/b/ - Random

Randomness


Mode: Reply
Name
Subject
Message

Max message length: 20000

Files

Max file size: 100.00 MB

Max files: 3

E-mail
Password

(used to delete files and postings)

Misc

[Index] [Catalog] [Down] [Refresh]

Anonymous 06/01/2020 (Mon) 14:10:10 Id:77202d No. 1
[TUTO] LynxChan 2.4.0 installation on Ubuntu 18.04 LTS + server configuration with nginx + let's encrypt + cloudflare + installing a third party front end + adding addons + setting a vanity onion address. Keep in mind this is just an example, it might contains some errors, there are numerous others ways to do this, be creative and find your own way. If you see anything that could be improved please share it here. At the end of this tutorial, you should have exactly the same website as https://bchan.net Minimum configuration: 1gb ram, 1 CPU core, 5gb SSD Recommended: 2gb ram, 1 CPU core, 10gb SSD Obviously you'll need a VPS, host-name and be able to SSH and FTP into the VPS. Some infographic to find good hosting for free speech or to avoid DMCA strikes https://weboas.is/media/host.png http://archive.vn/QUZJ6 Referral code for frantech (don't use their DDOS protection): https://my.frantech.ca/aff.php?aff=3665 Referral code for sporestack: https://sporestack.com/#ref=4c0bb4fe1bec8a9271f7994b41e988462d0bf0730539f09d915d4241cfc246fc http://spore64i5sofqlfz5gq2ju4msgzojjwifls7rok2cti624zyq3fcelad.onion/#ref=4c0bb4fe1bec8a9271f7994b41e988462d0bf0730539f09d915d4241cfc246fc Check official LynxChan git page here: https://gitgud.io/LynxChan/LynxChan You can see a video tutorial of the first steps here: >>14 Let's begin: sudo apt-get update sudo apt-get upgrade press y create user with root privilege and continue with this user (I'll create an user named bchan) tuto: https://www.digitalocean.com/community/tutorials/how-to-create-a-sudo-user-on-ubuntu-quickstart http://archive.vn/hFyJU adduser username usermod -aG sudo username su - username Get a few necessary depencies from packages: sudo apt-get update sudo apt install curl sudo apt install build-essential sudo apt-get install manpages-dev sudo apt install zlib1g sudo apt-get install yasm sudo apt-get install imagemagick sudo apt-get install libmagick++-dev sudo apt install libimage-exiftool-perl sudo apt install git unzip file sudo apt-get update install node.js, we install here with nvm according to those instructions (https://github.com/nvm-sh/nvm#install--update-script): curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.3/install.sh | bash export NVM_DIR="$([ -z "${XDG_CONFIG_HOME-}" ] && printf %s "${HOME}/.nvm" || printf %s "${XDG_CONFIG_HOME}/nvm")" [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm nvm install lts/erbium nvm use lts/erbium check version: node -v I get: v12.x.x Create a symlink for lynxchan to be able to run as a service later, don't forget to set the correct version you have just installed. sudo ln -s /home/bchan/.nvm/versions/node/v12.x.x/bin/node /usr/bin/node Installing the correct version of MongoDB: wget -qO - https://www.mongodb.org/static/pgp/server-4.2.asc | sudo apt-key add - echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.2 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.2.list sudo apt-get update sudo apt-get install -y mongodb-org sudo systemctl enable mongod sudo systemctl start mongod Check version: mongod --version I get: db version v4.2.6 git version: 20364840b8f1af16917e4c23c1b5f5efd8b352f8 OpenSSL version: OpenSSL 1.1.1 11 Sep 2018 allocator: tcmalloc modules: none build environment: distmod: ubuntu1804 distarch: x86_64 target_arch: x86_64 Build ffmpeg from source, might take a bit of time depending of your server: sudo apt-get update sudo apt-get install pkg-config sudo apt install git git clone git://source.ffmpeg.org/ffmpeg.git cd ffmpeg git checkout release/4.2 sudo ./configure --enable-shared --enable-pic sudo make sudo make install sudo nano /etc/ld.so.conf paste this include ld.so.conf.d/*.conf /usr/lib /usr/local/lib ctrl + x Y sudo ldconfig ffmpeg -version ffmpeg version n4.2.3-5-g221e490d42 Copyright (c) 2000-2020 the FFmpeg developers Let's install LynxChan now: cd git clone https://gitgud.io/LynxChan/LynxChan.git cd /home/bchan/LynxChan/aux ./setup.sh >Do you wish to download the default front-end to the default location? : y >Do you wish to install the libraries? Requires node.js installed. y >Do you wish to install the default settings from the example? (0.0.0.0:8080 to listen to requests, expects a database at localhost:27017) y >Do you wish to install the necessary data to use location flags? (y,n) n (we will see