boringproxy/docs/systemd.md

# Systemd Integration

These instructions assume that you have followed the [Installation instruction](https://boringproxy.io/#installation) and installed the boringproxy binary to `/usr/local/bin/`

If you install the binary to a different path you will need to update the path in the service files.

---

## System User and WorkingDirectory Setup

The following steps setup a user and working directory for boringproxy to match with standard best practices as not running processes as the root user.

### Admin Server & Client Setup
Currently the boringproxy client does not need 

```bash
# create the system user - We are using a system user as we don't want regular user permissions assigned since all it is going to be doing is running boringproxy for us. We also specify the shell as /bin/false so that nothing can login as this user just incase.
sudo useradd -d /opt/boringproxy -m --system --shell /bin/false boringproxy

# Since the boringproxy working directory houses data that we dont want to be exposed to other services/users are all we will make it so that ony the boringproxy user itself us able to access files and directories in the working directory
sudo chmod 700 /opt/boringproxy
```

## boringproxy Server Service

Download the boringproxy-server.service file
```bash
# with wget
wget https://raw.githubusercontent.com/boringproxy/boringproxy/master/systemd/boringproxy-server.service -O /tmp/boringproxy-server.service

# or with curl
curl https://raw.githubusercontent.com/boringproxy/boringproxy/master/systemd/boringproxy-server.service --output /tmp/boringproxy-server.service

# move the systemd file into the correct location
sudo mv /tmp/boringproxy-server.service /etc/systemd/system/boringproxy-server.service
```


Edit `/etc/systemd/system/boringproxy-server.service` and replace the admin domain `bp.example.com` with the domain that the server will be available at. EX: `-admin-domain proxy.bpuser.me`

Enable and start the boringproxy server service with the following command
```bash
sudo systemctl enable --now boringproxy-server.service
```

This will make sure that boringproxy server will always start backup if the host is restarted.

---

## boringproxy Client Service

Download the boringproxy-client@.service file
```bash
# with wget
wget https://raw.githubusercontent.com/boringproxy/boringproxy/master/systemd/boringproxy-client.service -O "/tmp/boringproxy-client@.service"

# or with curl
curl https://raw.githubusercontent.com/boringproxy/boringproxy/master/systemd/boringproxy-client.service --output "/tmp/boringproxy-client@.service"

sudo mv /tmp/boringproxy-client@.service /etc/systemd/system/boringproxy-client@.service
```

Edit `/etc/systemd/system/boringproxy-client@.service` and replace the server address `bp.example.com` with the domain that the server is located at. EX: `-server proxy.bpuser.me`

also edit the token value `your-bp-server-token` with the token from when you installed the server. EX: `-token rt42g.......3fn`

Enable and start the boringproxy server service with the following command
```bash
# the value after the @ symbol in the service name is what will determine the name of the client in the Admin UI
sudo systemctl enable --now boringproxy-client@default.service
```

This will make sure that boringproxy client will always start backup and reconnect to the boringclient server if the host is restarted or goes down for some reason.

## Notes
### Updating an existing boringproxy Server instance
If you have already ran the admin server you will need to migrate the db and change its permissions to keep your existing settings.

```bash
sudo mv /root/boringproxy_db.json /opt/boringproxy/boringproxy_db.json
sudo chown boringproxy:boringproxy /opt/boringproxy/boringproxy_db.json
```

### Client Service Unit File
This systemd service file is a template service which allows you to spawn multiple clients with a specified name. 

If you do not need/want the ability to launch multiple clients with a single service file and do not want to have to specify `boringproxy-client@<client-name>.service` when interacting with the service, rename the service file to `boringproxy-client.service` and remove the `%I` from the `Description` field and replace the `%i` after `-client-name` with the name you want the client to have. after those modifications you can use the service as `boringproxy-client.service`
adding systemd service files and howto docs 2021-01-04 03:40:17 -06:00			`# Systemd Integration`

			These instructions assume that you have followed the [Installation instruction](https://boringproxy.io/#installation) and installed the boringproxy binary to `/usr/local/bin/`

			`If you install the binary to a different path you will need to update the path in the service files.`

			`---`

corrected project name and fixed docs/systemd files as requested. 2021-01-05 00:24:32 -06:00			`## System User and WorkingDirectory Setup`

			`The following steps setup a user and working directory for boringproxy to match with standard best practices as not running processes as the root user.`

			`### Admin Server & Client Setup`
			`Currently the boringproxy client does not need`

			```bash
			`# create the system user - We are using a system user as we don't want regular user permissions assigned since all it is going to be doing is running boringproxy for us. We also specify the shell as /bin/false so that nothing can login as this user just incase.`
			`sudo useradd -d /opt/boringproxy -m --system --shell /bin/false boringproxy`

			`# Since the boringproxy working directory houses data that we dont want to be exposed to other services/users are all we will make it so that ony the boringproxy user itself us able to access files and directories in the working directory`
			`sudo chmod 700 /opt/boringproxy`
			```

