I'm releasing a modified version of Anon.cafe's build and maintenance tooling. It is an Ansible role that turns a CentOS 7 server into a LynxChan 2.3.7 host with an nginx reverse proxy in front to handle HTTPS termination and traffic limiting. It is very configurable and includes variable documentation as well as a tutorial to help those unfamiliar with Ansible get up to speed. It's my hope that this will help Anon spin up new imageboards without having to struggle against many of their software's peculiarities and tedium. I've also added a role that will set up Tor hidden services; it permits either hands-off management of the hidden service private key or storage of the hidden service private key in an encrypted Ansible Vault.
InstantIB.LynxChan is at https://gitgud.io/Skyline/instantib.lynxchan
InstantIB.Onion is at https://gitgud.io/Skyline/instantib.onion
The role bundles and builds several pieces of software not available in CentOS repositories (e.g. ExifTool to strip EXIF from images and FFmpeg to generate better thumbnails), may optionally create a special user that can pull remote MongoDB database dumps from elsewhere, ensures that both MongoDB and LynxChan will restart on failure, detects and handles necessary service restarts/reloads, may install and configure the webring/alternate captcha/native image generation addons if desired, supports proper multi-device favicons, provides enhanced TLS security by default, optionally generates strong custom Diffie-Hellman (DH) key-exchange parameters for extra security, allows optional IP range blocking at the network firewall, configures Security-Enhanced Linux to work gracefully with MongoDB, and allows optional use of the notoriously obtuse Sendmail to relay email from LynxChan to an external mail host.
If you have some basic GNU/Linux literacy and follow the tutorial then read the documentation carefully, you will be able to use this to spin up and maintain a LynxChan imageboard of your own. You can override and adjust the variables and then re-run your playbook to gracefully detect and adjust only what needs to be adjusted on your server.
The role is presently in alpha; although I use it with full confidence on anon.cafe, it is possible that it might not work for some combination of options I've never tried, or I've broken it while adding the latest enhancements for genpop use. I recommend that you try it out thoroughly against a virtual machine before using it on any kind of production instance. Be careful and methodical.
Future tutorials will include the Paranoid Admin's Imageboard Hosting Primer, in which I will briefly explain the different privacy and security trade-offs you can make as an imageboard admin for yourself and your users, making payments and taking donations without compromising your identity, understanding how to maintain OPSEC+COMSEC+FINSEC in such a way that a single breach will not be your undoing, how all this might be done in practice, and more.
To those who do not have the literacy this tooling assumes and would prefer something a little more intensively hand-holding, more will come. I nevertheless encourage you to muddle your way through with a VM, a CentOS 7 netinst ISO, and a search engine - if nothing else, you will come out knowing a little more than you came in with.
Edited last time by root_admin on 05/16/2020 (Sat) 14:33:46.
52 posts and 6 images omitted.