1
0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2024-07-15 23:13:48 +00:00

Stop using Netlify for production hosting (#2472)

Signed-off-by: Daniel Gray <dngray@privacyguides.org>
This commit is contained in:
Jonah Aragon 2024-04-02 09:51:56 +00:00 committed by Daniel Gray
parent 1372587017
commit b536928661
No known key found for this signature in database
GPG Key ID: 41911F722B0F9AE3
22 changed files with 427 additions and 5 deletions

View File

@ -31,3 +31,8 @@ indent_size = 2
end_of_line = lf
insert_final_newline = true
trim_trailing_whitespace = true
[{*.caddy,*.example-caddy,Caddyfile}]
charset = utf-8
indent_style = tab
tab_width = 4

1
.gitignore vendored
View File

@ -6,6 +6,7 @@ site
!/static/i18n/*.en.*
/theme/overrides/*
!/theme/overrides/*.en.*
# commit social card fonts to repo
# see: https://github.com/squidfunk/mkdocs-material/issues/6983
# ridiculous hide-and-seek https://stackoverflow.com/a/72380673

View File

@ -23,6 +23,7 @@
"EditorConfig.EditorConfig",
"DavidAnson.vscode-markdownlint",
"wholroyd.jinja",
"mikestead.dotenv"
"mikestead.dotenv",
"matthewpi.caddyfile-support"
]
}

View File

@ -23,5 +23,13 @@
"[markdown]": {
"editor.unicodeHighlight.ambiguousCharacters": true,
"editor.unicodeHighlight.invisibleCharacters": true
},
"[caddyfile]": {
"editor.defaultFormatter": "matthewpi.caddyfile-support",
"editor.formatOnSave": true
},
"files.associations": {
"*.caddy": "caddyfile",
"*.example-caddy": "caddyfile"
}
}

50
config/caddy/Caddyfile Normal file
View File

@ -0,0 +1,50 @@
(pg-umami-config) {
umami {
event_endpoint https://stats.jonaharagon.net/api/send
website_uuid 30b92047-7cbb-4800-9815-2e075a293e0a
# bit of a hack to get umami working properly, nothing to do with cloudflare
client_ip_header CF-Connecting-IP
trusted_ip_header X-Real-IP
cookie_consent umami
cookie_resolution resolution
debug
}
}
www.privacyguides.org {
import vars
import common/*.caddy
import production/*.caddy
}
http://www.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion {
import vars
import common/*.caddy
import production/minio.caddy
}
http://*.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion {
@hostnames header_regexp hostname Host (\S+)\.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd\.onion
handle @hostnames {
reverse_proxy {re.hostname.1}.privacyguides.org:443 {
header_up Host {re.hostname.1}.privacyguides.org
transport http {
tls
}
}
}
}
privacyguides.org {
import vars
import production/matrix.caddy
handle {
import production/https.caddy
redir https://www.privacyguides.org{uri}
}
}
http://xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion {
redir http://www.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion{uri}
}

13
config/caddy/README.md Normal file
View File

@ -0,0 +1,13 @@
# Caddy Webserver Config
Requires a build of Caddy with [jonaharagon/caddy-umami](https://github.com/jonaharagon/caddy-umami) installed.
## Variables
These variables are set on the server, and can be accessed like `{vars.variable_name}`:
- `minio_hostname`
- `pg_minio_bucket`
- `pg_matrix_webserver`
- `pg_umami_website_uuid`
- `umami_hostname`

View File

@ -0,0 +1,34 @@
@static {
path *.ico *.css *.js *.gif *.webp *.avif *.jpg *.jpeg *.png *.svg *.woff *.woff2
}
@en path /en/*
@es path /es/*
@fr path /fr/*
@he path /he/*
@it path /it/*
@nl path /nl/*
@ru path /ru/*
@zh-Hant path /zh-Hant/*
@es-header {
header Accept-Language es*
}
@fr-header {
header Accept-Language fr*
}
@he-header {
header Accept-Language he*
}
@it-header {
header Accept-Language it*
}
@nl-header {
header Accept-Language nl*
}
@ru-header {
header Accept-Language ru*
}
@zh-Hant-header {
header Accept-Language zh-Hant*
}

