initial migration to test org-mode

1 files changed, 127 insertions, 0 deletions

diff --git a/blog/self-hosting-anonymousoverflow/index.org b/blog/self-hosting-anonymousoverflow/index.org
new file mode 100644
index 0000000..905939c
--- /dev/null
+++ b/blog/self-hosting-anonymousoverflow/index.org
@@ -0,0 +1,127 @@
+#+title: Self-Hosting AnonymousOverflow
+#+date: 2023-10-17
+#+description: A guide to self-hosting the AnonymousOverflow application on your own server.
+#+filetags: :selfhosting:
+
+* Overview
+I recently launched an instance of AnonymousOverflow at
+[[https://ao.cleberg.net][ao.cleberg.net]] and wanted to write a brief
+post on how easy it is to install with Docker Compose and Nginx.
+
+This guide uses Ubuntu server, Docker Compose, and Nginx as a reverse
+proxy.
+
+* Installation
+** Docker Compose
+To install AnonymousOverflow, start by creating a directory for the
+application and create its =docker-compose.yml= file.
+
+#+begin_src sh
+mkdir ~/anonymousoverflow && cd ~/anonymousoverflow
+nano docker-compose.yml
+#+end_src
+
+Within this file, paste the following information. Be sure to change the
+=APP_URL=, =JWT_SIGNING_SECRET=, and =ports= to match your needs.
+
+#+begin_src yaml
+version: '3'
+
+services:
+    anonymousoverflow:
+        container_name: 'app'
+        image: 'ghcr.io/httpjamesm/anonymousoverflow:release'
+        environment:
+            - APP_URL=https://ao.example.com
+            - JWT_SIGNING_SECRET=secret #pwgen 40 1
+        ports:
+            - '9380:8080'
+        restart: 'always'
+#+end_src
+
+Save and exit the file when complete. You can now launch the container
+and access it via your local network.
+
+#+begin_src sh
+sudo docker-compose up -d
+#+end_src
+
+** Nginx Reverse Proxy
+If you want to access this service outside the local network, I
+recommend using Nginx as a reverse proxy.
+
+Let's start by creating a configuration file.
+
+#+begin_src sh
+sudo nano /etc/nginx/sites-available/ao
+#+end_src
+
+Within this file, paste the following content and repace
+=ao.example.com= with your URL. You may need to update the SSL
+certificate statements if your certificates are in a different location.
+
+#+begin_src conf
+server {
+    if ($host ~ ^[^.]+\.cleberg\.net$) {
+        return 301 https://$host$request_uri;
+    }
+
+    listen [::]:80;
+    listen 80;
+    server_name ao.example.com;
+    return 404;
+}
+
+server {
+    listen [::]:443 ssl http2;
+    listen 443 ssl http2;
+    server_name ao.example.com;
+    access_log  /var/log/nginx/ao.access.log;
+    error_log   /var/log/nginx/ao.error.log;
+
+    add_header X-Content-Type-Options "nosniff";
+    add_header X-XSS-Protection "1; mode=block";
+    add_header X-Frame-Options "DENY";
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+    add_header Referrer-Policy "no-referrer";
+
+    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+    location / {
+        set $upstream_ao http://127.0.0.1:9380;
+        proxy_pass $upstream_ao;
+
+        proxy_set_header Host $host;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection upgrade;
+        proxy_set_header Accept-Encoding gzip;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Host $http_host;
+        proxy_set_header X-Forwarded-Uri $request_uri;
+        proxy_set_header X-Forwarded-Ssl on;
+        proxy_redirect  http://  $scheme://;
+        proxy_http_version 1.1;
+        proxy_set_header Connection "";
+        proxy_cache_bypass $cookie_session;
+        proxy_no_cache $cookie_session;
+        proxy_buffers 64 256k;
+    }
+}
+#+end_src
+
+Save and exit the file when complete. On Ubuntu, you will need to
+symlink the configuration file before it will be recognized by Nginx.
+Once complete, simply restart the web server.
+
+#+begin_src sh
+sudo ln -s /etc/nginx/sites-available/ao /etc/nginx/sites-enabled/ao
+sudo systemctl restart nginx.service
+#+end_src
+
+The website will now be available publicly. Visit
+[[https://ao.cleberg.net][my instance]] for an example.