feat: total re-write from Emacs org-mode to Zola markdown

1 files changed, 133 insertions, 0 deletions

diff --git a/content/blog/2023-10-17-self-hosting-anonymousoverflow.md b/content/blog/2023-10-17-self-hosting-anonymousoverflow.md
new file mode 100644
index 0000000..7b3b228
--- /dev/null
+++ b/content/blog/2023-10-17-self-hosting-anonymousoverflow.md
@@ -0,0 +1,133 @@
++++
+date = 2023-10-17
+title = "Self-Hosting AnonymousOverflow"
+description = "A guide to self-hosting the AnonymousOverflow application on your own server."
++++
+
+## Overview
+
+I recently launched an instance of AnonymousOverflow at
+[ao.cleberg.net](https://ao.cleberg.net) and wanted to write a brief
+post on how easy it is to install with Docker Compose and Nginx.
+
+This guide uses Ubuntu server, Docker Compose, and Nginx as a reverse
+proxy.
+
+## Installation
+
+### Docker Compose
+
+To install AnonymousOverflow, start by creating a directory for the
+application and create its `docker-compose.yml` file.
+
+```sh
+mkdir ~/anonymousoverflow && cd ~/anonymousoverflow
+nano docker-compose.yml
+```
+
+Within this file, paste the following information. Be sure to change the
+`APP_URL`, `JWT_SIGNING_SECRET`, and
+`ports` to match your needs.
+
+```yaml
+version: '3'
+
+services:
+    anonymousoverflow:
+        container_name: 'app'
+        image: 'ghcr.io/httpjamesm/anonymousoverflow:release'
+        environment:
+            - APP_URL=https://ao.example.com
+            - JWT_SIGNING_SECRET=secret #pwgen 40 1
+        ports:
+            - '9380:8080'
+        restart: 'always'
+```
+
+Save and exit the file when complete. You can now launch the container
+and access it via your local network.
+
+```sh
+sudo docker-compose up -d
+```
+
+### Nginx Reverse Proxy
+
+If you want to access this service outside the local network, I
+recommend using Nginx as a reverse proxy.
+
+Let's start by creating a configuration file.
+
+```sh
+sudo nano /etc/nginx/sites-available/ao
+```
+
+Within this file, paste the following content and repace
+`ao.example.com` with your URL. You may need to update the
+SSL certificate statements if your certificates are in a different
+location.
+
+```conf
+server {
+    if ($host ~ ^[^.]+\.cleberg\.net$) {
+        return 301 https://$host$request_uri;
+    }
+
+    listen [::]:80;
+    listen 80;
+    server_name ao.example.com;
+    return 404;
+}
+
+server {
+    listen [::]:443 ssl http2;
+    listen 443 ssl http2;
+    server_name ao.example.com;
+    access_log  /var/log/nginx/ao.access.log;
+    error_log   /var/log/nginx/ao.error.log;
+
+    add_header X-Content-Type-Options "nosniff";
+    add_header X-XSS-Protection "1; mode=block";
+    add_header X-Frame-Options "DENY";
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+    add_header Referrer-Policy "no-referrer";
+
+    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+    location / {
+        set $upstream_ao http://127.0.0.1:9380;
+        proxy_pass $upstream_ao;
+
+        proxy_set_header Host $host;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection upgrade;
+        proxy_set_header Accept-Encoding gzip;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Host $http_host;
+        proxy_set_header X-Forwarded-Uri $request_uri;
+        proxy_set_header X-Forwarded-Ssl on;
+        proxy_redirect  http://  $scheme://;
+        proxy_http_version 1.1;
+        proxy_set_header Connection "";
+        proxy_cache_bypass $cookie_session;
+        proxy_no_cache $cookie_session;
+        proxy_buffers 64 256k;
+    }
+}
+```
+
+Save and exit the file when complete. On Ubuntu, you will need to
+symlink the configuration file before it will be recognized by Nginx.
+Once complete, simply restart the web server.
+
+```sh
+sudo ln -s /etc/nginx/sites-available/ao /etc/nginx/sites-enabled/ao
+sudo systemctl restart nginx.service
+```
+
+The website will now be available publicly. Visit [my instance](https://ao.cleberg.net) for an example.