From 9da3db7a17a646e5b9ea22a02b790ee3880024d7 Mon Sep 17 00:00:00 2001 From: Buck Brady Date: Mon, 4 Jan 2021 02:40:17 -0700 Subject: [PATCH 1/8] adding systemd service files and howto docs --- scripts/boringproxy-client@.service | 13 +++++ scripts/boringproxy-server.service | 14 +++++ systemd-integration.md | 91 +++++++++++++++++++++++++++++ 3 files changed, 118 insertions(+) create mode 100644 scripts/boringproxy-client@.service create mode 100644 scripts/boringproxy-server.service create mode 100644 systemd-integration.md diff --git a/scripts/boringproxy-client@.service b/scripts/boringproxy-client@.service new file mode 100644 index 0000000..2b18565 --- /dev/null +++ b/scripts/boringproxy-client@.service @@ -0,0 +1,13 @@ +[Unit] +Description=BoringProxy Client (%I client) +After=network.target + +[Service] +PrivateTmp=true +Type=simple +User=root +Group=root +ExecStart=/usr/local/bin/boringproxy client -server bp.example.com -token your-bp-server-token -client-name %i + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/scripts/boringproxy-server.service b/scripts/boringproxy-server.service new file mode 100644 index 0000000..7692e23 --- /dev/null +++ b/scripts/boringproxy-server.service @@ -0,0 +1,14 @@ +[Unit] +Description=BoringProxy Server +After=network.target + +[Service] +PrivateTmp=true +Type=simple +User=root +Group=root +WorkingDirectory=/root/ +ExecStart=/usr/local/bin/boringproxy server -admin-domain bp.example.com + +[Install] +WantedBy=multi-user.target diff --git a/systemd-integration.md b/systemd-integration.md new file mode 100644 index 0000000..6719aea --- /dev/null +++ b/systemd-integration.md @@ -0,0 +1,91 @@ +# Systemd Integration + +These instructions assume that you have followed the [Installation instruction](https://boringproxy.io/#installation) and installed the boringproxy binary to `/usr/local/bin/` + +If you install the binary to a different path you will need to update the path in the service files. + +--- + +## BoringProxy Server Service +This service file along with the assumptions above assumes that you will run the initial launch of the server from the `/root` directory as the `root` user. + +Download the boringproxy-server.service file +```bash +# with wget +sudo wget https://raw.githubusercontent.com/boringproxy/boringproxy/master/scripts/boringproxy-server.service -O /etc/systemd/system/boringproxy-server.service + +# or with curl +sudo curl https://raw.githubusercontent.com/boringproxy/boringproxy/master/scripts/build.sh --output /etc/systemd/system/boringproxy-server.service +``` + +Edit `/etc/systemd/system/boringproxy-server.service` and replace the admin domain `bp.example.com` with the domain that the server will be available at. EX: `-admin-domain proxy.bpuser.me` + +Enable and start the boringproxy server service with the following command +```bash +sudo systemctl enable --now boringproxy-server.service +``` + +This will make sure that boringproxy server will always start backup if the host is restarted. + +--- + +## BoringProxy Client Service + +Download the boringproxy-client@.service file +```bash +# with wget +sudo wget https://raw.githubusercontent.com/boringproxy/boringproxy/master/scripts/boringproxy-client%40.service -O "/etc/systemd/system/boringproxy-client@.service" + +# or with curl +sudo curl https://raw.githubusercontent.com/boringproxy/boringproxy/master/scripts/boringproxy-client%40.service --output "/etc/systemd/system/boringproxy-client@.service" +``` + +Edit `/etc/systemd/system/boringproxy-client@.service` and replace the server address `bp.example.com` with the domain that the server is located at. EX: `-server proxy.bpuser.me` + +also edit the token value `your-bp-server-token` with the token from when you installed the server. EX: `-token rt42g.......3fn` + +Enable and start the boringproxy server service with the following command +```bash +# the value after the @ symbol in the service name is what will determine the name of the client in the Admin UI +sudo systemctl enable --now boringproxy-client@default.service +``` + +This will make sure that boringproxy client will always start backup and reconnect to the boringclient server if the host is restarted or goes down for some reason. + +### Notes + +This systemd service file is a template service which allows you to spawn multiple clients with a specified name. + +If you do not need/want the ability