442 lines
17 KiB
HTML
442 lines
17 KiB
HTML
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
<meta name="description" content="">
|
|
<meta name="author" content="">
|
|
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
|
|
|
|
<title>How to run the Blog yourself</title>
|
|
|
|
<!-- Bootstrap core CSS -->
|
|
<link href="../../assets/css/bootstrap.css" rel="stylesheet">
|
|
<link href="../../assets/css/xt256.css" rel="stylesheet">
|
|
|
|
|
|
|
|
<!-- Custom styles for this template -->
|
|
<link href="../../assets/css/main.css" rel="stylesheet">
|
|
|
|
|
|
|
|
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
|
|
<!--[if lt IE 9]>
|
|
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
|
|
<script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
|
|
<![endif]-->
|
|
</head>
|
|
|
|
<body>
|
|
|
|
<!-- Static navbar -->
|
|
<div class="navbar navbar-inverse-anon navbar-static-top">
|
|
<div class="container">
|
|
<div class="navbar-header">
|
|
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
|
|
<span class="icon-bar"></span>
|
|
<span class="icon-bar"></span>
|
|
<span class="icon-bar"></span>
|
|
</button>
|
|
<a class="navbar-brand-anon" href="\index.html">The Nihilism Blog</a>
|
|
</div>
|
|
<div class="navbar-collapse collapse">
|
|
<ul class="nav navbar-nav navbar-right">
|
|
|
|
<li><a href="/about.html">About</a></li>
|
|
<li><a href="/blog.html">Categories</a></li>
|
|
<li><a href="https://blog.nowhere.moe/donate.html">Donate</a></li>
|
|
<li><a href="/contact.html">Contact</a></li>
|
|
</ul>
|
|
</div><!--/.nav-collapse -->
|
|
|
|
</div>
|
|
</div>
|
|
|
|
<!-- +++++ Posts Lists +++++ -->
|
|
<!-- +++++ First Post +++++ -->
|
|
<div id="anon2">
|
|
<div class="container">
|
|
<div class="row">
|
|
<div class="col-lg-8 col-lg-offset-2">
|
|
<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist@mainpc - 2024-11-12</ba></p>
|
|
<h1>How to run the Blog yourself </h1>
|
|
|
|
</div>
|
|
</div><!-- /row -->
|
|
</div> <!-- /container -->
|
|
</div><!-- /grey -->
|
|
|
|
<!-- +++++ Second Post +++++ -->
|
|
<div id="anon3">
|
|
<div class="container">
|
|
<div class="row">
|
|
<div class="col-lg-8 col-lg-offset-2">
|
|
<h2><b>Why are you letting me run the blog ? </b></h2>
|
|
<p>As you have probably noticed after looking at the footer of any of the blogposts in this blog, they are all licensed under the public domain license. This means that there is no copyright restrictions at all, it is free for all, forever.</p>
|
|
<p>The reason behind this stems from <a href="../../productivity/sum-nihil/index.html">Sum Nihil</a>, where i strongly believe that it doesn't matter who does the work, who gets the fame, who gets to profit off of it, <b>what truly matters is that the work gets done</b>, no matter who does it.</p>
|
|
<p>Here, <b>the work is to make sure that everyone out there knows that when using the right technology in the right way, they cannot be oppressed, silenced, censored, controlled, and governed anymore.</b> If you can help me reach that goal i'm definitely going to welcome it, even if it means to allow other people to run the blog.</p>
|
|