that later) >Do you wish to change to the latest stable version? (y,n) y (to get the latest stable version) n (to get the dev version, require other dependencies) In order to be able to run LynxChan as a service we are going to have to create a new user by the name of node. sudo adduser node sudo usermod -aG sudo node Always in the folder LynxChan/aux/: sudo ./root-setup.sh >Do you wish to install the command lynxchan for all users using a soft-link?: y >Do you wish to install a init script? Requires install as a command and an user called node on the system to run the engine, so it also must have permissions on the engine files. (systemd, upstart, openrc, blank for none): systemd You can enable LynxChan to boot on startup by running the following command: sudo systemctl enable lynxchan allow to run the LynxChan service through the node user: sudo apt-get install libcap2-bin sudo setcap 'cap_net_bind_service=+ep' `which node` sudo setcap cap_net_bind_service=+ep `readlink -f \`which node\`` Everything should be correctly installed Type lynxchan in your terminal and you should see: Worker 1 booted at Sat, 13 Jun 2020 19:33:04 GMT If it shows some mongodb error press ctrl+c wait a few seconds and type "lynxchan" again, it should disapear. You can now view your imageboard on the IP address of your VPS (trailed with :8080) or if you installed it locally you can access it at localhost:8080. Terminate the LynxChan script with ctrl + c Next we are going to generate a Root user for LynxChan, You should change username and password to values that you plan on using. lynxchan -ca -l username -p password -gr 0 With this command you can login at http://127.0.0.1:8080/login.html
Edited last time by jannie on 06/23/2020 (Tue) 20:45:23.
So this whole thing is installed, now we are gonna configure the server with nginx. I will show a complete config example with Cloudflare to secure things the most possible and hide server origin, but there are infinite others ways to configure this so take just this as informational and be creative yourself. Check this info-graphic to find others CDN and others way to configure a reverse proxy https://weboas.is/media/host.png http://archive.vn/QUZJ6 So make your Cloudflare account and point your domain to your server, left it proxied. Set ssl/tls to full(strict) and in "Edge Certificates" set "Always Use HTTPS" to On. now set a tight firewall, everything will only pass through cloudflare at this point follow this tutorial: (Don't mess this up or you're gonna lose access to ssh and ftp, beware the IPs on the link page aren't uptodate, uptodate cloudlfare IPs are here https://www.cloudflare.com/ips/) https://www.ajsalkeld.com/blog/tutorial/2016/08/01/how-to-use-ufw-to-whitelist-cloudflare-ips-ubuntu-debian-digitalocean/ http://archive.vn/buxxb sudo apt-get install ufw sudo ufw status sudo ufw disable sudo ufw reset sudo ufw allow ssh sudo ufw allow ftp up to date ips but still check on cloudflare linked pages, only allow https sudo ufw allow from 173.245.48.0/20 to any port https sudo ufw allow from 103.21.244.0/22 to any port https sudo ufw allow from 103.22.200.0/22 to any port https sudo ufw allow from 103.31.4.0/22 to any port https sudo ufw allow from 141.101.64.0/18 to any port https sudo ufw allow from 108.162.192.0/18 to any port https sudo ufw allow from 190.93.240.0/20 to any port https sudo ufw allow from 188.114.96.0/20 to any port https sudo ufw allow from 197.234.240.0/22 to any port https sudo ufw allow from 198.41.128.0/17 to any port https sudo ufw allow from 162.158.0.0/15 to any port https sudo ufw allow from 104.16.0.0/12 to any port https sudo ufw allow from 172.64.0.0/13 to any port https sudo ufw allow from 131.0.72.0/22 to any port https sudo ufw allow from 2400:cb00::/32 to any port https sudo ufw allow from 2606:4700::/32 to any port https sudo ufw allow from 2803:f800::/32 to any port https sudo ufw allow from 2405:b500::/32 to any port https sudo ufw allow from 2405:8100::/32 to any port https sudo ufw allow from 2a06:98c0::/29 to any port https sudo ufw allow from 2c0f:f248::/32 to any port https sudo ufw enable sudo ufw status ok now let's install nginx: sudo apt-get update sudo apt-get install nginx some tuto to get commands and stuffs: https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-18-04 http://archive.vn/sjBvU let's configure our server: sudo nano /etc/nginx/sites-available/default (or with ftp) put the ngninx config file instead, don't forget to change your hostname ctrl+x y server { if ($host = www.hostname.ltd) { return 301 https://$host$request_uri; } if ($host = hostname.ltd) { return 301 https://$host$request_uri; } listen 80; server_name hostname.ltd www.hostname.ltd; return 404; } server { client_max_body_size 100M; location /robots.txt { return 200 "User-agent: * Disallow:"; } location / { proxy_pass http://localhost:8080; proxy_set_header Host $host; real_ip_header CF-Connecting-IP; client_max_body_size 100M; # max file size for users to upload } } sudo systemctl enable nginx sudo systemctl start nginx check for syntax errors: sudo nginx -t now let's get a ssl certificate with cerbot and cloudflare that auto renew get the latest instructions in there https://certbot.eff.org/lets-encrypt/ubuntubionic-nginx go to "wildcard" and follow the steps: sudo apt-get update sudo apt-get install software-properties-common sudo add-apt-repository universe sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install certbot python3-certbot-nginx sudo apt-get install python3-certbot-dns-cloudflare get your Global API key in there https://dash.cloudflare.com/profile/api-tokens copy the key somewhere and: sudo mkdir /root/.secrets/ sudo nano /root/.secrets/cloudflare.ini then put your token and past this (change mail and api key) # Cloudflare API credentials used by Certbot dns_cloudflare_email = [email protected] dns_cloudflare_api_key = my-super-secret-api-key000000 Save sudo chmod 0700 /root/.secrets/ sudo chmod 0400 /root/.secrets/cloudflare.ini run this to generate the certificate (don't forget to change the hostname): sudo certbot certonly \ --dns-cloudflare \ --dns-cloudflare-credentials /root/.secrets/cloudflare.ini \ -d hostname.ltd \ -d www.hostname.ltd (Note: you are limited to 5 certificate a week per domain by cerbot) set email address and agree to terms It can take some times, be patient. Set automatic renewal: sudo certbot renew --dry-run now add the certificate to nginx: sudo nano /etc/nginx/sites-available/defaultor by ftp server { if ($host = www.hostname.ltd) { return 301 https://$host$request_uri; } if ($host = hostname.ltd) { return 301 https://$host$request_uri; } listen 80; server_name hostname.ltd www.hostname.ltd; return 404; } server { listen 443 ssl; server_name hostname.ltd www.hostname.ltd; client_max_body_size 100M; location /robots.txt { return 200 "User-agent: * Disallow:"; } location / { proxy_pass http://localhost:8080; proxy_set_header Host $host; real_ip_header CF-Connecting-IP; client_max_body_size 100M; # max file size for users to upload } ssl_certificate /etc/letsencrypt/live/hostname.ltd/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/hostname.ltd/privkey.pem; } Check that everything works: sudo systemctl restart nginx sudo nginx -t Now run: sudo systemctl start lynxchan And you should see Lynxchan running on your host name. You can try to reboot to check that lynxchan start well on boot. Now let's configure some other nginx parameters let's not save all logs to save space by defauly nginx save logs (ip + user agent) 14 days. sudo nano /etc/logrotate.d/nginx On line 4, change rotate 14 to rotate 1 ctrl+x y enter Now we need to configure nginx to forward IPs of users as it is behind cloudflare that act like a reverse proxy or all ips will be the same and a lots of functions will not work sudo nano /etc/nginx/nginx.conf under # Virtual Host Configs ## include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; set_real_ip_from 103.21.244.0/22; set_real_ip_from 103.22.200.0/22; set_real_ip_from 103.31.4.0/22; set_real_ip_from 104.16.0.0/12; set_real_ip_from 108.162.192.0/18; set_real_ip_from 131.0.72.0/22; set_real_ip_from 141.101.64.0/18; set_real_ip_from 162.158.0.0/15; set_real_ip_from 172.64.0.0/13; set_real_ip_from 173.245.48.0/20; set_real_ip_from 188.114.96.0/20; set_real_ip_from 190.93.240.0/20; set_real_ip_from 197.234.240.0/22; set_real_ip_from 198.41.128.0/17; set_real_ip_from 2400:cb00::/32; set_real_ip_from 2606:4700::/32; set_real_ip_from 2803:f800::/32; set_real_ip_from 2405:b500::/32; set_real_ip_from 2405:8100::/32; set_real_ip_from 2c0f:f248::/32; set_real_ip_from 2a06:98c0::/29; # use any of the following two real_ip_header CF-Connecting-IP; #real_ip_header X-Forwarded-For; } save sudo systemctl restart nginx Clouflare also tends to make lynxchan buggy with the cache so let's set up rules to not use cache. On your account go on Page rules, make a rule for www.domain.ltd and domain.ltd Set Cache level to Bypass Also configure Cloudflare to not show the annoying captcha to your users, in Overview, set Under Attack Mode to On, then back to Off, then set security level to Essentially Off and close. Now that everything