Self-Hosting AnonymousOverflow

433 words; 3 minute(s)

Table of Contents

Overview

I recently launched an instance of AnonymousOverflow at ao.cleberg.net and wanted to write a brief post on how easy it is to install with Docker Compose and Nginx.

This guide uses Ubuntu server, Docker Compose, and Nginx as a reverse proxy.

Installation

Docker Compose

To install AnonymousOverflow, start by creating a directory for the application and create its docker-compose.yml file.

mkdir ~/anonymousoverflow && cd ~/anonymousoverflow
nano docker-compose.yml

Within this file, paste the following information. Be sure to change the APP_URL, JWT_SIGNING_SECRET, and ports to match your needs.

version: "3"

services:
    anonymousoverflow:
        container_name: "app"
        image: "ghcr.io/httpjamesm/anonymousoverflow:release"
        environment:
            - APP_URL=https://ao.example.com
            - JWT_SIGNING_SECRET=secret #pwgen 40 1
        ports:
            - "9380:8080"
        restart: "always"

Save and exit the file when complete. You can now launch the container and access it via your local network.

sudo docker-compose up -d

Nginx Reverse Proxy

If you want to access this service outside the local network, I recommend using Nginx as a reverse proxy.

Let's start by creating a configuration file.

sudo nano /etc/nginx/sites-available/ao

Within this file, paste the following content and repace ao.example.com with your URL. You may need to update the SSL certificate statements if your certificates are in a different location.

server {
    if ($host ~ ^[^.]+\.cleberg\.net$) {
        return 301 https://$host$request_uri;
    }

    listen [::]:80;
    listen 80;
    server_name ao.example.com;
    return 404;
}

server {
    listen [::]:443 ssl http2;
    listen 443 ssl http2;
    server_name ao.example.com;
    access_log  /var/log/nginx/ao.access.log;
    error_log   /var/log/nginx/ao.error.log;

    add_header X-Content-Type-Options "nosniff";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Frame-Options "DENY";
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
    add_header Referrer-Policy "no-referrer";

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        set $upstream_ao http://127.0.0.1:9380;
        proxy_pass $upstream_ao;

        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection upgrade;
        proxy_set_header Accept-Encoding gzip;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $http_host;
        proxy_set_header X-Forwarded-Uri $request_uri;
        proxy_set_header X-Forwarded-Ssl on;
        proxy_redirect  http://  $scheme://;
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        proxy_cache_bypass $cookie_session;
        proxy_no_cache $cookie_session;
        proxy_buffers 64 256k;
    }
}

Save and exit the file when complete. On Ubuntu, you will need to symlink the configuration file before it will be recognized by Nginx. Once complete, simply restart the web server.

sudo ln -s /etc/nginx/sites-available/ao /etc/nginx/sites-enabled/ao
sudo systemctl restart nginx.service

The website will now be available publicly. Visit my instance for an example.