to launch multiple clients with a single service file and do not want to have to specify `boringproxy-client@.service` when interacting with the service, rename the service file to `boringproxy-client.service` and remove the `%I` from the `Description` field and replace the `%i` after `-client-name` with the name you want the client to have. after those modifications you can use the service as `boringproxy-client.service` + +--- + +## Using a user other than root + +As good practice tells us we really should not run services as the root user. If you would like to follow these best practices the service file `User`, `Group`, and `WorkingDirectory` values will need to be updated. + +The below commands will setup and fix the service file to use a user besides root +```bash +# create the system users homedir - This is needed as you need a place to store the `boringproxy_db.json` file +sudo mkdir -pv /opt/boringproxy + +# create the system user - We are using a system user as we don't want regular user permissions assigned since all it is going to be doing is running boringproxy for us. We also specify the shell as /bin/false so that nothing can login as this user just incase. +sudo useradd -d /opt/boringproxy -m --system --shell /bin/false boringproxy + +# If you have already launched the boringproxy server you need to move the db file to keep your settings +# mv /root/boringproxy_db.json /opt/boringproxy/boringproxy_db.json + +# Set the permissions just to make sure especially if you have moved the db file into the directory. +sudo chown boringproxy:boringproxy -R /opt/boringproxy +# You can also lock down the directory even further with the following if your somewhat paranoid +# chmod 700 /opt/boringproxy + +# update the service files to use the new user, group, and user home directory +# Server Service +sed -i "s/^User=.*/User=boringproxy/" /etc/systemd/system/boringproxy-server.service +sed -i "s/^Group=.*/Group=boringproxy/" /etc/systemd/system/boringproxy-server.service +sed -i "s/^WorkingDirectory=.*/WorkingDirectory=/opt/boringproxy/" /etc/systemd/system/boringproxy-server.service +# Client Service +sed -i "s/^User=.*/User=boringproxy/" /etc/systemd/system/boringproxy-client\@.service +sed -i "s/^Group=.*/Group=boringproxy/" /etc/systemd/system/boringproxy-client\@.service +``` \ No newline at end of file From 8ae5acac4c8390632be06b4e0661001c199d1c94 Mon Sep 17 00:00:00 2001 From: Buck Brady Date: Mon, 4 Jan 2021 23:24:32 -0700 Subject: [PATCH 2/8] corrected project name and fixed docs/systemd files as requested. --- systemd-integration.md => docs/systemd.md | 70 ++++++++----------- .../boringproxy-client@.service | 7 +- .../boringproxy-server.service | 8 +-- 3 files changed, 39 insertions(+), 46 deletions(-) rename systemd-integration.md => docs/systemd.md (62%) rename {scripts => systemd}/boringproxy-client@.service (58%) rename {scripts => systemd}/boringproxy-server.service (62%) diff --git a/systemd-integration.md b/docs/systemd.md similarity index 62% rename from systemd-integration.md rename to docs/systemd.md index 6719aea..2d48191 100644 --- a/systemd-integration.md +++ b/docs/systemd.md @@ -6,8 +6,22 @@ If you install the binary to a different path you will need to update the path i --- -## BoringProxy Server Service -This service file along with the assumptions above assumes that you will run the initial launch of the server from the `/root` directory as the `root` user. +## System User and WorkingDirectory Setup + +The following steps setup a user and working directory for boringproxy to match with standard best practices as not running processes as the root user. + +### Admin Server & Client Setup +Currently the boringproxy client does not need + +```bash +# create the system user - We are using a system user as we don't want regular user permissions assigned since all it is going to be doing is running boringproxy for us. We also specify the shell as /bin/false so that nothing can login as this user just incase. +sudo useradd -d /opt/boringproxy -m --system --shell /bin/false boringproxy + +# Since the boringproxy working directory houses data that we dont want to be exposed to other services/users are all we will make it so that ony the boringproxy user itself us able to access files and directories in the working directory +sudo chmod 700 /opt/boringproxy +``` + +## boringproxy Server Service Download