Little tutorial about nginx and tor (#7)

review it :3 Reviewed-on: #7 Co-authored-by: ckg <ckg@airmail.cc> Co-committed-by: ckg <ckg@airmail.cc>
2023-08-27 14:22:40 -05:00 · 2023-08-27 14:22:40 -05:00 · 6dfe114c85
parent cfd44438ae
commit 6dfe114c85
1 changed files with 115 additions and 4 deletions
--- a/README.md
+++ b/README.md
@ -37,7 +37,9 @@ https://4get.ca
 More scrapers are coming soon. I currently want to add Hackernews, Qwant and find a way to scrape Yandex web without those fucking captchas. A shopping, music and files tab is also in my todo list.

 # Setup
-This section is still to-do. You will need to figure shit out for some of the apache2 stuff. Everything else should be OK.
+This section is still to-do. You will need to figure shit out for some of the apache2 and nginx stuff. Everything else should be OK.
+
+## Apache

 Login as root.

@ -69,9 +71,59 @@ chmod 777 -R icons/

 Restart the service for good measure... `service apache2 restart`

+## NGINX
+
+Login as root.
+
+Create a file in `/etc/nginx/sites-avaliable/` called `4get.conf` or any name you want and put this into the file:
+
+```
+server {
+    # DO YOU REALLY NEED TO LOG SEARCHES?
+    access_log /dev/null;
+    error_log /dev/null;
+    # Change this if you have 4get in other folder.
+    root /var/www/4get;
+    # Change yourdomain by your domain lol
+    server_name www.yourdomain.com yourdomain.com;
+
+    location @php {
+        try_files $uri.php $uri/index.php =404;
+                # Change the unix socket address if it's different for you.
+        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
+        fastcgi_index index.php;
+                # Change this to `fastcgi_params` if you use a debian based distro.
+        include fastcgi.conf;
+        fastcgi_intercept_errors on;
+    }
+
+    location / {
+        try_files $uri @php;
+    }
+
+    location ~* ^(.*)\.php$ {
+        return 301 $1;
+    }
+
+        listen 80;
+}
+```
+
+That is a very basic config so you will need to adapt it to your needs in case you have a more complicated nginx configuration. Anyways, you can see a real world example [here](https://git.zzls.xyz/Fijxu/etc-configs/src/branch/selfhost/nginx/sites-available/4get.zzls.xyz.conf)
+
+After you save the file you will need to do a symlink of the `4get.conf` file to `/etc/nignx/sites-enabled/`, you can do it with this command: 
+
+```sh
+ln -s /etc/nginx/sites-available/4get.conf /etc/nginx/sites-available/4get.conf
+```
+
+Now test the nginx config with `nginx -t`, if it says that everything is good, restart nginx using `systemctl restart nginx`
+
 ## Setup encryption
 I'm schizoid (as you should) so I'm gonna setup 4096bit key encryption. To complete this step, you need a domain or subdomain in your possession. Make sure that the DNS shit for your domain has propagated properly before continuing, because certbot is a piece of shit that will error out the ass once you reach 5 attempts under an hour.

+### Apache
+
 ```sh
 certbot --apache --rsa-key-size 4096 -d www.yourdomain.com -d yourdomain.com
 ```
@ -98,11 +150,72 @@ Restart again
 service apache2 restart
 ```

-You'll probably want to setup a tor address at this point, but I'm too lazy to put instructions here.
+### NGINX
+
+Generate a certificate for the domain using:
+
+```sh
+certbot --nginx --key-type ecdsa -d www.yourdomain.com -d yourdomain.com
+```
+(Remember to install the nginx certbot plugin!!!)
+
+After doing that certbot should deploy the certificate automatically into your 4get nginx config file. It should be ready to use at that point.

 Ok bye!!!

+## Tor Setup

+1. Install tor.
+2. Open `/etc/tor/torrc`
+3. Go to the line that contains `HiddenServiceDir` and `HiddenServicePort`
+4. Uncomment those 2 lines and set them like this: 
+	```
+	HiddenServiceDir /var/lib/tor/4get
+	HiddenServicePort 80 127.0.0.1:80
+	```
+5. Start the tor service using `systemctl start tor`
+6. Wait some seconds...
+7. Login as root and execute this command: `cat /var/lib/tor/4get/hostname`
+8. That is your onion address.
+
+After you get your onion address you will need to configure your Apache or Nginx config or you will get 404 errors.
+
+I don't know to configure this shit on Apache so here is the NGINX one.
+
+### NGINX
+
+Open your current 4get NGINX config (that is under `/etc/nginx/sites-available/`) and append this to the end of the file:
+
+```
+server {
+	access_log /dev/null;
+	error_log /dev/null;
+
+    listen 80;
+    server_name <youronionaddress>;
+    root /var/www/4get;
+
+    location @php {
+        try_files $uri.php $uri/index.php =404;
+        # Change the unix socket address if it's different for you.
+        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
+        fastcgi_index index.php;
+        # Change this to `fastcgi_params` if you use a debian based distro.
+        include fastcgi.conf;
+        fastcgi_intercept_errors on;
+    }
+
+    location / {
+        try_files $uri @php;
+    }
+
+    location ~* ^(.*)\.php$ {
+        return 301 $1;
+    }
+}
+```
+
+Obviously replace `<youronionaddress>` by the onion address of `/var/lib/tor/4get/hostname` and then check if the nginx config is valid with `nginx -t` if yes, then restart the nginx service and try opening the onion address into the Tor Browser. You can see a real world example [here](https://git.zzls.xyz/Fijxu/etc-configs/src/branch/selfhost/nginx/sites-available/4get.zzls.xyz.conf)

 ## Docker Install

@ -116,5 +229,3 @@ docker run -d -p 80:80 -p 443:443 -e FOURGET_SERVER_NAME="4get.ca" -e FOURGET_SE
 replace enviroment variables FOURGET_SERVER_NAME and FOURGET_SERVER_ADMIN_EMAIL with relevant values

 the certs directory expects files named `cert.pem`, `chain.pem`, `privkey.pem`
-
-