mirror of
https://git.lolcat.ca/lolcat/4get.git
synced 2024-11-14 03:49:48 +01:00
Little tutorial about nginx and tor (#7)
review it :3 Reviewed-on: https://git.lolcat.ca/lolcat/4get/pulls/7 Co-authored-by: ckg <ckg@airmail.cc> Co-committed-by: ckg <ckg@airmail.cc>
This commit is contained in:
parent
cfd44438ae
commit
6dfe114c85
119
README.md
119
README.md
|
@ -37,7 +37,9 @@ https://4get.ca
|
|||
More scrapers are coming soon. I currently want to add Hackernews, Qwant and find a way to scrape Yandex web without those fucking captchas. A shopping, music and files tab is also in my todo list.
|
||||
|
||||
# Setup
|
||||
This section is still to-do. You will need to figure shit out for some of the apache2 stuff. Everything else should be OK.
|
||||
This section is still to-do. You will need to figure shit out for some of the apache2 and nginx stuff. Everything else should be OK.
|
||||
|
||||
## Apache
|
||||
|
||||
Login as root.
|
||||
|
||||
|
@ -69,9 +71,59 @@ chmod 777 -R icons/
|
|||
|
||||
Restart the service for good measure... `service apache2 restart`
|
||||
|
||||
## NGINX
|
||||
|
||||
Login as root.
|
||||
|
||||
Create a file in `/etc/nginx/sites-avaliable/` called `4get.conf` or any name you want and put this into the file:
|
||||
|
||||
```
|
||||
server {
|
||||
# DO YOU REALLY NEED TO LOG SEARCHES?
|
||||
access_log /dev/null;
|
||||
error_log /dev/null;
|
||||
# Change this if you have 4get in other folder.
|
||||
root /var/www/4get;
|
||||
# Change yourdomain by your domain lol
|
||||
server_name www.yourdomain.com yourdomain.com;
|
||||
|
||||
location @php {
|
||||
try_files $uri.php $uri/index.php =404;
|
||||
# Change the unix socket address if it's different for you.
|
||||
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
# Change this to `fastcgi_params` if you use a debian based distro.
|
||||
include fastcgi.conf;
|
||||
fastcgi_intercept_errors on;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri @php;
|
||||
}
|
||||
|
||||
location ~* ^(.*)\.php$ {
|
||||
return 301 $1;
|
||||
}
|
||||
|
||||
listen 80;
|
||||
}
|
||||
```
|
||||
|
||||
That is a very basic config so you will need to adapt it to your needs in case you have a more complicated nginx configuration. Anyways, you can see a real world example [here](https://git.zzls.xyz/Fijxu/etc-configs/src/branch/selfhost/nginx/sites-available/4get.zzls.xyz.conf)
|
||||
|
||||
After you save the file you will need to do a symlink of the `4get.conf` file to `/etc/nignx/sites-enabled/`, you can do it with this command:
|
||||
|
||||
```sh
|
||||
ln -s /etc/nginx/sites-available/4get.conf /etc/nginx/sites-available/4get.conf
|
||||
```
|
||||
|
||||
Now test the nginx config with `nginx -t`, if it says that everything is good, restart nginx using `systemctl restart nginx`
|
||||
|
||||
## Setup encryption
|
||||
I'm schizoid (as you should) so I'm gonna setup 4096bit key encryption. To complete this step, you need a domain or subdomain in your possession. Make sure that the DNS shit for your domain has propagated properly before continuing, because certbot is a piece of shit that will error out the ass once you reach 5 attempts under an hour.
|
||||
|
||||
### Apache
|
||||
|
||||
```sh
|
||||
certbot --apache --rsa-key-size 4096 -d www.yourdomain.com -d yourdomain.com
|
||||
```
|
||||
|
@ -98,11 +150,72 @@ Restart again
|
|||
service apache2 restart
|
||||
```
|
||||
|
||||
You'll probably want to setup a tor address at this point, but I'm too lazy to put instructions here.
|
||||
### NGINX
|
||||
|
||||
Generate a certificate for the domain using:
|
||||
|
||||
```sh
|
||||
certbot --nginx --key-type ecdsa -d www.yourdomain.com -d yourdomain.com
|
||||
```
|
||||
(Remember to install the nginx certbot plugin!!!)
|
||||
|
||||
After doing that certbot should deploy the certificate automatically into your 4get nginx config file. It should be ready to use at that point.
|
||||
|
||||
Ok bye!!!
|
||||
|
||||
## Tor Setup
|
||||
|
||||
1. Install tor.
|
||||
2. Open `/etc/tor/torrc`
|
||||
3. Go to the line that contains `HiddenServiceDir` and `HiddenServicePort`
|
||||
4. Uncomment those 2 lines and set them like this:
|
||||
```
|
||||
HiddenServiceDir /var/lib/tor/4get
|
||||
HiddenServicePort 80 127.0.0.1:80
|
||||
```
|
||||
5. Start the tor service using `systemctl start tor`
|
||||
6. Wait some seconds...
|
||||
7. Login as root and execute this command: `cat /var/lib/tor/4get/hostname`
|
||||
8. That is your onion address.
|
||||
|
||||
After you get your onion address you will need to configure your Apache or Nginx config or you will get 404 errors.
|
||||
|
||||
I don't know to configure this shit on Apache so here is the NGINX one.
|
||||
|
||||
### NGINX
|
||||
|
||||
Open your current 4get NGINX config (that is under `/etc/nginx/sites-available/`) and append this to the end of the file:
|
||||
|
||||
```
|
||||
server {
|
||||
access_log /dev/null;
|
||||
error_log /dev/null;
|
||||
|
||||
listen 80;
|
||||
server_name <youronionaddress>;
|
||||
root /var/www/4get;
|
||||
|
||||
location @php {
|
||||
try_files $uri.php $uri/index.php =404;
|
||||
# Change the unix socket address if it's different for you.
|
||||
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
# Change this to `fastcgi_params` if you use a debian based distro.
|
||||
include fastcgi.conf;
|
||||
fastcgi_intercept_errors on;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri @php;
|
||||
}
|
||||
|
||||
location ~* ^(.*)\.php$ {
|
||||
return 301 $1;
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
Obviously replace `<youronionaddress>` by the onion address of `/var/lib/tor/4get/hostname` and then check if the nginx config is valid with `nginx -t` if yes, then restart the nginx service and try opening the onion address into the Tor Browser. You can see a real world example [here](https://git.zzls.xyz/Fijxu/etc-configs/src/branch/selfhost/nginx/sites-available/4get.zzls.xyz.conf)
|
||||
|
||||
## Docker Install
|
||||
|
||||
|
@ -116,5 +229,3 @@ docker run -d -p 80:80 -p 443:443 -e FOURGET_SERVER_NAME="4get.ca" -e FOURGET_SE
|
|||
replace enviroment variables FOURGET_SERVER_NAME and FOURGET_SERVER_ADMIN_EMAIL with relevant values
|
||||
|
||||
the certs directory expects files named `cert.pem`, `chain.pem`, `privkey.pem`
|
||||
|
||||
|
||||
|
|
Loading…
Reference in a new issue