As you have probably noticed after looking at the footer of any of the blogposts in this blog, they are all licensed under the public domain license. This means that there is no copyright restrictions at all, it is free for all, forever.
The reason behind this stems from Sum Nihil, where i strongly believe that it doesn't matter who does the work, who gets the fame, who gets to profit off of it, what truly matters is that the work gets done, no matter who does it.
Here, the work is to make sure that everyone out there knows that when using the right technology in the right way, they cannot be oppressed, silenced, censored, controlled, and governed anymore. If you can help me reach that goal i'm definitely going to welcome it, even if it means to allow other people to run the blog.
The entire blog is meant to remain available for free, for everyone, over clearnet and over the Tor network. Ideally i'd like it to be resillient to takedowns in the case if something were to happen to me in the future. Therefore, the more people run the blog themselves, the more resillient it will become, and the farther the word will be able to go out there.
On a debian server (VPS or not), install the following packages:
[ Datura ] [ /dev/pts/23 ] [~]
→ sudo apt install nginx wget curl -y
Then, you need to download the blog somewhere, you can simply git clone it from the blog-contributions gitea repository into the /srv/ directory:
[ Datura ] [ /dev/pts/23 ] [~]
→ git clone https://git.nowhere.moe/nihilist/blog-contributions /srv/blog/
then you can use this nginx configuration (and dont forget to enable it with a symlink to sites-enabled):
[ Datura ] [ /dev/pts/23 ] [~]
→ rm /etc/nginx/sites-*/default
[ Datura ] [ /dev/pts/23 ] [~]
→ vim /etc/nginx/sites-available/blog.nowhere.moe
[ Datura ] [ /dev/pts/23 ] [~]
→ ln -s /etc/nginx/sites-available/blog.nowhere.moe /etc/nginx/sites-enabled/
[ Datura ] [ /dev/pts/23 ] [~]
→ cat /etc/nginx/sites-available/blog.nowhere.moe
server {
listen 80;
listen [::]:80;
server_name blog.nowhere.moe;
return 301 https://$server_name$request_uri;
}
server {
######## TOR CHANGES ########
listen 4443;
listen [::]:4443;
server_name blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion;
add_header Onion-Location "http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion$request_uri" always;
######## TOR CHANGES ########
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name blog.nowhere.moe;
########################################## HARDENING SSL #############################################
ssl_certificate /root/.acme.sh/blog.nowhere.moe/fullchain.cer;
ssl_certificate_key /root/.acme.sh/blog.nowhere.moe/blog.nowhere.moe.key;
ssl_dhparam /root/.acme.sh/dhparam.pem;
# SSL Settings
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets off;
ssl_ecdh_curve auto;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /root/.acme.sh/blog.nowhere.moe/fullchain.cer;
resolver 1.1.1.1 208.67.222.222;
add_header Strict-Transport-Security "max-age=63072000" always;
access_log off;
error_log off;
###################################END OF HARDENING SSL###########################################
root /srv/blog/;
rewrite ^/servers/anon.html /opsec/index.html permanent;
rewrite ^/servers/(.*)$ /opsec/$1 permanent;
index index.html;
}
but as you can see we're missing the TLS certificates, so let's get them using acme.sh:
[ Datura ] [ /dev/pts/23 ] [~]
→ wget -O - https://get.acme.sh | sh -s email=nihilist@contact.nowhere.moe
[ Datura ] [ /dev/pts/23 ] [~]
→ systemctl stop nginx ; acme.sh --issue --standalone -d blog.nowhere.moe -k 4096; systemctl start nginx
And now that we have them, let's see if the nginx config is correct:
[ Datura ] [ /dev/pts/23 ] [~]
→ nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Now that the nginx config is correct let's restart nginx to load in the new config:
[ Datura ] [ /dev/pts/23 ] [~]
→ systemctl restart nginx
And then we can see that the website is up and reachable at the clearnet domain:
Since clearnet websites are easily censorable nowadays, let's make sure it is censorship-resistant by making it available over Tor. Let's first install Tor:
[ Datura ] [ /dev/pts/23 ] [~]
→ apt install tor -y
Then we git clone the mkp repository to be able to generate an onion hidden service address:
[ Datura ] [ /dev/pts/23 ] [~]
→ apt install gcc libc6-dev libsodium-dev make autoconf tor
[ Datura ] [ /dev/pts/23 ] [~]
→ git clone https://github.com/cathugger/mkp224o /srv/mkp224o
[ Datura ] [ /dev/pts/23 ] [/srv/mkp224o]
→ cd /srv/mkp224o ; ./autogen.sh ; ./configure ; make
[ Datura ] [ /dev/pts/23 ] [/srv/mkp224o]
→ ./mkp224o datura
sorting filters... done.
