Differences

This shows you the differences between two versions of the page.

--- webapps:nitter [2021/03/05 20:20] – lucid
+++ webapps:nitter [2021/06/18 16:36] (current) – external edit 127.0.0.1
@@ Line 3: / Line 3: @@
 **Ubuntu 20.04**
-This project, while good, required a decent amount of manual work just to get it up and running. There is next to zero documentation and uses some random language that has it's own issues getting installed properly.
+This project, while good, required a decent amount of manual work just to get it up and running. There is next to zero documentation and uses some random language that has it's own issues getting installed properly. This guide assumes you know how to setup a DNS record.
+=====Install=====
 Update and install nginx, redis (a caching server), and certbot. Redis will automatically start itself and create a service, which is nice.
   sudo apt update;sudo apt upgrade -y
@@ Line 10: / Line 11: @@
   sudo apt install python3-certbot-nginx
   sudo apt install libsass-dev # Required to run nimble scss
-  certbot --nginx certonly
+  sudo certbot --nginx certonly
+====Configure Nginx====
+This configuration will obtain an A+ on Qualy's SSL Labs and Mozilla Observatory.
-Configure Nginx
   sudo vim /etc/nginx/conf.d/nitter.placeholder.domain.conf
 <code>
@@ Line 31: / Line 34: @@
     ssl_ecdh_curve secp384r1;
     ssl_session_tickets off;
-    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:AES256+EECDH:AES256+EDH:!aNULL';
+    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:AES256+EECDH:AES256+EDH:!SHA1:!SHA256:!SHA384:!aNULL';
     ssl_prefer_server_ciphers on;
     ssl_protocols TLSv1.3 TLSv1.2;
@@ Line 38: / Line 41: @@
     ssl_stapling_verify on;
-    # Add headers to serve security related headers
-    # Before enabling Strict-Transport-Security headers please read into this
-    # topic first.
     add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
-    #
-    # WARNING: Only add the preload option once you read about
-    # the consequences in https://hstspreload.org/. This option
-    # will add the domain to a hardcoded list that is shipped
-    # in all major browsers and getting removed from this list
-    # could take several months.
     add_header Referrer-Policy "no-referrer" always;
     add_header X-Content-Type-Options "nosniff" always;
@@ Line 55: / Line 49: @@
     add_header X-Robots-Tag "none" always;
     add_header X-XSS-Protection "1; mode=block" always;
+    add_header Content-Security-Policy "default-src 'self' 'inline-unsafe; script-src 'self' 'inline-unsafe'" always;
     location / {
@@ Line 62: / Line 57: @@
 </code>
+====Install and Configure nim====
 Install nim, just wget the latest package from their website. https://nim-lang.org/install_unix.html
-Their install script is improperly written/completely undocumented so you will need to manually copy nimble as that one is used to compile. Just stick it in /usr/bin. Below is an example using the current version of nim at the time of writing.
+Their install script is improperly written so you will need to manually copy the executable binary ''nimble'' as that one is used to compile. Just stick it in /usr/bin. Below is an example using the current version of nim at the time of writing.
-  $ wget https://nim-lang.org/download/nim-1.4.4-linux_x64.tar.xz
+  wget https://nim-lang.org/download/nim-1.4.4-linux_x64.tar.xz
-  $ tar xvf nim-1.4.4-linux_x64.tar.xz
+  tar xvf nim-1.4.4-linux_x64.tar.xz
-  $ cd nim-1.4.4/
+  cd nim-1.4.4/
-  $ ./install.sh /usr/bin
+  ./install.sh /usr/bin
-  $ sudo cp bin/nimble /usr/bin/
+  sudo cp bin/nimble /usr/bin/
-Add a nitter user
+Add a user named nitter and login as that user. The following commands are under the nitter user only.
-  $ sudo useradd -d /home/nitter -m nitter
+  sudo useradd -d /home/nitter -m nitter
-  $ sudo su nitter
+  sudo su nitter
 Clone Nitter
-  $ git clone https://github.com/zedeus/nitter
+  git clone https://github.com/zedeus/nitter
-  $ cd nitter
+  cd nitter
 Build Nitter
-  $ nimble build -d:release
+  nimble build -d:release
 Build CSS
-  $ nimble scss
+  nimble scss
-  $ mkdir ./tmp
+  mkdir ./tmp
 Configure nitter
-''/home/nitter/nitter.conf''
+''/home/nitter/nitter/nitter.conf''
-Just make sure to fill out the hostname and hmacKey, I gave my key and randomly generated 64 character string, seems to work.
+Just make sure to fill out the hostname and hmacKey, I gave my key a randomly generated 64 character string, seems to work.
-Make it run on startup
-Systemd Service
+====Configure and enable UFW====
+  sudo ufw allow ssh
+  sudo ufw allow http
+  sudo ufw allow https
+  sudo ufw enable
+=====Make it run on startup=====
+Run this command as your standard log in user, not the nitter user as that should still not have a password.
+  sudo vim /etc/systemd/system/nitter.service
+**Systemd Service**
 <code>
 [Unit]
@@ Line 111: / Line 118: @@
 WantedBy=multi-user.target
 </code>