ZeroNet Blogs

Static ZeroNet blogs mirror

KindleZeroBlog

Writing about everything and something, at least.

Think about backups !

- Posted in KindleZeroBlog by with comments

No, it's true, it can't happen to you. Or does it ?

You might one day have a hard disk that crashes, an important SD card/USB drive that corrupts and that you can't recover. What do you do then, without backups ? Nothing.

What about the key to your ZeroNet profile and all your Zites ? You could loose those as well.

I had this problem, but thank lord, I was able to recover all of it because I make backups (manually) of my files onto two different disks. Don't forget to do that as well, fellow user !

Just added Tor support for my main blog, the address is kindleblog4sirv3.onion.

This backup, all backups. (Clearnet, HTTPS, no logs, dedicated server)

File: ZeroClone-2016-06-27.tar
Weight: ~35.4 MB (37163520B according to `du -ch ZeroClone-2016-06-27.tar --bytes`)
sha1sum: b742af7b350cef5b99dba8f82c3c8c76f09276dd

data/
├── Documentation
├── maquette
├── ReactionGIFs
├── ZeroAdmin
├── ZeroBlog
├── ZeroBoard
├── ZeroBundle
├── ZeroHello
├── ZeroID
├── ZeroMail
├── ZeroName
├── ZeroNet
├── zeronet.io
└── ZeroTalk

14 directories, 0 files

I'm one day too late, I know ! And I forgot last week, my bad.

tmux is a terminal multiplexer. It lets you switch easily between several programs in one terminal, detach them (they keep running in the background) and reattach them to a different terminal. And do a lot more.


Get it

tmux is just one command away, it is available in most package managers. Per example, for debian you can get it using apt:

$> apt install tmux

Launch it

You can fire tmux up using the tmux command:

$> tmux

If you already fired tmux up but lost connection (like ssh that brakes) use tmux attach instead.

Some basics

tmux may be controlled from an attached client by using a key combination of a prefix key, ‘C-b’ (Ctrl-b) by default, followed by a command key.

Here are some of the most used command keys:

  • Moving between panes can be done using C-b then pressing an arrow key.
  • C-b ": split current pane in two, vertically
  • C-b %: split current pane in two, horizontally
  • C-b x: kill the current pane (will ask for a y/n confirmation)
  • C-b c: create new window, windows list is shown at the bottom
  • C-b 0-9 (0 to 9): switch to window
  • C-b &: kill entire window (including everything in it)

Website

https://tmux.github.io

Running a ZeroProxy

- Posted in KindleZeroBlog by with comments

You might have noticed I just started to host two new ZeroProxies:

In this post, I will teach you how to host your own.


First things first, you need :

  • A domain name pointing to your server (I will refer to it as domain.net)
  • A VPS running Debian 8 (You can get one at DigitalOcean (ClearNet))

Connect to your VPS, on Linux and MAC this would be:

$> ssh root@server_ip

Update it:

$> apt update
$> apt upgrade

Setup the domain name

The domain name you want to use, here domain.net, needs to have an A record pointing to server_ip. You can check this with dig:

$> dig domain.net

; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> domain.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32341
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;domain.net.            IN  A

;; ANSWER SECTION:
domain.net.     253 IN  A   164.132.6.35    <=== THIS IS IT

;; Query time: 23 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Fri Jun 17 23:02:44 CEST 2016
;; MSG SIZE  rcvd: 58

Refer to your domain name provider for help on how to set it up. If you use CloudFlare as DNS provider, make sure CloudFlare protection is disabled for the A record.

Get ZeroNet up and running

We will have to download, extract and make ZeroNet run with forever. Let's start:

$> wget <https://github.com/HelloZeroNet/ZeroBundle/raw/master/dist/ZeroBundle-linux64.tar.gz>
$> tar -xvf ZeroBundle-linux64.tar.gz
$> rm ZeroBundle-linux64.tar.gz
$> wget -qO- <https://raw.githubusercontent.com/creationix/nvm/v0.31.1/install.sh> | bash
$> . ~/.nvm/nvm.sh
$> nvm install 5
$> npm install forever -g

Now we have both ZeroBundle and forever installed, let's launch it once:

$> cd ZeroBundle
ZeroBundle/$> ./ZeroNet.sh

Once you see the following (underneath), hit CTRL + C.