View File

@ -0,0 +1,42 @@
handle_errors {
@errors `{err.status_code} in [404]`
handle @errors {
handle @es {
try_files /i18n/{err.status_code}.es.html i18n/{err.status_code}.en.html
file_server
}
handle @fr {
try_files i18n/{err.status_code}.fr.html i18n/{err.status_code}.en.html
file_server
}
handle @he {
try_files i18n/{err.status_code}.he.html i18n/{err.status_code}.en.html
file_server
}
handle @it {
try_files i18n/{err.status_code}.it.html i18n/{err.status_code}.en.html
file_server
}
handle @nl {
try_files i18n/{err.status_code}.nl.html i18n/{err.status_code}.en.html
file_server
}
handle @ru {
try_files i18n/{err.status_code}.ru.html i18n/{err.status_code}.en.html
file_server
}
handle @zh-Hant {
try_files i18n/{err.status_code}.zh-Hant.html i18n/{err.status_code}.en.html
file_server
}
handle {
try_files i18n/{err.status_code}.en.html
file_server
}
}
# Handle all other webserver errors with a simple text response
handle {
respond "{err.status_code} {err.status_text}"
}
}

View File

@ -0,0 +1,16 @@
header X-Frame-Options SAMEORIGIN
header X-Content-Type-Options nosniff
header X-XSS-Protection 0
vars pg_csp_self "https://www.privacyguides.org https://cdn.privacyguides.org 'self'"
# You can check whether a CSP directive will fall back to default-src on MDN.
# Add CSP directives WITH a default-src fallback here:
header +Content-Security-Policy "default-src 'none'; script-src {vars.pg_csp_self} 'unsafe-inline'; style-src {vars.pg_csp_self} 'unsafe-inline'; font-src {vars.pg_csp_self} data:; img-src data: {vars.pg_csp_self}; connect-src https://api.github.com https://*.privacyguides.net {vars.pg_csp_self}; frame-src https://*.privacyguides.net https://snowflake.torproject.org {vars.pg_csp_self}"
# Add CSP directives WITHOUT a default-src fallback here:
header +Content-Security-Policy "form-action 'self'; frame-ancestors 'none'; base-uri 'none'; sandbox allow-scripts allow-popups allow-same-origin;"
header Permissions-Policy "browsing-topics=(), conversion-measurement=(), interest-cohort=(), accelerometer=(), ambient-light-sensor=(), battery=(), camera=(), display-capture=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), usb=()"
header Access-Control-Allow-Origin "*"
header @static Cache-Control max-age=2592000

View File

@ -0,0 +1,4 @@
redir /kb* /en/basics/why-privacy-matters/
redir /license* https://github.com/privacyguides/privacyguides.org/tree/main/README.md#license
redir /coc* /en/CODE_OF_CONDUCT/
redir /team* /en/about/

View File

@ -0,0 +1,30 @@
route / {
header Cache-Control no-store
redir @es-header /es
redir @fr-header /fr
redir @he-header /he
redir @it-header /it
redir @nl-header /nl
redir @ru-header /ru
redir @zh-Hant-header /zh-Hant
# default case
handle {
redir * /en/
}
}
@kb {
path */kb */kb/*
}
route @kb {
redir @es /es/basics/why-privacy-matters/
redir @fr /fr/basics/why-privacy-matters/
redir @he /he/basics/why-privacy-matters/
redir @it /it/basics/why-privacy-matters/
redir @nl /nl/basics/why-privacy-matters/
redir @ru /ru/basics/why-privacy-matters/
redir @zh-Hant /zh-Hant/basics/why-privacy-matters/
redir * /en/basics/why-privacy-matters/
}

View File

@ -0,0 +1,50 @@
redir /browsers /en/desktop-browsers/
redir /blog https://blog.privacyguides.org
redir /basics/dns-overview /en/advanced/dns-overview/
redir /basics/tor-overview /en/advanced/tor-overview/
redir /real-time-communication/communication-network-types /en/advanced/communication-network-types
redir /advanced/real-time-communication /en/advanced/communication-network-types
redir /android/overview /en/os/android-overview/
redir /linux-desktop/overview /en/os/linux-overview/
redir /android/grapheneos-vs-calyxos https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/
redir /ios/configuration https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/
redir /linux-desktop/hardening https://blog.privacyguides.org/2022/04/22/linux-system-hardening/
redir /linux-desktop/sandboxing https://blog.privacyguides.org/2022/04/22/linux-application-sandboxing/
redir /advanced/signal-configuration-hardening https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/
redir /real-time-communication/signal-configuration-hardening https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/
redir /advanced/integrating-metadata-removal https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/
redir /advanced/erasing-data https://blog.privacyguides.org/2022/05/25/secure-data-erasure/
redir /operating-systems /en/desktop/
redir /threat-modeling /en/basics/threat-modeling/
redir /self-contained-networks /en/tor/
redir /privacy-policy /en/about/privacy-policy/
redir /metadata-removal-tools /en/data-redaction/
redir /basics /en/kb
redir /software/file-encryption /en/encryption/
redir /providers /en/tools/#service-providers
redir /software/calendar-contacts /en/calendar/
redir /calendar-contacts /en/calendar/
redir /software/metadata-removal-tools /en/data-redaction/
redir /contact /en/about/
redir /welcome-to-privacy-guides https://blog.privacyguides.org/2021/09/14/welcome-to-privacy-guides/
redir /software/email /en/email-clients/
redir /providers/paste /en/tools/
redir /blog/2019/10/05/understanding-vpns https://www.jonaharagon.com/posts/understanding-vpns/
redir /terms-and-notices /en/about/notices/
redir /software/networks /en/tor/
redir /social-news-aggregator /en/news-aggregators/
redir /basics/erasing-data https://blog.privacyguides.org/2022/05/25/secure-data-erasure/
redir /linux-desktop /en/desktop/
handle_path /providers/* {
redir * /en/{uri}
}
handle_path /software/* {
redir * /en/{uri}
}
handle_path /blog/* {
redir * https://blog.privacyguides.org/{uri}
}
handle_path /assets/* {
redir * /en/assets/{uri}
}