the boringproxy-server.service file ```bash @@ -27,17 +41,25 @@ sudo systemctl enable --now boringproxy-server.service This will make sure that boringproxy server will always start backup if the host is restarted. +### Notes +If you have already ran the admin server you will need to migrate the db and change its permissions to keep your existing settings. + +```bash +mv /root/boringproxy_db.json /opt/boringproxy/boringproxy_db.json +sudo chown boringproxy:boringproxy /opt/boringproxy/boringproxy_db.json +``` + --- -## BoringProxy Client Service +## boringproxy Client Service Download the boringproxy-client@.service file ```bash # with wget -sudo wget https://raw.githubusercontent.com/boringproxy/boringproxy/master/scripts/boringproxy-client%40.service -O "/etc/systemd/system/boringproxy-client@.service" +sudo wget https://raw.githubusercontent.com/boringproxy/boringproxy/master/systemd/boringproxy-client%40.service -O "/etc/systemd/system/boringproxy-client@.service" # or with curl -sudo curl https://raw.githubusercontent.com/boringproxy/boringproxy/master/scripts/boringproxy-client%40.service --output "/etc/systemd/system/boringproxy-client@.service" +sudo curl https://raw.githubusercontent.com/boringproxy/boringproxy/master/systemd/boringproxy-client%40.service --output "/etc/systemd/system/boringproxy-client@.service" ``` Edit `/etc/systemd/system/boringproxy-client@.service` and replace the server address `bp.example.com` with the domain that the server is located at. EX: `-server proxy.bpuser.me` @@ -52,40 +74,10 @@ sudo systemctl enable --now boringproxy-client@default.service This will make sure that boringproxy client will always start backup and reconnect to the boringclient server if the host is restarted or goes down for some reason. -### Notes +## Notes + +### Client Service Unit File This systemd service file is a template service which allows you to spawn multiple clients with a specified name. -If you do not need/want the ability to launch multiple clients with a single service file and do not want to have to specify `boringproxy-client@.service` when interacting with the service, rename the service file to `boringproxy-client.service` and remove the `%I` from the `Description` field and replace the `%i` after `-client-name` with the name you want the client to have. after those modifications you can use the service as `boringproxy-client.service` - ---- - -## Using a user other than root - -As good practice tells us we really should not run services as the root user. If you would like to follow these best practices the service file `User`, `Group`, and `WorkingDirectory` values will need to be updated. - -The below commands will setup and fix the service file to use a user besides root -```bash -# create the system users homedir - This is needed as you need a place to store the `boringproxy_db.json` file -sudo mkdir -pv /opt/boringproxy - -# create the system user - We are using a system user as we don't want regular user permissions assigned since all it is going to be doing is running boringproxy for us. We also specify the shell as /bin/false so that nothing can login as this user just incase. -sudo useradd -d /opt/boringproxy -m --system --shell /bin/false boringproxy - -# If you have already launched the boringproxy server you need to move the db file to keep your settings -# mv /root/boringproxy_db.json /opt/boringproxy/boringproxy_db.json - -# Set the permissions just to make sure especially if you have moved the db file into the directory. -sudo chown boringproxy:boringproxy -R /opt/boringproxy -# You can also lock down the directory even further with the following if your somewhat paranoid -# chmod 700 /opt/boringproxy - -# update the service files to use the new user, group, and user home directory -# Server Service -sed -i "s/^User=.*/User=boringproxy/" /etc/systemd/system/boringproxy-server.service -sed -i "s/^Group=.*/Group=boringproxy/" /etc/systemd/system/boringproxy-server.service -sed -i "s/^WorkingDirectory=.*/WorkingDirectory=/opt/boringproxy/" /etc/systemd/system/boringproxy-server.service -# Client Service -sed -i "s/^User=.*/User=boringproxy/" /etc/systemd/system/boringproxy-client\@.service -sed -i "s/^Group=.