[14:12:02] Ui.UiServer --------------------------------------
[14:12:02] Ui.UiServer Web interface: <https://www.zerogate.tk/>
[14:12:02] Ui.UiServer --------------------------------------

Now that ZeroBundle downloaded ZeroNet, we can enable the Multiuser plugin.

ZeroBundle/$> cd ZeroNet/plugins/
ZeroBundle/ZeroNet/plugins/$> mv disabled-Multiuser/ Multiuser/
ZeroBundle/ZeroNet/plugins/$> cd ../..

ZeroNet is installed and we are not going to let it run yet. Before, install Tor using these instructions (ClearNet). After that, you can run ZeroNet :

ZeroBundle/$> forever start -c bash "ZeroNet.sh"

You can check the status of scripts running with forever using forever list.

Generate an SSL certificate

No, you're not going to pay for it. We'll use certbot by LetsEncrypt, it's free ! You will have to renew your certificate every 90 days though (edit: this is now done automatically thanks to a cron job added by certbot).

$> echo "deb <http://ftp.debian.org/debian> jessie-backports main" > /etc/apt/sources.list.d/backports.list
$> apt update
$> apt install certbot -t jessie-backports
$> certbot certonly -d domain.net --standalone

Carefully read the message returned by the last command, and if it didn't worked then fix the issues it pointed out. If you get a success message, note the file it gives you !

Finally, install nginx

Nginx is like Apache, but faster and just overall better. My friend angristan made an easy installation script:

$> wget <https://raw.githubusercontent.com/Angristan/nginx-autoinstall/master/nginx-autoinstall.sh>
$> chmod +x nginx-autoinstall.sh
$> ./nginx-autoinstall.sh

You should follow it as I did:

Welcome to the nginx-autoinstall script.

What do you want to do?
   1) Install Nginx
   2) Uninstall Nginx
   3) Update the script

Select an option [1-3]: 1

This script will install Nginx 1.11.1 (mainline) with some optional famous modules.

Please tell me which modules you want to install.
If you select none, Nginx will be installed with its default modules.

Modules to install :
       PageSpeed 1.11.33.2 [y/n]: n
       Brotli [y/n]: n
       Headers More 0.30 [y/n]: n
       GeoIP [y/n]: n
       Cloudflare's HTTP/2 + SPDY patch [y/n]: y
       Cloudflare's TLS Dynamic Record Resizing patch [y/n]: n

Choose your OpenSSL implementation :
   1) System's OpenSSL (default)
   2) OpenSSL 1.0.2h from source
   3) LibreSSL 2.4.1 from source 

Select an option [1-3]: 1

Nginx is ready to be installed, press any key to continue... <press enter>

Once that's done, we'll have to create a vhost for nginx.

$> cd /etc/nginx/
/etc/nginx/$> nano nginx.conf

Find the line include /etc/nginx/conf.d/*.conf; and add include /etc/nginx/sites/*.conf; behind (or the line after it, just make sure it comes before }). CTRL + X then Y to save. We can now put our vhost in sites/:

/etc/nginx/$> cd sites
/etc/nginx/sites/$> nano domain.net.donf

Dont forget the .conf suffix, or the file won't load.

Enter this in it:

server {
    listen 80;
    server_name domain.net;
    rewrite ^ <https://$server_name$request_uri?> permanent;
}

server {
    listen 443 ssl http2;

    server_name domain.net;

    ssl_certificate /etc/letsencrypt/live/domain.net/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/domain.net/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/domain.net/chain.pem;

    ssl_protocols TLSv1.2;
    ssl_ecdh_curve secp384r1;
    ssl_ciphers EECDH+AESGCM:EECDH+AES;
    ssl_prefer_server_ciphers on;
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 80.67.169.12 80.67.169.40 valid=300s;
    resolver_timeout 5s;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 5m;
    ssl_session_tickets off;

    location / {
        proxy_pass <http://127.0.0.1:43110;>
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
    }

    location /Websocket {
        proxy_pass <http://127.0.0.1:43110;>
        proxy_http_version 1.1;
        proxy_read_timeout 1h; #for long live websocket connetion
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    client_max_body_size 20M;
}

Don't forget to replace all domain.net with your domain !

nginx -s reload to reload the nginx configuration and you're all set. You should be able to see your proxy by going to domain.net, all good.

