add selfhosting tutorials

pihole/index.md

@@ -0,0 +1,250 @@
+# pihole Setup 
+
+![](0.png)
+
+## **Initial Setup**
+
+![]()
+    
+    
+    [ nowhere.yt ] [ /dev/pts/1 ] [~]
+    → sudo apt-get install wget curl net-tools gamin lighttpd lighttpd-mod-deflate
+    
+    [ nowhere.yt ] [ /dev/pts/1 ] [~]
+    → curl -sSL https://install.pi-hole.net | PIHOLE_SKIP_OS_CHECK=true sudo -E bash
+    
+    [ nowhere.yt ] [ /dev/pts/1 ] [~]
+    → sudo pihole -a -p
+    Enter New Password (Blank for no password):
+    Confirm Password:
+      [✓] New password set
+    
+    	
+    
+
+To forcefully block domains via regex you can do the following:
+
+![](1.png) ![](2.png)
+    
+    
+    [ nowhere.yt ] [ /dev/pts/1 ] [~]
+    → pihole -up
+      [✓] Update local cache of available packages
+      [i] Existing PHP installation detected : PHP version 7.4.28
+      [✓] Checking for git
+      [✓] Checking for iproute2
+      [✓] Checking for whiptail
+      [✓] Checking for ca-certificates
+    
+      [i] Checking for updates...
+      [i] Pi-hole Core:     up to date
+      [i] Web Interface:    up to date
+      [i] FTL:              up to date
+    
+      [✓] Everything is up to date!
+    
+    
+
+Now if we want to have a https interface we do the following;
+
+![]()
+    
+    
+    
+    [ nowhere.yt ] [ /dev/pts/2 ] [~]
+    → systemctl disable lighttpd.service --now
+    
+    [ nowhere.yt ] [ /dev/pts/2 ] [~]
+    → apt install nginx php7.4-{fpm,cgi,xml,sqlite3,intl} apache2-utils socat -y
+    
+    [ nowhere.yt ] [ /dev/pts/2 ] [~]
+    → systemctl enable nginx php7.4-fpm --now
+    
+    [ nowhere.yt ] [ /dev/pts/2 ] [~]
+    → vim /etc/nginx/sites-available/default
+    	
+    
+    
+    
+    server {
+        listen 80;
+        listen [::]:80;
+        server_name ns1.void.yt;
+        return 301 https://$server_name$request_uri;
+    }
+    
+    server {
+        listen 443 ssl http2;
+        listen [::]:443 ssl http2;
+        server_name ns1.void.yt;
+    
+        ssl_certificate /root/.acme.sh/ns1.void.yt/fullchain.cer;
+        ssl_trusted_certificate /root/.acme.sh/ns1.void.yt/ns1.void.yt.cer;
+        ssl_certificate_key /root/.acme.sh/ns1.void.yt/ns1.void.yt.key;
+    
+        ssl_protocols TLSv1.3 TLSv1.2;
+        ssl_ciphers 'TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
+        ssl_prefer_server_ciphers on;
+        ssl_session_cache shared:SSL:10m;
+        ssl_session_timeout 10m;
+        ssl_session_tickets off;
+        ssl_ecdh_curve auto;
+        ssl_stapling on;
+        ssl_stapling_verify on;
+        resolver 80.67.188.188 80.67.169.40 valid=300s;
+        resolver_timeout 10s;
+    
+        add_header X-XSS-Protection "1; mode=block"; #Cross-site scripting
+        add_header X-Frame-Options "SAMEORIGIN" always; #clickjacking
+        add_header X-Content-Type-Options nosniff; #MIME-type sniffing
+        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
+    
+        root /var/www/html;
+        server_name _;
+        autoindex off;
+    
+        index pihole/index.php index.php index.html index.htm;
+    
+        location / {
+            expires max;
+            try_files $uri $uri/ =404;
+        }
+    
+        location ~ \.php$ {
+            include fastcgi_params;
+            fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
+            fastcgi_pass unix:/run/php/php7.4-fpm.sock;
+            fastcgi_param FQDN true;
+            auth_basic "Restricted"; # For Basic Auth
+            auth_basic_user_file /etc/nginx/.htpasswd; # For Basic Auth
+        }
+    
