diff --git a/opsec/runtheblog/25.png b/opsec/runtheblog/25.png new file mode 100644 index 0000000..2574e00 Binary files /dev/null and b/opsec/runtheblog/25.png differ diff --git a/opsec/runtheblog/index.html b/opsec/runtheblog/index.html index 58f76d7..a96db15 100644 --- a/opsec/runtheblog/index.html +++ b/opsec/runtheblog/index.html @@ -93,16 +93,22 @@

On a debian server (VPS or not), install the following packages:


 [ Datura ] [ /dev/pts/23 ] [~]
-→ sudo apt install nginx wget curl -y
+→ sudo apt install nginx wget curl tor torsocks -y
-

Then, you need to download the blog somewhere, you can simply git clone it from the blog-contributions gitea repository into the /srv/ directory:

+

Then, you need to download the blog somewhere, you can simply git clone it from the blog-contributions forgejo repository into the /srv/ directory:


 [ Datura ] [ /dev/pts/23 ] [~]
-→ git clone https://git.nowhere.moe/nihilist/blog-contributions /srv/blog/
+→ torsocks git clone https://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions /srv/blog/
+

Optional: if you want to also host the archived blog sections i wrote in the past (the hacking and selfhosting categories) you can do so as follows:

+

+[ Wonderland ] [ /dev/pts/9 ] [/srv/blog-archive]
+→ torsocks git clone http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-archive /srv/blog-archive
+
+

then you can use this nginx configuration (and dont forget to enable it with a symlink to sites-enabled):


@@ -169,12 +175,18 @@ server {
 ###################################END OF HARDENING SSL###########################################
 
 
+  rewrite ^/servers/anon.html http://$server_name/opsec/index.html permanent;
+        rewrite ^/servers/(.*)$ http://$server_name/opsec/$1 permanent;
+        index index.html;
+        root /srv/blog/;
 
-                root /srv/blog/;
-                                rewrite ^/servers/anon.html /opsec/index.html permanent;
-                                rewrite ^/servers/(.*)$ /opsec/$1 permanent;
-                index index.html;
+                #optional selfhosting + HTB locations in /srv/blog-archive:
+                location ~ ^/(selfhosting|HTB)/ {
+                root /srv/blog-archive/;
+
+                }
 }
+

but as you can see we're missing the TLS certificates, so let's get them using acme.sh:


@@ -354,6 +366,31 @@ server {
  
 
And that's it! you now have made your own copy of the blog available over clearnet and Tor.

 
+
Sidenote: if you want to only have an onion mirror of the blog (and no clearnet at all), you can use this nginx config:

+

+[ Wonderland ] [ /dev/pts/9 ] [/etc/nginx/sites-available]
+→ cat blog.conf
+
+server {
+        ######## TOR WEBSITE ########
+        listen 4443;
+        listen [::]:4443;
+        server_name blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion;
+
+        rewrite ^/servers/anon.html http://$server_name/opsec/index.html permanent;
+        rewrite ^/servers/(.*)$ http://$server_name/opsec/$1 permanent;
+        index index.html;
+        root /srv/blog/;
+
+                #optional selfhosting + HTB locations in /srv/blog-archive:
+                location ~ ^/(selfhosting|HTB)/ {
+                root /srv/blog-archive/;
+
+                }
+}
+
+

+
 				
 			
 	     
@@ -367,14 +404,14 @@ server {
 				

           
Setting up Collaboration
 
 

 
Now if you want to make sure the blog content keeps growing, you'll need to either write your own blogposts in it or setup collaboration:

-
Now in order to make sure you can welcome external contributions, you need at least to be able to have a gitea instance like the one i have at https://git.nowhere.moe:

+
Now in order to make sure you can welcome external contributions, you need at least to be able to have a forgejo instance like the one i run here:

 
  
  
  
  
  
-
Now here you have a simple mirror git repo of the blog, once a day it will synchronize the new changes onto your mirror which is always useful to have in case if the main repository gets taken down.

+
Now here you have a simple mirror git repo of the blog, once a day it will synchronize the new changes onto your mirror which is always useful to have in case if the main repository gets taken down.

 
 
 If it were to get taken down for whatever reason, or if you decide to branch out and do your own thing with the blog, you can edit the repository to not be a mirror anymore (meaning you'll be able to push your own commits without going through me):

  
@@ -414,194 +451,8 @@ server {
 			

 				

           
Setting up a Mirror List
 
 

-
And then to make sure the nihilism blog remains resistant to takedowns, you can update the mirrors.txt file:

-
Now in order to give people a list of all the backup blog mirrors in one go, to make it simple i recommend just listing them manually in a textfile that you update on a monthly basis:

-

-[ mainpc ] [ /dev/pts/6 ] [~/Nextcloud/blog]
-→ vim mirrors.txt
-
-[ mainpc ] [ /dev/pts/6 ] [~/Nextcloud/blog]
-→ cat mirrors.txt
-### Active ###
-
-Nihilist:
--Clearnet: https://blog.nowhere.moe
--Tor: http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion
--Clearnet: https://git.nowhere.moe/nihilist/blog-contributions
--Tor: http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions
-
-Anon1:
--Clearnet: link1
--Tor: link.onion1
-
-Anon2:
--Clearnet: link2
--Tor: link.onion2
-
-
-### Inactive ###
-
-### Removed ###
-
-

