Little tutorial about nginx and tor (#7)
review it :3 Reviewed-on: #7 Co-authored-by: ckg <ckg@airmail.cc> Co-committed-by: ckg <ckg@airmail.cc>
This commit is contained in:
parent
cfd44438ae
commit
6dfe114c85
119
README.md
119
README.md
|
@ -37,7 +37,9 @@ https://4get.ca
|
||||||
More scrapers are coming soon. I currently want to add Hackernews, Qwant and find a way to scrape Yandex web without those fucking captchas. A shopping, music and files tab is also in my todo list.
|
More scrapers are coming soon. I currently want to add Hackernews, Qwant and find a way to scrape Yandex web without those fucking captchas. A shopping, music and files tab is also in my todo list.
|
||||||
|
|
||||||
# Setup
|
# Setup
|
||||||
This section is still to-do. You will need to figure shit out for some of the apache2 stuff. Everything else should be OK.
|
This section is still to-do. You will need to figure shit out for some of the apache2 and nginx stuff. Everything else should be OK.
|
||||||
|
|
||||||
|
## Apache
|
||||||
|
|
||||||
Login as root.
|
Login as root.
|
||||||
|
|
||||||
|
@ -69,9 +71,59 @@ chmod 777 -R icons/
|
||||||
|
|
||||||
Restart the service for good measure... `service apache2 restart`
|
Restart the service for good measure... `service apache2 restart`
|
||||||
|
|
||||||
|
## NGINX
|
||||||
|
|
||||||
|
Login as root.
|
||||||
|
|
||||||
|
Create a file in `/etc/nginx/sites-avaliable/` called `4get.conf` or any name you want and put this into the file:
|
||||||
|
|
||||||
|
```
|
||||||
|
server {
|
||||||
|
# DO YOU REALLY NEED TO LOG SEARCHES?
|
||||||
|
access_log /dev/null;
|
||||||
|
error_log /dev/null;
|
||||||
|
# Change this if you have 4get in other folder.
|
||||||
|
root /var/www/4get;
|
||||||
|
# Change yourdomain by your domain lol
|
||||||
|
server_name www.yourdomain.com yourdomain.com;
|
||||||
|
|
||||||
|
location @php {
|
||||||
|
try_files $uri.php $uri/index.php =404;
|
||||||
|
# Change the unix socket address if it's different for you.
|
||||||
|
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
|
||||||
|
fastcgi_index index.php;
|
||||||
|
# Change this to `fastcgi_params` if you use a debian based distro.
|
||||||
|
include fastcgi.conf;
|
||||||
|
fastcgi_intercept_errors on;
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
try_files $uri @php;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~* ^(.*)\.php$ {
|
||||||
|
return 301 $1;
|
||||||
|
}
|
||||||
|
|
||||||
|
listen 80;
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
That is a very basic config so you will need to adapt it to your needs in case you have a more complicated nginx configuration. Anyways, you can see a real world example [here](https://git.zzls.xyz/Fijxu/etc-configs/src/branch/selfhost/nginx/sites-available/4get.zzls.xyz.conf)
|
||||||
|
|
||||||
|
After you save the file you will need to do a symlink of the `4get.conf` file to `/etc/nignx/sites-enabled/`, you can do it with this command:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
ln -s /etc/nginx/sites-available/4get.conf /etc/nginx/sites-available/4get.conf
|
||||||
|
```
|
||||||
|
|
||||||
|
Now test the nginx config with `nginx -t`, if it says that everything is good, restart nginx using `systemctl restart nginx`
|
||||||
|
|
||||||
## Setup encryption
|
## Setup encryption
|
||||||
I'm schizoid (as you should) so I'm gonna setup 4096bit key encryption. To complete this step, you need a domain or subdomain in your possession. Make sure that the DNS shit for your domain has propagated properly before continuing, because certbot is a piece of shit that will error out the ass once you reach 5 attempts under an hour.
|
I'm schizoid (as you should) so I'm gonna setup 4096bit key encryption. To complete this step, you need a domain or subdomain in your possession. Make sure that the DNS shit for your domain has propagated properly before continuing, because certbot is a piece of shit that will error out the ass once you reach 5 attempts under an hour.