<p>The entire blog is meant to remain available for free, for everyone, over clearnet and over the Tor network. Ideally i'd like it to be resillient to takedowns in the case if something were to happen to it in the future. <b>Therefore, the more people run the blog themselves, the more resillient it will become, and the farther the word will be able to go out there.</b> </p>
|
|
</div>
|
|
</div><!-- /row -->
|
|
</div> <!-- /container -->
|
|
</div><!-- /white -->
|
|
|
|
<div id="anon2">
|
|
<div class="container">
|
|
<div class="row">
|
|
<div class="col-lg-8 col-lg-offset-2">
|
|
<h2><b>Clearnet Setup</b></h2> </br> </br>
|
|
<p>On a debian server (VPS or not), install the following packages:</p>
|
|
<pre><code class="nim">
|
|
[ Datura ] [ /dev/pts/23 ] [~]
|
|
→ sudo apt install nginx wget curl -y
|
|
|
|
</code></pre>
|
|
|
|
<p>Then, you need to download the blog somewhere, you can simply git clone it from the blog-contributions gitea repository into the /srv/ directory:</p>
|
|
<pre><code class="nim">
|
|
[ Datura ] [ /dev/pts/23 ] [~]
|
|
→ git clone https://git.nowhere.moe/nihilist/blog-contributions /srv/blog/
|
|
|
|
</code></pre>
|
|
|
|
<p>then you can use this nginx configuration (and dont forget to enable it with a symlink to sites-enabled):</p>
|
|
<pre><code class="nim">
|
|
[ Datura ] [ /dev/pts/23 ] [~]
|
|
→ rm /etc/nginx/sites-*/default
|
|
|
|
[ Datura ] [ /dev/pts/23 ] [~]
|
|
→ vim /etc/nginx/sites-available/blog.nowhere.moe
|
|
|
|
[ Datura ] [ /dev/pts/23 ] [~]
|
|
→ ln -s /etc/nginx/sites-available/blog.nowhere.moe /etc/nginx/sites-enabled/
|
|
|
|
[ Datura ] [ /dev/pts/23 ] [~]
|
|
→ cat /etc/nginx/sites-available/blog.nowhere.moe
|
|
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
server_name blog.nowhere.moe;
|
|
return 301 https://$server_name$request_uri;
|
|
}
|
|
|
|
server {
|
|
######## TOR CHANGES ########
|
|
listen 4443;
|
|
listen [::]:4443;
|
|
server_name blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion;
|
|
add_header Onion-Location "http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion$request_uri" always;
|
|
######## TOR CHANGES ########
|
|
|
|
listen 443 ssl http2;
|
|
listen [::]:443 ssl http2;
|
|
server_name blog.nowhere.moe;
|
|
########################################## HARDENING SSL #############################################
|
|
ssl_certificate /root/.acme.sh/blog.nowhere.moe/fullchain.cer;
|
|
ssl_certificate_key /root/.acme.sh/blog.nowhere.moe/blog.nowhere.moe.key;
|
|
ssl_dhparam /root/.acme.sh/dhparam.pem;
|
|
|
|
|
|
# SSL Settings
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
|
|
ssl_session_cache shared:SSL:10m;
|
|
ssl_session_timeout 10m;
|
|
ssl_session_tickets off;
|
|
ssl_ecdh_curve auto;
|
|
|
|
# OCSP stapling
|
|
ssl_stapling on;
|
|
ssl_stapling_verify on;
|
|
ssl_trusted_certificate /root/.acme.sh/blog.nowhere.moe/fullchain.cer;
|
|
resolver 1.1.1.1 208.67.222.222;
|
|
|
|
add_header Strict-Transport-Security "max-age=63072000" always;
|
|
|
|
|
|
|
|
|
|
access_log off;
|
|
error_log off;
|
|
###################################END OF HARDENING SSL###########################################
|
|
|
|
|
|
|
|
root /srv/blog/;
|
|
rewrite ^/servers/anon.html /opsec/index.html permanent;
|
|
rewrite ^/servers/(.*)$ /opsec/$1 permanent;
|
|
index index.html;
|
|
}
|
|
</code></pre>
|
|