filters:
datura
in total, 1 filter
using 12 threads
daturacccspczuluj2hbgqfcpkjo75hn7bzmuzsm5zys3az6k3su45ad.onion
daturaxnp7x4ubwlslgyeaft5dabaxotmsaxanayocnpxarc7wi36kid.onion
[ Datura ] [ /dev/pts/23 ] [/srv/mkp224o]
→ mkdir /var/lib/tor/onions
[ Datura ] [ /dev/pts/23 ] [/srv/mkp224o]
→ mv daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion /var/lib/tor/onions
[ Datura ] [ /dev/pts/11 ] [lib/tor/onions]
→ ls -lash
total 16K
4.0K drwx------ 4 debian-tor debian-tor 4.0K Jan 27 15:33 .
4.0K drwx--S--- 8 debian-tor debian-tor 4.0K Feb 1 15:08 ..
4.0K drwx------ 3 debian-tor debian-tor 4.0K Jul 12 2023 daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion
4.0K drwx------ 3 debian-tor debian-tor 4.0K Jan 27 15:48 nihilhfjmj55gfbleupwl2ub7lvbhq4kkoioatiopahfqwkcnglsawyd.onion
[ Datura ] [ /dev/pts/11 ] [lib/tor/onions]
→ ls -lash daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion
total 24K
4.0K drwx------ 3 debian-tor debian-tor 4.0K Jul 12 2023 .
4.0K drwx------ 4 debian-tor debian-tor 4.0K Jan 27 15:33 ..
4.0K drwx------ 2 debian-tor debian-tor 4.0K Jul 12 2023 authorized_clients
4.0K -r-------- 1 debian-tor debian-tor 63 Jul 12 2023 hostname
4.0K -r-------- 1 debian-tor debian-tor 64 Jul 12 2023 hs_ed25519_public_key
4.0K -r-------- 1 debian-tor debian-tor 96 Jul 12 2023 hs_ed25519_secret_key
Then after copying the hidden service files where they belong we change the directory rights accordingly:
[ Datura ] [ /dev/pts/11 ] [lib/tor/onions]
→ chmod 700 daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion
[ Datura ] [ /dev/pts/11 ] [lib/tor/onions]
→ chmod 400 daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion/*
[ Datura ] [ /dev/pts/11 ] [lib/tor/onions]
→ chmod 700 daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion/authorized_clients -R
[ Datura ] [ /dev/pts/11 ] [lib/tor/onions]
→ chown debian-tor: /var/lib/tor/onions -R
Then we edit the torrc config file to make sure it uses the correct hidden service directory, along with a port to be used to access the website:
[ Datura ] [ /dev/pts/11 ] [/srv/mkp224o]
→ cat /etc/tor/torrc
HiddenServiceDir /var/lib/tor/onions/daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion/
HiddenServicePort 80 127.0.0.1:4443 # for web service HTTP (recommended!)
HiddenServicePort 443 127.0.0.1:4444 # for web service HTTPS (but not recommended!)
