initial commit

1 files changed, 131 insertions, 0 deletions

diff --git a/blog/2023-10-17-self-hosting-anonymousoverflow.org b/blog/2023-10-17-self-hosting-anonymousoverflow.org
new file mode 100644
index 0000000..f95aa35
--- /dev/null
+++ b/blog/2023-10-17-self-hosting-anonymousoverflow.org
@@ -0,0 +1,131 @@
++++
+date = 2023-10-17T15:44:45.601627917+00:00
+title = "Self-Hosting AnonymousOverflow"
+description = "A quick guide to self-hosting AnonymousOverflow."
++++
+
+## Overview
+
+I recently launched an instance of AnonymousOverflow at
+[ao.0x4b1d.org](https://ao.0x4b1d.org) and wanted to write a brief post on how
+easy it is to install with Docker Compose and Nginx.
+
+This guide uses Ubuntu server, Docker Compose, and Nginx as a reverse proxy.
+
+## Installation
+
+### Docker Compose
+
+To install AnonymousOverflow, start by creating a directory for the application
+and create its `docker-compose.yml` file.
+
+```sh
+mkdir ~/anonymousoverflow && cd ~/anonymousoverflow
+nano docker-compose.yml
+```
+
+Within this file, paste the following information. Be sure to change the
+`APP_URL`, `JWT_SIGNING_SECRET`, and `ports` to match your needs.
+
+```yaml
+version: '3'
+
+services:
+    anonymousoverflow:
+        container_name: 'app'
+        image: 'ghcr.io/httpjamesm/anonymousoverflow:release'
+        environment:
+            - APP_URL=https://ao.example.com
+            - JWT_SIGNING_SECRET=secret #pwgen 40 1
+        ports:
+            - '9380:8080'
+        restart: 'always'
+```
+
+Save and exit the file when complete. You can now launch the container and
+access it via your local network.
+
+```sh
+sudo docker-compose up -d
+```
+
+### Nginx Reverse Proxy
+
+If you want to access this service outside the local network, I recommend using
+Nginx as a reverse proxy.
+
+Let's start by creating a configuration file.
+
+```sh
+sudo nano /etc/nginx/sites-available/ao
+```
+
+Within this file, paste the following content and repace `ao.example.com` with
+your URL. You may need to update the SSL certificate statements if your
+certificates are in a different location.
+
+```conf
+server {
+	if ($host ~ ^[^.]+\.cleberg\.net$) {
+		return 301 https://$host$request_uri;
+	}
+
+	listen [::]:80;
+	listen 80;
+	server_name ao.example.com;
+	return 404;
+}
+
+server {
+	listen [::]:443 ssl http2;
+	listen 443 ssl http2;
+	server_name ao.example.com;
+	access_log  /var/log/nginx/ao.access.log;
+	error_log   /var/log/nginx/ao.error.log;
+
+	add_header X-Content-Type-Options "nosniff";
+	add_header X-XSS-Protection "1; mode=block";
+	add_header X-Frame-Options "DENY";
+	add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+	add_header Referrer-Policy "no-referrer";
+
+	ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
+	include /etc/letsencrypt/options-ssl-nginx.conf;
+	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+	location / {
+		set $upstream_ao http://127.0.0.1:9380;
+		proxy_pass $upstream_ao;
+
+		proxy_set_header Host $host;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection upgrade;
+		proxy_set_header Accept-Encoding gzip;
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_set_header X-Forwarded-Proto $scheme;
+		proxy_set_header X-Forwarded-Host $http_host;
+		proxy_set_header X-Forwarded-Uri $request_uri;
+		proxy_set_header X-Forwarded-Ssl on;
+		proxy_redirect  http://  $scheme://;
+		proxy_http_version 1.1;
+		proxy_set_header Connection "";
+		proxy_cache_bypass $cookie_session;
+		proxy_no_cache $cookie_session;
+		proxy_buffers 64 256k;
+	}
+}
+```
+
+Save and exit the file when complete. On Ubuntu, you will need to symlink the
+configuration file before it will be recognized by Nginx. Once complete,
+simply restart the web server.
+
+```sh
+sudo ln -s /etc/nginx/sites-available/ao /etc/nginx/sites-enabled/ao
+sudo systemctl restart nginx.service
+```
+
+The website will now be available publicly. Visit
+[my instance](https://ao.0x4b1d.org) for an example.