oxeo0/blog-contributions
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions.git synced 2025-07-02 11:56:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

add steps for deploying the infra

Browse source
This commit is contained in:
midas 2025-02-18 17:51:11 +01:00
parent 45f7d69e45
commit 460bfb52a4
1 changed files with 66 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

66
opsec/anonymous_server_monitoring/index.html
View file

@ -200,6 +200,72 @@
First, let's have a look at the network topology we'll be building: First, let's have a look at the network topology we'll be building:
<br> <br>
<img src="architecture.png"/> <img src="architecture.png"/>
<h1><b>Setting up the Server</b></h1>
First you want to set up your central monitoring server. For ease of use and better performance we are going to colocate the prometheus collector along with grafana.
<h2>Tor Configuration</h2>
The prometheus collector will only be accessed locally by grafana so it doesn't need to be accessible over tor. Grafana, on the other hand, does.
<br>
Let's start with our torrc:<br>
<pre><code class="nim">
AutomapHostsSuffixes .onion,.exit
DataDirectory /var/lib/tor
SOCKSPort 127.0.0.1:9050 IsolateDestAddr
HiddenServiceDir /var/lib/tor/onion/grafana
HiddenServicePort 80 127.0.0.1:2700
</code></pre>
And that's all you'll need! one hiddn service for grafana. <br> You'll find your hostname in /var/lib/tor/onion/grafana/hostname.
<h2>Prometheus server configuration</h2>
clean and simple: we scrape our server every 10s for new data, configure a proxy URL so scraping happens over tor, using our socksport and configure ou scraping targets
<pre><code class="nim">
global:
scrape_interval: 10s
scrape_configs:
- job_name: nodes
proxy_url: socks5h://localhost:9050
static_configs:
- labels: {}
targets:
- [fill later with our client .onion address]:9002
</code></pre>
<h1>Setting up the client</h1>
On the client it's even easier.
<h2>Tor Configuration</h2>
Since prometheus works on a pull model, you will need to expose your node exporter, no need for a socks proxy either.
<br>
<pre><code class="nim">
AutomapHostsSuffixes .onion,.exit
DataDirectory /var/lib/tor
HiddenServiceDir /var/lib/tor/onion/prometheus
HiddenServicePort 9002 127.0.0.1:9002
</code></pre>
Next, you need to install the prometheus-node-exporter. Depending on your distribution of choice it's very likely it's in your package manager under that name.
<br>
and here is how we will start it in our unit file : <br>
<pre><code class="nim">
prometheus_node_exporter --collector.systemd --web.listen-address 127.0.0.1:9002 --collector.ethtool --collector.softirqs --collector.tcpstat --collector.wifi
</code></pre>
<br>
Do note that the name of the executable might change based on your distribution. What it does:
<br>
<ul>
<li> collect systemd data (services and so on)</li>
<li> collect internet throughput data</li>
</ul>
</p> </p>
</div> </div>