In this tutorial we're going to setup proxitok, a privacy front-end for tik tok (one of the most anti privacy services to ever exist.
Git clone the repo and run the docker-compose.yml file:
[ nowhere.moe ] [ /dev/pts/8 ] [/srv]
→ git clone https://github.com/pablouser1/ProxiTok/ ; cd ProxiTok
Then configure the docker-compose.yml file (comment the init line because it's not supported)
[ nowhere.moe ] [ /dev/pts/8 ] [/srv/ProxiTok]
→ vim docker-compose.yml
[ nowhere.moe ] [ /dev/pts/8 ] [/srv/ProxiTok]
→ cat docker-compose.yml
version: '3'
services:
web:
container_name: proxitok-web
image: ghcr.io/pablouser1/proxitok:master
ports:
- 8083:8080
environment:
- LATTE_CACHE=/cache
- API_CACHE=redis
- REDIS_HOST=proxitok-redis
- REDIS_PORT=6379
- API_SIGNER=remote
- API_SIGNER_URL=http://proxitok-signer:8080/signature
volumes:
- proxitok-cache:/cache
depends_on:
- redis
- signer
networks:
- proxitok
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
redis:
container_name: proxitok-redis
image: redis:7-alpine
command: redis-server --save 60 1 --loglevel warning
restart: unless-stopped
networks:
- proxitok
user: nobody
read_only: true
security_opt:
- no-new-privileges:true
tmpfs:
- /data:size=10M,mode=0770,uid=65534,gid=65534,noexec,nosuid,nodev
cap_drop:
- ALL
signer:
container_name: proxitok-signer
image: ghcr.io/pablouser1/signtok:master
#init: true
networks:
- proxitok
user: nobody
read_only: true
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
volumes:
proxitok-cache:
networks:
proxitok:
[ nowhere.moe ] [ /dev/pts/8 ] [/srv/ProxiTok]
→ APP_URL='https://cringe.nowhere.moe' docker-compose up
ERROR: yaml.scanner.ScannerError: while scanning for the next token
found character '\t' that cannot start any token
in "./docker-compose.yml", line 51, column 1
[ nowhere.moe ] [ /dev/pts/8 ] [/srv/ProxiTok]
→ vim docker-compose.yml
[ nowhere.moe ] [ /dev/pts/8 ] [/srv/ProxiTok]
→ APP_URL='https://cringe.nowhere.moe' docker-compose up
Creating network "proxitok_proxitok" with the default driver
Creating volume "proxitok_proxitok-cache" with default driver
Pulling redis (redis:7-alpine)...
7-alpine: Pulling from library/redis
7264a8db6415: Pull complete
a28817da73be: Pull complete
536ccaebaffb: Pull complete
f54d1871dea6: Pull complete
4d190b4b6472: Pull complete
33fcc95c965f: Pull complete
Digest: sha256:fd5de2340bc46cbc2241975ab027797c350dec6fd86349e3ac384e3a41be6fee
Status: Downloaded newer image for redis:7-alpine
Pulling signer (ghcr.io/pablouser1/signtok:master)...
master: Pulling from pablouser1/signtok
ca7dd9ec2225: Pull complete
55371e6747e8: Pull complete
694d6b1b2d1b: Pull complete
71f41f5ff77d: Pull complete
50e5da009459: Pull complete
72e659781711: Pull complete
ef54da1b8443: Pull complete
620d81797357: Pull complete
5edc5725490e: Pull complete
Digest: sha256:b03fe2d10dfd6bed717c0f4a7d253908963a5e7f7ea9bf48855a3f74c924f3a7
Status: Downloaded newer image for ghcr.io/pablouser1/signtok:master
Pulling web (ghcr.io/pablouser1/proxitok:master)...