<p>but as you can see we're missing the TLS certificates, so let's get them using acme.sh:</p>
|
|
<pre><code class="nim">
|
|
[ Datura ] [ /dev/pts/23 ] [~]
|
|
→ wget -O - https://get.acme.sh | sh -s email=nihilist@contact.nowhere.moe
|
|
|
|
[ Datura ] [ /dev/pts/23 ] [~]
|
|
→ systemctl stop nginx ; acme.sh --issue --standalone -d blog.nowhere.moe -k 4096; systemctl start nginx
|
|
|
|
</code></pre>
|
|
<p>And now that we have them, let's see if the nginx config is correct:</p>
|
|
<pre><code class="nim">
|
|
[ Datura ] [ /dev/pts/23 ] [~]
|
|
→ nginx -t
|
|
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
|
|
nginx: configuration file /etc/nginx/nginx.conf test is successful
|
|
|
|
</code></pre>
|
|
<p>Now that the nginx config is correct let's restart nginx to load in the new config:</p>
|
|
<pre><code class="nim">
|
|
[ Datura ] [ /dev/pts/23 ] [~]
|
|
→ systemctl restart nginx
|
|
|
|
</code></pre>
|
|
<p>And then we can see that the website is up and reachable at the clearnet domain:</p>
|
|
<img src="1.png" class="imgRz">
|
|
|
|
</div>
|
|
</div><!-- /row -->
|
|
</div> <!-- /container -->
|
|
</div><!-- /white -->
|
|
|
|
|
|
<!-- +++++ Second Post +++++ -->
|
|
<div id="anon1">
|
|
<div class="container">
|
|
<div class="row">
|
|
<div class="col-lg-8 col-lg-offset-2">
|
|
<h2><b>Tor Hidden Service Setup</b></h2> </br> </br>
|
|
<p>Now since the clearnet is easily censored nowadays, let's make sure it is also available over Tor. Let's first install Tor:</p>
|
|
<pre><code class="nim">
|
|
[ Datura ] [ /dev/pts/23 ] [~]
|
|
→ apt install tor -y
|
|
|
|
</code></pre>
|
|
|
|
<p>Then we git clone the mkp repository to be able to generate an onion hidden service address: </p>
|
|
<pre><code class="nim">
|
|
[ Datura ] [ /dev/pts/23 ] [~]
|
|
→ apt install gcc libc6-dev libsodium-dev make autoconf tor
|
|
|
|
[ Datura ] [ /dev/pts/23 ] [~]
|
|
→ git clone https://github.com/cathugger/mkp224o /srv/mkp224o
|
|
|
|
[ Datura ] [ /dev/pts/23 ] [/srv/mkp224o]
|
|
→ cd /srv/mkp224o ; ./autogen.sh ; ./configure ; make
|
|
|
|
[ Datura ] [ /dev/pts/23 ] [/srv/mkp224o]
|
|
→ ./mkp224o datura
|
|
sorting filters... done.
|
|
filters:
|
|
datura
|
|
in total, 1 filter
|
|
using 12 threads
|
|
daturacccspczuluj2hbgqfcpkjo75hn7bzmuzsm5zys3az6k3su45ad.onion
|
|
daturaxnp7x4ubwlslgyeaft5dabaxotmsaxanayocnpxarc7wi36kid.onion
|
|
|
|
[ Datura ] [ /dev/pts/23 ] [/srv/mkp224o]
|
|
→ mkdir /var/lib/tor/onions
|
|
|
|
[ Datura ] [ /dev/pts/23 ] [/srv/mkp224o]
|
|
→ mv daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion /var/lib/tor/onions
|
|
|
|
[ Datura ] [ /dev/pts/11 ] [lib/tor/onions]
|
|
→ ls -lash
|
|
total 16K
|
|
4.0K drwx------ 4 debian-tor debian-tor 4.0K Jan 27 15:33 .
|
|
4.0K drwx--S--- 8 debian-tor debian-tor 4.0K Feb 1 15:08 ..
|
|
4.0K drwx------ 3 debian-tor debian-tor 4.0K Jul 12 2023 daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion
|
|
4.0K drwx------ 3 debian-tor debian-tor 4.0K Jan 27 15:48 nihilhfjmj55gfbleupwl2ub7lvbhq4kkoioatiopahfqwkcnglsawyd.onion
|
|
|
|
[ Datura ] [ /dev/pts/11 ] [lib/tor/onions]
|
|
→ ls -lash daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion
|
|
total 24K
|
|
4.0K drwx------ 3 debian-tor debian-tor 4.0K Jul 12 2023 .
|
|
4.0K drwx------ 4 debian-tor debian-tor 4.0K Jan 27 15:33 ..
