lucid's wiki

User Tools

Site Tools

You are here: start » webapps » nitter
webapps:nitter

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
webapps:nitter [2021/03/05 20:20] lucidwebapps:nitter [2021/06/18 16:36] (current) – external edit 127.0.0.1
Line 3: Line 3:
 **Ubuntu 20.04** **Ubuntu 20.04**
  
-This project, while good, required a decent amount of manual work just to get it up and running. There is next to zero documentation and uses some random language that has it's own issues getting installed properly.+This project, while good, required a decent amount of manual work just to get it up and running. There is next to zero documentation and uses some random language that has it's own issues getting installed properly. This guide assumes you know how to setup a DNS record.
  
 +=====Install=====
 Update and install nginx, redis (a caching server), and certbot. Redis will automatically start itself and create a service, which is nice. Update and install nginx, redis (a caching server), and certbot. Redis will automatically start itself and create a service, which is nice.
   sudo apt update;sudo apt upgrade -y   sudo apt update;sudo apt upgrade -y
Line 10: Line 11:
   sudo apt install python3-certbot-nginx   sudo apt install python3-certbot-nginx
   sudo apt install libsass-dev # Required to run nimble scss   sudo apt install libsass-dev # Required to run nimble scss
-  certbot --nginx certonly+  sudo certbot --nginx certonly 
 + 
 +====Configure Nginx==== 
 +This configuration will obtain an A+ on Qualy's SSL Labs and Mozilla Observatory.
  
-Configure Nginx 
   sudo vim /etc/nginx/conf.d/nitter.placeholder.domain.conf   sudo vim /etc/nginx/conf.d/nitter.placeholder.domain.conf
 <code> <code>
Line 31: Line 34:
     ssl_ecdh_curve secp384r1;     ssl_ecdh_curve secp384r1;
     ssl_session_tickets off;     ssl_session_tickets off;
-    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:AES256+EECDH:AES256+EDH:!aNULL';+    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:AES256+EECDH:AES256+EDH:!SHA1:!SHA256:!SHA384:!aNULL';
     ssl_prefer_server_ciphers on;     ssl_prefer_server_ciphers on;
     ssl_protocols TLSv1.3 TLSv1.2;     ssl_protocols TLSv1.3 TLSv1.2;
Line 38: Line 41:
     ssl_stapling_verify on;     ssl_stapling_verify on;
  
-    # Add headers to serve security related headers 
-    # Before enabling Strict-Transport-Security headers please read into this 
-    # topic first. 
     add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;     add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
-    # 
-    # WARNING: Only add the preload option once you read about 
-    # the consequences in https://hstspreload.org/. This option 
-    # will add the domain to a hardcoded list that is shipped 
-    # in all major browsers and getting removed from this list 
-    # could take several months. 
     add_header Referrer-Policy "no-referrer" always;     add_header Referrer-Policy "no-referrer" always;
     add_header X-Content-Type-Options "nosniff" always;     add_header X-Content-Type-Options "nosniff" always;
Line 55: Line 49:
     add_header X-Robots-Tag "none" always;     add_header X-Robots-Tag "none" always;
     add_header X-XSS-Protection "1; mode=block" always;     add_header X-XSS-Protection "1; mode=block" always;
 +    add_header Content-Security-Policy "default-src 'self' 'inline-unsafe; script-src 'self' 'inline-unsafe'" always;
  
     location / {     location / {
Line 62: Line 57:
 </code> </code>
  
 +====Install and Configure nim====
 Install nim, just wget the latest package from their website. https://nim-lang.org/install_unix.html Install nim, just wget the latest package from their website. https://nim-lang.org/install_unix.html
-Their install script is improperly written/completely undocumented so you will need to manually copy nimble as that one is used to compile. Just stick it in /usr/bin. Below is an example using the current version of nim at the time of writing.+Their install script is improperly written so you will need to manually copy the executable binary ''nimble'' as that one is used to compile. Just stick it in /usr/bin. Below is an example using the current version of nim at the time of writing.
   wget https://nim-lang.org/download/nim-1.4.4-linux_x64.tar.xz   wget https://nim-lang.org/download/nim-1.4.4-linux_x64.tar.xz
   tar xvf nim-1.4.4-linux_x64.tar.xz   tar xvf nim-1.4.4-linux_x64.tar.xz
Line 70: Line 66:
   sudo cp bin/nimble /usr/bin/   sudo cp bin/nimble /usr/bin/
  
-Add a nitter user+Add a user named nitter and login as that user. The following commands are under the nitter user only.
   sudo useradd -d /home/nitter -m nitter   sudo useradd -d /home/nitter -m nitter
   sudo su nitter   sudo su nitter
Line 83: Line 79:
  
 Configure nitter Configure nitter
-''/home/nitter/nitter.conf'' +''/home/nitter/nitter/nitter.conf'' 
-Just make sure to fill out the hostname and hmacKey, I gave my key and randomly generated 64 character string, seems to work.+Just make sure to fill out the hostname and hmacKey, I gave my key randomly generated 64 character string, seems to work.
  
-Make it run on startup + 
-Systemd Service+====Configure and enable UFW==== 
 +  sudo ufw allow ssh 
 +  sudo ufw allow http 
 +  sudo ufw allow https 
 +  sudo ufw enable 
 + 
 +=====Make it run on startup===== 
 +Run this command as your standard log in user, not the nitter user as that should still not have a password. 
 + 
 +  sudo vim /etc/systemd/system/nitter.service 
 + 
 +**Systemd Service**
 <code> <code>
 [Unit] [Unit]
Line 111: Line 118:
 WantedBy=multi-user.target WantedBy=multi-user.target
 </code> </code>
 +
 +
webapps/nitter.1614975644.txt.gz · Last modified: 2021/06/18 16:36 (external edit)