master: Pulling from pablouser1/proxitok
8a49fdb3b6a5: Pull complete
496a743ca17d: Pull complete
9e309b5f32ab: Pull complete
bf36d90371de: Pull complete
f110ea7c70c4: Pull complete
5ee30eaa9898: Pull complete
d8373ae76156: Pull complete
c349c3fbbecc: Pull complete
207a66f83a7e: Pull complete
30774e576bfe: Pull complete
9ef258ce6026: Pull complete
d72ddb753b3d: Pull complete
48271c7b9504: Pull complete
1a38beda4bc2: Pull complete
14893ea479a0: Pull complete
83ebfcff9ece: Pull complete
Digest: sha256:0a775a0933f86d83614e33e20995b4f3c75483e11a2fe466ac0d45ab80ead061
Status: Downloaded newer image for ghcr.io/pablouser1/proxitok:master
Creating proxitok-redis ... done
Creating proxitok-signer ... done
Creating proxitok-web ... done
Attaching to proxitok-signer, proxitok-redis, proxitok-web
proxitok-redis | 1:C 23 Aug 2023 10:27:06.333 # WARNING Memory overcommit must be enabled! Without it, a background save or replication may fail under low memory condition. Being disabled, it can also cause failures without low memory condition, see https://github.com/jemalloc/jemalloc/issues/1328. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
proxitok-signer | App listening on port: 8080
proxitok-web | 2023-08-23 10:27:06,854 INFO supervisord started with pid 1
proxitok-web | 2023-08-23 10:27:07,856 INFO spawned: 'nginx' with pid 7
proxitok-web | 2023-08-23 10:27:07,857 INFO spawned: 'php-fpm' with pid 8
proxitok-web | [23-Aug-2023 10:27:07] NOTICE: fpm is running, pid 8
proxitok-web | [23-Aug-2023 10:27:07] NOTICE: ready to handle connections
proxitok-web | 2023-08-23 10:27:08,883 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
proxitok-web | 2023-08-23 10:27:08,883 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
Then configure the reverse nginx proxy:
[ nowhere.moe ] [ /dev/pts/9 ] [/etc/nginx/sites-available]
→ vim cringe.nowhere.moe.conf
[ nowhere.moe ] [ /dev/pts/9 ] [/etc/nginx/sites-available]
→ cat cringe.nowhere.moe.conf
server {
listen 443 ssl;
server_name cringe.nowhere.moe;
ssl_certificate /etc/acme/certs/cringe.nowhere.moe/cringe.nowhere.moe.cer;
ssl_certificate_key /etc/acme/certs/cringe.nowhere.moe/cringe.nowhere.moe.key;
######## TOR CHANGES ########
listen 4443;
listen [::]:4443;
server_name cringe.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion;
add_header Onion-Location "http://cringe.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion$request_uri" always;
######## TOR CHANGES ########
ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
ssl_ecdh_curve secp384r1;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
#ssl_stapling on;
ssl_stapling_verify on;
# Security Headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; media-src 'self' blob: video.twimg.com; worker-src 'self' blob:; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; connect-src 'self' https://*.twimg.com; manifest-src 'self'";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options DENY;
add_header X-XSS-Protection "1; mode=block";
location / {
proxy_pass http://localhost:8083;
}
location = /robots.txt {
add_header Content-Type text/plain;
return 200 "User-agent: *\nDisallow: /\n";
}
}
[ nowhere.moe ] [ /dev/pts/10 ] [/srv/ProxiTok]
→ systemctl stop nginx
[ nowhere.moe ] [ /dev/pts/10 ] [/srv/ProxiTok]
→ bash
root@Datura /srv/ProxiTok # acme.sh --issue --standalone -d cringe.nowhere.moe -k 4096
[ nowhere.moe ] [ /dev/pts/10 ] [/srv/ProxiTok]
→ systemctl start nginx
[ nowhere.moe ] [ /dev/pts/10 ] [/etc/nginx/sites-available]
→ ln -s /etc/nginx/sites-available/cringe.nowhere.moe.conf /etc/nginx/sites-enabled
[ nowhere.moe ] [ /dev/pts/10 ] [/etc/nginx/sites-available]
→ nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[ nowhere.moe ] [ /dev/pts/10 ] [/etc/nginx/sites-available]
→ nginx -s reload
2023/08/23 12:41:58 [notice] 3931966#3931966: signal process started
Then check if it works:
And that's it! Now to update it just have this cronjob run every day:
[ nowhere.moe ] [ /dev/pts/10 ] [/etc/nginx/sites-available]
→ crontab -e ; cronitor select
✔ docker-compose -f /srv/ProxiTok/docker-compose.yml stop ; git -C /srv/ProxiTok/ pull ; docker-compose -f /srv/ProxiTok/docker-compose.yml pull ; docker-compose -f /srv/ProxiTok/docker-compose.yml up -d
----► Running command: docker-compose -f /srv/ProxiTok/docker-compose.yml stop ; git -C /srv/ProxiTok/ pull ; docker-compose -f /srv/ProxiTok/docker-compose.yml pull ; docker-compose -f /srv/ProxiTok/docker-compose.yml up -d
Stopping proxitok-web ... done
Stopping proxitok-signer ... done
Stopping proxitok-redis ... done
Already up to date.
Pulling redis ... done
Pulling signer ... done
Pulling web ... done
Starting proxitok-redis ... done
Starting proxitok-signer ... done
Starting proxitok-web ... done
----► ✔ Command successful Elapsed time 10.492s
And then to contribute to the ecosystem, create a github issue to get listed on the official list of instances here.
Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8
Contact: nihilist@contact.nowhere.moe (PGP)