-
Notifications
You must be signed in to change notification settings - Fork 345
Self hosting guide (WIP)
This document will guide you through setting up a self-hosted, single-server Geph instance. Although Geph is primarily used in Gephyra OÜ's multiuser, multiserver public service, the core command-line binaries geph4-client
and geph4-exit
do support a single-server mode similar to V2Ray, ShadowSocks, and suitable for self-hosting.
If you have a server running Debian 10 the easiest way to setup Geph is to use the following one-liner (make sure to refresh your package lists if you're starting from scratch $ sudo apt-get update
):
(as root):
$ curl -L https://waa.ai/geph-exit-setup | bash
(otherwise):
$ curl -L https://waa.ai/geph-exit-setup | sudo bash
If the script successfully runs, then it will print a line that looks like:
[2021-08-19T22:34:12Z INFO geph4_exit::listen] listening on <PUBLIC_KEY>@<IP_ADDR>:8814
Note the <PUBLIC_KEY>@<IP_ADDR>:8814
string. You can now skip to the "Connecting to the server" section to connect to your server.
- An up-to-date Rust toolchain (at least 1.50)
- A Linux distribution (we recommend Debian)
Installing from source code using Cargo is the only officially supported method. Fortunately, that's as easy as:
$ cargo install --locked geph4-exit
In order to start geph4-exit, we need to prepare a configuration file. Put this in /etc/geph4-exit.toml
:
# Where to listen for incoming connections. Change 8814 to whatever port you like
sosistab_listen = "[::]:8814"
# Where to store secret key
secret_key = "/home/user/geph4-exit.key"
It's important to make sure that the user running geph4-exit
will have writer permissions to the path given in secret_key
.
Now, we start Geph on the server:
$ geph4-exit --config /etc/geph4-exit.toml
[2021-08-15T01:17:30Z INFO geph4_exit] read configuration file:
{
...
}
[2021-08-15T01:17:30Z INFO geph4_exit::listen] listening on <PUBLIC_KEY>@<IP_ADDR>:8814
Note the value of <PUBLIC_KEY>@<IP_ADDR>:8814>
in the output. This will be the URL of the server that clients will use to connect.
Right now, you need to keep the geph4-exit
command running in the foreground in order to have the Geph server stay on. We can instead use a simple systemd service to keep geph4-exit
running in the background. Create a new file in /etc/systemd/system/geph4-exit.service
:
[Unit]
Description=Geph4 exit service.
[Service]
Type=exec
Restart=always
ExecStart=/whatever/path/to/geph4-exit --config /etc/geph4-exit.toml
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
Then, run systemctl enable geph4-exit
, systemctl daemon-reload
, systemctl start geph4-exit
, systemctl enable geph4-exit
, and geph4-exit
will automatically start running in the background every time your server reboots.
On the client machine, install geph4-client
with Cargo:
$ cargo install --locked geph4-client
We now use the --override-connect
option to connect to our self-hosted server:
$ geph4-client connect --override-connect <PUBLIC_KEY>@<IP_ADDRESS>:8814
...
[2021-08-16 08:20:30] INFO [geph4-client/src/tunman/mod.rs:133] TUNNEL_MANAGER MAIN LOOP through <IP_ADDRESS>:8814
where <PUBLIC_KEY>
is the values printed out by geph4-exit
on the server, and <IP_ADDRESS>
is the IP address of the server running geph4-exit
.
You can now use Geph on the usual ports:
-
localhost:9910
: HTTP proxy -
localhost:9909
: SOCKS5 proxy