Differences

This shows you the differences between two versions of the page.

--- webapps:nitter [2021/03/05 20:23] – lucid
+++ webapps:nitter [2021/06/18 16:36] (current) – external edit 127.0.0.1
@@ Line 5: / Line 5: @@
 This project, while good, required a decent amount of manual work just to get it up and running. There is next to zero documentation and uses some random language that has it's own issues getting installed properly. This guide assumes you know how to setup a DNS record.
+=====Install=====
 Update and install nginx, redis (a caching server), and certbot. Redis will automatically start itself and create a service, which is nice.
   sudo apt update;sudo apt upgrade -y
@@ Line 12: / Line 13: @@
   sudo certbot --nginx certonly
-Configure Nginx
+====Configure Nginx====
+This configuration will obtain an A+ on Qualy's SSL Labs and Mozilla Observatory.
   sudo vim /etc/nginx/conf.d/nitter.placeholder.domain.conf
 <code>
@@ Line 31: / Line 34: @@
     ssl_ecdh_curve secp384r1;
     ssl_session_tickets off;
-    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:AES256+EECDH:AES256+EDH:!aNULL';
+    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:AES256+EECDH:AES256+EDH:!SHA1:!SHA256:!SHA384:!aNULL';
     ssl_prefer_server_ciphers on;
     ssl_protocols TLSv1.3 TLSv1.2;
@@ Line 38: / Line 41: @@
     ssl_stapling_verify on;
-    # Add headers to serve security related headers
-    # Before enabling Strict-Transport-Security headers please read into this
-    # topic first.
     add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
-    #
-    # WARNING: Only add the preload option once you read about
-    # the consequences in https://hstspreload.org/. This option
-    # will add the domain to a hardcoded list that is shipped
-    # in all major browsers and getting removed from this list
-    # could take several months.
     add_header Referrer-Policy "no-referrer" always;
     add_header X-Content-Type-Options "nosniff" always;
@@ Line 55: / Line 49: @@
     add_header X-Robots-Tag "none" always;
     add_header X-XSS-Protection "1; mode=block" always;
+    add_header Content-Security-Policy "default-src 'self' 'inline-unsafe; script-src 'self' 'inline-unsafe'" always;
     location / {
@@ Line 62: / Line 57: @@
 </code>
+====Install and Configure nim====
 Install nim, just wget the latest package from their website. https://nim-lang.org/install_unix.html
 Their install script is improperly written so you will need to manually copy the executable binary ''nimble'' as that one is used to compile. Just stick it in /usr/bin. Below is an example using the current version of nim at the time of writing.
@@ Line 70: / Line 66: @@
   sudo cp bin/nimble /usr/bin/
-Add and assume a user named nitter
+Add a user named nitter and login as that user. The following commands are under the nitter user only.
   sudo useradd -d /home/nitter -m nitter
   sudo su nitter
@@ Line 84: / Line 80: @@
 Configure nitter
 ''/home/nitter/nitter/nitter.conf''
-Just make sure to fill out the hostname and hmacKey, I gave my key and randomly generated 64 character string, seems to work.
+Just make sure to fill out the hostname and hmacKey, I gave my key a randomly generated 64 character string, seems to work.
-Make it run on startup
-Systemd Service
+====Configure and enable UFW====
+  sudo ufw allow ssh
+  sudo ufw allow http
+  sudo ufw allow https
+  sudo ufw enable
+=====Make it run on startup=====
+Run this command as your standard log in user, not the nitter user as that should still not have a password.
+  sudo vim /etc/systemd/system/nitter.service
+**Systemd Service**
 <code>
 [Unit]
@@ Line 111: / Line 118: @@
 WantedBy=multi-user.target
 </code>