mirror of
http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/selfhosting-blogposts.git
synced 2025-05-16 12:16:59 +00:00
159 lines
5.4 KiB
Markdown
159 lines
5.4 KiB
Markdown
---
|
|
search:
|
|
exclude: true
|
|
---
|
|
# librex Setup
|
|
|
|
|
|
|
|
In this tutorial we're going to setup a librex instance:
|
|
|
|
## **Initial Setup**
|
|
|
|
git clone it, and edit the docker-compose.yml file:
|
|
|
|
|
|
[ nowhere.moe ] [ /dev/pts/8 ] [/srv]
|
|
→ git clone https://github.com/hnhx/librex/
|
|
Cloning into 'librex'...
|
|
remote: Enumerating objects: 2295, done.
|
|
remote: Counting objects: 100% (688/688), done.
|
|
remote: Compressing objects: 100% (144/144), done.
|
|
remote: Total 2295 (delta 599), reused 544 (delta 544), pack-reused 1607
|
|
Receiving objects: 100% (2295/2295), 2.20 MiB | 6.31 MiB/s, done.
|
|
Resolving deltas: 100% (1358/1358), done.
|
|
|
|
[ nowhere.moe ] [ /dev/pts/8 ] [/srv]
|
|
→ cd librex
|
|
|
|
[ nowhere.moe ] [ /dev/pts/8 ] [/srv/librex]
|
|
→ vim docker-compose.yml
|
|
|
|
|
|
[ nowhere.moe ] [ /dev/pts/8 ] [/srv/librex]
|
|
→ cat docker-compose.yml
|
|
version: "2.1"
|
|
services:
|
|
librex:
|
|
image: librex/librex:latest
|
|
container_name: librex
|
|
network_mode: bridge
|
|
ports:
|
|
- 8084:8080
|
|
environment:
|
|
- PUID=1000
|
|
- PGID=1000
|
|
- VERSION=docker
|
|
- TZ=America/New_York
|
|
- CONFIG_GOOGLE_DOMAIN=com
|
|
- CONFIG_GOOGLE_LANGUAGE_SITE=en
|
|
- CONFIG_GOOGLE_LANGUAGE_RESULTS=en
|
|
- CONFIG_WIKIPEDIA_LANGUAGE=en
|
|
volumes:
|
|
- ./nginx_logs:/var/log/nginx
|
|
- ./php_logs:/var/log/php7
|
|
restart: unless-stopped
|
|
|
|
[ nowhere.moe ] [ /dev/pts/8 ] [/srv/librex]
|
|
→ docker-compose up -d
|
|
Pulling librex (librex/librex:latest)...
|
|
latest: Pulling from librex/librex
|
|
63b65145d645: Pull complete
|
|
22ab6fc2c8b3: Pull complete
|
|
2b2fb351cebe: Pull complete
|
|
4f4fb700ef54: Pull complete
|
|
d16a3f4b38b2: Pull complete
|
|
48bffb4e4449: Pull complete
|
|
34c1fa5897b3: Pull complete
|
|
Digest: sha256:f9204843149f384eb1e2d3be23978494134f7b69e57886420ddef9faa60d5263
|
|
Status: Downloaded newer image for librex/librex:latest
|
|
Creating librex ... done
|
|
|
|
|
|
|
|
then configure the reverse nginx proxy:
|
|
|
|
|
|
|
|
|
|
[ nowhere.moe ] [ /dev/pts/9 ] [/etc/nginx/sites-available]
|
|
→ vim librex.nowhere.moe.conf
|
|
|
|
|
|
[ nowhere.moe ] [ /dev/pts/9 ] [/etc/nginx/sites-available]
|
|
→ cat librex.nowhere.moe.conf
|
|
server {
|
|
listen 443 ssl;
|
|
server_name librex.nowhere.moe;
|
|
|
|
ssl_certificate /etc/acme/certs/librex.nowhere.moe/librex.nowhere.moe.cer;
|
|
ssl_certificate_key /etc/acme/certs/librex.nowhere.moe/librex.nowhere.moe.key;
|
|
|
|
######## TOR CHANGES ########
|
|
listen 4443;
|
|
listen [::]:4443;
|
|
server_name librex.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion;
|
|
add_header Onion-Location "http://librex.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion$request_uri" always;
|
|
######## TOR CHANGES ########
|
|
|
|
|
|
ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1;
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
|
|
ssl_ecdh_curve secp384r1;
|
|
ssl_session_timeout 10m;
|
|
ssl_session_cache shared:SSL:10m;
|
|
ssl_session_tickets off;
|
|
#ssl_stapling on;
|
|
ssl_stapling_verify on;
|
|
|
|
# Security Headers
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
|
add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; media-src 'self' blob: video.twimg.com; worker-src 'self' blob:; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; connect-src 'self' https://*.twimg.com; manifest-src 'self'";
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-Frame-Options DENY;
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
|
|
location / {
|
|
proxy_pass http://localhost:8084;
|
|
}
|
|
|
|
location = /robots.txt {
|
|
add_header Content-Type text/plain;
|
|
return 200 "User-agent: *\nDisallow: /\n";
|
|
}
|
|
}
|
|
|
|
[ nowhere.moe ] [ /dev/pts/9 ] [/etc/nginx/sites-available]
|
|
→ nginx -t
|
|
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
|
|
nginx: configuration file /etc/nginx/nginx.conf test is successful
|
|
|
|
[ nowhere.moe ] [ /dev/pts/9 ] [/etc/nginx/sites-available]
|
|
→ nginx -s reload
|
|
2023/08/23 14:10:15 [notice] 2865#2865: signal process started
|
|
|
|
|
|
|
|
Then test if it works or not:
|
|
|
|
|
|
|
|
then contribute to the ecosystem like [so](https://github.com/hnhx/librex/issues/265)
|
|
|
|
|
|
[ nowhere.moe ] [ /dev/pts/8 ] [/srv/librex]
|
|
→ cronitor select
|
|
|
|
✔ docker-compose -f /srv/librex/docker-compose.yml stop ; git -C /srv/librex/ pull ; docker-compose -f /srv/librex/docker-compose.yml pull ; docker-compose -f /srv/librex/docker-compose.yml up -d
|
|
----► Running command: docker-compose -f /srv/librex/docker-compose.yml stop ; git -C /srv/librex/ pull ; docker-compose -f /srv/librex/docker-compose.yml pull ; docker-compose -f /srv/librex/docker-compose.yml up -d
|
|
|
|
Stopping librex ... done
|
|
Already up to date.
|
|
Pulling librex ... done
|
|
Starting librex ... done
|
|
|
|
----► ✔ Command successful Elapsed time 3.387s
|
|
|
|
|
|
|