-
Then each month, validate that each link is still reachable, and if one of the links isnt reachable just move it to the "Inactive" category:

-

-[ mainpc ] [ /dev/pts/6 ] [~/Nextcloud/blog]
-→ vim mirrors.txt
-
-[ mainpc ] [ /dev/pts/6 ] [~/Nextcloud/blog]
-→ cat mirrors.txt
-### Active ###
-
-Nihilist:
--Clearnet: https://blog.nowhere.moe
--Tor: http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion
--Clearnet: https://git.nowhere.moe/nihilist/blog-contributions
--Tor: http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions
-
-Anon1:
--Clearnet: link1
--Tor: link.onion1
-
-### Inactive ###
-
-Anon2:
--Clearnet: link2
--Tor: link.onion2
-
-### Removed ###
-
-

-
-
Next month upon the next review, check if the mirror is still no longer reachable just move it to the "Removed" category:

-

-[ mainpc ] [ /dev/pts/6 ] [~/Nextcloud/blog]
-→ vim mirrors.txt
-
-[ mainpc ] [ /dev/pts/6 ] [~/Nextcloud/blog]
-→ cat mirrors.txt
-### Active ###
-
-Nihilist:
--Clearnet: https://blog.nowhere.moe
--Tor: http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion
--Clearnet: https://git.nowhere.moe/nihilist/blog-contributions
--Tor: http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions
-
-Anon1:
--Clearnet: link1
--Tor: link.onion1
-
-### Inactive ###
-
-### Removed ###
-
-Anon2:
--Clearnet: link2
--Tor: link.onion2
-
-

-
Don't forget to git push the file onto the git repository and you're good !

-

-[ mainpc ] [ /dev/pts/6 ] [~/Nextcloud/blog-contributions]
-→ vim mirrors.txt
-
-[ mainpc ] [ /dev/pts/6 ] [~/Nextcloud/blog-contributions]
-→ cat mirrors.txt
-### Active ###
-
-Nihilist:
--Clearnet: https://blog.nowhere.moe
--Tor: http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion
--Clearnet: https://git.nowhere.moe/nihilist/blog-contributions
--Tor: http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions
-
-
-
-### Inactive ###
-
-
-### Removed ###
-
-[ mainpc ] [ /dev/pts/6 ] [~/Nextcloud/blog-contributions]
-→ cat push.sh
-#!/bin/bash
-git config --global user.email "nihilist@contact.nowhere.moe"
-git config --global user.name "nihilist"
-
-git add -A
-git commit
-git push
-
-[ mainpc ] [ /dev/pts/6 ] [~/Nextcloud/blog-contributions]
-→ ./push.sh
-
-add mirrors.txt
-# Please enter the commit message for your changes. Lines starting
-# with '#' will be ignored, and an empty message aborts the commit.
-#
-# On branch main
-# Your branch is up to date with 'origin/main'.
-#
-# Changes to be committed:
-#   new file:   mirrors.txt
-#   modified:   push.sh
-
-:wq
-
-[main 39b29a3] add mirrors.txt
- 2 files changed, 15 insertions(+), 2 deletions(-)
- create mode 100644 mirrors.txt
-
-Username for 'https://git.nowhere.moe': nihilist
-Password for 'https://nihilist@git.nowhere.moe':
-
-Enumerating objects: 6, done.
-Counting objects: 100% (6/6), done.
-Delta compression using up to 4 threads
-Compressing objects: 100% (4/4), done.
-Writing objects: 100% (4/4), 581 bytes | 290.00 KiB/s, done.
-Total 4 (delta 1), reused 0 (delta 0), pack-reused 0
-remote: . Processing 1 references
-remote: Processed 1 references in total
-To https://git.nowhere.moe/nihilist/blog-contributions
-   d1bc9ce..39b29a3  main -> main
-
-

-
And that's it! you have now made the mirrors.txt file accessible to your audience. They now can simply download it like so:

-

-[ mainpc ] [ /dev/pts/7 ] [/tmp]
-→ apt install curl -y
- 
-[ mainpc ] [ /dev/pts/7 ] [/tmp]
-→ curl https://blog.nowhere.moe/mirrors.txt
-### Active ###
-
-Nihilist:
--Clearnet: https://blog.nowhere.moe
--Tor: http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion
--Clearnet: https://git.nowhere.moe/nihilist/blog-contributions
--Tor: http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions
-
-### Inactive ###
-
-### Removed ###
-
-[ mainpc ] [ /dev/pts/7 ] [/tmp]
-→ curl -x socks5h://127.0.0.1:9050 http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/mirrors.txt
-### Active ###
-
-Nihilist:
--Clearnet: https://blog.nowhere.moe
--Tor: http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion
--Clearnet: https://git.nowhere.moe/nihilist/blog-contributions
--Tor: http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions
-
-### Inactive ###
-
-### Removed ###
-
-

+
And then to make sure the nihilism blog remains resistant to takedowns, you can list it on your own Darknet Lantern instance, under the Blogs category:

+