From ac1e8a1a241a4f7567d06a71ce16731e72b547fd Mon Sep 17 00:00:00 2001 From: hhf Date: Sun, 1 Dec 2024 19:09:26 +0530 Subject: [PATCH] Add README.md --- README.md | 63 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..0efb278 --- /dev/null +++ b/README.md @@ -0,0 +1,63 @@ +Let me explain each step of this script and what it does: + +1. **Script Setup** + - The `set -e` command makes the script exit if any command fails + - We create a helper function `check_status` to show clear success/failure messages + +2. **System Update (Lines 16-19)** + - Updates the package list and upgrades all installed packages + - This ensures your system is up-to-date before installing new software + +3. **Installing Tailscale (Lines 21-24)** + - Downloads and runs the official Tailscale installation script + - Tailscale is a VPN service that makes your devices act like they're on the same private network + +4. **Starting Tailscale (Lines 26-29)** + - Runs `tailscale up` which starts the Tailscale service + - This will show a login URL you need to visit to authenticate your device + - After authentication, your device joins your Tailscale network + +5. **Getting Tailscale IP (Lines 31-32)** + - Gets your device's Tailscale IP address + - This IP will be used to restrict services to only listen on the Tailscale network + +6. **SSH Configuration (Lines 34-52)** + - Backs up your original SSH configuration + - Creates a new SSH config that only listens on your Tailscale IP + - This means SSH will only be accessible through Tailscale + - SFTP uses the same port as SSH (22), so it's also restricted + +7. **CloudPanel Configuration (Lines 59-65)** + - Backs up the original CloudPanel nginx configuration + - Updates the configuration to only listen on the Tailscale IP + - This restricts the CloudPanel web interface (port 8443) to Tailscale access only + +8. **Firewall Configuration (Lines 68-73)** + - Sets up UFW (Uncomplicated Firewall) rules + - Denies all incoming traffic by default + - Allows all outgoing traffic + - Only allows incoming traffic on the Tailscale interface + +9. **Final Summary (Lines 75-88)** + - Shows a summary of what was configured + - Displays the new addresses for accessing your services + - Reminds you where to find backup files + +Important Notes for Users: +1. Run this script as root or with sudo +2. When you run `tailscale up`, you'll need to authenticate via a web browser +3. Make sure you can still access your server through Tailscale before logging out +4. Keep the backup files in case you need to restore the original configuration +5. The script assumes you're using Ubuntu/Debian - some modifications might be needed for other distributions + +To use this script: +1. Save it to a file (e.g., `setup-tailscale.sh`) +2. Make it executable: `chmod +x setup-tailscale.sh` +3. Run it: `sudo ./setup-tailscale.sh` + +After running the script, you'll only be able to access: +- SSH/SFTP through your Tailscale IP on port 22 +- CloudPanel through your Tailscale IP on port 8443 (https) +- No other external access will be allowed + +# You dont have to alter you VPS or any other Firewall \ No newline at end of file