ospab/ospab.network
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
91ab02dc8e5bcc05dd2ae7592acfb72f55ec0826
ospab.network/dist/linux-amd64/DEPLOY.md
ospab 7ed4217987 feat: Universal Linux build + redesigned ostp-guard 
- Build static musl binaries (work on any Linux distro)
- Redesign ostp-guard with weighted scoring system (threshold: 4 points)
  - HIGH (2pts): Analysis tools (gdb/ida/ghidra), sandbox artifacts
  - MEDIUM (1pt): Low resources (<1GB RAM), suspicious env vars
- Production VPS safe (1-2 points), sandbox blocked (4+ points)
- Anti-debug: Windows (IsDebuggerPresent), Linux (/proc/self/status)
- Deployment packages for Linux + Windows with SHA256 checksums
2026-01-02 01:38:30 +03:00

111 lines
2.7 KiB
Markdown
Raw Blame History

# OSTP Linux Deployment Package
## Contents
- **ostp-server** (4.0 MB) - Stealth VPN Server Binary
- **oncp-master** (4.7 MB) - CDN Control Plane Binary
- **install.sh** - Automated installation script
- **README.md** - Complete deployment guide
- **SHA256SUMS** - Binary checksums for verification
- **ostp-server.service** - Systemd service file
- **oncp-master.service** - Systemd service file
- **server.json.example** - Server configuration template
- **server-enrollment.json.example** - Auto-enrollment config template
## Quick Start
### 1. Verify Checksums
```bash
sha256sum -c SHA256SUMS
```
### 2. Run Installation Script
```bash
sudo bash install.sh
```
### 3. Configure Server
```bash
# Generate PSK
ostp-server gen-key
# Edit config
sudo nano /etc/ostp/server.json
# Replace PSK with generated key
# Start service
sudo systemctl enable ostp-server
sudo systemctl start ostp-server
sudo systemctl status ostp-server
```
## System Requirements
- **OS**: Debian 13+ / Ubuntu 24.04+ / RHEL 9+
- **Architecture**: x86_64
- **glibc**: 2.41+
- **Libraries**: libssl3, libcrypto3
- **Privileges**: Root/sudo required
## Build Information
- **Date**: January 2, 2026
- **Rust Version**: 1.85.0
- **Target**: x86_64-unknown-linux-gnu
- **glibc**: 2.41 (Debian Trixie)
- **Profile**: Release (optimized)
## Features
### ostp-server
- ✅ AEAD encryption (ChaCha20-Poly1305)
- ✅ X25519 key exchange
- ✅ TLS mimicry
- ✅ Anti-DPI protection
- ✅ UDP-over-TCP framing
- ✅ Silent PSK validation
- ✅ Anti-debugging protection
- ✅ Auto-enrollment to CDN
### oncp-master
- ✅ REST API for node management
- ✅ Node enrollment system (Pending→Approved→Active)
- ✅ CDN steering by country code
- ✅ User billing and quota tracking
- ✅ Dynamic SNI management
- ✅ Real-time dashboard CLI
- ✅ Network statistics
- ✅ SQLite backend
## Deployment Scenarios
### Standalone Server
Use `server.json.example` - manual PSK configuration
### CDN Network Node
Use `server-enrollment.json.example` - automatic enrollment with master node
## Security Considerations
1. **PSK Protection**: Keep PSKs secure, never commit to version control
2. **Firewall**: Restrict master node API to known IPs
3. **TLS**: Use reverse proxy for API TLS termination
4. **Updates**: Keep binaries updated for security patches
5. **Monitoring**: Use systemd logs and `oncp-master dashboard`
## Documentation
Full documentation in [README.md](README.md)
## Support
- **GitHub**: https://github.com/ospab/ospab.network
- **Issues**: https://github.com/ospab/ospab.network/issues
---
**Note**: ostp-server requires root privileges for TUN device creation and port binding. Anti-debugging protection (ostp-guard) is enabled in release builds.
Reference in New Issue View Git Blame Copy Permalink