Skip to content

pred2k/docker-deployments

Repository files navigation

Docker deployments for alternative frontends

Deploys privacy friendly services that don't have any persistent data.

  • some other favourite services.

Main Goals

  • TLS 1.3 only
  • Elliptic Curve Certificates (90 Day lifespan) with Let's Encrypt
  • Only strong Cipher Suites (as they are in TLS 1.3)
  • Strict Transport Security (HSTS) Header for two years
  • Online Certificate Status Protocol (OCSP) stapling
  • Strong Content Security Policy (CSP) Header
  • Common HTTP Security Headers
  • Don't send any Referrer
  • No Cookies (If not necessary)
  • Minimal or no Logs
  • automated daily updates
  • automated daily restarts to avoid data accumulation
  • Provide Tor Onion services
  • Provide a /.well-known/security.txt

additionally i have configured this on my deployments

  • HSTS preload
  • Domain Name System Security Extensions (DNSSEC)
  • DNS Certification Authority Authorization (CAA) with Let's Encrypt Account Binding

privacy friendly frontends i've included are:

Bibliogram (REMOVED)

PROJECT DISCONTINUED https://cadence.moe/blog/2022-09-01-discontinuing-bibliogram

An alternative front-end for Instagram.

Sourcehut Docker Pulls License

Libreddit

An alternative private front-end to Reddit

GitHub Repo stars GitHub last commit GitHub contributors Docker Pulls GitHub

Jitsi Meet

Jitsi Meet is an open-source (Apache) WebRTC JavaScript application that uses Jitsi Videobridge to provide high quality, secure and scalable video conferences.

GitHub Repo stars GitHub last commit GitHub contributors Docker Pulls GitHub

Nitter

A free and open source alternative Twitter front-end focused on privacy.

GitHub Repo stars GitHub last commit GitHub contributors Docker Pulls GitHub

Whoogle

A self-hosted, ad-free, privacy-respecting metasearch engine

GitHub Repo stars GitHub last commit GitHub contributors Docker Pulls GitHub

Installation

I deploy to Ubuntu 20.04 LTS. But everything with Docker Engine (or maybe even Podman) will work.

  1. clone project on your host
git clone https://github.com/pred2k/docker-deployments.git /docker-deployments
  1. Create docker network:
docker network create traefik_default
  1. (optional) Create cronjob for regular updates:
    run crontab -e and add this line:
0 11 * * *	systemd-cat -t docker-deploy /docker-deployments/update-images-and-restart.sh

Committing changes from deployment host back to repo

After checking out the repo on a host, local config changes need to be transfered back to the repo. To avoid getting my private ssh key on the host i prefer github's fine-grained personal access token.

initial setup:

  1. go to https://github.com/settings/personal-access-tokens/new
  2. generate a new token only with permission to the specific repo and Repository permissions must have read/write for Contents.

to use next time (single use token):

  1. go to https://github.com/settings/personal-access-tokens/375481 (works in github my account only)
  2. press Regenerate token with Expiration: 7 days
  3. to go host
    git config user.email does@not.matter
    git config user.name pred2k
    
    and run git push login with username and the generated token as password.

More see https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token#creating-a-fine-grained-personal-access-token

Host Backups

Use script on my MacBook Air ~/backup/linux-systems/docker-deployments-host/backup.sh