View File

@ -0,0 +1,6 @@
@canonicalPath {
path */
}
route @canonicalPath {
rewrite @canonicalPath {http.request.orig_uri.path}index.html
}

View File

@ -0,0 +1,2 @@
header ?Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
header +Content-Security-Policy upgrade-insecure-requests;

View File

@ -0,0 +1,13 @@
@matrix {
path /.well-known/matrix/*
}
handle @matrix {
reverse_proxy 10.163.5.51:81 {
header_up Host matrix.privacyguides.org
header_up X-Forwarded-Port {http.request.port}
header_up X-Forwarded-TlsProto {tls_protocol}
header_up X-Forwarded-TlsCipher {tls_cipher}
header_up X-Forwarded-HttpsProto {proto}
}
}

View File

@ -0,0 +1,31 @@
cache
encode zstd gzip
reverse_proxy http://10.163.3.10:9000 {
header_up Host privacyguides-org-production.stor1-minio.jonaharagon.net
header_down -Server
header_down -Vary
header_down -X-*
@200ok status 2xx 304
handle_response @200ok {
import pg-umami-config
copy_response
copy_response_headers
}
@error404 status 404
handle_response @error404 {
@addSlash {
expression !{path}.endsWith("/")
}
redir @addSlash {http.request.orig_uri.path}/
}
@error400 status 400
handle_response @error400 {
@real404 {
path *//index.html
}
respond @real404 404
}
}

View File

@ -84,10 +84,23 @@ extra:
link: /ru/
lang: ru
icon: https://raw.githubusercontent.com/twitter/twemoji/master/assets/svg/1f1f7-1f1fa.svg
consent:
title: !ENV [ANALYTICS_CONSENT_TITLE, "Contribute anonymous statistics"]
description: !ENV [ANALYTICS_CONSENT_BODY, "We use cookies to collect anonymous usage statistics. You can opt out if you wish."]
cookies:
umami:
name: Self-Hosted Analytics
checked: true
github:
name: GitHub
checked: false
actions:
- reject
- accept
- manage
repo_url: https://github.com/privacyguides/privacyguides.org
repo_name: ""
edit_uri: edit/main/docs/
theme:
name: material
@ -135,6 +148,7 @@ extra_css:
extra_javascript:
- assets/javascripts/mathjax.js
- assets/javascripts/randomize-element.js
- assets/javascripts/resolution.js
watch:
- ../theme
@ -270,6 +284,7 @@ nav:
- 'about/criteria.md'
- 'about/notices.md'
- 'about/privacy-policy.md'
- 'about/statistics.md'
- !ENV [NAV_COMMUNITY, 'Community']:
- 'about/donate.md'
- !ENV [NAV_ONLINE_SERVICES, 'Online Services']: 'about/services.md'

View File

@ -7,13 +7,18 @@ Privacy Guides is a community project operated by a number of active volunteer c
The privacy of our website visitors is important to us, so we do not track any individual people. As a visitor to our website:
- No personal information is collected
- No information such as cookies are stored in the browser
- No personal information is stored
- No information is shared with, sent to or sold to third-parties
- No information is shared with advertising companies
- No information is mined and harvested for personal and behavioral trends
- No information is monetized
You can view the data we collect on our [statistics](statistics.md) page.
We run a self-hosted installation of [Umami](https://umami.is) to collect some anonymous usage data for statistical purposes. The goal is to track overall trends in our website traffic, it is not to track individual visitors. All the data is in aggregate only, and no personal data is stored.
The only data which is collected is data sent in a standard web request, which includes referral sources, the page you're visiting, your user agent, your IP address, and your screen resolution. The raw data is immediately discarded after statistics have been generated, for example if we collect your screen resolution as `1125x2436`, the only data we retain is "mobile device" and not your specific resolution.
## Data We Collect From Account Holders
If you register for an account on one of our services, we may collect any information you provide us (such as your email, password, profile information, etc.) and use that information to provide you with the service. We never share or sell this data.

