OpenBSD化
このコミットが含まれているのは:
コミット
af459cbf01
25
Dockerfile
25
Dockerfile
|
@ -1,25 +0,0 @@
|
|||
FROM nimlang/nim:1.6.10-alpine-regular as nim
|
||||
LABEL maintainer="setenforce@protonmail.com"
|
||||
|
||||
RUN apk --no-cache add libsass-dev pcre
|
||||
|
||||
WORKDIR /src/nitter
|
||||
|
||||
COPY nitter.nimble .
|
||||
RUN nimble install -y --depsOnly
|
||||
|
||||
COPY . .
|
||||
RUN nimble build -d:danger -d:lto -d:strip \
|
||||
&& nimble scss \
|
||||
&& nimble md
|
||||
|
||||
FROM alpine:latest
|
||||
WORKDIR /src/
|
||||
RUN apk --no-cache add pcre ca-certificates
|
||||
COPY --from=nim /src/nitter/nitter ./
|
||||
COPY --from=nim /src/nitter/nitter.example.conf ./nitter.conf
|
||||
COPY --from=nim /src/nitter/public ./public
|
||||
EXPOSE 8080
|
||||
RUN adduser -h /src/ -D -s /bin/sh nitter
|
||||
USER nitter
|
||||
CMD ./nitter
|
|
@ -1,23 +0,0 @@
|
|||
FROM alpine:3.17 as nim
|
||||
LABEL maintainer="setenforce@protonmail.com"
|
||||
|
||||
RUN apk --no-cache add gcc git libc-dev libsass-dev "nim=1.6.8-r0" nimble pcre
|
||||
|
||||
WORKDIR /src/nitter
|
||||
|
||||
COPY nitter.nimble .
|
||||
RUN nimble install -y --depsOnly
|
||||
|
||||
COPY . .
|
||||
RUN nimble build -d:danger -d:lto -d:strip \
|
||||
&& nimble scss \
|
||||
&& nimble md
|
||||
|
||||
FROM alpine:3.17
|
||||
WORKDIR /src/
|
||||
RUN apk --no-cache add ca-certificates pcre openssl1.1-compat
|
||||
COPY --from=nim /src/nitter/nitter ./
|
||||
COPY --from=nim /src/nitter/nitter.example.conf ./nitter.conf
|
||||
COPY --from=nim /src/nitter/public ./public
|
||||
EXPOSE 8080
|
||||
CMD ./nitter
|
124
README.md
124
README.md
|
@ -1,7 +1,5 @@
|
|||
# Nitter
|
||||
# Nitter (OpenBSD)
|
||||
|
||||
[![Test Matrix](https://github.com/zedeus/nitter/workflows/Tests/badge.svg)](https://github.com/zedeus/nitter/actions/workflows/run-tests.yml)
|
||||
[![Test Matrix](https://github.com/zedeus/nitter/workflows/Docker/badge.svg)](https://github.com/zedeus/nitter/actions/workflows/build-docker.yml)
|
||||
[![License](https://img.shields.io/github/license/zedeus/nitter?style=flat)](#license)
|
||||
|
||||
A free and open source alternative Twitter front-end focused on privacy and
|
||||
|
@ -96,91 +94,83 @@ $ cd nitter
|
|||
$ nimble build -d:release
|
||||
$ nimble scss
|
||||
$ nimble md
|
||||
$ cp nitter.example.conf nitter.conf
|
||||
$ mkdir /etc/nitter
|
||||
$ cp nitter.example.conf /etc/nitter/nitter.conf
|
||||
$ cp nitter /usr/local/bin
|
||||
```
|
||||
|
||||
Set your hostname, port, HMAC key, https (must be correct for cookies), and
|
||||
Redis info in `nitter.conf`. To run Redis, either run
|
||||
`redis-server --daemonize yes`, or `systemctl enable --now redis` (or
|
||||
`redis-server --daemonize yes`, or `rcctl enable redis && rcctl start redis` (or
|
||||
redis-server depending on the distro). Run Nitter by executing `./nitter` or
|
||||
using the systemd service below. You should run Nitter behind a reverse proxy
|
||||
using the rc service below. You should run Nitter behind a reverse proxy
|
||||
such as [Nginx](https://github.com/zedeus/nitter/wiki/Nginx) or
|
||||
[Apache](https://github.com/zedeus/nitter/wiki/Apache) for security and
|
||||
performance reasons.
|
||||
|
||||
### Docker
|
||||
|
||||
Page for the Docker image: https://hub.docker.com/r/zedeus/nitter
|
||||
### rc.d
|
||||
|
||||
#### NOTE: For ARM64 support, please use the separate ARM64 docker image: [`zedeus/nitter:latest-arm64`](https://hub.docker.com/r/zedeus/nitter/tags).