*/Group=boringproxy/" /etc/systemd/system/boringproxy-client\@.service -``` \ No newline at end of file +If you do not need/want the ability to launch multiple clients with a single service file and do not want to have to specify `boringproxy-client@.service` when interacting with the service, rename the service file to `boringproxy-client.service` and remove the `%I` from the `Description` field and replace the `%i` after `-client-name` with the name you want the client to have. after those modifications you can use the service as `boringproxy-client.service` \ No newline at end of file diff --git a/scripts/boringproxy-client@.service b/systemd/boringproxy-client@.service similarity index 58% rename from scripts/boringproxy-client@.service rename to systemd/boringproxy-client@.service index 2b18565..712b962 100644 --- a/scripts/boringproxy-client@.service +++ b/systemd/boringproxy-client@.service @@ -1,12 +1,13 @@ [Unit] -Description=BoringProxy Client (%I client) +Description=boringproxy client (%I) After=network.target [Service] PrivateTmp=true Type=simple -User=root -Group=root +User=boringproxy +Group=boringproxy +WorkingDirectory=/opt/boringproxy/ ExecStart=/usr/local/bin/boringproxy client -server bp.example.com -token your-bp-server-token -client-name %i [Install] diff --git a/scripts/boringproxy-server.service b/systemd/boringproxy-server.service similarity index 62% rename from scripts/boringproxy-server.service rename to systemd/boringproxy-server.service index 7692e23..360c511 100644 --- a/scripts/boringproxy-server.service +++ b/systemd/boringproxy-server.service @@ -1,13 +1,13 @@ [Unit] -Description=BoringProxy Server +Description=boringproxy Admin Server After=network.target [Service] PrivateTmp=true Type=simple -User=root -Group=root -WorkingDirectory=/root/ +User=boringproxy +Group=boringproxy +WorkingDirectory=/opt/boringproxy/ ExecStart=/usr/local/bin/boringproxy server -admin-domain bp.example.com [Install] From c027c22aa52384988f75c93f20b9d7b166faa357 Mon Sep 17 00:00:00 2001 From: Buck Brady Date: Mon, 4 Jan 2021 23:27:43 -0700 Subject: [PATCH 3/8] small cleanup to systemd docs --- docs/systemd.md | 8 -------- 1 file changed, 8 deletions(-) diff --git a/docs/systemd.md b/docs/systemd.md index 2d48191..bdb3855 100644 --- a/docs/systemd.md +++ b/docs/systemd.md @@ -41,14 +41,6 @@ sudo systemctl enable --now boringproxy-server.service This will make sure that boringproxy server will always start backup if the host is restarted. -### Notes -If you have already ran the admin server you will need to migrate the db and change its permissions to keep your existing settings. - -```bash -mv /root/boringproxy_db.json /opt/boringproxy/boringproxy_db.json -sudo chown boringproxy:boringproxy /opt/boringproxy/boringproxy_db.json -``` - --- ## boringproxy Client Service From 8efb6c4491338e95582ad83fe4d0949573510539 Mon Sep 17 00:00:00 2001 From: Buck Brady Date: Mon, 4 Jan 2021 23:42:05 -0700 Subject: [PATCH 4/8] fixed server service download command url --- docs/systemd.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/docs/systemd.md b/docs/systemd.md index bdb3855..82ed73c 100644 --- a/docs/systemd.md +++ b/docs/systemd.md @@ -26,10 +26,10 @@ sudo chmod 700 /opt/boringproxy Download the boringproxy-server.service file ```bash # with wget -sudo wget https://raw.githubusercontent.com/boringproxy/boringproxy/master/scripts/boringproxy-server.service -O /etc/systemd/system/boringproxy-server.service +sudo wget https://raw.githubusercontent.com/boringproxy/boringproxy/master/systemd/boringproxy-server.service -O /etc/systemd/system/boringproxy-server.service # or with curl -sudo curl https://raw.githubusercontent.com/boringproxy/boringproxy/master/scripts/build.sh --output /etc/systemd/system/boringproxy-server.service +sudo curl https://raw.githubusercontent.com/boringproxy/boringproxy/master/systemd/boringproxy-server.service --output /etc/systemd/system/boringproxy-server.service ``` Edit `/etc/systemd/system/boringproxy-server.service` and replace the admin domain `bp.example.com` with the domain that the server will be available at. EX: `-admin-domain proxy.bpuser.me` @@ -67,7 +67,13 @@ sudo systemctl enable --now boringproxy-client@default.service This will make sure that boringproxy client will always start backup and reconnect to the boringclient server if the host is restarted or goes down for some reason. ## Notes +### Updating an existing boringproxy Server instance +If you have already ran the admin server you will need to migrate the db and change its permissions to keep your