+        location /*.js {
+            index pihole/index.js;
+            auth_basic "Restricted"; # For Basic Auth
+            auth_basic_user_file /etc/nginx/.htpasswd; # For Basic Auth
+        }
+    
+        location /admin {
+            root /var/www/html;
+            index index.php index.html index.htm;
+            auth_basic "Restricted"; # For Basic Auth
+            auth_basic_user_file /etc/nginx/.htpasswd; # For Basic Auth
+        }
+    
+        location ~ /\.ht {
+            deny all;
+        }
+    }
+    	
+    :wq
+    
+    [ nowhere.yt ] [ /dev/pts/2 ] [~]
+    → nginx -t
+    nginx: [emerg] cannot load certificate "/root/.acme.sh/ns1.void.yt/fullchain.cer": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/root/.acme.sh/ns1.void.yt/fullchain.cer','r') error:2006D080:BIO routines:BIO_new_file:no such file)
+    nginx: configuration file /etc/nginx/nginx.conf test failed
+    
+    [ nowhere.yt ] [ /dev/pts/2 ] [~]
+    → wget -O -  https://get.acme.sh | sh
+    
+    [ nowhere.yt ] [ /dev/pts/2 ] [~]
+    → zsh
+    
+    [ nowhere.yt ] [ /dev/pts/2 ] [~]
+    → acme.sh --set-default-ca  --server  letsencrypt
+    [Sun 03 Apr 2022 09:05:46 AM UTC] Changed default CA to: https://acme-v02.api.letsencrypt.org/directory
+    
+    [ ns2.void.yt ] [ /dev/pts/0 ] [~]
+    → systemctl stop nginx
+    
+    [ nowhere.yt ] [ /dev/pts/2 ] [~]
+    → acme.sh --issue --standalone -d ns1.void.yt -k 4096
+    
+    [ nowhere.yt ] [ /dev/pts/2 ] [~]
+    → nginx -t
+    nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
+    nginx: configuration file /etc/nginx/nginx.conf test is successful
+    
+    [ nowhere.yt ] [ /dev/pts/2 ] [~]
+    → systemctl start nginx
+    
+    [ nowhere.yt ] [ /dev/pts/2 ] [~]
+    → htpasswd -c /etc/nginx/.htpasswd nothing
+    New password:
+    Re-type new password:
+    Adding password for user nothing
+    
+    
+
+then we make pihole update automatically every day via cronjob and test it:
+    
+    
+    [ ns2.void.yt ] [ /dev/pts/0 ] [~]
+    → crontab -e
+    
+     0 0 * * * /usr/local/bin/pihole -up
+     0 0 * * * /usr/local/bin/pihole -g
+    :wq
+    
+    [ ns2.void.yt ] [ /dev/pts/0 ] [~]
+    → wget https://github.com/cronitorio/cronitor-cli/releases/download/28.8/linux_amd64.tar.gz -q
+    
+    [ ns2.void.yt ] [ /dev/pts/0 ] [~]
+    → sudo tar xvf linux_amd64.tar.gz -C /usr/bin/
+    cronitor
+    
+    [ ns2.void.yt ] [ /dev/pts/0 ] [~]
+    → sudo cronitor configure --api-key 1234567890
+    
+    Configuration File:
+    /etc/cronitor/cronitor.json
+    
+    Version:
+    28.8
+    
+    API Key:
+    1234567890
+    
+    Ping API Key:
+    Not Set
+    
+    Environment:
+    Not Set
+    
+    Hostname:
+    ns2
+    
+    Timezone Location:
+    {Etc/UTC}
+    
+    Debug Log:
+    Off
+    
+    [ ns2.void.yt ] [ /dev/pts/0 ] [~]
+    → cronitor select
+    
+    ✔ /usr/local/bin/pihole -up
+    ----► Running command: /usr/local/bin/pihole -up
+    
+      [✓] Update local cache of available packages
+      [i] Existing PHP installation detected : PHP version 7.4.28
+      [✓] Checking for git
+      [✓] Checking for iproute2
+      [✓] Checking for whiptail
+      [✓] Checking for ca-certificates
+    
+      [i] Checking for updates...
+      [i] Pi-hole Core:     up to date
+      [i] Web Interface:    up to date
+      [i] FTL:              up to date
+    
+      [✓] Everything is up to date!
+    
+    ----► ✔ Command successful    Elapsed time 3.345s
+    
+    
+
+If you want to host a public pihole, then you need to tick the following option:
+
+![](3.png)
+