|
||||||
|
|
||||||
|
### Apache
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
certbot --apache --rsa-key-size 4096 -d www.yourdomain.com -d yourdomain.com
|
certbot --apache --rsa-key-size 4096 -d www.yourdomain.com -d yourdomain.com
|
||||||
```
|
```
|
||||||
|
@ -98,11 +150,72 @@ Restart again
|
||||||
service apache2 restart
|
service apache2 restart
|
||||||
```
|
```
|
||||||
|
|
||||||
You'll probably want to setup a tor address at this point, but I'm too lazy to put instructions here.
|
### NGINX
|
||||||
|
|
||||||
|
Generate a certificate for the domain using:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
certbot --nginx --key-type ecdsa -d www.yourdomain.com -d yourdomain.com
|
||||||
|
```
|
||||||
|
(Remember to install the nginx certbot plugin!!!)
|
||||||
|
|
||||||
|
After doing that certbot should deploy the certificate automatically into your 4get nginx config file. It should be ready to use at that point.
|
||||||
|
|
||||||
Ok bye!!!
|
Ok bye!!!
|
||||||
|
|
||||||
|
## Tor Setup
|
||||||
|
|
||||||
|
1. Install tor.
|
||||||
|
2. Open `/etc/tor/torrc`
|
||||||
|
3. Go to the line that contains `HiddenServiceDir` and `HiddenServicePort`
|
||||||
|
4. Uncomment those 2 lines and set them like this:
|
||||||
|
```
|
||||||
|
HiddenServiceDir /var/lib/tor/4get
|
||||||
|
HiddenServicePort 80 127.0.0.1:80
|
||||||
|
```
|
||||||
|
5. Start the tor service using `systemctl start tor`
|
||||||
|
6. Wait some seconds...
|
||||||
|
7. Login as root and execute this command: `cat /var/lib/tor/4get/hostname`
|
||||||
|
8. That is your onion address.
|
||||||
|
|
||||||
|
After you get your onion address you will need to configure your Apache or Nginx config or you will get 404 errors.
|
||||||
|
|
||||||
|
I don't know to configure this shit on Apache so here is the NGINX one.
|
||||||
|
|
||||||
|
### NGINX
|
||||||
|
|
||||||
|
Open your current 4get NGINX config (that is under `/etc/nginx/sites-available/`) and append this to the end of the file:
|
||||||
|
|
||||||
|
```
|
||||||
|
server {
|
||||||
|
access_log /dev/null;
|
||||||
|
error_log /dev/null;
|
||||||
|
|
||||||
|
listen 80;
|
||||||
|
server_name <youronionaddress>;
|
||||||
|
root /var/www/4get;
|
||||||
|
|
||||||
|
location @php {
|
||||||
|
try_files $uri.php $uri/index.php =404;
|
||||||
|
# Change the unix socket address if it's different for you.
|
||||||
|
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
|
||||||
|
fastcgi_index index.php;
|
||||||
|
# Change this to `fastcgi_params` if you use a debian based distro.
|
||||||
|
include fastcgi.conf;
|
||||||
|
fastcgi_intercept_errors on;
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
try_files $uri @php;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~* ^(.*)\.php$ {
|
||||||
|
return 301 $1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
Obviously replace `<youronionaddress>` by the onion address of `/var/lib/tor/4get/hostname` and then check if the nginx config is valid with `nginx -t` if yes, then restart the nginx service and try opening the onion address into the Tor Browser. You can see a real world example [here](https://git.zzls.xyz/Fijxu/etc-configs/src/branch/selfhost/nginx/sites-available/4get.zzls.xyz.conf)
|
||||||
|
|
||||||
## Docker Install
|
## Docker Install
|
||||||
|
|
||||||
|
@ -116,5 +229,3 @@ docker run -d -p 80:80 -p 443:443 -e FOURGET_SERVER_NAME="4get.ca" -e FOURGET_SE
|
||||||
replace enviroment variables FOURGET_SERVER_NAME and FOURGET_SERVER_ADMIN_EMAIL with relevant values
|
replace enviroment variables FOURGET_SERVER_NAME and FOURGET_SERVER_ADMIN_EMAIL with relevant values
|
||||||
|
|
||||||
the certs directory expects files named `cert.pem`, `chain.pem`, `privkey.pem`
|
the certs directory expects files named `cert.pem`, `chain.pem`, `privkey.pem`
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue