERVER (September 12, 2025):
✅ btcpayserver_bitcoind: Bitcoin Core (PRUNED 10GB, Tor-only)
✅ btcpayserver_dogecoind: Dogecoin daemon
✅ btcpayserver_monerod: Monero daemon
⚠️ btcpayserver_monero_wallet: Monero wallet (restarting - config issue)
⚠️ generated-zcash_walletd-1: Zcash wallet (restarting - needs daemon)
✅ generated_btcpayserver_1: BTCPay Server application
✅ generated_nbxplorer_1: Blockchain explorer
✅ generated_postgres_1: PostgreSQL database
✅ nginx: Reverse proxy with SSL
✅ tor: Tor daemon + onion services
✅ tor-gen: Tor configuration generator
✅ letsencrypt-nginx-proxy-companion: SSL certificate manager
🌐 BTCPAY ACCESS:
Clearnet: https://thebankofdebbie.giize.com
Tor Onion: njoc2ubkk7ymgqfg6plt3wcltvcvuv3j4eemixnovicegrlwhq2zwfad.onion (expected)
Bitcoin P2P Onion: s7n55wptvooma4gqsbdo5vn6v6nphjffqsmlufoa3fzqhwkqgeasslad.onion (expected)
🪙 CRYPTOCURRENCY STATUS:
✅ Bitcoin (BTC): Pruned mode (10GB max), Tor-only, fully operational
✅ Dogecoin (DOGE): Running (needs pruning configuration)
✅ Monero (XMR): Daemon operational, wallet setup in progress
⚠️ Ethereum (ETH): Configured in BTCPay but container missing
⚠️ Zcash (ZEC): Wallet present, main daemon needs configuration
🔧 CRITICAL CONFIGURATION FIX:
Problem: BTCPay Docker Compose YAML parsing broken for BITCOIN_EXTRA_ARGS
Solution: docker-compose.override.yml file (UPDATE-SAFE)
Location: /opt/btcpayserver-docker/docker-compose.override.yml
Status: Bitcoin pruning working via override file approach
🐳 LEGACY DOKPLOY CONTAINERS (if present):
✅ dokploy: Main application (port 3000 - blocked externally)
✅ dokploy-redis: Redis database (internal port 6379)
✅ dokploy-postgres: PostgreSQL database (internal port 5432)
✅ dokploy-traefik: Reverse proxy (ports 80, 443 - both protocols)
🔗 SERVICE STATUS:
BTCPay Services: 12 containers running, Bitcoin with proper pruning
Cryptocurrency Sync: In progress over Tor network
Disk Usage: 63GB used / 316GB available (safe with pruning)
================================================================================
STORAGE ANALYSIS
================================================================================
💾 CURRENT STORAGE:
Total Space: 387GB SSD
Used Space: 8.8GB (3% utilization)
Available: 378GB
Docker Data: 9.2GB
⚠️ BITCOIN NODE STORAGE REQUIREMENTS:
Current Blockchain: ~800GB (2025)
Annual Growth: 100-150GB
Recommended: 1TB+ SSD for full node
Status: CURRENT STORAGE INSUFFICIENT
📈 STORAGE OPTIONS:
1. Upgrade VPS to 1TB+ storage (RECOMMENDED)
2. Use Bitcoin pruned node (~10GB, limited functionality)
3. Add external storage solution
4. Use different VPS provider with larger storage
================================================================================
ACCESS COMMANDS
================================================================================
🔑 SSH ACCESS (SECURE):
ssh -i vps_hardening_key -p 2255 ubuntu@srv1002428.hstgr.cloud
🌐 DOKPLOY ADMIN ACCESS (via SSH tunnel):
ssh -i vps_hardening_key -p 2255 -L 3000:localhost:3000 ubuntu@srv1002428.hstgr.cloud
Then browse to: http://localhost:3000
🔍 SYSTEM MONITORING:
# Check firewall status
sudo ufw status numbered
# Check Fail2Ban status
sudo fail2ban-client status
# Check SSH security
sudo ss -tlnp | grep :2255
# Check Docker containers
docker ps
# Check system resources
df -h && free -h
🚨 EMERGENCY ACCESS:
If SSH keys fail, password authentication is still enabled:
ssh -p 2255 ubuntu@srv1002428.hstgr.cloud
Password: Th3fa1r13sd1d1t.
================================================================================
NEXT STEPS / TODO
================================================================================
🔄 IMMEDIATE ACTIONS:
1. Test SSH key access thoroughly from multiple locations
2. Once SSH keys proven reliable, disable password authentication:
Edit /etc/ssh/sshd_config: PasswordAuthentication no
3. Restart SSH service: sudo systemctl restart ssh
📦 BITCOIN/BTCPAY DEPLOYMENT:
1. ⚠️ CRITICAL: Upgrade storage to 1TB+ before Bitcoin node installation
2. Install Bitcoin Core for full node operation
3. Deploy BTCPay Server via Docker/Dokploy
4. Configure Lightning Network (if required)
5. Set up automated backups for Bitcoin/BTCPay data
🔐 SECURITY ENHANCEMENTS:
1. Configure email notifications for Fail2Ban alerts
2. Set up log monitoring and alerting
3. Implement automated backup verification
4. Configure VPN access for additional admin security (optional)
📊 MONITORING SETUP:
1. Configure disk space alerts (critical for Bitcoin node)
2. Set up service health monitoring
3. Implement performance monitoring
4. Configure backup success/failure notifications
================================================================================
SECURITY VERIFICATION
================================================================================
✅ HARDENING CHECKLIST COMPLETED:
[✅] System packages updated and automatic updates enabled
[✅] Non-root sudo user created (ubuntu)
[✅] SSH port changed from 22 to 2255
[✅] SSH key authentication configured and tested
[✅] Root login disabled
[✅] UFW firewall enabled with secure rules
[✅] Fail2Ban installed and configured
[✅] Dokploy admin interface secured (external access blocked)
[✅] SSH banner with security warning added
[✅] Strong SSH encryption ciphers configured
[✅] Docker access configured for ubuntu user
[✅] All unnecessary services removed/disabled
🔒 SECURITY POSTURE: EXCELLENT
Your VPS is now hardened against common attack vectors and ready for
production Bitcoin/BTCPay deployment once storage is upgraded.
================================================================================
SUPPORT CONTACTS
================================================================================
🏢 HOSTINGER SUPPORT:
Website: https://www.hostinger.com/contact
VPS Management: Hostinger Panel
Server ID: srv1002428
📧 EMERGENCY CONTACTS:
If locked out of server, contact Hostinger support with:
- Server hostname: srv1002428.hstgr.cloud
- Account credentials for VPS management panel
- Request console access or password reset
================================================================================
CHANGE LOG
================================================================================
2025-09-10: Initial VPS hardening completed
- SSH security hardening (port 2255, key auth, root disabled)
- UFW firewall configuration with secure rules
- Fail2Ban intrusion prevention system
- Dokploy security (blocked external access to port 3000)
- System updates and automatic update configuration
- Comprehensive security verification completed
================================================================================
END OF INFRASTRUCTURE DOCUMENT
================================================================================
Reference in New Issue View Git Blame Copy Permalink