From 6dfe114c856eca6755e13e48f9c60e7a89fb9f66 Mon Sep 17 00:00:00 2001 From: ckg Date: Sun, 27 Aug 2023 14:22:40 -0500 Subject: [PATCH] Little tutorial about nginx and tor (#7) review it :3 Reviewed-on: https://git.lolcat.ca/lolcat/4get/pulls/7 Co-authored-by: ckg Co-committed-by: ckg --- README.md | 119 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 115 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 41e4fb3..88024cf 100644 --- a/README.md +++ b/README.md @@ -37,7 +37,9 @@ https://4get.ca More scrapers are coming soon. I currently want to add Hackernews, Qwant and find a way to scrape Yandex web without those fucking captchas. A shopping, music and files tab is also in my todo list. # Setup -This section is still to-do. You will need to figure shit out for some of the apache2 stuff. Everything else should be OK. +This section is still to-do. You will need to figure shit out for some of the apache2 and nginx stuff. Everything else should be OK. + +## Apache Login as root. @@ -69,9 +71,59 @@ chmod 777 -R icons/ Restart the service for good measure... `service apache2 restart` +## NGINX + +Login as root. + +Create a file in `/etc/nginx/sites-avaliable/` called `4get.conf` or any name you want and put this into the file: + +``` +server { + # DO YOU REALLY NEED TO LOG SEARCHES? + access_log /dev/null; + error_log /dev/null; + # Change this if you have 4get in other folder. + root /var/www/4get; + # Change yourdomain by your domain lol + server_name www.yourdomain.com yourdomain.com; + + location @php { + try_files $uri.php $uri/index.php =404; + # Change the unix socket address if it's different for you. + fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; + fastcgi_index index.php; + # Change this to `fastcgi_params` if you use a debian based distro. + include fastcgi.conf; + fastcgi_intercept_errors on; + } + + location / { + try_files $uri @php; + } + + location ~* ^(.*)\.php$ { + return 301 $1; + } + + listen 80; +} +``` + +That is a very basic config so you will need to adapt it to your needs in case you have a more complicated nginx configuration. Anyways, you can see a real world example [here](https://git.zzls.xyz/Fijxu/etc-configs/src/branch/selfhost/nginx/sites-available/4get.zzls.xyz.conf) + +After you save the file you will need to do a symlink of the `4get.conf` file to `/etc/nignx/sites-enabled/`, you can do it with this command: + +```sh +ln -s /etc/nginx/sites-available/4get.conf /etc/nginx/sites-available/4get.conf +``` + +Now test the nginx config with `nginx -t`, if it says that everything is good, restart nginx using `systemctl restart nginx` + ## Setup encryption I'm schizoid (as you should) so I'm gonna setup 4096bit key encryption. To complete this step, you need a domain or subdomain in your possession. Make sure that the DNS shit for your domain has propagated properly before continuing, because certbot is a piece of shit that will error out the ass once you reach 5 attempts under an hour. +### Apache + ```sh certbot --apache --rsa-key-size 4096 -d www.yourdomain.com -d yourdomain.com ``` @@ -98,11 +150,72 @@ Restart again service apache2 restart ``` -You'll probably want to setup a tor address at this point, but I'm too lazy to put instructions here. +### NGINX + +Generate a certificate for the domain using: + +```sh +certbot --nginx --key-type ecdsa -d www.yourdomain.com -d yourdomain.com +``` +(Remember to install the nginx certbot plugin!!!) + +After doing that certbot should deploy the certificate automatically into your 4get nginx config file. It should be ready to use at that point. Ok bye!!! +## Tor Setup +1. Install tor. +2. Open `/etc/tor/torrc` +3. Go to the line that contains `HiddenServiceDir` and `HiddenServicePort` +4. Uncomment those 2 lines and set them like this: + ``` + HiddenServiceDir /var/lib/tor/4get + HiddenServicePort 80 127.0.0.1:80 + ``` +5. Start the tor service using `systemctl start tor` +6. Wait some seconds... +7. Login as root and execute this command: `cat /var/lib/tor/4get/hostname` +8. That is your onion address. + +After you get your onion address you will need to configure your Apache or Nginx config or you will get 404 errors. + +I don't know to configure this shit on Apache so here is the NGINX one. + +### NGINX + +Open your current 4get NGINX config (that is under `/etc/nginx/sites-available/`) and append this to the end of the file: + +``` +server { + access_log /dev/null; + error_log /dev/null; + + listen 80; + server_name ; + root /var/www/4get; + + location @php { + try_files $uri.php $uri/index.php =404; + # Change the unix socket address if it's different for you. + fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; + fastcgi_index index.php; + # Change this to `fastcgi_params` if you use a debian based distro. + include fastcgi.conf; + fastcgi_intercept_errors on; + } + + location / { + try_files $uri @php; + } + + location ~* ^(.*)\.php$ { + return 301 $1; + } +} +``` + +Obviously replace `` by the onion address of `/var/lib/tor/4get/hostname` and then check if the nginx config is valid with `nginx -t` if yes, then restart the nginx service and try opening the onion address into the Tor Browser. You can see a real world example [here](https://git.zzls.xyz/Fijxu/etc-configs/src/branch/selfhost/nginx/sites-available/4get.zzls.xyz.conf) ## Docker Install @@ -116,5 +229,3 @@ docker run -d -p 80:80 -p 443:443 -e FOURGET_SERVER_NAME="4get.ca" -e FOURGET_SE replace enviroment variables FOURGET_SERVER_NAME and FOURGET_SERVER_ADMIN_EMAIL with relevant values the certs directory expects files named `cert.pem`, `chain.pem`, `privkey.pem` - -