From 6dfe114c856eca6755e13e48f9c60e7a89fb9f66 Mon Sep 17 00:00:00 2001 From: ckg Date: Sun, 27 Aug 2023 14:22:40 -0500 Subject: Little tutorial about nginx and tor (#7) review it :3 Reviewed-on: https://git.lolcat.ca/lolcat/4get/pulls/7 Co-authored-by: ckg Co-committed-by: ckg --- README.md | 119 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 115 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 41e4fb3..88024cf 100644 --- a/README.md +++ b/README.md @@ -37,7 +37,9 @@ https://4get.ca More scrapers are coming soon. I currently want to add Hackernews, Qwant and find a way to scrape Yandex web without those fucking captchas. A shopping, music and files tab is also in my todo list. # Setup -This section is still to-do. You will need to figure shit out for some of the apache2 stuff. Everything else should be OK. +This section is still to-do. You will need to figure shit out for some of the apache2 and nginx stuff. Everything else should be OK. + +## Apache Login as root. @@ -69,9 +71,59 @@ chmod 777 -R icons/ Restart the service for good measure... `service apache2 restart` +## NGINX + +Login as root. + +Create a file in `/etc/nginx/sites-avaliable/` called `4get.conf` or any name you want and put this into the file: + +``` +server { + # DO YOU REALLY NEED TO LOG SEARCHES? + access_log /dev/null; + error_log /dev/null; + # Change this if you have 4get in other folder. + root /var/www/4get; + # Change yourdomain by your domain lol + server_name www.yourdomain.com yourdomain.com; + + location @php { + try_files $uri.php $uri/index.php =404; + # Change the unix socket address if it's different for you. + fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; + fastcgi_index index.php; + # Change this to `fastcgi_params` if you use a debian based distro. + include fastcgi.conf; + fastcgi_intercept_errors on; + } + + location / { + try_files $uri @php; + } + + location ~* ^(.*)\.php$ { + return 301 $1; + } + + listen 80; +} +``` + +That is a very basic config so you will need to adapt it to your needs in case you have a more complicated nginx configuration. Anyways, you can see a real world example [here](https://git.zzls.xyz/Fijxu/etc-configs/src/branch/selfhost/nginx/sites-available/4get.zzls.xyz.conf) + +After you save the file you will need to do a symlink of the `4get.conf` file to `/etc/nignx/sites-enabled/`, you can do it with this command: + +```sh +ln -s /etc/nginx/sites-available/4get.conf /etc/nginx/sites-available/4get.conf +``` + +Now test the nginx config with `nginx -t`, if it says that everything is good, restart nginx using `systemctl restart nginx` + ## Setup encryption I'm schizoid (as you should) so I'm gonna setup 4096bit key encryption. To complete this step, you need a domain or subdomain in your possession. Make sure that the DNS shit for your domain has propagated properly before continuing, because certbot is a piece of shit that will error out the ass once you reach 5 attempts under an hour. +### Apache + ```sh certbot --apache --rsa-key-size 4096 -d www.yourdomain.com -d yourdomain.com ``` @@ -98,11 +150,72 @@ Restart again service apache2 restart ``` -You'll probably want to setup a tor address at this point, but I'm too lazy to put instructions here. +### NGINX + +Generate a certificate for the domain using: + +```sh +certbot --nginx --key-type ecdsa -d www.yourdomain.com -d yourdomain.com +``` +(Remember to install the nginx certbot plugin!!!) + +After doing that certbot should deploy the certificate automatically into your 4get nginx config file. It should be ready to use at that