diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index c100394..0000000 --- a/Dockerfile +++ /dev/null @@ -1,25 +0,0 @@ -FROM nimlang/nim:1.6.10-alpine-regular as nim -LABEL maintainer="setenforce@protonmail.com" - -RUN apk --no-cache add libsass-dev pcre - -WORKDIR /src/nitter - -COPY nitter.nimble . -RUN nimble install -y --depsOnly - -COPY . . -RUN nimble build -d:danger -d:lto -d:strip \ - && nimble scss \ - && nimble md - -FROM alpine:latest -WORKDIR /src/ -RUN apk --no-cache add pcre ca-certificates -COPY --from=nim /src/nitter/nitter ./ -COPY --from=nim /src/nitter/nitter.example.conf ./nitter.conf -COPY --from=nim /src/nitter/public ./public -EXPOSE 8080 -RUN adduser -h /src/ -D -s /bin/sh nitter -USER nitter -CMD ./nitter diff --git a/Dockerfile.arm64 b/Dockerfile.arm64 deleted file mode 100644 index 6cd6744..0000000 --- a/Dockerfile.arm64 +++ /dev/null @@ -1,23 +0,0 @@ -FROM alpine:3.17 as nim -LABEL maintainer="setenforce@protonmail.com" - -RUN apk --no-cache add gcc git libc-dev libsass-dev "nim=1.6.8-r0" nimble pcre - -WORKDIR /src/nitter - -COPY nitter.nimble . -RUN nimble install -y --depsOnly - -COPY . . -RUN nimble build -d:danger -d:lto -d:strip \ - && nimble scss \ - && nimble md - -FROM alpine:3.17 -WORKDIR /src/ -RUN apk --no-cache add ca-certificates pcre openssl1.1-compat -COPY --from=nim /src/nitter/nitter ./ -COPY --from=nim /src/nitter/nitter.example.conf ./nitter.conf -COPY --from=nim /src/nitter/public ./public -EXPOSE 8080 -CMD ./nitter diff --git a/README.md b/README.md index 4f8235d..397464c 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,5 @@ -# Nitter +# Nitter (OpenBSD) -[![Test Matrix](https://github.com/zedeus/nitter/workflows/Tests/badge.svg)](https://github.com/zedeus/nitter/actions/workflows/run-tests.yml) -[![Test Matrix](https://github.com/zedeus/nitter/workflows/Docker/badge.svg)](https://github.com/zedeus/nitter/actions/workflows/build-docker.yml) [![License](https://img.shields.io/github/license/zedeus/nitter?style=flat)](#license) A free and open source alternative Twitter front-end focused on privacy and @@ -96,91 +94,83 @@ $ cd nitter $ nimble build -d:release $ nimble scss $ nimble md -$ cp nitter.example.conf nitter.conf +$ mkdir /etc/nitter +$ cp nitter.example.conf /etc/nitter/nitter.conf +$ cp nitter /usr/local/bin ``` Set your hostname, port, HMAC key, https (must be correct for cookies), and Redis info in `nitter.conf`. To run Redis, either run -`redis-server --daemonize yes`, or `systemctl enable --now redis` (or +`redis-server --daemonize yes`, or `rcctl enable redis && rcctl start redis` (or redis-server depending on the distro). Run Nitter by executing `./nitter` or -using the systemd service below. You should run Nitter behind a reverse proxy +using the rc service below. You should run Nitter behind a reverse proxy such as [Nginx](https://github.com/zedeus/nitter/wiki/Nginx) or [Apache](https://github.com/zedeus/nitter/wiki/Apache) for security and performance reasons. -### Docker -Page for the Docker image: https://hub.docker.com/r/zedeus/nitter +### rc.d -#### NOTE: For ARM64 support, please use the separate ARM64 docker image: [`zedeus/nitter:latest-arm64`](https://hub.docker.com/r/zedeus/nitter/tags). +To run Nitter via rc you can use this service file: -To run Nitter with Docker, you'll need to install and run Redis separately -before you can run the container. See below for how to also run Redis using -Docker. +```sh +#!