|
||||
To run Nitter via rc you can use this service file:
|
||||
|
||||
To run Nitter with Docker, you'll need to install and run Redis separately
|
||||
before you can run the container. See below for how to also run Redis using
|
||||
Docker.
|
||||
```sh
|
||||
#!/bin/ksh
|
||||
|
||||
To build and run Nitter in Docker:
|
||||
daemon="/usr/local/bin/nitter"
|
||||
|
||||
```bash
|
||||
docker build -t nitter:latest .
|
||||
docker run -v $(pwd)/nitter.conf:/src/nitter.conf -d --network host nitter:latest
|
||||
```
|
||||
. /etc/rc.d/rc.subr
|
||||
|
||||
Note: For ARM64, use this Dockerfile: [`Dockerfile.arm64`](https://github.com/zedeus/nitter/blob/master/Dockerfile.arm64).
|
||||
rc_bg=YES
|
||||
|
||||
A prebuilt Docker image is provided as well:
|
||||
|
||||
```bash
|
||||
docker run -v $(pwd)/nitter.conf:/src/nitter.conf -d --network host zedeus/nitter:latest
|
||||
```
|
||||
|
||||
Using docker-compose to run both Nitter and Redis as different containers:
|
||||
Change `redisHost` from `localhost` to `nitter-redis` in `nitter.conf`, then run:
|
||||
|
||||
```bash
|
||||
docker-compose up -d
|
||||
```
|
||||
|
||||
Note the Docker commands expect a `nitter.conf` file in the directory you run
|
||||
them.
|
||||
|
||||
### systemd
|
||||
|
||||
To run Nitter via systemd you can use this service file:
|
||||
|
||||
```ini
|
||||
[Unit]
|
||||
Description=Nitter (An alternative Twitter front-end)
|
||||
After=syslog.target
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
|
||||
# set user and group
|
||||
User=nitter
|
||||
Group=nitter
|
||||
|
||||
# configure location
|
||||
WorkingDirectory=/home/nitter/nitter
|
||||
ExecStart=/home/nitter/nitter/nitter
|
||||
|
||||
Restart=always
|
||||
RestartSec=15
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
rc_cmd $1
|
||||
```
|
||||
|
||||
Then enable and run the service:
|
||||
`systemctl enable --now nitter.service`
|
||||
`rcctl enable nitter && rcctl start nitter`
|
||||
|
||||
### Logging
|
||||
### relayd
|
||||
```
|
||||
# $OpenBSD: relayd.conf,v 1.5 2018/05/06 20:56:55 benno Exp $
|
||||
#
|
||||
# Macros
|
||||
#
|
||||
relayd_addr="0.0.0.0"
|
||||
insrv3_addr="192.168.10.103"
|
||||
|
||||
Nitter currently prints some errors to stdout, and there is no real logging
|
||||
implemented. If you're running Nitter with systemd, you can check stdout like
|
||||
this: `journalctl -u nitter.service` (add `--follow` to see just the last 15
|
||||
lines). If you're running the Docker image, you can do this:
|
||||
`docker logs --follow *nitter container id*`
|
||||
table <twitter> { $insrv3_addr }
|
||||
|
||||
http protocol reverse {
|
||||
tcp { nodelay, sack }
|
||||
tls ciphers "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"
|
||||
tls keypair "owacon.moe"
|
||||
|
||||
match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
|
||||
match request header append "X-Forwarded-Port" value "$REMOTE_PORT"
|
||||
|
||||
match response header set "X-Frame-Options" value "deny"
|
||||
match response header set "X-XSS-Protection" value "1; mode=block"
|
||||
match response header set "X-Content-Type-Options" value "nosniff"
|
||||
match response header set "Strict-Transport-Security" value "max-age=31536000; includeSubDomains; preload"
|
||||
match response header set "Permissions-Policy" value "accelerometer=()"
|
||||
match response header set "Cache-Control" value "max-age=86400"
|
||||
|
||||
pass request quick header "Host" value "twitter.owacon.moe" forward to <twitter>
|
||||
}
|
||||
|
||||
relay www_tls {
|
||||
listen on $relayd_addr port 443 tls
|
||||
protocol reverse
|
||||
|
||||
forward to <twitter> port 8089 check tcp
|
||||
}
|
||||
|
||||
relay www_http {
|
||||
listen on $relayd_addr port 80
|
||||
protocol reverse
|
||||
|
||||
forward to <twitter> port 8089 check tcp
|
