tags: - gost - raspberry pi categories: - informational comments: true

date: 2021-12-26 00:00:00

DESCRIPTION

web proxy for ubuntu. no caching. no filtering.

ERRORS

VERIFICATION

COMMANDS

System changes

gost proxy: Compile using go

git clone https://github.com/ginuerzh/gost.git
cd gost/cmd/gost
env GOOS=linux GOARCH=arm CGO_ENABLED=0 go build -trimpath -ldflags "-s -w"
sftp sba161
put gost

setup to start as a systemd service

cat /lib/systemd/system/gostproxy.service

[Unit]
Description=gostproxy
After=network.target

[Service]
ExecStart=gost -L=:8080
User=_gostproxy
Restart=always
KillMode=process
#Hardening

PrivateTmp=true

#CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE
#AmbientCapabilities=CAP_NET_BIND_SERVICE
#SecureBits=noroot-locked

ProtectSystem=strict
ProtectHome=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectControlGroups=true
MountFlags=private
NoNewPrivileges=true
PrivateDevices=true
RestrictAddressFamilies=AF_INET AF_INET6

MemoryDenyWriteExecute=true
#DynamicUser=true

[Install]
WantedBy=multi-user.target

cp  /lib/systemd/system/gostproxy.service  /etc/systemd/system/

useradd -s /usr/sbin/nologin _gostproxy -d /run/_gostproxy

systemctl daemon-reload
systemctl start gostproxy
systemctl status gostproxy
systemctl enable gostpro