--- search: exclude: true --- # proxitok Setup In this tutorial we're going to setup [proxitok](https://github.com/pablouser1/ProxiTok), a privacy front-end for tik tok (one of the most anti privacy services to ever exist. ## **Initial Setup** Git clone the repo and run the docker-compose.yml file: [ nowhere.moe ] [ /dev/pts/8 ] [/srv] → git clone https://github.com/pablouser1/ProxiTok/ ; cd ProxiTok Then configure the docker-compose.yml file (comment the init line because it's not supported) [ nowhere.moe ] [ /dev/pts/8 ] [/srv/ProxiTok] → vim docker-compose.yml [ nowhere.moe ] [ /dev/pts/8 ] [/srv/ProxiTok] → cat docker-compose.yml version: '3' services: web: container_name: proxitok-web image: ghcr.io/pablouser1/proxitok:master ports: - 8083:8080 environment: - LATTE_CACHE=/cache - API_CACHE=redis - REDIS_HOST=proxitok-redis - REDIS_PORT=6379 - API_SIGNER=remote - API_SIGNER_URL=http://proxitok-signer:8080/signature volumes: - proxitok-cache:/cache depends_on: - redis - signer networks: - proxitok security_opt: - no-new-privileges:true cap_drop: - ALL cap_add: - CHOWN - SETGID - SETUID redis: container_name: proxitok-redis image: redis:7-alpine command: redis-server --save 60 1 --loglevel warning restart: unless-stopped networks: - proxitok user: nobody read_only: true security_opt: - no-new-privileges:true tmpfs: - /data:size=10M,mode=0770,uid=65534,gid=65534,noexec,nosuid,nodev cap_drop: - ALL signer: container_name: proxitok-signer image: ghcr.io/pablouser1/signtok:master #init: true networks: - proxitok user: nobody read_only: true security_opt: - no-new-privileges:true cap_drop: - ALL volumes: proxitok-cache: networks: proxitok: [ nowhere.moe ] [ /dev/pts/8 ] [/srv/ProxiTok] → APP_URL='https://cringe.nowhere.moe' docker-compose up ERROR: yaml.scanner.ScannerError: while scanning for the next token found character '\t' that cannot start any token in "./docker-compose.yml", line 51, column 1 [ nowhere.moe ] [ /dev/pts/8 ] [/srv/ProxiTok] → vim docker-compose.yml [ nowhere.moe ] [ /dev/pts/8 ] [/srv/ProxiTok] → APP_URL='https://cringe.nowhere.moe' docker-compose up Creating network "proxitok_proxitok" with the default driver Creating volume "proxitok_proxitok-cache" with default driver Pulling redis (redis:7-alpine)... 7-alpine: Pulling from library/redis 7264a8db6415: Pull complete a28817da73be: Pull complete 536ccaebaffb: Pull complete f54d1871dea6: Pull complete 4d190b4b6472: Pull complete 33fcc95c965f: Pull complete Digest: sha256:fd5de2340bc46cbc2241975ab027797c350dec6fd86349e3ac384e3a41be6fee Status: Downloaded newer image for redis:7-alpine Pulling signer (ghcr.io/pablouser1/signtok:master)... master: Pulling from pablouser1/signtok ca7dd9ec2225: Pull complete 55371e6747e8: Pull complete 694d6b1b2d1b: Pull complete 71f41f5ff77d: Pull complete 50e5da009459: Pull complete 72e659781711: Pull complete ef54da1b8443: Pull complete 620d81797357: Pull complete 5edc5725490e: Pull complete Digest: sha256:b03fe2d10dfd6bed717c0f4a7d253908963a5e7f7ea9bf48855a3f74c924f3a7 Status: Downloaded newer image for ghcr.io/pablouser1/signtok:master Pulling web (ghcr.io/pablouser1/proxitok:master)... master: Pulling from pablouser1/proxitok 8a49fdb3b6a5: Pull complete 496a743ca17d: Pull complete 9e309b5f32ab: Pull complete bf36d90371de: Pull complete f110ea7c70c4: Pull complete 5ee30eaa9898: Pull complete d8373ae76156: Pull complete c349c3fbbecc: Pull complete 207a66f83a7e: Pull complete 30774e576bfe: Pull complete 9ef258ce6026: Pull complete d72ddb753b3d: Pull complete 48271c7b9504: Pull complete 1a38beda4bc2: Pull complete 14893ea479a0: Pull complete 83ebfcff9ece: Pull complete Digest: sha256:0a775a0933f86d83614e33e20995b4f3c75483e11a2fe466ac0d45ab80ead061 Status: Downloaded newer image for ghcr.io/pablouser1/proxitok:master Creating proxitok-redis ... done Creating proxitok-signer ... done Creating proxitok-web ... done Attaching to proxitok-signer, proxitok-redis, proxitok-web proxitok-redis | 1:C 23 Aug 2023 10:27:06.333 # WARNING Memory overcommit must be enabled! Without it, a background save or replication may fail under low memory condition. Being disabled, it can also cause failures without low memory condition, see https://github.com/jemalloc/jemalloc/issues/1328. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect. proxitok-signer | App listening on port: 8080 proxitok-web | 2023-08-23 10:27:06,854 INFO supervisord started with pid 1 proxitok-web | 2023-08-23 10:27:07,856 INFO spawned: 'nginx' with pid 7 proxitok-web | 2023-08-23 10:27:07,857 INFO spawned: 'php-fpm' with pid 8 proxitok-web | [23-Aug-2023 10:27:07] NOTICE: fpm is running, pid 8 proxitok-web | [23-Aug-2023 10:27:07] NOTICE: ready to handle connections proxitok-web | 2023-08-23 10:27:08,883 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) proxitok-web | 2023-08-23 10:27:08,883 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) Then configure the reverse nginx proxy: [ nowhere.moe ] [ /dev/pts/9 ] [/etc/nginx/sites-available] → vim cringe.nowhere.moe.conf [ nowhere.moe ] [ /dev/pts/9 ] [/etc/nginx/sites-available] → cat cringe.nowhere.moe.conf server { listen 443 ssl; server_name cringe.nowhere.moe; ssl_certificate /etc/acme/certs/cringe.nowhere.moe/cringe.nowhere.moe.cer; ssl_certificate_key /etc/acme/certs/cringe.nowhere.moe/cringe.nowhere.moe.key; ######## TOR CHANGES ######## listen 4443; listen [::]:4443; server_name cringe.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion; add_header Onion-Location "http://cringe.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion$request_uri" always; ######## TOR CHANGES ######## ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1; ssl_prefer_server_ciphers on; ssl_ciphers EECDH+AESGCM:EDH+AESGCM; ssl_ecdh_curve secp384r1; ssl_session_timeout 10m; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; #ssl_stapling on; ssl_stapling_verify on; # Security Headers add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; media-src 'self' blob: video.twimg.com; worker-src 'self' blob:; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; connect-src 'self' https://*.twimg.com; manifest-src 'self'"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options DENY; add_header X-XSS-Protection "1; mode=block"; location / { proxy_pass http://localhost:8083; } location = /robots.txt { add_header Content-Type text/plain; return 200 "User-agent: *\nDisallow: /\n"; } } [ nowhere.moe ] [ /dev/pts/10 ] [/srv/ProxiTok] → systemctl stop nginx [ nowhere.moe ] [ /dev/pts/10 ] [/srv/ProxiTok] → bash root@Datura /srv/ProxiTok # acme.sh --issue --standalone -d cringe.nowhere.moe -k 4096 [ nowhere.moe ] [ /dev/pts/10 ] [/srv/ProxiTok] → systemctl start nginx [ nowhere.moe ] [ /dev/pts/10 ] [/etc/nginx/sites-available] → ln -s /etc/nginx/sites-available/cringe.nowhere.moe.conf /etc/nginx/sites-enabled [ nowhere.moe ] [ /dev/pts/10 ] [/etc/nginx/sites-available] → nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [ nowhere.moe ] [ /dev/pts/10 ] [/etc/nginx/sites-available] → nginx -s reload 2023/08/23 12:41:58 [notice] 3931966#3931966: signal process started Then check if it works: ![](1.png) ![](2.png) And that's it! Now to update it just have this cronjob run every day: [ nowhere.moe ] [ /dev/pts/10 ] [/etc/nginx/sites-available] → crontab -e ; cronitor select ✔ docker-compose -f /srv/ProxiTok/docker-compose.yml stop ; git -C /srv/ProxiTok/ pull ; docker-compose -f /srv/ProxiTok/docker-compose.yml pull ; docker-compose -f /srv/ProxiTok/docker-compose.yml up -d ----► Running command: docker-compose -f /srv/ProxiTok/docker-compose.yml stop ; git -C /srv/ProxiTok/ pull ; docker-compose -f /srv/ProxiTok/docker-compose.yml pull ; docker-compose -f /srv/ProxiTok/docker-compose.yml up -d Stopping proxitok-web ... done Stopping proxitok-signer ... done Stopping proxitok-redis ... done Already up to date. Pulling redis ... done Pulling signer ... done Pulling web ... done Starting proxitok-redis ... done Starting proxitok-signer ... done Starting proxitok-web ... done ----► ✔ Command successful Elapsed time 10.492s And then to contribute to the ecosystem, create a github issue to get listed on the official list of instances [here](https://github.com/pablouser1/ProxiTok/issues/169).