lucid's wiki

User Tools

Site Tools

You are here: start » webapps » nitter
webapps:nitter

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
webapps:nitter [2021/03/05 20:27] lucidwebapps:nitter [2021/06/18 16:36] (current) – external edit 127.0.0.1
Line 13: Line 13:
   sudo certbot --nginx certonly   sudo certbot --nginx certonly
  
-Configure Nginx+====Configure Nginx==== 
 +This configuration will obtain an A+ on Qualy's SSL Labs and Mozilla Observatory. 
   sudo vim /etc/nginx/conf.d/nitter.placeholder.domain.conf   sudo vim /etc/nginx/conf.d/nitter.placeholder.domain.conf
 <code> <code>
Line 32: Line 34:
     ssl_ecdh_curve secp384r1;     ssl_ecdh_curve secp384r1;
     ssl_session_tickets off;     ssl_session_tickets off;
-    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:AES256+EECDH:AES256+EDH:!aNULL';+    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:AES256+EECDH:AES256+EDH:!SHA1:!SHA256:!SHA384:!aNULL';
     ssl_prefer_server_ciphers on;     ssl_prefer_server_ciphers on;
     ssl_protocols TLSv1.3 TLSv1.2;     ssl_protocols TLSv1.3 TLSv1.2;
Line 39: Line 41:
     ssl_stapling_verify on;     ssl_stapling_verify on;
  
-    # Add headers to serve security related headers 
-    # Before enabling Strict-Transport-Security headers please read into this 
-    # topic first. 
     add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;     add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
-    # 
-    # WARNING: Only add the preload option once you read about 
-    # the consequences in https://hstspreload.org/. This option 
-    # will add the domain to a hardcoded list that is shipped 
-    # in all major browsers and getting removed from this list 
-    # could take several months. 
     add_header Referrer-Policy "no-referrer" always;     add_header Referrer-Policy "no-referrer" always;
     add_header X-Content-Type-Options "nosniff" always;     add_header X-Content-Type-Options "nosniff" always;
Line 56: Line 49:
     add_header X-Robots-Tag "none" always;     add_header X-Robots-Tag "none" always;
     add_header X-XSS-Protection "1; mode=block" always;     add_header X-XSS-Protection "1; mode=block" always;
 +    add_header Content-Security-Policy "default-src 'self' 'inline-unsafe; script-src 'self' 'inline-unsafe'" always;
  
     location / {     location / {
Line 63: Line 57:
 </code> </code>
  
 +====Install and Configure nim====
 Install nim, just wget the latest package from their website. https://nim-lang.org/install_unix.html Install nim, just wget the latest package from their website. https://nim-lang.org/install_unix.html
 Their install script is improperly written so you will need to manually copy the executable binary ''nimble'' as that one is used to compile. Just stick it in /usr/bin. Below is an example using the current version of nim at the time of writing. Their install script is improperly written so you will need to manually copy the executable binary ''nimble'' as that one is used to compile. Just stick it in /usr/bin. Below is an example using the current version of nim at the time of writing.
Line 86: Line 81:
 ''/home/nitter/nitter/nitter.conf'' ''/home/nitter/nitter/nitter.conf''
 Just make sure to fill out the hostname and hmacKey, I gave my key a randomly generated 64 character string, seems to work. Just make sure to fill out the hostname and hmacKey, I gave my key a randomly generated 64 character string, seems to work.
 +
 +
 +====Configure and enable UFW====
 +  sudo ufw allow ssh
 +  sudo ufw allow http
 +  sudo ufw allow https
 +  sudo ufw enable
  
 =====Make it run on startup===== =====Make it run on startup=====
Line 116: Line 118:
 WantedBy=multi-user.target WantedBy=multi-user.target
 </code> </code>
 +
 +
webapps/nitter.1614976059.txt.gz · Last modified: 2021/06/18 16:36 (external edit)