point. Ok bye!!! +## Tor Setup + +1. Install tor. +2. Open `/etc/tor/torrc` +3. Go to the line that contains `HiddenServiceDir` and `HiddenServicePort` +4. Uncomment those 2 lines and set them like this: + ``` + HiddenServiceDir /var/lib/tor/4get + HiddenServicePort 80 127.0.0.1:80 + ``` +5. Start the tor service using `systemctl start tor` +6. Wait some seconds... +7. Login as root and execute this command: `cat /var/lib/tor/4get/hostname` +8. That is your onion address. + +After you get your onion address you will need to configure your Apache or Nginx config or you will get 404 errors. + +I don't know to configure this shit on Apache so here is the NGINX one. +### NGINX + +Open your current 4get NGINX config (that is under `/etc/nginx/sites-available/`) and append this to the end of the file: + +``` +server { + access_log /dev/null; + error_log /dev/null; + + listen 80; + server_name ; + root /var/www/4get; + + location @php { + try_files $uri.php $uri/index.php =404; + # Change the unix socket address if it's different for you. + fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; + fastcgi_index index.php; + # Change this to `fastcgi_params` if you use a debian based distro. + include fastcgi.conf; + fastcgi_intercept_errors on; + } + + location / { + try_files $uri @php; + } + + location ~* ^(.*)\.php$ { + return 301 $1; + } +} +``` + +Obviously replace `` by the onion address of `/var/lib/tor/4get/hostname` and then check if the nginx config is valid with `nginx -t` if yes, then restart the nginx service and try opening the onion address into the Tor Browser. You can see a real world example [here](https://git.zzls.xyz/Fijxu/etc-configs/src/branch/selfhost/nginx/sites-available/4get.zzls.xyz.conf) ## Docker Install @@ -116,5 +229,3 @@ docker run -d -p 80:80 -p 443:443 -e FOURGET_SERVER_NAME="4get.ca" -e FOURGET_SE replace enviroment variables FOURGET_SERVER_NAME and FOURGET_SERVER_ADMIN_EMAIL with relevant values the certs directory expects files named `cert.pem`, `chain.pem`, `privkey.pem` - - -- cgit v1.2.3 From 4cf2d738361ff098272ed2fcf89b510e6cf6819f Mon Sep 17 00:00:00 2001 From: cynic Date: Tue, 29 Aug 2023 16:11:47 -0500 Subject: create data/instances.php to demonstrate out-of-code configuration, and use it to dynamically generate the instance list (#8) see title. the workflow here (i.e. a file data/*.php, which only has a data structure and is used to generate content elsewhere) could also be used for easier per-instance customization. [you can see what this looks like live here](https://4get.silly.computer/about) Co-authored-by: cynic Reviewed-on: https://git.lolcat.ca/lolcat/4get/pulls/8 Co-authored-by: cynic Co-committed-by: cynic --- about.php | 22 ++++++++++++++-------- data/instances.php | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+), 8 deletions(-) create mode 100644 data/instances.php diff --git a/about.php b/about.php index 2b3d316..77c9ab1 100644 --- a/about.php +++ b/about.php @@ -18,6 +18,19 @@ echo '' . ''; +include "data/instances.php"; +$compiledinstancelist = ""; +foreach ($instancelist as $instance) +{ + $compiledinstancelist .= " ".$instance["name"].""; + $compiledinstancelist .= " ".$instance["address"]["displayname"].""; + foreach ($instance["altaddresses"] as $alt) + { + $compiledinstancelist .= "(".$alt["displayname"].")"; + } + $compiledinstancelist .= ""; +} + $left = '< Go back @@ -87,14 +100,7 @@ $left = Name Address - - lolcat\'s instance (master) - 4get.ca(tor) - - - zzls\'s instance - 4get.zzls.xyz(tor) - + '.$compiledinstancelist.'

How can I trust you?