is set we will focus on the LynxChan software. Read everything carefully everything is well documented on the gitgud repo https://gitgud.io/LynxChan/LynxChan/-/tree/master/src/be So let's set the flags (like /int/ flags), it was free but now you have to pay I think so we have a backup of the old version (it still works). Get your FTP manager and place the locationData folder (permission level: rwxr-xr-x or 755) in /LynxChan/src/be and you'll be good to go, since the flag icons are already included in the front-end. This is the most recent up to date version (downloaded 4 January 2020 22:50 UTC). Enjoy. https://anonfile.com/B5obd2Lan9/locationData_zip (15 MB .zip) Mirror: https://files.catbox.moe/un1410.zip (15 MB .zip)
Edited last time by jannie on 07/04/2020 (Sat) 18:04:10.
Now the LynxChan / PenumbraLynx front end is raw, you can use it as it is, customize it as you want or get a third party front end with all the functionality included like (You), catalog sorting, clipboardimage, a few more themes, rainbow text... I will show you how to get the same front end as https://bchan.net and how to customize it. Simply delete the current front end sudo rm -r -f /home/bchan/LynxChan/src/fe get this front end, (keep in mind this front end haven't been tested on the 2.3.x version, it's made for the 2.4.x lynxchan version): https://gitgud.io/bchan/bchan and put it at the same location as the other one cd /home/bchan/LynxChan/src You can git clone it and rename the folder to "fe" git clone https://gitgud.io/bchan/bchan.git To clear cache and apply changes, run this command lynxchan -cc -r -rfe -nd Run this as root if you have some EACCES errors with /tmp/unix.socket learn more about this here: https://gitgud.io/LynxChan/LynxChan/-/tree/master/src/be Now let's check a few settings in Lynxchan GUI, go to yoursite.ltd/globalSettings.js Set this: sudo chmod 676 /home/bchan/LynxChan/src/be/settings/general.json connect with the root account you made earlier set: >Tor Port2: 9090 (we will come back to this latter, just set a Tor port and remember it) >Maximum size for requests (MB): to something like 50mb >Extension used for thumbnails (Will make all gif thumbs not animate): png >Character limit for messages: 20000 >Maximum size for uploaded files (MB): 50mb >Allowed MIME types1: bunch of MIME type you can include image/png,image/jpeg,image/gif,image/bmp,video/webm,audio/mpeg,video/mp4,video/ogg,audio/ogg,audio/webm,application/pdf,image/webp,application/x-7z-compressed,application/zip,audio/webm,audio/x-wav,application/x-tar,application/x-rar-compressed,font/ttf,image/tiff,image/svg+xml,font/otf,application/vnd.oasis.opendocument.text,application/vnd.oasis.opendocument.spreadsheet,application/json,image/x-icon,text/html,application/epub+zip,application/vnd.openxmlformats-officedocument.wordprocessingml.document,application/msword,text/css,text/plain,application/octet-stream,video/x-ms-wmv for webp images compatibility sudo apt-get install webp >Total limit of uploaded files on the site 30000 >Disable flood checks (to test your site after) >Disable check on spammer IPs this (to allow VPNs and proxies to post) >Captcha security level: easy >Tor posting permission level: Allowed to post normally >Bypass mode: this will require a block bypass to post, disable right now but activate in case of flood and for easier moderation >Amount of latest posts to show on front-page:10 >Amount of latest images to show on front-page:4 >Amount of threads on the multi-board:10 >Amount of boards to be picked as top boards: 1 >Maximum amount of threads per board: 1000 >Maximum number of banners in boards: 1000 >Maximum size for banners (KB): 500 >Amount of days before removing IPs from posts (any value below 1 or null means to never remove): 1 >Maximum dimension for thumbnails, for both height and width: 200 >Overboard uri: overboard >Site title: Title >Addons1,2(They will be loaded in the order they appear in this list): rainbow,CatalogSort,orange,sage,webring,fortune,jewtext (we will come back to this) >Use ffmpeg to generate animated gif thumbnails (requires ffmpeg installed) >Allow global staff to moderate boards >Make boards use global banners >Generate thumbnails from media files (requires ffmpeg installed) >Display total post count and total unique IPs on front-page >Strip exif data from files Save, if you get this message: Error: EACCES: permission denied sudo chmod 676 /home/bchan/LynxChan/src/be/settings/general.json Now let's add the add-ons. You can get the addons here and clone them in LynxChan/src/be/addons cd /home/bchan/LynxChan/src/be/addons