Deploys privacy friendly services that don't have any persistent data.
- TLS 1.3 only
- Elliptic Curve Certificates (90 Day lifespan) with Let's Encrypt
- Only strong Cipher Suites (as they are in TLS 1.3)
- Strict Transport Security (HSTS) Header for two years
- Online Certificate Status Protocol (OCSP) stapling
- Strong Content Security Policy (CSP) Header
- Common HTTP Security Headers
- Don't send any Referrer
- No Cookies (If not necessary)
- Minimal or no Logs
- automated daily updates
- automated daily restarts to avoid data accumulation
- Provide Tor Onion services
- Provide a
/.well-known/security.txt
additionally i have configured this on my deployments
- HSTS preload
- Domain Name System Security Extensions (DNSSEC)
- DNS Certification Authority Authorization (CAA)
privacy friendly frontends i've included are:
PROJECT DISCONTINUED https://cadence.moe/blog/2022-09-01-discontinuing-bibliogram
An alternative front-end for Instagram.
An alternative private front-end to Reddit
Jitsi Meet is an open-source (Apache) WebRTC JavaScript application that uses Jitsi Videobridge to provide high quality, secure and scalable video conferences.
A free and open source alternative Twitter front-end focused on privacy.
A self-hosted, ad-free, privacy-respecting metasearch engine
I deploy to Ubuntu 20.04 LTS. But everything with Docker Engine (or maybe even Podman) will work.
- clone project on your host
git clone https://github.com/pred2k/docker-deployments.git /docker-deployments
- Create docker network:
docker network create traefik_default
- (optional) Create cronjob for regular updates:
runcrontab -e
and add this line:
0 11 * * * systemd-cat -t docker-deploy /docker-deployments/update-images-and-restart.sh
After checking out the repo on a host, local config changes need to be transfered back to the repo. To avoid getting my private ssh key on the host i prefer github's fine-grained personal access token.
- go to https://github.com/settings/personal-access-tokens/new
- generate a new token only with permission to the specific repo and Repository permissions must have read/write for Contents.
- go to https://github.com/settings/personal-access-tokens/375481 (works in github my account only)
- press Regenerate token with Expiration: 7 days
- to go host and run
git push
login with username and the generated token as password.