If you have any questions, my contact info is in the sidebar.

New Ringer !

- Posted in KindleZeroBlog by with comments

Somewhere on ZeroNet I found Ring (CN). As I want to try it out myself, this is my RingID:

ring:6fc30ee49d08f3f416d48b37fb7c86daff17ec9c

Hi all. I just uploaded the first ZeroNet repository backup here (Clearnet, my personal Seafile cloud).


Information:

File: ZeroClone-2016-06-12.tar
Weight: ~35.4 MB (37160960B according to `du -ch ZeroClone-2016-06-12.tar --bytes`)
sha1sum: ca04519b91cbb10d7e89dd9dbacc7f237c240745 

data/
├── Documentation
├── maquette
├── ReactionGIFs
├── ZeroAdmin
├── ZeroBlog
├── ZeroBoard
├── ZeroHello
├── ZeroID
├── ZeroMail
├── ZeroName
├── ZeroNet
├── zeronet.io
└── ZeroTalk

Notice the repository ZeroBundle is not present. It weights too much for me to upload every week, so I will only upload it once a month (first week of every month) only.

Hi all, I'm going to teach you how to make ZeroNet run on a Debian 8 server and safely. This is what we're going to do:

  • Install ZeroNet on our server
  • Install a VPN on our server (optional, see later)
  • Install Tor
  • Run ZeroNet o/

The main reason I make this post is because by default :

  • ZeroNet Ui will run on 127.0.0.1, you can't connect to it
  • ZeroNet Ui is open access, everybody could connect

So, here we go. Let's start by getting a Debian 8 server. Personally I got myself a small 5$ DigitalOcean droplet. Connect to it using SSH, apt update and apt upgrade, then you're ready to rock.

Step #1: Download ZeroNet

This is rather easy:

wget <https://github.com/HelloZeroNet/ZeroBundle/raw/master/dist/ZeroBundle-linux64.tar.gz>
tar -xvf ZeroBundle-linux64.tar.gz
rm ZeroBundle-linux64.tar.gz
cd ZeroBundle/

Now, get your server ip and launch ZeroNet like this:

./ZeroNet.sh --ui_ip <server_ip>

You should be able to connect to it by browsing to http://<server_ip>:43110/ (don't click on that link).

Step #2: Install a VPN

The thing we're after now is just having a static IP address. If you have one, write it down and skip this step.

If you have none, you'll have to install a VPN. It will make sure that when you connect, you always have the same IP address.

My friend angristan made a nice script to install OpenVPN, it's really easy to use:

cd ~
wget <https://raw.githubusercontent.com/Angristan/OpenVPN-install/master/openvpn-install.sh>
chmod +x openvpn-install.sh
./openvpn-install.sh

Once the script is done, download the file it gives you and connect to the VPN. Searching my ip on DuckDuckGo should give you your server ip address, if not, double check you're connected.

Step #3: Install Tor

This is rather easy, follow these steps on the docs.

Step #4: Run

./ZeroNet.sh --ui_restrict <vpn_ip_or_static_ip> --ui_ip <server_ip>

Note: --ui_restrict should always comme before --ui_ip

You can also make it run with forever (I will not cover installing it):

forever -c bash "ZeroNet.sh --ui_restrict <vpn_ip_or_static_ip> --ui_ip <server_ip>"

Notice that if you're not connected to your VPN or are not connected with your static ip, ZeroNet Ui will show you "Forbidden".

And if you use a VPN, it'll also make browsing clearnet more secure :)

That's all :). If you ran into any troubles, send me a ZeroMail (kindlyfire) or just comment.

Good evening everyone. After introducing myself to ZeroNet for a couple of hours, I decided to launch a blog here as well. I'll probably talk about anything that has some link with either privacy or Internet.

I also have another French blog, named KindleBlog, which I will maintain along with KindleZeroBlog. I am not currently considering buying a .bit domain, even if it's rather cheap.

Don't mind pointing me out on any typos, I'm not a native English speaker.

As proposed in this post by ekaterina, I will be making weekly backups of all repositories on HelloZeroNet followed by a blog post with links and hashes.