Skip to content

Self hosting guide (WIP)

Jump to bottom
Eric (Yuhao Dong) edited this page Aug 16, 2021 · 6 revisions

This document will guide you through setting up a self-hosted, single-server Geph instance. Although Geph is primarily used in Gephyra OÜ's multiuser, multiserver public service, the core command-line binaries geph4-client and geph4-exit do support a single-server mode similar to V2Ray, ShadowSocks, and suitable for self-hosting.

Setting up the server

Prerequisites

  • A up-to-date Rust toolchain (at least 1.50)
  • A Linux distribution (we recommend Debian)

Install geph4-exit

Installing from source code using Cargo is the only officially supported method. Fortunately, that's as easy as:

$ cargo install --locked geph4-exit

Write a configuration file

In order to start geph4-exit, we need to prepare a configuration file. Put this in /etc/geph4-exit.toml:

# Where to listen for incoming connections. Change 8814 to whatever port you like
sosistab_listen = "[::]:8814"
# Where to store secret key
secret_key = "/home/user/geph4-exit.key"

It's important to make sure that the user running geph4-exit will have writer permissions to the path given in secret_key.

Starting geph4-exit

Now, we start Geph on the server:

$ geph4-exit --config /etc/geph4-exit.toml
[2021-08-15T01:17:30Z INFO  geph4_exit] read configuration file:
    {
		...
    }
[2021-08-15T01:17:30Z INFO  geph4_exit::listen] listening on <PUBLIC_KEY>@[::]:8814

Note the value of <PUBLIC_KEY> in the output. It should be a long, hexadecimal string like e5b02091dbfd46a118a826f1f097e36e40da754a83353cc4612e7e41688d226c.

Setting up a systemd service

Right now, you need to keep the geph4-exit command running in the foreground in order to have the Geph server stay on. We can instead use a simple systemd service to keep geph4-exit running in the background. Create a new file in /etc/systemd/system/geph4-exit.service:

[Unit]
Description=Geph4 exit service.

[Service]
Type=exec
Restart=always
ExecStart=/whatever/path/to/geph4-exit --config /etc/geph4-exit.toml
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

Then, run systemctl enable geph4-exit, systemctl daemon-reload, systemctl start geph4-exit, systemctl enable geph4-exit, and geph4-exit will automatically start running in the background every time your server reboots.

Connecting to the server

Install geph4-client

On the client machine, install geph4-client with Cargo:

$ cargo install --locked geph4-exit

Run geph4-client

We now use the --override-connect option to connect to our self-hosted server:

$ geph4-client connect --override-connect <PUBLIC_KEY>@<IP_ADDRESS>:8814
...
[2021-08-16 08:20:30] INFO [geph4-client/src/tunman/mod.rs:133] TUNNEL_MANAGER MAIN LOOP through <IP_ADDRESS>:8814

where <PUBLIC_KEY> is the values printed out by geph4-exit on the server, and <IP_ADDRESS> is the IP address of the server running geph4-exit.

You can now use Geph on the usual ports:

  • localhost:9910: HTTP proxy
  • localhost:9909: SOCKS5 proxy
Clone this wiki locally