forked from lolcat/4get
8.1 KiB
8.1 KiB
Installation of 4get in NGINX
NOTE: As the previous version stated, it is better to follow the Apache2 guide instead of the Nginx one.
NOTE: This is going to guess that you're using either a Arch-based system or a Debian-based system, although you can still follow it with minor issues.
- Login as root.
- Upgrade your system:
- On Arch-based, run
pacman -Syu
. - On Debian-based, run
apt update
, thenapt upgrade
.
- On Arch-based, run
- Install the following dependencies:
git
: So you can clone this repository.nginx
: So you can run Nginx.php-fpm
: This is what allows Nginx to run (and show) PHP files.php-imagick
,imagemagick
: Image manipulation.php-apcu
: Caching module.php-curl
,curl
: Transferring data with URLs.php-mbstring
: String utils.certbot
,certbot-nginx
: ACME client. Used to create SSL certificates.- In Arch-based distributions:
pacman -S nginx certbot php-imagick certbot-nginx imagemagick curl php-apcu git
- In Debian-based distributions:
apt install php-mbstring nginx certbot-nginx certbot php-imagick imagemagick php-curl curl php-apcu git
- In Arch-based distributions:
IMPORTANT:
php-curl
,php-mbstring
might be a Debian-only package, but this needs further fact checking.
IMPORTANT:
php-apcu
is known to not work on Artix1.
cd
to/etc/nginx
and make theconf.d/
directory if it doesn't exist:- Again, this guesses you're logged in as root.
cd /etc/nginx ls -l conf.d/ # If ls shows conf.d, then it means it exists. # If it does not, run: mkdir conf.d
- Make a file inside
conf.d/
called4get.conf
and place the following content:- First run
touch conf.d/4get.conf
thennano conf.d/4get.conf
to open the nano editor: (Install it if it is not, or use another editor.)
server { access_log /dev/null; # Search log file. Do you really need to? error_log /dev/null; # Error log file. # Change this if you have 4get in another folder. root /var/www/4get; # Change 'yourdomain' to your domain. server_name www.yourdomain.com yourdomain.com; # Port to listen to. listen 80; location @php { try_files $uri.php $uri/index.php =404; # Change the unix socket address if it's different for you. fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; fastcgi_index index.php; # Change this to `fastcgi_params` if you use a debian based distribution. include fastcgi.conf; fastcgi_intercept_errors on; } location / { try_files $uri @php; } location ~* ^(.*)\.php$ { return 301 $1; } }
- The above is a very basic configuration and thus will need tweaking to your personal needs. It should still work as-is, though. A 'real world' example is present in 2.
- After saving the file, check that the
nginx.conf
file inside the main directory includes files insideconf.d/
:- It should be inside the the http block: (The following is an example! Don't just Copy and Paste it!)
http { include mime.types; include conf.d/*.conf; types_hash_max_size 4096; # ... }
- Now, test your configuration with
nginx -t
, if it says that everything is good, restart (or start) the Nginx daemon:- This depends on the init manager, most distributions use
systemd
, but it's better practice to include most.
# systemd systemctl stop nginx systemctl start nginxt # or systemctl restart nginx # openrc rc-service nginx stop rc-service nginx start # or rc-service nginx restart # runit sv down nginx sv up nginx # or sv restart nginx # s6 s6-rc -d change nginx s6-rc -u change nginx # or s6-svc -r /run/service/nginx # dinit dinitctl stop nginx dinitctl start nginx # or dinitctl restart nginx
- This depends on the init manager, most distributions use
- First run
- Clone the repository to
/var/www
:git clone --depth 1 https://git.lolcat.ca/lolcat/4get 4get
- It clones the repository with the depth of one commit (so it takes less time to download) and saves the cloned repository as '4get'.
- That should be it! There are some extra steps you can take, but it really just depends on you.
Encryption setup
- Generate a certificate for the domain you're using with:
- Note that
certbot-nginx
is needed.
certbot --nginx --key-type ecdsa -d www.yourdomain.com -d yourdomain.com
- Note that
- After that, certbot will deploy the certificate automatically to your 4get conf file; It should be ready to use from there.
Tor Setup
IMPORTANT: Tor onion addresses are very long compared to traditional domains, so, Before doing anything, edit
nginx.conf
and increaseserver_names_hash_bucket_size
to your needs.
cd
to/etc/nginx
(if you haven't) and open yournginx.conf
file.- Find the line containing
# server_names_hash_bucket_size 64;
inside said file. - Uncomment the line and adjust the value; start with 64, but if you encounter issues, incrementally increase it (e.g., 128, 256) until it accommodates your configuration.
- Open (or duplicate the configuration) and edit it:
- Example configuration, again:
A real world example is present in 2.server { access_log /dev/null; # Search log file. Do you really need to? error_log /dev/null; # Error log file. # Change this if you have 4get in another folder. root /var/www/4get; # Change 'onionadress.onion' to your onion link. server_name onionadress.onion; # Port to listen to. listen 80; location @php { try_files $uri.php $uri/index.php =404; # Change the unix socket address if it's different for you. fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; fastcgi_index index.php; # Change this to `fastcgi_params` if you use a debian based distribution. include fastcgi.conf; fastcgi_intercept_errors on; } location / { try_files $uri @php; } location ~* ^(.*)\.php$ { return 301 $1; } }
- Once done, check the configuration with
nginx -t
. If everything's fine and dandy, refer to the Tor guide to setup your onion site.
Other important things
- Configuration guide: Things to do after setup.
- Apache2 guide: Fallback to this if you couldn't get something to work, or you don't know something.
Known issues
php-apcu
not working in Artix1, this might be because of it being a systemd daemon, but the binary isn't present. This might apply to Arch Linux as well, since it is from where the package was gotten. Read more in the issue.
-
lolcat/4get#40, It might be needed to create a boot entry, but the binary is unknown. ↩︎
-
git.nadeko.net nadeko.net's 4get instance configuration. ↩︎