||||
}
|
||||
```
|
||||
|
||||
## Contact
|
||||
|
||||
|
|
|
@ -1,47 +0,0 @@
|
|||
version: "3"
|
||||
|
||||
services:
|
||||
|
||||
nitter:
|
||||
image: zedeus/nitter:latest
|
||||
container_name: nitter
|
||||
ports:
|
||||
- "127.0.0.1:8080:8080" # Replace with "8080:8080" if you don't use a reverse proxy
|
||||
volumes:
|
||||
- ./nitter.conf:/src/nitter.conf:Z,ro
|
||||
depends_on:
|
||||
- nitter-redis
|
||||
restart: unless-stopped
|
||||
healthcheck:
|
||||
test: wget -nv --tries=1 --spider http://127.0.0.1:8080/Jack/status/20 || exit 1
|
||||
interval: 30s
|
||||
timeout: 5s
|
||||
retries: 2
|
||||
user: "998:998"
|
||||
read_only: true
|
||||
security_opt:
|
||||
- no-new-privileges:true
|
||||
cap_drop:
|
||||
- ALL
|
||||
|
||||
nitter-redis:
|
||||
image: redis:6-alpine
|
||||
container_name: nitter-redis
|
||||
command: redis-server --save 60 1 --loglevel warning
|
||||
volumes:
|
||||
- nitter-redis:/data
|
||||
restart: unless-stopped
|
||||
healthcheck:
|
||||
test: redis-cli ping
|
||||
interval: 30s
|
||||
timeout: 5s
|
||||
retries: 2
|
||||
user: "999:1000"
|
||||
read_only: true
|
||||
security_opt:
|
||||
- no-new-privileges:true
|
||||
cap_drop:
|
||||
- ALL
|
||||
|
||||
volumes:
|
||||
nitter-redis:
|
|
@ -15,7 +15,7 @@ import routes/[
|
|||
const instancesUrl = "https://github.com/zedeus/nitter/wiki/Instances"
|
||||
const issuesUrl = "https://github.com/zedeus/nitter/issues"
|
||||
|
||||
let configPath = getEnv("NITTER_CONF_FILE", "./nitter.conf")
|
||||
let configPath = getEnv("NITTER_CONF_FILE", "/etc/nitter/nitter.conf")
|
||||
let (cfg, fullCfg) = getConfig(configPath)
|
||||
|
||||
if not cfg.enableDebug:
|
||||
|
|
|
@ -83,7 +83,6 @@ Twitter feed for: ${desc}. Generated by ${cfg.hostname}
|
|||
#end proc
|
||||
#
|
||||
#proc renderTimelineRss*(profile: Profile; cfg: Config; multi=false): string =
|
||||
#let prefs = Prefs(replaceTwitter: cfg.hostname, replaceYouTube: cfg.replaceYouTube, replaceOdysee: cfg.replaceOdysee, replacePixivA: cfg.replacePixivA, replacePixivU: cfg.replacePixivU, replacePixivB: cfg.replacePixivB, replacePixivI: cfg.replacePixivI, replacePixivM: cfg.replacePixivM, replacePixiv: cfg.replacePixiv)
|
||||
#let urlPrefix = getUrlPrefix(cfg)
|
||||
#result = ""
|
||||
#let handle = (if multi: "" else: "@") & profile.user.username
|
||||
|
@ -114,8 +113,7 @@ ${renderRssTweets(profile.tweets.content, cfg, userId=profile.user.id)}
|
|||
</rss>
|
||||
#end proc
|
||||
#
|
||||
#proc renderListRss*(tweets: seq[Tweet]; list: List; cfg: Config): string =
|
||||
#let prefs = Prefs(replaceTwitter: cfg.hostname, replaceYouTube: cfg.replaceYouTube, replaceOdysee: cfg.replaceOdysee, replacePixivA: cfg.replacePixivA, replacePixivU: cfg.replacePixivU, replacePixivB: cfg.replacePixivB, replacePixivI: cfg.replacePixivI, replacePixivM: cfg.replacePixivM, replacePixiv: cfg.replacePixiv)
|
||||
#proc renderListRss*(tweets: seq[Chain]; list: List; cfg: Config): string =
|
||||
#let link = &"{getUrlPrefix(cfg)}/i/lists/{list.id}"
|
||||
#result = ""
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
@ -132,8 +130,7 @@ ${renderRssTweets(tweets, cfg)}
|
|||
</rss>
|
||||
#end proc
|
||||
#
|
||||
#proc renderSearchRss*(tweets: seq[Tweet]; name, param: string; cfg: Config): string =
|
||||
#let prefs = Prefs(replaceTwitter: cfg.hostname, replaceYouTube: cfg.replaceYouTube, replaceOdysee: cfg.replaceOdysee, replacePixivA: cfg.replacePixivA, replacePixivU: cfg.replacePixivU, replacePixivB: cfg.replacePixivB, replacePixivI: cfg.replacePixivI, replacePixivM: cfg.replacePixivM, replacePixiv: cfg.replacePixiv)
|
||||
#proc renderSearchRss*(tweets: seq[Chain]; name, param: string; cfg: Config): string =
|
||||
#let link = &"{getUrlPrefix(cfg)}/search"
|
||||
#let escName = xmltree.escape(name)
|
||||
#result = ""
|
||||
|
|
新しいイシューから参照