add steps for deploying the infra

2025-07-02 11:56:40 +00:00 · 2025-02-18 17:51:11 +01:00 · 2025-02-18 17:51:11 +01:00 · 460bfb52a4
commit 460bfb52a4
parent 45f7d69e45
1 changed files with 66 additions and 0 deletions
--- a/opsec/anonymous_server_monitoring/index.html
+++ b/opsec/anonymous_server_monitoring/index.html
@ -200,6 +200,72 @@
                        First, let's have a look at the network topology we'll be building:
                        <br>
                        <img src="architecture.png"/>
+
+                        <h1><b>Setting up the Server</b></h1>
+
+                        First you want to set up your central monitoring server. For ease of use and better performance we are going to colocate the prometheus collector along with grafana.
+
+                        <h2>Tor Configuration</h2>
+                        The prometheus collector will only be accessed locally by grafana so it doesn't need to be accessible over tor. Grafana, on the other hand, does.
+                        <br>
+
+                        Let's start with our torrc:<br>
+<pre><code class="nim">
+AutomapHostsSuffixes .onion,.exit
+DataDirectory /var/lib/tor
+SOCKSPort 127.0.0.1:9050 IsolateDestAddr
+HiddenServiceDir /var/lib/tor/onion/grafana
+HiddenServicePort 80 127.0.0.1:2700
+</code></pre>
+
+And that's all you'll need! one hiddn service for grafana. <br> You'll find your hostname in /var/lib/tor/onion/grafana/hostname.
+
+<h2>Prometheus server configuration</h2>
+clean and simple: we scrape our server every 10s for new data, configure a proxy URL so scraping happens over tor, using our socksport and configure ou scraping targets
+
+<pre><code class="nim">
+global:
+  scrape_interval: 10s
+scrape_configs:
+- job_name: nodes
+  proxy_url: socks5h://localhost:9050
+  static_configs:
+  - labels: {}
+    targets:
+    - [fill later with our client .onion address]:9002
+</code></pre>
+
+<h1>Setting up the client</h1>
+On the client it's even easier.
+
+<h2>Tor Configuration</h2>
+Since prometheus works on a pull model, you will need to expose your node exporter, no need for a socks proxy either.
+<br>
+
+<pre><code class="nim">
+AutomapHostsSuffixes .onion,.exit
+DataDirectory /var/lib/tor
+HiddenServiceDir /var/lib/tor/onion/prometheus
+HiddenServicePort 9002 127.0.0.1:9002
+</code></pre>
+
+ Next, you need to install the prometheus-node-exporter. Depending on your distribution of choice it's very likely it's in your package manager under that name.
+ <br>
+
+ and here is how we will start it in our unit file : <br>
+ <pre><code class="nim">
+prometheus_node_exporter --collector.systemd --web.listen-address 127.0.0.1:9002 --collector.ethtool --collector.softirqs --collector.tcpstat --collector.wifi
+ </code></pre>
+
+ <br>
+ Do note that the name of the executable might change based on your distribution. What it does:
+ <br>
+ <ul>
+     <li> collect systemd data (services and so on)</li>
+     <li> collect internet throughput data</li>
+ </ul>
+
+
                    </p>
          
 	       </div>