existing settings. +```bash +sudo mv /root/boringproxy_db.json /opt/boringproxy/boringproxy_db.json +sudo chown boringproxy:boringproxy /opt/boringproxy/boringproxy_db.json +``` ### Client Service Unit File This systemd service file is a template service which allows you to spawn multiple clients with a specified name. From a67253c55a02f735432cd629707abe4722056988 Mon Sep 17 00:00:00 2001 From: Martin Tournoij Date: Tue, 5 Jan 2021 22:04:08 +0800 Subject: [PATCH 5/8] Add usage information Before not giving any command didn't really give much feedback beyond "invalid arguments". This adds a basic usage message, and tells people that you can use "boringproxy server -h". I moved the "Starting up" log message because otherwise that would get printed when asking for "server -h". I also added error checks for the flag parsing; I think this isn't *strictly* needed, but I remember running in to problems once by omitting it (although I've forgotten what that problem was, exactly). --- boringproxy.go | 12 +++++++++--- client.go | 11 +++++++---- main.go | 21 ++++++++++++++------- 3 files changed, 30 insertions(+), 14 deletions(-) diff --git a/boringproxy.go b/boringproxy.go index c5a3a52..077966f 100644 --- a/boringproxy.go +++ b/boringproxy.go @@ -5,7 +5,6 @@ import ( "crypto/tls" "flag" "fmt" - "github.com/caddyserver/certmagic" "io" "log" "net" @@ -14,6 +13,8 @@ import ( "strings" "sync" "time" + + "github.com/caddyserver/certmagic" ) type BoringProxyConfig struct { @@ -40,7 +41,12 @@ func Listen() { adminDomain := flagSet.String("admin-domain", "", "Admin Domain") sshServerPort := flagSet.Int("ssh-server-port", 22, "SSH Server Port") certDir := flagSet.String("cert-dir", "", "TLS cert directory") - flagSet.Parse(os.Args[2:]) + err := flagSet.Parse(os.Args[2:]) + if err != nil { + fmt.Fprintf(os.Stderr, "%s: parsing flags: %s\n", os.Args[0], err) + } + + log.Println("Starting up") webUiDomain := *adminDomain @@ -64,7 +70,7 @@ func Listen() { //certmagic.DefaultACME.CA = certmagic.LetsEncryptStagingCA certConfig := certmagic.NewDefault() - err := certConfig.ManageSync([]string{config.WebUiDomain}) + err = certConfig.ManageSync([]string{config.WebUiDomain}) if err != nil { log.Fatal(err) } diff --git a/client.go b/client.go index ee5b892..b5a21ae 100644 --- a/client.go +++ b/client.go @@ -7,8 +7,6 @@ import ( "errors" "flag" "fmt" - "github.com/caddyserver/certmagic" - "golang.org/x/crypto/ssh" "io" "io/ioutil" "log" @@ -18,6 +16,9 @@ import ( "strings" "sync" "time" + + "github.com/caddyserver/certmagic" + "golang.org/x/crypto/ssh" ) type BoringProxyClient struct { @@ -42,7 +43,10 @@ func NewBoringProxyClient() *BoringProxyClient { certDir := flagSet.String("cert-dir", "", "TLS cert directory") acmeEmail := flagSet.String("acme-email", "", "Email for ACME (ie Let's Encrypt)") dnsServer := flagSet.String("dns-server", "", "Custom DNS server") - flagSet.Parse(os.Args[2:]) + err := flagSet.Parse(os.Args[2:]) + if err != nil { + fmt.Fprintf(os.Stderr, "%s: parsing flags: %s\n", os.Args[0], err) + } if *dnsServer != "" { net.DefaultResolver = &net.Resolver{ @@ -63,7 +67,6 @@ func NewBoringProxyClient() *BoringProxyClient { // running on a machine where 443 isn't bound, so we need a different // port to hack around this. See here for more details: // https://github.com/caddyserver/certmagic/issues/111 - var err error certmagic.HTTPSPort, err = randomOpenPort() if err != nil { log.Fatal("Failed get random port for TLS challenges") diff --git a/main.go b/main.go index a00d543..3391b7e 100644 --- a/main.go +++ b/main.go @@ -2,29 +2,36 @@ package main import ( "fmt" - "log" "os" ) -func main() { +const usage = `Usage: %s [command] [flags] +Commands: + server Start a new server. + client Connect to a server. + +Use "%[1]s command -h" for a list of flags for the command. +` + +func main() { if len(os.Args) < 2 { - fmt.Println("Invalid arguments") + fmt.Fprintln(os.Stderr, os.Args[0]+": Need a command") + fmt.Printf(usage, os.Args[0]) os.Exit(1) } command := os.Args[1] - switch command { + case "help", "-h", "--help", "-help": + fmt.Printf(usage, os.Args[0]) case "server": - log.Println("Starting up") Listen() - case "client": client := NewBoringProxyClient() client.RunPuppetClient() default: - fmt.Println("Invalid command " + command) + fmt.Fprintln(os.Stderr, os.Args[0]+": Invalid command "+command) os.Exit(1) } } From 384b42ef546b5d2a2b5db1b822204857b77cff4b