|
|
4.0K drwx------ 2 debian-tor debian-tor 4.0K Jul 12 2023 authorized_clients
|
|
4.0K -r-------- 1 debian-tor debian-tor 63 Jul 12 2023 hostname
|
|
4.0K -r-------- 1 debian-tor debian-tor 64 Jul 12 2023 hs_ed25519_public_key
|
|
4.0K -r-------- 1 debian-tor debian-tor 96 Jul 12 2023 hs_ed25519_secret_key
|
|
|
|
</code></pre>
|
|
|
|
<p>Then after copying the hidden service files where they belong we change the directory rights accordingly:</p>
|
|
<pre><code class="nim">
|
|
[ Datura ] [ /dev/pts/11 ] [lib/tor/onions]
|
|
→ chmod 700 daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion
|
|
|
|
[ Datura ] [ /dev/pts/11 ] [lib/tor/onions]
|
|
→ chmod 400 daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion/*
|
|
|
|
[ Datura ] [ /dev/pts/11 ] [lib/tor/onions]
|
|
→ chmod 700 daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion/authorized_clients -R
|
|
|
|
[ Datura ] [ /dev/pts/11 ] [lib/tor/onions]
|
|
→ chown debian-tor: /var/lib/tor/onions -R
|
|
|
|
</code></pre>
|
|
<p>Then we edit the torrc config file to make sure it uses the correct hidden service directory, along with a port to be used to access the website:</p>
|
|
<pre><code class="nim">
|
|
[ Datura ] [ /dev/pts/11 ] [/srv/mkp224o]
|
|
→ cat /etc/tor/torrc
|
|
HiddenServiceDir /var/lib/tor/onions/daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion/
|
|
HiddenServicePort 80 127.0.0.1:4443 # for web service HTTP (recommended!)
|
|
HiddenServicePort 443 127.0.0.1:4444 # for web service HTTPS (but not recommended!)
|
|
|
|
HiddenServicePort 18080 127.0.0.1:18080 # for monero nodes
|
|
HiddenServicePort 18081 127.0.0.1:18081 # for monero nodes
|
|
|
|
# to have another hidden service, you can append it afterward like so; but you need to use different ports:
|
|
|
|
HiddenServiceDir /var/lib/tor/onions/daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion/
|
|
HiddenServicePort 80 127.0.0.1:4445
|
|
|
|
</code></pre>
|
|
<p>Then we restart Tor to refresh the configuration:</p>
|
|
<pre><code class="nim">
|
|
[ Datura ] [ /dev/pts/23 ] [/srv/mkp224o]
|
|
→ systemctl restart tor@default
|
|
|
|
[ Datura ] [ /dev/pts/23 ] [/srv/mkp224o]
|
|
→ systemctl status tor@default
|
|
● tor@default.service - Anonymizing overlay network for TCP
|
|
Loaded: loaded (/lib/systemd/system/tor@default.service; enabled-runtime; preset: enabled)
|
|
Active: active (running) since Sun 2024-11-10 21:39:43 CET; 2 days ago
|
|
Main PID: 2790923 (tor)
|
|
Tasks: 13 (limit: 77002)
|
|
Memory: 1.5G
|
|
CPU: 1d 12h 17min 42.199s
|
|
CGroup: /system.slice/system-tor.slice/tor@default.service
|
|
└─2790923 /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0
|
|
|
|
</code></pre>
|
|
<p>And from there, we edit the nginx configuration to make sure the website is reachable over the tor domain aswell along with having the header set so that the user's tor browser mentions that there is a .onion link available:</p>
|
|
<pre><code class="nim">
|
|
[ Datura ] [ /dev/pts/23 ] [~]
|
|
→ vim /etc/nginx/sites-available/blog.nowhere.moe
|
|
|
|
[ Datura ] [ /dev/pts/23 ] [/srv/mkp224o]
|
|
→ cat /etc/nginx/sites-available/blog.nowhere.moe
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
server_name blog.nowhere.moe;
|
|
return 301 https://$server_name$request_uri;
|
|
}
|
|
|
|
server {
|
|
<b> ######## TOR CHANGES ########
|
|
listen 4443;
|
|
listen [::]:4443;
|
|
server_name blog.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion;
|
|
add_header Onion-Location "http://blog.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion$request_uri" always;
|
|
######## TOR CHANGES ########</b>
|
|
|
|
[...]