/bin/ksh -To build and run Nitter in Docker: +daemon="/usr/local/bin/nitter" -```bash -docker build -t nitter:latest . -docker run -v $(pwd)/nitter.conf:/src/nitter.conf -d --network host nitter:latest -``` +. /etc/rc.d/rc.subr -Note: For ARM64, use this Dockerfile: [`Dockerfile.arm64`](https://github.com/zedeus/nitter/blob/master/Dockerfile.arm64). +rc_bg=YES -A prebuilt Docker image is provided as well: - -```bash -docker run -v $(pwd)/nitter.conf:/src/nitter.conf -d --network host zedeus/nitter:latest -``` - -Using docker-compose to run both Nitter and Redis as different containers: -Change `redisHost` from `localhost` to `nitter-redis` in `nitter.conf`, then run: - -```bash -docker-compose up -d -``` - -Note the Docker commands expect a `nitter.conf` file in the directory you run -them. - -### systemd - -To run Nitter via systemd you can use this service file: - -```ini -[Unit] -Description=Nitter (An alternative Twitter front-end) -After=syslog.target -After=network.target - -[Service] -Type=simple - -# set user and group -User=nitter -Group=nitter - -# configure location -WorkingDirectory=/home/nitter/nitter -ExecStart=/home/nitter/nitter/nitter - -Restart=always -RestartSec=15 - -[Install] -WantedBy=multi-user.target +rc_cmd $1 ``` Then enable and run the service: -`systemctl enable --now nitter.service` +`rcctl enable nitter && rcctl start nitter` -### Logging +### relayd +``` +# $OpenBSD: relayd.conf,v 1.5 2018/05/06 20:56:55 benno Exp $ +# +# Macros +# +relayd_addr="0.0.0.0" +insrv3_addr="192.168.10.103" -Nitter currently prints some errors to stdout, and there is no real logging -implemented. If you're running Nitter with systemd, you can check stdout like -this: `journalctl -u nitter.service` (add `--follow` to see just the last 15 -lines). If you're running the Docker image, you can do this: -`docker logs --follow *nitter container id*` +table { $insrv3_addr } + +http protocol reverse { + tcp { nodelay, sack } + tls ciphers "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256" + tls keypair "owacon.moe" + + match request header append "X-Forwarded-For" value "$REMOTE_ADDR" + match request header append "X-Forwarded-Port" value "$REMOTE_PORT" + + match response header set "X-Frame-Options" value "deny" + match response header set "X-XSS-Protection" value "1; mode=block" + match response header set "X-Content-Type-Options" value "nosniff" + match response header set "Strict-Transport-Security" value "max-age=31536000; includeSubDomains; preload" + match response header set "Permissions-Policy" value "accelerometer=()" + match response header set "Cache-Control" value "max-age=86400" + + pass request quick header "Host" value "twitter.owacon.moe" forward to +} + +relay www_tls { + listen on $relayd_addr port 443 tls + protocol reverse + + forward to port 8089 check tcp +} + +relay www_http { + listen on $relayd_addr port 80 + protocol reverse + + forward to port 8089 check tcp +} +``` ## Contact diff --git a/docker-compose.yml b/docker-compose.yml deleted file mode 100644 index ec8ade5..0000000 --- a/docker-compose.yml +++ /dev/null @@ -1,47 +0,0 @@ -version: "3" - -services: - - nitter: - image: zedeus/nitter:latest - container_name: nitter - ports: - - "127.0.0.1:8080:8080" # Replace with "8080:8080" if you don't use a reverse proxy - volumes: - - ./nitter.conf:/src/nitter.conf:Z,ro - depends_on: - - nitter-redis - restart: unless-stopped - healthcheck: - test: wget -nv --tries=1 --spider http://127.0.0.1:8080/Jack/status/20 || exit 1 - interval: 30s - timeout: 5s - retries: 2 - user: "998:998" - read_only: true - security_opt: - - no-new-privileges:true - cap_drop: - - ALL - - nitter-redis: - image: redis:6-alpine - container_name: nitter-redis - command: redis-server --save 60 1 --loglevel warning - volumes: - - nitter-redis:/data - restart: unless-stopped - healthcheck: - test: redis-cli ping - interval: 30s - timeout: 5s - retries: 2 - user: "999:1000" - read_only: true - security_opt: - - no-new-privileges:true - cap_drop: - - ALL - -volumes: - nitter-redis: diff --git a/src/nitter.nim b/src/nitter.nim index 627af75..ac0c18d 100644 --- a/src/nitter.nim +++ b/src/nitter.nim @@ -15,7 +15,7 @@ import routes/[ const instancesUrl = "https://github.com/zedeus/nitter/wiki/Instances" const issuesUrl = "https://github.com/zedeus/nitter/issues" -let configPath = getEnv("NITTER_CONF_FILE", "./nitter.conf") +let configPath = getEnv("NITTER_CONF_FILE", "/etc/nitter/nitter.conf") let (cfg, fullCfg) = getConfig(configPath) if not cfg.enableDebug: diff --git a/src/views/rss.nimf b/src/views/rss.nimf index a2f58c7..ce2518a 100644 --- a/src/views/rss.nimf +++ b/src/views/rss.nimf @@ -83,7 +83,6 @@ Twitter feed for: ${desc}. Generated by ${cfg.hostname} #end proc # #proc renderTimelineRss*(profile: Profile; cfg: Config; multi=false): string = -#let prefs = Prefs(replaceTwitter: cfg.hostname, replaceYouTube: cfg.replaceYouTube, replaceOdysee: cfg.replaceOdysee, replacePixivA: cfg.replacePixivA, replacePixivU: cfg.replacePixivU, replacePixivB: cfg.replacePixivB, replacePixivI: cfg.replacePixivI, replacePixivM: cfg.replacePixivM, replacePixiv: cfg.replacePixiv) #let urlPrefix = getUrlPrefix(cfg) #result = "" #let handle = (if multi: "" else: "@") & profile.user.username @@ -114,8 +113,7 @@ ${renderRssTweets(profile.tweets.content, cfg, userId=profile.user.id)} #end proc # -#proc renderListRss*(tweets: seq[Tweet]; list: List; cfg: Config): string = -#let prefs = Prefs(replaceTwitter: cfg.hostname, replaceYouTube: cfg.replaceYouTube, replaceOdysee: cfg.replaceOdysee, replacePixivA: cfg.replacePixivA, replacePixivU: cfg.replacePixivU, replacePixivB: cfg.replacePixivB, replacePixivI: cfg.replacePixivI, replacePixivM: cfg.replacePixivM, replacePixiv: cfg.replacePixiv) +#proc renderListRss*(tweets: seq[Chain]; list: List; cfg: Config): string = #let link = &"{getUrlPrefix(cfg)}/i/lists/{list.id}" #result = "" @@ -132,8 +130,7 @@ ${renderRssTweets(tweets, cfg)} #end proc # -#proc renderSearchRss*(tweets: seq[Tweet]; name, param: string; cfg: Config): string = -#let prefs = Prefs(replaceTwitter: cfg.hostname, replaceYouTube: cfg.replaceYouTube, replaceOdysee: cfg.replaceOdysee, replacePixivA: cfg.replacePixivA, replacePixivU: cfg.replacePixivU, replacePixivB: cfg.replacePixivB, replacePixivI: cfg.replacePixivI, replacePixivM: cfg.replacePixivM, replacePixiv: cfg.replacePixiv) +#proc renderSearchRss*(tweets: seq[Chain]; name, param: string; cfg: Config): string = #let link = &"{getUrlPrefix(cfg)}/search" #let escName = xmltree.escape(name) #result = ""