HiddenServicePort 18080 127.0.0.1:18080 # for monero nodes
HiddenServicePort 18081 127.0.0.1:18081 # for monero nodes
# to have another hidden service, you can append it afterward like so; but you need to use different ports:
HiddenServiceDir /var/lib/tor/onions/daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion/
HiddenServicePort 80 127.0.0.1:4445
Then we restart Tor to refresh the configuration:
[ Datura ] [ /dev/pts/23 ] [/srv/mkp224o]
→ systemctl restart tor@default
[ Datura ] [ /dev/pts/23 ] [/srv/mkp224o]
→ systemctl status tor@default
● tor@default.service - Anonymizing overlay network for TCP
Loaded: loaded (/lib/systemd/system/tor@default.service; enabled-runtime; preset: enabled)
Active: active (running) since Sun 2024-11-10 21:39:43 CET; 2 days ago
Main PID: 2790923 (tor)
Tasks: 13 (limit: 77002)
Memory: 1.5G
CPU: 1d 12h 17min 42.199s
CGroup: /system.slice/system-tor.slice/tor@default.service
└─2790923 /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0
And from there, we edit the nginx configuration to make sure the website is reachable over the tor domain aswell along with having the header set so that the user's tor browser mentions that there is a .onion link available:
[ Datura ] [ /dev/pts/23 ] [~]
→ vim /etc/nginx/sites-available/blog.nowhere.moe
[ Datura ] [ /dev/pts/23 ] [/srv/mkp224o]
→ cat /etc/nginx/sites-available/blog.nowhere.moe
server {
listen 80;
listen [::]:80;
server_name blog.nowhere.moe;
return 301 https://$server_name$request_uri;
}
server {
######## TOR CHANGES ########
listen 4443;
listen [::]:4443;
server_name blog.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion;
add_header Onion-Location "http://blog.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion$request_uri" always;
######## TOR CHANGES ########
[...]
}
And then we refresh nginx and we see that the website can be reached over the .onion link aswell:
[ Datura ] [ /dev/pts/23 ] [~]
→ systemctl restart nginx
And that's it! you now have made your own copy of the blog available over clearnet and Tor.
Now in order to make sure you can welcome external contributions, you need at least to be able to have a gitea instance like the one i have at https://git.nowhere.moe:
Now here you have a simple mirror git repo of the blog, once a day it will synchronize the new changes onto your mirror which is always useful to have in case if the main repository gets taken down.
If it were to get taken down for whatever reason, or if you decide to branch out and do your own thing with the blog, you can edit the repository to not be a mirror anymore (meaning you'll be able to push your own commits without going through me):
And once done you can recreate the collaboration kanban board like so:
Then you can add the an issue per tutorial into it like so:
You can also add labels to add more details on each issue, to be visible from the kanban board:
Then on each issue you can add labels on each like so:
Here the workflow is preety straightforward, the first column is there for the tutorials that dont have the todolist written yet, the second column is for those that do but aren't assigned to someone yet, the third column is for the assigned tutorials (with a 1 month default deadline), the fourth column is for the maintainer to review what the contributor has sent, and the last column is for the tutorials that are completed:
And then obviously, don't forget to have a SimpleX Chatroom to make sure you can chat easily with your contributors like i do here, this will help brainstorm ideas quickly and help clear up misconceptions with your audience directly:
And there you go! you now have a platform to receive criticism, collaborate and produce quality content.
Now in order to give people a list of all the backup blog mirrors in one go, to make it simple i recommend just listing them manually in a textfile that you update on a monthly basis:
[ mainpc ] [ /dev/pts/6 ] [~/Nextcloud/blog]
→ vim mirrors.txt
[ mainpc ] [ /dev/pts/6 ] [~/Nextcloud/blog]
→ cat mirrors.txt
### Active ###
Nihilist:
-Clearnet: https://blog.nowhere.moe
-Tor: http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion
-Clearnet: https://git.nowhere.moe/nihilist/blog-contributions
-Tor: http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions
Anon1:
-Clearnet: link1
-Tor: link.onion1
Anon2:
-Clearnet: link2
-Tor: link.onion2
### Inactive ###
### Removed ###
Then each month, validate that each link is still reachable, and if one of the links isnt reachable just move it to the "Inactive" category:
[ mainpc ] [ /dev/pts/6 ] [~/Nextcloud/blog]
→ vim mirrors.txt
[ mainpc ] [ /dev/pts/6 ] [~/Nextcloud/blog]
→ cat mirrors.txt
### Active ###
Nihilist:
-Clearnet: https://blog.nowhere.moe
-Tor: http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion
-Clearnet: https://git.nowhere.moe/nihilist/blog-contributions
-Tor: http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions
Anon1:
-Clearnet: link1
-Tor: link.onion1
### Inactive ###
Anon2:
-Clearnet: link2
-Tor: link.onion2
### Removed ###
Next month upon the next review, check if the mirror is still no longer reachable just move it to the "Removed" category:
[ mainpc ] [ /dev/pts/6 ] [~/Nextcloud/blog]
→ vim mirrors.txt
[ mainpc ] [ /dev/pts/6 ] [~/Nextcloud/blog]
→ cat mirrors.txt
### Active ###
Nihilist:
-Clearnet: https://blog.nowhere.moe
-Tor: http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion
-Clearnet: https://git.nowhere.moe/nihilist/blog-contributions
-Tor: http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions
Anon1:
-Clearnet: link1
-Tor: link.onion1
### Inactive ###
### Removed ###
Anon2:
-Clearnet: link2
-Tor: link.onion2
Don't forget to git push the file onto the git repository and you're good !