			`## boringproxy Server Service`
adding systemd service files and howto docs 2021-01-04 03:40:17 -06:00
			`Download the boringproxy-server.service file`
			```bash
			`# with wget`
fixing curl/wget to not use sudo 2021-01-05 18:09:21 -06:00			`wget https://raw.githubusercontent.com/boringproxy/boringproxy/master/systemd/boringproxy-server.service -O /tmp/boringproxy-server.service`
adding systemd service files and howto docs 2021-01-04 03:40:17 -06:00
			`# or with curl`
fixing curl/wget to not use sudo 2021-01-05 18:09:21 -06:00			`curl https://raw.githubusercontent.com/boringproxy/boringproxy/master/systemd/boringproxy-server.service --output /tmp/boringproxy-server.service`

			`# move the systemd file into the correct location`
			`sudo mv /tmp/boringproxy-server.service /etc/systemd/system/boringproxy-server.service`
adding systemd service files and howto docs 2021-01-04 03:40:17 -06:00			```

fixing curl/wget to not use sudo 2021-01-05 18:09:21 -06:00
adding systemd service files and howto docs 2021-01-04 03:40:17 -06:00			Edit `/etc/systemd/system/boringproxy-server.service` and replace the admin domain `bp.example.com` with the domain that the server will be available at. EX: `-admin-domain proxy.bpuser.me`

			`Enable and start the boringproxy server service with the following command`
			```bash
			`sudo systemctl enable --now boringproxy-server.service`
			```

			`This will make sure that boringproxy server will always start backup if the host is restarted.`

			`---`

corrected project name and fixed docs/systemd files as requested. 2021-01-05 00:24:32 -06:00			`## boringproxy Client Service`
adding systemd service files and howto docs 2021-01-04 03:40:17 -06:00
			`Download the boringproxy-client@.service file`
			```bash
			`# with wget`
Broken URLs Fixed broken proxy client systemd urls 2022-07-13 14:19:28 -05:00			`wget https://raw.githubusercontent.com/boringproxy/boringproxy/master/systemd/boringproxy-client.service -O "/tmp/boringproxy-client@.service"`
adding systemd service files and howto docs 2021-01-04 03:40:17 -06:00
			`# or with curl`
Broken URLs Fixed broken proxy client systemd urls 2022-07-13 14:19:28 -05:00			`curl https://raw.githubusercontent.com/boringproxy/boringproxy/master/systemd/boringproxy-client.service --output "/tmp/boringproxy-client@.service"`
fixing curl/wget to not use sudo 2021-01-05 18:09:21 -06:00
			`sudo mv /tmp/boringproxy-client@.service /etc/systemd/system/boringproxy-client@.service`
adding systemd service files and howto docs 2021-01-04 03:40:17 -06:00			```

			Edit `/etc/systemd/system/boringproxy-client@.service` and replace the server address `bp.example.com` with the domain that the server is located at. EX: `-server proxy.bpuser.me`

			also edit the token value `your-bp-server-token` with the token from when you installed the server. EX: `-token rt42g.......3fn`

			`Enable and start the boringproxy server service with the following command`
			```bash
			`# the value after the @ symbol in the service name is what will determine the name of the client in the Admin UI`
			`sudo systemctl enable --now boringproxy-client@default.service`
			```

			`This will make sure that boringproxy client will always start backup and reconnect to the boringclient server if the host is restarted or goes down for some reason.`

corrected project name and fixed docs/systemd files as requested. 2021-01-05 00:24:32 -06:00			`## Notes`
fixed server service download command url 2021-01-05 00:42:05 -06:00			`### Updating an existing boringproxy Server instance`
			`If you have already ran the admin server you will need to migrate the db and change its permissions to keep your existing settings.`
adding systemd service files and howto docs 2021-01-04 03:40:17 -06:00
fixed server service download command url 2021-01-05 00:42:05 -06:00			```bash
			`sudo mv /root/boringproxy_db.json /opt/boringproxy/boringproxy_db.json`
			`sudo chown boringproxy:boringproxy /opt/boringproxy/boringproxy_db.json`
			```
adding systemd service files and howto docs 2021-01-04 03:40:17 -06:00
corrected project name and fixed docs/systemd files as requested. 2021-01-05 00:24:32 -06:00			`### Client Service Unit File`
			`This systemd service file is a template service which allows you to spawn multiple clients with a specified name.`
adding systemd service files and howto docs 2021-01-04 03:40:17 -06:00
Broken URLs Fixed broken proxy client systemd urls 2022-07-13 14:19:28 -05:00			If you do not need/want the ability to launch multiple clients with a single service file and do not want to have to specify `boringproxy-client@<client-name>.service` when interacting with the service, rename the service file to `boringproxy-client.service` and remove the `%I` from the `Description` field and replace the `%i` after `-client-name` with the name you want the client to have. after those modifications you can use the service as `boringproxy-client.service`