Mon Sep 17 00:00:00 2001 From: Martin Tournoij Date: Tue, 5 Jan 2021 22:12:25 +0800 Subject: [PATCH 6/8] Use "fmt.Print()" instead of "log.Print()" when asking for admin domain MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When using "boringproxy server" it asks for the admin domain. All grand, but it looks rather strange: 2021/01/05 22:11:05 Starting up 2021/01/05 22:11:05 Enter Admin Domain: [cursor is here] It wasn't really clear to me this was asking a question, as it includes the date like a log message and the cursor is on the next line. So, change it to just fmt.Print() Maybe the "starting up" should also be moved a bit further down, but that would conflict with my other PR 🙃 --- boringproxy.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/boringproxy.go b/boringproxy.go index c5a3a52..910ddda 100644 --- a/boringproxy.go +++ b/boringproxy.go @@ -5,7 +5,6 @@ import ( "crypto/tls" "flag" "fmt" - "github.com/caddyserver/certmagic" "io" "log" "net" @@ -14,6 +13,8 @@ import ( "strings" "sync" "time" + + "github.com/caddyserver/certmagic" ) type BoringProxyConfig struct { @@ -46,7 +47,7 @@ func Listen() { if *adminDomain == "" { reader := bufio.NewReader(os.Stdin) - log.Print("Enter Admin Domain: ") + fmt.Print("Enter Admin Domain: ") text, _ := reader.ReadString('\n') webUiDomain = strings.TrimSpace(text) } From d6ff17de5afbaeca5ca38fb70c33fc324f5b5026 Mon Sep 17 00:00:00 2001 From: Buck Brady Date: Tue, 5 Jan 2021 17:09:21 -0700 Subject: [PATCH 7/8] fixing curl/wget to not use sudo --- docs/systemd.md | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/docs/systemd.md b/docs/systemd.md index 82ed73c..50386c8 100644 --- a/docs/systemd.md +++ b/docs/systemd.md @@ -26,12 +26,16 @@ sudo chmod 700 /opt/boringproxy Download the boringproxy-server.service file ```bash # with wget -sudo wget https://raw.githubusercontent.com/boringproxy/boringproxy/master/systemd/boringproxy-server.service -O /etc/systemd/system/boringproxy-server.service +wget https://raw.githubusercontent.com/boringproxy/boringproxy/master/systemd/boringproxy-server.service -O /tmp/boringproxy-server.service # or with curl -sudo curl https://raw.githubusercontent.com/boringproxy/boringproxy/master/systemd/boringproxy-server.service --output /etc/systemd/system/boringproxy-server.service +curl https://raw.githubusercontent.com/boringproxy/boringproxy/master/systemd/boringproxy-server.service --output /tmp/boringproxy-server.service + +# move the systemd file into the correct location +sudo mv /tmp/boringproxy-server.service /etc/systemd/system/boringproxy-server.service ``` + Edit `/etc/systemd/system/boringproxy-server.service` and replace the admin domain `bp.example.com` with the domain that the server will be available at. EX: `-admin-domain proxy.bpuser.me` Enable and start the boringproxy server service with the following command @@ -48,10 +52,12 @@ This will make sure that boringproxy server will always start backup if the host Download the boringproxy-client@.service file ```bash # with wget -sudo wget https://raw.githubusercontent.com/boringproxy/boringproxy/master/systemd/boringproxy-client%40.service -O "/etc/systemd/system/boringproxy-client@.service" +wget https://raw.githubusercontent.com/boringproxy/boringproxy/master/systemd/boringproxy-client%40.service -O "/tmp/boringproxy-client@.service" # or with curl -sudo curl https://raw.githubusercontent.com/boringproxy/boringproxy/master/systemd/boringproxy-client%40.service --output "/etc/systemd/system/boringproxy-client@.service" +curl https://raw.githubusercontent.com/boringproxy/boringproxy/master/systemd/boringproxy-client%40.service --output "/tmp/boringproxy-client@.service" + +sudo mv /tmp/boringproxy-client@.service /etc/systemd/system/boringproxy-client@.service ``` Edit `/etc/systemd/system/boringproxy-client@.service` and replace the server address `bp.example.com` with the domain that the server is located at. EX: `-server proxy.bpuser.me` From e419be6f057cd1eb4100c920c26ad03e95926a32 Mon Sep 17 00:00:00 2001 From: Anders Pitman Date: Wed, 6 Jan 2021 10:08:59 -0700 Subject: [PATCH 8/8] Move main.go --- main.go => cmd/boringproxy/main.go | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename main.go => cmd/boringproxy/main.go (100%) diff --git a/main.go b/cmd/boringproxy/main.go similarity index 100% rename from main.go rename to cmd/boringproxy/main.go