git clone https://gitgud.io/bchan/addons.git This will put the addons folder in the addons folder, don't forget to fix that. You need to change a few things, in addons/webring/config.js put your website then change permission for this to work. find /home/bchan/LynxChan/src/be/addons/webring -type d -exec chmod 0777 {} \; find /home/bchan/LynxChan/src/be/addons/webring -type f -exec chmod 0777 {} \; To be visible in others webring nodes I think one of them have to manually add you first. in the CatalogSort add-on, change the path to where is installed your LynxChan. You can also change the fortunes messages. Now just reboot and check there is no errors with the addons: sudo reboot sudo lynxchan -cc -r -rfe -nd Now go in https://yoursite/account.js and create a board Under Owned Boards click your board URI, you can manage your board here Set the parameters you want, flags, ids... Allow use of code tags To change the logo change logo.png in the static folder by your image and for the animated logo go in /static/pages/logo.html and include your logo as base64. You can do this here: https://www.base64-image.de/ To personalize the front end more in depth play with the CSS, to change text in Bulk use some text editor like Notepad++ or Sublime Text 3 (like changing Bchan to MYchan quickly). Now you'll need an onion address. here is some tutorial: https://chown.io/guide-host-your-own-onion-site-tor-nginx/ http://archive.vn/W6muG echo -e "deb https://deb.torproject.org/torproject.org bionic main\ndeb-src https://deb.torproject.org/torproject.org bionic main" > /etc/apt/sources.list.d/tor.list wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --import gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add apt update && apt -y upgrade && apt-get -y install nginx tor systemctl enable nginx && systemctl enable tor && systemctl start tor.service Open /etc/nginx/nginx.conf - turn off our server_tokens. Change hash_bucket_size to allow for a lengthy address. I tend to use nano: nano /etc/nginx/nginx.conf (don't froget to remove the #) Within http { server_names_hash_bucket_size 125; server_tokens off; } Exit and Save: CTRL + x + y | ENTER Do test for any errors, reload nginx. nginx -t nginx -s reload Proceed to configure a Hidden Service within Tor, using your editor open /etc/tor/torrc nano /etc/tor/torrc Find and replace, remove the # like with the nginx config file. HiddenServiceDir /var/lib/tor/nginx/ HiddenServicePort 80 127.0.0.1:9090 (remember the Tor port we set earlier in globalSettings.js) Exit and Save: CTRL + x + y | ENTER Reload Tor, to generate your .onion address. (don't change "hostname" here) service tor reload cat /var/lib/tor/nginx/hostname You may find; cat: /var/lib/tor/nginx/hostname: No such file or directory Okay, speedy fingers! Wait a couple of seconds for Tor to load. cat /var/lib/tor/nginx/hostname Onion: vvhff6npqpyd3xsv5mfjuz64litpngve4kg7wlrth2ikugvt7vsfwhad.onion Go check if you can access your generated address from the Tor browser. Now let's generate a Vanity onion address with 5 characters, should take 1 minute, some tuto: https://opensource.com/article/19/8/how-create-vanity-tor-onion-address http://archive.vn/10WtN You'll need mkp224o: git clone https://github.com/cathugger/mkp224o.git cd mkp224o sudo apt install gcc libsodium-dev make autoconf ./autogen.sh ./configure make Type ./mkp224o -h to view Help Type something like that to generate your address: ./mkp224o bchan -t 4 -v -n 4 -d ~/Extracts ctrl+c to stop process. Keep in mind that more than 5 characters will take a long time. Now go in the folder where the address have been generated, something like /path/to/Extracts Copy the three files, hostname, public and secret key then replace the /var/lib/tor/nginx files with the one you just generated sudo service tor reload nginx -t nginx -s reload Now check that everything is working: bchan46hwn7fxf67hav7khj3ca7v4avg7yhieahqyocgnaolazgi6tqd.onion Setting up your sites favicon: mongofiles -h localhost -d lynxchan -l /home/bchan/LynxChan/src/fe/static/favicon.ico put /favicon.ico If you want to change it again delete the old one (learn MongoDB) Everything should be working fine now.
>>1 ok
>>3 You know, you could just clone the new FE to anywhere then select it on the global settings page. It would automatically refresh everything.
>>10 Yes this works too.
Video tutorial miss some stuffs, keep following the text tutorial
Edited last time by jannie on 06/23/2020 (Tue) 17:25:54.
Minimum configuration: 1/2 gb ram, 1 CPU core, 10gb SSD


[Index] [Catalog] [Top]
Delete
Report

no cookies?