Skip to content

Self hosting guide (WIP)

Marco Serrano edited this page Sep 14, 2023 · 6 revisions

中文

This document will guide you through setting up a self-hosted, single-server Geph instance. Although Geph is primarily used in Gephyra OÜ's multiuser, multiserver public service, the core command-line binaries geph4-client and geph4-exit do support a single-server mode similar to V2Ray, ShadowSocks, and suitable for self-hosting.

Setting up the server (one-liner wizard)

If you have a server running Debian 10 the easiest way to setup Geph is to use the following one-liner (make sure to refresh your package lists if you're starting from scratch $ sudo apt-get update):

(as root):

$ curl -L https://waa.ai/geph-exit-setup | bash

(otherwise):

$ curl -L https://waa.ai/geph-exit-setup | sudo bash

If the script successfully runs, then it will print a line that looks like:

[2021-08-19T22:34:12Z INFO  geph4_exit::listen] listening on <PUBLIC_KEY>@<IP_ADDR>:8814

Note the <PUBLIC_KEY>@<IP_ADDR>:8814 string. You can now skip to the "Connecting to the server" section to connect to your server.

Setting up the server (manual)

Prerequisites

  • An up-to-date Rust toolchain (at least 1.50)
  • A Linux distribution (we recommend Debian)

Install geph4-exit

Installing from source code using Cargo is the only officially supported method. Fortunately, that's as easy as:

$ cargo install --locked geph4-exit

Write a configuration file

In order to start geph4-exit, we need to prepare a configuration file. Put this in /etc/geph4-exit.toml:

# Where to listen for incoming connections. Change 8814 to whatever port you like
sosistab_listen = "[::]:8814"
# Where to store secret key
secret_key = "/home/user/geph4-exit.key"

It's important to make sure that the user running geph4-exit will have writer permissions to the path given in secret_key.

Starting geph4-exit

Now, we start Geph on the server:

$ geph4-exit --config /etc/geph4-exit.toml
[2021-08-15T01:17:30Z INFO  geph4_exit] read configuration file:
    {
		...
    }
[2021-08-15T01:17:30Z INFO  geph4_exit::listen] listening on <PUBLIC_KEY>@<IP_ADDR>:8814

Note the value of <PUBLIC_KEY>@<IP_ADDR>:8814> in the output. This will be the URL of the server that clients will use to connect.

Setting up a systemd service

Right now, you need to keep the geph4-exit command running in the foreground in order to have the Geph server stay on. We can instead use a simple systemd service to keep geph4-exit running in the background. Create a new file in /etc/systemd/system/geph4-exit.service:

[Unit]
Description=Geph4 exit service.

[Service]
Type=exec
Restart=always
ExecStart=/whatever/path/to/geph4-exit --config /etc/geph4-exit.toml
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

Then, run systemctl enable geph4-exit, systemctl daemon-reload, systemctl start geph4-exit, systemctl enable geph4-exit, and geph4-exit will automatically start running in the background every time your server reboots.

Connecting to the server

Install geph4-client

On the client machine, install geph4-client with Cargo:

$ cargo install --locked geph4-client

Run geph4-client

We now use the --override-connect option to connect to our self-hosted server:

$ geph4-client connect --override-connect <PUBLIC_KEY>@<IP_ADDRESS>:8814
...
[2021-08-16 08:20:30] INFO [geph4-client/src/tunman/mod.rs:133] TUNNEL_MANAGER MAIN LOOP through <IP_ADDRESS>:8814

where <PUBLIC_KEY> is the values printed out by geph4-exit on the server, and <IP_ADDRESS> is the IP address of the server running geph4-exit.

You can now use Geph on the usual ports:

  • localhost:9910: HTTP proxy
  • localhost:9909: SOCKS5 proxy