 diff --git a/data/instances.php b/data/instances.php new file mode 100644 index 0000000..aeb0707 --- /dev/null +++ b/data/instances.php @@ -0,0 +1,47 @@ + "lolcat's instance (master)", + "address" => [ + "uri" => "https://4get.ca/", + "displayname" => "4get.ca" + ], + "altaddresses" => [ // all these address blocks will be linked in parentheses + [ // e.g. 4get.ca (tor) (i2p) etc. + "uri" => "http://4getwebfrq5zr4sxugk6htxvawqehxtdgjrbcn2oslllcol2vepa23yd.onion", + "displayname" => "tor" + ] + ] + ], + [ + "name" => "zzls's instance", + "address" => [ + "uri" => "https://4get.zzls.xyz/", + "displayname" => "4get.zzls.xyz" + ], + "altaddresses" => [ + [ + "uri" => "http://4get.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion", + "displayname" => "tor" + ] + ] + ], + [ + "name" => "4get on a silly computer", + "address" => [ + "uri" => "https://4get.silly.computer", + "displayname" => "4get.silly.computer" + ], + "altaddresses" => [ + [ + "uri" => "https://4get.cynic.moe/", + "displayname" => "fallback domain" + ] + ] + ], +] +?> \ No newline at end of file -- cgit v1.2.3 From 77293818cd213ec0ad07c573d298fff9cd5b357d Mon Sep 17 00:00:00 2001 From: cynic Date: Wed, 30 Aug 2023 19:04:53 -0500 Subject: [DANGEROUS] untrack all banners, replace with default banner (#9) if this git repo is meant for all instances, it doesn't make sense that 4get.ca banners are stored here. instead, I've added `banner/*` to a .gitignore file, so instances can clone/pull/push the repo without grabbing other people's banners or uploading their own. making this change required deleting all the currently tracked banners from the repo. an unfortunate side-effect of this is that **if you have any of these tracked banners in your local version, pulling this commit WILL DELETE ALL OF THEM!!!!!!** pulling this commit properly while preserving tracked banners should be done by temporarily copying them to another directory, `git pull`ing, then copying them back. I also added a default banner based on the default nginx page so new instances aren't bannerless. Co-authored-by: cynic Reviewed-on: https://git.lolcat.ca/lolcat/4get/pulls/9 Co-authored-by: cynic Co-committed-by: cynic --- .gitignore | 2 ++ banner/4get-default.png | Bin 0 -> 30756 bytes banner/aves.png | Bin 25271 -> 0 bytes banner/aves_2.png | Bin 14191 -> 0 bytes banner/bibblebop.png | Bin 14791 -> 0 bytes banner/birds_birds_birdsw.jpg | Bin 6394 -> 0 bytes banner/birds_birds_birdsw_2.jpg | Bin 6706 -> 0 bytes banner/birds_birds_birdsw_3.jpg | Bin 6096 -> 0 bytes banner/birds_birds_birdsw_4.jpg | Bin 9643 -> 0 bytes banner/cynic.png | Bin 68909 -> 0 bytes banner/deek.png | Bin 1373 -> 0 bytes banner/deekchat.gif | Bin 2480 -> 0 bytes banner/eagle.png | Bin 5846 -> 0 bytes banner/eagle2.png | Bin 1180 -> 0 bytes banner/eagle3.jpg | Bin 11427 -> 0 bytes banner/eddd_1.png | Bin 43851 -> 0 bytes banner/eddd_2.png | Bin 10651 -> 0 bytes banner/eddd_3.png | Bin 13687 -> 0 bytes banner/gnuwu.png | Bin 6666 -> 0 bytes banner/gnuwu_2.png | Bin 33693 -> 0 bytes banner/horse.png | Bin 20672 -> 0 bytes banner/linucks.jpg | Bin 60524 -> 0 bytes banner/real_nig_3.jpg | Bin 64618 -> 0 bytes banner/sec.png | Bin 18421 -> 0 bytes banner/tagmachine.png | Bin 10717 -> 0 bytes 25 files changed, 2 insertions(+) create mode 100644 .gitignore create mode 100644 banner/4get-default.png delete mode 100644 banner/aves.png delete mode 100644 banner/aves_2.png delete mode 100644 banner/bibblebop.png delete mode 100644 banner/birds_birds_birdsw.jpg delete mode 100644 banner/birds_birds_birdsw_2.jpg delete mode 100644 banner/birds_birds_birdsw_3.jpg delete mode 100644 banner/birds_birds_birdsw_4.jpg delete mode 100644 banner/cynic.png delete mode 100644 banner/deek.png delete mode 100644 banner/deekchat.gif delete mode 100644 banner/eagle.png delete mode 100644 banner/eagle2.png delete mode 100644 banner/eagle3.jpg delete mode 100644 banner/eddd_1.png delete mode 100644 banner/eddd_2.png delete mode 100644 banner/eddd_3.png delete mode 100644 banner/gnuwu.png delete mode 100644 banner/gnuwu_2.png delete mode 100644 banner/horse.png delete mode 100644 banner/linucks.jpg delete