summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorckg <ckg@airmail.cc>2023-08-27 14:22:40 -0500
committerlolcat <lolcat@no-reply@lolcat.ca>2023-08-27 14:22:40 -0500
commit6dfe114c856eca6755e13e48f9c60e7a89fb9f66 (patch)
tree277128bf7788deacc5e7dd5b39bd7582200f8fc4
parentcfd44438aea9740e0a2c34487424c87126862cc9 (diff)
Little tutorial about nginx and tor (#7)
review it :3 Reviewed-on: https://git.lolcat.ca/lolcat/4get/pulls/7 Co-authored-by: ckg <ckg@airmail.cc> Co-committed-by: ckg <ckg@airmail.cc>
-rw-r--r--README.md119
1 files changed, 115 insertions, 4 deletions
diff --git a/README.md b/README.md
index 41e4fb3..88024cf 100644
--- a/README.md
+++ b/README.md
@@ -37,7 +37,9 @@ https://4get.ca
More scrapers are coming soon. I currently want to add Hackernews, Qwant and find a way to scrape Yandex web without those fucking captchas. A shopping, music and files tab is also in my todo list.
# Setup
-This section is still to-do. You will need to figure shit out for some of the apache2 stuff. Everything else should be OK.
+This section is still to-do. You will need to figure shit out for some of the apache2 and nginx stuff. Everything else should be OK.
+
+## Apache
Login as root.
@@ -69,9 +71,59 @@ chmod 777 -R icons/
Restart the service for good measure... `service apache2 restart`
+## NGINX
+
+Login as root.
+
+Create a file in `/etc/nginx/sites-avaliable/` called `4get.conf` or any name you want and put this into the file:
+
+```
+server {
+ # DO YOU REALLY NEED TO LOG SEARCHES?
+ access_log /dev/null;
+ error_log /dev/null;
+ # Change this if you have 4get in other folder.
+ root /var/www/4get;
+ # Change yourdomain by your domain lol
+ server_name www.yourdomain.com yourdomain.com;
+
+ location @php {
+ try_files $uri.php $uri/index.php =404;
+ # Change the unix socket address if it's different for you.
+ fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
+ fastcgi_index index.php;
+ # Change this to `fastcgi_params` if you use a debian based distro.
+ include fastcgi.conf;
+ fastcgi_intercept_errors on;
+ }
+
+ location / {
+ try_files $uri @php;
+ }
+
+ location ~* ^(.*)\.php$ {
+ return 301 $1;
+ }
+
+ listen 80;
+}
+```
+
+That is a very basic config so you will need to adapt it to your needs in case you have a more complicated nginx configuration. Anyways, you can see a real world example [here](https://git.zzls.xyz/Fijxu/etc-configs/src/branch/selfhost/nginx/sites-available/4get.zzls.xyz.conf)
+
+After you save the file you will need to do a symlink of the `4get.conf` file to `/etc/nignx/sites-enabled/`, you can do it with this command:
+
+```sh
+ln -s /etc/nginx/sites-available/4get.conf /etc/nginx/sites-available/4get.conf
+```
+
+Now test the nginx config with `nginx -t`, if it says that everything is good, restart nginx using `systemctl restart nginx`
+
## Setup encryption
I'm schizoid (as you should) so I'm gonna setup 4096bit key encryption. To complete this step, you need a domain or subdomain in your possession. Make sure that the DNS shit for your domain has propagated properly before continuing, because certbot is a piece of shit that will error out the ass once you reach 5 attempts under an hour.
+### Apache
+
```sh
certbot --apache --rsa-key-size 4096 -d www.yourdomain.com -d yourdomain.com
```
@@ -98,11 +150,72 @@ Restart again
service apache2 restart
```
-You'll probably want to setup a tor address at this point, but I'm too lazy to put instructions here.
+### NGINX
+
+Generate a certificate for the domain using:
+
+```sh
+certbot --nginx --key-type ecdsa -d www.yourdomain.com -d yourdomain.com
+```
+(Remember to install the nginx certbot plugin!!!)
+
+After doing that certbot should deploy the certificate automatically into your 4get nginx config file. It should be ready to use at that point.
Ok bye!!!
+## Tor Setup
+
+1. Install tor.
+2. Open `/etc/tor/torrc`
+3. Go to the line that contains `HiddenServiceDir` and `HiddenServicePort`
+4. Uncomment those 2 lines and set them like this:
+ ```
+ HiddenServiceDir /var/lib/tor/4get
+ HiddenServicePort 80 127.0.0.1:80
+ ```
+5. Start the tor service using `systemctl start tor`
+6. Wait some seconds...
+7. Login as root and execute this command: `cat /var/lib/tor/4get/hostname`
+8. That is your onion address.
+
+After you get your onion address you will need to configure your Apache or Nginx config or you will get 404 errors.
+
+I don't know to configure this shit on Apache so here is the NGINX one.
+### NGINX
+
+Open your current 4get NGINX config (that is under `/etc/nginx/sites-available/`) and append this to the end of the file:
+
+```
+server {
+ access_log /dev/null;
+ error_log /dev/null;
+
+ listen 80;
+ server_name <youronionaddress>;
+ root /var/www/4get;
+
+ location @php {
+ try_files $uri.php $uri/index.php =404;
+ # Change the unix socket address if it's different for you.
+ fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
+ fastcgi_index index.php;
+ # Change this to `fastcgi_params` if you use a debian based distro.
+ include fastcgi.conf;
+ fastcgi_intercept_errors on;
+ }
+
+ location / {
+ try_files $uri @php;
+ }
+
+ location ~* ^(.*)\.php$ {
+ return 301 $1;
+ }
+}
+```
+
+Obviously replace `<youronionaddress>` by the onion address of `/var/lib/tor/4get/hostname` and then check if the nginx config is valid with `nginx -t` if yes, then restart the nginx service and try opening the onion address into the Tor Browser. You can see a real world example [here](https://git.zzls.xyz/Fijxu/etc-configs/src/branch/selfhost/nginx/sites-available/4get.zzls.xyz.conf)
## Docker Install
@@ -116,5 +229,3 @@ docker run -d -p 80:80 -p 443:443 -e FOURGET_SERVER_NAME="4get.ca" -e FOURGET_SE
replace enviroment variables FOURGET_SERVER_NAME and FOURGET_SERVER_ADMIN_EMAIL with relevant values
the certs directory expects files named `cert.pem`, `chain.pem`, `privkey.pem`
-
-