blob: e7443172b8b46c60c1d411b4749d2bb46feaa4ee (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
#+date: <2023-10-17 Tue 00:00:00>
#+title: How to Set Up AnonymousOverflow on Your Server
#+description: A step-by-step guide to installing and configuring AnonymousOverflow with Docker Compose and Nginx for secure self-hosting.
#+slug: self-hosting-anonymousoverflow
* Overview
I recently launched an instance of AnonymousOverflow at
[[https://ao.cleberg.net][ao.cleberg.net]] and wanted to write a brief
post on how easy it is to install with Docker Compose and Nginx.
This guide uses Ubuntu server, Docker Compose, and Nginx as a reverse
proxy.
* Installation
** Docker Compose
To install AnonymousOverflow, start by creating a directory for the
application and create its =docker-compose.yml= file.
#+begin_src sh
mkdir ~/anonymousoverflow && cd ~/anonymousoverflow
nano docker-compose.yml
#+end_src
Within this file, paste the following information. Be sure to change the
=APP_URL=, =JWT_SIGNING_SECRET=, and =ports= to match your needs.
#+begin_src yaml
version: "3"
services:
anonymousoverflow:
container_name: "app"
image: "ghcr.io/httpjamesm/anonymousoverflow:release"
environment:
- APP_URL=https://ao.example.com
- JWT_SIGNING_SECRET=secret #pwgen 40 1
ports:
- "9380:8080"
restart: "always"
#+end_src
Save and exit the file when complete. You can now launch the container
and access it via your local network.
#+begin_src sh
sudo docker-compose up -d
#+end_src
** Nginx Reverse Proxy
If you want to access this service outside the local network, I
recommend using Nginx as a reverse proxy.
Let's start by creating a configuration file.
#+begin_src sh
sudo nano /etc/nginx/sites-available/ao
#+end_src
Within this file, paste the following content and repace
=ao.example.com= with your URL. You may need to update the SSL
certificate statements if your certificates are in a different location.
#+begin_src conf
server {
if ($host ~ ^[^.]+\.cleberg\.net$) {
return 301 https://$host$request_uri;
}
listen [::]:80;
listen 80;
server_name ao.example.com;
return 404;
}
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name ao.example.com;
access_log /var/log/nginx/ao.access.log;
error_log /var/log/nginx/ao.error.log;
add_header X-Content-Type-Options "nosniff";
add_header X-XSS-Protection "1; mode=block";
add_header X-Frame-Options "DENY";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
add_header Referrer-Policy "no-referrer";
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
set $upstream_ao http://127.0.0.1:9380;
proxy_pass $upstream_ao;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
proxy_set_header Accept-Encoding gzip;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Forwarded-Ssl on;
proxy_redirect http:// $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 64 256k;
}
}
#+end_src
Save and exit the file when complete. On Ubuntu, you will need to
symlink the configuration file before it will be recognized by Nginx.
Once complete, simply restart the web server.
#+begin_src sh
sudo ln -s /etc/nginx/sites-available/ao /etc/nginx/sites-enabled/ao
sudo systemctl restart nginx.service
#+end_src
The website will now be available publicly. Visit
[[https://ao.cleberg.net][my instance]] for an example.
|