mode 100644 banner/real_nig_3.jpg delete mode 100644 banner/sec.png delete mode 100644 banner/tagmachine.png diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..126df62 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +banner/* +!banner/*default* \ No newline at end of file diff --git a/banner/4get-default.png b/banner/4get-default.png new file mode 100644 index 0000000..5b549d0 Binary files /dev/null and b/banner/4get-default.png differ diff --git a/banner/aves.png b/banner/aves.png deleted file mode 100644 index 2b28e79..0000000 Binary files a/banner/aves.png and /dev/null differ diff --git a/banner/aves_2.png b/banner/aves_2.png deleted file mode 100644 index 30f17a6..0000000 Binary files a/banner/aves_2.png and /dev/null differ diff --git a/banner/bibblebop.png b/banner/bibblebop.png deleted file mode 100644 index 0fe95c4..0000000 Binary files a/banner/bibblebop.png and /dev/null differ diff --git a/banner/birds_birds_birdsw.jpg b/banner/birds_birds_birdsw.jpg deleted file mode 100644 index d820465..0000000 Binary files a/banner/birds_birds_birdsw.jpg and /dev/null differ diff --git a/banner/birds_birds_birdsw_2.jpg b/banner/birds_birds_birdsw_2.jpg deleted file mode 100644 index a8d9164..0000000 Binary files a/banner/birds_birds_birdsw_2.jpg and /dev/null differ diff --git a/banner/birds_birds_birdsw_3.jpg b/banner/birds_birds_birdsw_3.jpg deleted file mode 100644 index 239f6c8..0000000 Binary files a/banner/birds_birds_birdsw_3.jpg and /dev/null differ diff --git a/banner/birds_birds_birdsw_4.jpg b/banner/birds_birds_birdsw_4.jpg deleted file mode 100644 index ba7d637..0000000 Binary files a/banner/birds_birds_birdsw_4.jpg and /dev/null differ diff --git a/banner/cynic.png b/banner/cynic.png deleted file mode 100644 index 05c728b..0000000 Binary files a/banner/cynic.png and /dev/null differ diff --git a/banner/deek.png b/banner/deek.png deleted file mode 100644 index 850416d..0000000 Binary files a/banner/deek.png and /dev/null differ diff --git a/banner/deekchat.gif b/banner/deekchat.gif deleted file mode 100644 index 604e2fa..0000000 Binary files a/banner/deekchat.gif and /dev/null differ diff --git a/banner/eagle.png b/banner/eagle.png deleted file mode 100644 index 705cf6d..0000000 Binary files a/banner/eagle.png and /dev/null differ diff --git a/banner/eagle2.png b/banner/eagle2.png deleted file mode 100644 index d5bdda6..0000000 Binary files a/banner/eagle2.png and /dev/null differ diff --git a/banner/eagle3.jpg b/banner/eagle3.jpg deleted file mode 100644 index 5c3d44d..0000000 Binary files a/banner/eagle3.jpg and /dev/null differ diff --git a/banner/eddd_1.png b/banner/eddd_1.png deleted file mode 100644 index 4dd69b0..0000000 Binary files a/banner/eddd_1.png and /dev/null differ diff --git a/banner/eddd_2.png b/banner/eddd_2.png deleted file mode 100644 index c2a59d1..0000000 Binary files a/banner/eddd_2.png and /dev/null differ diff --git a/banner/eddd_3.png b/banner/eddd_3.png deleted file mode 100644 index 8531a88..0000000 Binary files a/banner/eddd_3.png and /dev/null differ diff --git a/banner/gnuwu.png b/banner/gnuwu.png deleted file mode 100644 index 6b95ca4..0000000 Binary files a/banner/gnuwu.png and /dev/null differ diff --git a/banner/gnuwu_2.png b/banner/gnuwu_2.png deleted file mode 100644 index 1612132..0000000 Binary files a/banner/gnuwu_2.png and /dev/null differ diff --git a/banner/horse.png b/banner/horse.png deleted file mode 100644 index e4cd7f5..0000000 Binary files a/banner/horse.png and /dev/null differ diff --git a/banner/linucks.jpg b/banner/linucks.jpg deleted file mode 100644 index 3148c6f..0000000 Binary files a/banner/linucks.jpg and /dev/null differ diff --git a/banner/real_nig_3.jpg b/banner/real_nig_3.jpg deleted file mode 100644 index 60bac39..0000000 Binary files a/banner/real_nig_3.jpg and /dev/null differ diff --git a/banner/sec.png b/banner/sec.png deleted file mode 100644 index b02b978..0000000 Binary files a/banner/sec.png and /dev/null differ diff --git a/banner/tagmachine.png b/banner/tagmachine.png deleted file mode 100644 index 2fca9a2..0000000 Binary files a/banner/tagmachine.png and /dev/null differ -- cgit v1.2.3