[ mainpc ] [ /dev/pts/6 ] [~/Nextcloud/blog-contributions]
→ vim mirrors.txt
[ mainpc ] [ /dev/pts/6 ] [~/Nextcloud/blog-contributions]
→ cat mirrors.txt
### Active ###
Nihilist:
-Clearnet: https://blog.nowhere.moe
-Tor: http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion
-Clearnet: https://git.nowhere.moe/nihilist/blog-contributions
-Tor: http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions
### Inactive ###
### Removed ###
[ mainpc ] [ /dev/pts/6 ] [~/Nextcloud/blog-contributions]
→ cat push.sh
#!/bin/bash
git config --global user.email "nihilist@contact.nowhere.moe"
git config --global user.name "nihilist"
git add -A
git commit
git push
[ mainpc ] [ /dev/pts/6 ] [~/Nextcloud/blog-contributions]
→ ./push.sh
add mirrors.txt
# Please enter the commit message for your changes. Lines starting
# with '#' will be ignored, and an empty message aborts the commit.
#
# On branch main
# Your branch is up to date with 'origin/main'.
#
# Changes to be committed:
# new file: mirrors.txt
# modified: push.sh
:wq
[main 39b29a3] add mirrors.txt
2 files changed, 15 insertions(+), 2 deletions(-)
create mode 100644 mirrors.txt
Username for 'https://git.nowhere.moe': nihilist
Password for 'https://nihilist@git.nowhere.moe':
Enumerating objects: 6, done.
Counting objects: 100% (6/6), done.
Delta compression using up to 4 threads
Compressing objects: 100% (4/4), done.
Writing objects: 100% (4/4), 581 bytes | 290.00 KiB/s, done.
Total 4 (delta 1), reused 0 (delta 0), pack-reused 0
remote: . Processing 1 references
remote: Processed 1 references in total
To https://git.nowhere.moe/nihilist/blog-contributions
d1bc9ce..39b29a3 main -> main
And that's it! you have now made the mirrors.txt file accessible to your audience. They now can simply download it like so:
[ mainpc ] [ /dev/pts/7 ] [/tmp]
→ apt install curl -y
[ mainpc ] [ /dev/pts/7 ] [/tmp]
→ curl https://blog.nowhere.moe/mirrors.txt
### Active ###
Nihilist:
-Clearnet: https://blog.nowhere.moe
-Tor: http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion
-Clearnet: https://git.nowhere.moe/nihilist/blog-contributions
-Tor: http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions
### Inactive ###
### Removed ###
[ mainpc ] [ /dev/pts/7 ] [/tmp]
→ curl -x socks5h://127.0.0.1:9050 http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/mirrors.txt
### Active ###
Nihilist:
-Clearnet: https://blog.nowhere.moe
-Tor: http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion
-Clearnet: https://git.nowhere.moe/nihilist/blog-contributions
-Tor: http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions
### Inactive ###
### Removed ###
Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8
Contact: nihilist@contact.nowhere.moe (PGP)