|
|
}
|
|
|
|
</code></pre>
|
|
<p>And then we refresh nginx and we see that the website can be reached over the .onion link aswell:</p>
|
|
<pre><code class="nim">
|
|
[ Datura ] [ /dev/pts/23 ] [~]
|
|
→ systemctl restart nginx
|
|
|
|
</code></pre>
|
|
<img src="2.png" class="imgRz">
|
|
<img src="3.png" class="imgRz">
|
|
<p>And that's it! you now have made your own copy of the blog available over clearnet and Tor.</p>
|
|
|
|
</div>
|
|
</div><!-- /row -->
|
|
</div> <!-- /container -->
|
|
</div><!-- /white -->
|
|
|
|
<!-- +++++ Footer Section +++++ -->
|
|
|
|
<div id="anon2">
|
|
<div class="container">
|
|
<div class="row">
|
|
<div class="col-lg-8 col-lg-offset-2">
|
|
<h2><b>Setting up the collaboration</b></h2> </br> </br>
|
|
<p>Now in order to make sure you can welcome external contributions, you need at least to be able to have a gitea instance:</p>
|
|
|
|
<img src="" class="imgRz">
|
|
<p>Once setup, you can clone the blog-contributions repository in your gitea instance:</p>
|
|
<img src="" class="imgRz">
|
|
<p>And then, you can recreate the kanban board like so:</p>
|
|
<img src="" class="imgRz">
|
|
|
|
<p>And then adding issues into it like so:</p>
|
|
<img src="" class="imgRz">
|
|
|
|
</div>
|
|
</div><!-- /row -->
|
|
</div> <!-- /container -->
|
|
</div><!-- /white -->
|
|
|
|
<!-- +++++ Footer Section +++++ -->
|
|
|
|
<div id="anon3">
|
|
<div class="container">
|
|
<div class="row">
|
|
<div class="col-lg-8 col-lg-offset-2">
|
|
<h2><b>Setting up a Mirror List</b></h2> </br> </br>
|
|
<p>Now in order to give people a list of all the backup blog mirrors in one go, i list them manually on an uptimekuma instance:</p>
|
|
<img src="" class="imgRz">
|
|
<p>First, the mirror (clearnet and .onion) gets added into the "testing" category:</p>
|
|
<img src="" class="imgRz">
|
|
<p>Then, if the mirror is still reachable after 1 month, i move it into the "stable" category:</p>
|
|
<img src="" class="imgRz">
|
|
<p>And there the mirror stays until i see it is no longer reachable.</p>
|
|
<img src="" class="imgRz">
|
|
</div>
|
|
</div><!-- /row -->
|
|
</div> <!-- /container -->
|
|
</div><!-- /white -->
|
|
|
|
<!-- +++++ Footer Section +++++ -->
|
|
|
|
<div id="anonb">
|
|
<div class="container">
|
|
<div class="row">
|
|
<div class="col-lg-4">
|
|
<h4>Nihilism</h4>
|
|
<p>
|
|
Until there is Nothing left.</p></br></br><p>Creative Commons Zero: No Rights Reserved</br><img src="\CC0.png">
|
|
|
|
</p>
|
|
</div><!-- /col-lg-4 -->
|
|
|
|
<div class="col-lg-4">
|
|
<h4>My Links</h4>
|
|
<p>
|
|
|
|
<a target="_blank" rel="noopener noreferrer" href="http://blog.nowhere.moe/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://simplex.chat/contact#/?v=2-7&smp=smp%3A%2F%2FL5jrGV2L_Bb20Oj0aE4Gn-m5AHet9XdpYDotiqpcpGc%3D%40nowhere.moe%2FH4g7zPbitSLV5tDQ51Yz-R6RgOkMEeCc%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEAkts5T5AMxHGrZCCg12aeKxWcpXaxbB_XqjrXmcFYlDQ%253D&data=%7B%22type%22%3A%22group%22%2C%22groupLinkId%22%3A%22c3Y-iDaoDCFm6RhptSDOaw%3D%3D%22%7D">SimpleX Chat</a><br/>
|
|
|
|
</p>
|
|
</div><!-- /col-lg-4 -->
|
|
|
|
<div class="col-lg-4">
|
|
<h4>About nihilist</h4>
|
|
<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@contact.nowhere.moe (<a href="https://nowhere.moe/nihilist.pubkey">PGP</a>)</p>
|
|
</div><!-- /col-lg-4 -->
|
|
|
|
</div>
|
|
|
|
</div>
|
|
</div>
|
|
|
|
|
|
<!-- Bootstrap core JavaScript
|
|
================================================== -->
|
|
<!-- Placed at the end of the document so the pages load faster -->
|
|
|
|
</body>
|
|
</html>
|