path: root/README.md



# Installing

Make sure you have the following dependencies:

Python3 Modules:
random, threading, time, hashlib, json, zlib, base64, mysql.connector, syslog

You need Python 3.6, other versions were not tested and may not work at all.
You'll also need a local instance of MySQL running. MariaDB should also work.

mysql.connector can be installed with `pip3 install mysql-connector`.

The websocket library is available [here](https://pypi.org/project/simple-websocket-server/) and **comes pre-installed**, no need to use pip.

## Before all

Create a database, SQL User and SQL Password, granting all rights to it.
Remember to configure pass.json accordingly.

Then, execute `main.sql` against the newly created SQL Database.
It's installed now.

### Alternative
You can also run this command to prepare MySQL for you. You need to have mysql
installed to run this command!

```sh
make initdb
```

Do note it'll try to create "username", identified by "password", owner of
"database" in your SQL, and it might mess up badly, but should do for a test.

## Other things you'll need

You need a file called salt.txt, with 1~5 random alphanumeric characters.
If you used `make initdb`, this file was created to you with a random 0~999 number.
You probably should change it, but it is fine as long as it can't be guessed.

If you plan in support SSL, you will need a pair of files: key.pem and certificate.pem
`make initdb` will make these files for you; But if you don't want to support SSL,
update the relevant setting on server.py file.

Remember: Clients may attempt SSL connection if they can download certificate.pem!

# Running the server
Simply run server.py and vóila.

Spheres Server will be running on port provided by pass.json
Remember to configure server.py if you plan on running this outside localhost.

# Securing the server

You should, besides changing default sql user/password combination, use Fail2Ban.
Fail2Ban will block harmful clients which could otherwise DoS your server.

See also their official website: https://www.fail2ban.org

The server will read (one IP per line) the files called Z-Line, G-Line and K-Line
in this order during startup, and won't read them again at runtime.
They will issue "bans", which causes connection to be dropped right after being
established with status 1011.

It is advised dropping IPs at Z-Line on a firewall level, but that is not done
automatically, nor are the files distinguished among themselves.

You can, for example, download a
[Tor Exit Nodes List](https://check.torproject.org/torbulkexitlist?ip=1.1.1.1)
and auto-fill one of the three files, while still keeping two ban lists for your
own management.

# The client
The client should work out-of-the-box, but a few concerns are to be made.

1. Only localhost is accepted right now,
2. You must serve several files under localhost:80, eg.
  * version.txt
  * units.json
  * quests.json
3. You must have Update Server running and properly configured,

Remember to run the server along Fail2ban and other technologies.

Client auto-updater is not provided, but is possible.

# The Update Server

The client will request images missing on it to the update server.
Simply download it from the repository.

Workflow is: First you use comp.py, and then, fixit.sh

After that, the Update Server is ready to be enabled, and you can do so by running
`./server.py` on the relevant folder.

Update Server should already be running when this server is running.
Failure to do so might lead to infinite hangs on clients as they await for a reply.
Caution doesn't hurt.
# Installing

Make sure you have the following dependencies:

Python3 Modules:
random, threading, time, hashlib, json, zlib, base64, mysql.connector, syslog

You need Python 3.6, other versions were not tested and may not work at all.
You'll also need a local instance of MySQL running. MariaDB should also work.

mysql.connector can be installed with `pip3 install mysql-connector`.

The websocket library is available [here](https://pypi.org/project/simple-websocket-server/) and **comes pre-installed**, no need to use pip.

## Before all

Create a database, SQL User and SQL Password, granting all rights to it.
Remember to configure pass.json accordingly.

Then, execute `main.sql` against the newly created SQL Database.
It's installed now.

### Alternative
You can also run this command to prepare MySQL for you. You need to have mysql
installed to run this command!

```sh
make initdb
```

Do note it'll try to create "username", identified by "password", owner of
"database" in your SQL, and it might mess up badly, but should do for a test.

## Other things you'll need

You need a file called salt.txt, with 1~5 random alphanumeric characters.
If you used `make initdb`, this file was created to you with a random 0~999 number.
You probably should change it, but it is fine as long as it can't be guessed.

If you plan in support SSL, you will need a pair of files: key.pem and certificate.pem
`make initdb` will make these files for you; But if you don't want to support SSL,
update the relevant setting on server.py file.

Remember: Clients may attempt SSL connection if they can download certificate.pem!

# Running the server
Simply run server.py and vóila.

Spheres Server will be running on port provided by pass.json
Remember to configure server.py if you plan on running this outside localhost.

# Securing the server

You should, besides changing default sql user/password combination, use Fail2Ban.
Fail2Ban will block harmful clients which could otherwise DoS your server.

See also their official website: https://www.fail2ban.org

The server will read (one IP per line) the files called Z-Line, G-Line and K-Line
in this order during startup, and won't read them again at runtime.
They will issue "bans", which causes connection to be dropped right after being
established with status 1011.

It is advised dropping IPs at Z-Line on a firewall level, but that is not done
automatically, nor are the files distinguished among themselves.

You can, for example, download a
[Tor Exit Nodes List](https://check.torproject.org/torbulkexitlist?ip=1.1.1.1)
and auto-fill one of the three files, while still keeping two ban lists for your
own management.

# The client
The client should work out-of-the-box, but a few concerns are to be made.

1. Only localhost is accepted right now,
2. You must serve several files under localhost:80, eg.
  * version.txt
  * units.json
  * quests.json
3. You must have Update Server running and properly configured,

Remember to run the server along Fail2ban and other technologies.

Client auto-updater is not provided, but is possible.

# The Update Server

The client will request images missing on it to the update server.
Simply download it from the repository.

Workflow is: First you use comp.py, and then, fixit.sh

After that, the Update Server is ready to be enabled, and you can do so by running
`./server.py` on the relevant folder.

Update Server should already be running when this server is running.
Failure to do so might lead to infinite hangs on clients as they await for a reply.
Caution doesn't hurt.