14
docs/about/statistics.md Normal file
View File

@ -0,0 +1,14 @@
---
title: Traffic Statistics
---
We self-host [Umami](https://umami.is) to create a nice visualization of our traffic statistics, which are public at the link below. With this process:
- Your information is never shared with a third-party, it stays on servers we control
- Your personal data is never saved, we only collect data in aggregate
- No client-side JavaScript is required
Because of these facts, keep in mind our statistics may be inaccurate. It is a useful tool to compare different dates with each other and analyze overall trends, but the actual numbers may be far off from reality. They're *precise* statistics, but not *accurate* statistics.
[View Statistics](https://stats.privacyguides.net/share/nVWjyd2QfgOPBhMF/www.privacyguides.org){ .md-button .md-button--primary }
[Opt-Out](#__consent){ .md-button }

View File

@ -1,13 +1,16 @@
ANALYTICS_CONSENT_BODY="We collect anonymous statistics about your visits to help us improve the site. We do not track you across other websites. If you disable this, we will not know when you have visited our site. We will save a single cookie in your browser to remember your preference."
ANALYTICS_CONSENT_TITLE="Contribute anonymous statistics"
LANG="English"
LANG_ENGLISH="English"
SITE_NAME="Privacy Guides"
SITE_DESCRIPTION="Privacy Guides is your central privacy and security resource to protect yourself online."
FOOTER_COPYRIGHT_INTRO="<b>Privacy Guides</b> is a non-profit, socially motivated website that provides information for protecting your data security and privacy."
FOOTER_COPYRIGHT_AFFILIATE="We do not make money from recommending certain products, and we do not use affiliate links."
FOOTER_COPYRIGHT_ANALYTICS="Anonymous statistics preferences."
FOOTER_COPYRIGHT_DATE="2019 - 2024 Privacy Guides and contributors."
FOOTER_COPYRIGHT_ICON='<span class="twemoji"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.2.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2022 Fonticons, Inc.--><path d="m245.83 214.87-33.22 17.28c-9.43-19.58-25.24-19.93-27.46-19.93-22.13 0-33.22 14.61-33.22 43.84 0 23.57 9.21 43.84 33.22 43.84 14.47 0 24.65-7.09 30.57-21.26l30.55 15.5c-6.17 11.51-25.69 38.98-65.1 38.98-22.6 0-73.96-10.32-73.96-77.05 0-58.69 43-77.06 72.63-77.06 30.72-.01 52.7 11.95 65.99 35.86zm143.05 0-32.78 17.28c-9.5-19.77-25.72-19.93-27.9-19.93-22.14 0-33.22 14.61-33.22 43.84 0 23.55 9.23 43.84 33.22 43.84 14.45 0 24.65-7.09 30.54-21.26l31 15.5c-2.1 3.75-21.39 38.98-65.09 38.98-22.69 0-73.96-9.87-73.96-77.05 0-58.67 42.97-77.06 72.63-77.06 30.71-.01 52.58 11.95 65.56 35.86zM247.56 8.05C104.74 8.05 0 123.11 0 256.05c0 138.49 113.6 248 247.56 248 129.93 0 248.44-100.87 248.44-248 0-137.87-106.62-248-248.44-248zm.87 450.81c-112.54 0-203.7-93.04-203.7-202.81 0-105.42 85.43-203.27 203.72-203.27 112.53 0 202.82 89.46 202.82 203.26-.01 121.69-99.68 202.82-202.84 202.82z"></path></svg></span><span class="twemoji"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.2.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2022 Fonticons, Inc.--><path d="M314.9 194.4v101.4h-28.3v120.5h-77.1V295.9h-28.3V194.4c0-4.4 1.6-8.2 4.6-11.3 3.1-3.1 6.9-4.7 11.3-4.7H299c4.1 0 7.8 1.6 11.1 4.7 3.1 3.2 4.8 6.9 4.8 11.3zm-101.5-63.7c0-23.3 11.5-35 34.5-35s34.5 11.7 34.5 35c0 23-11.5 34.5-34.5 34.5s-34.5-11.5-34.5-34.5zM247.6 8C389.4 8 496 118.1 496 256c0 147.1-118.5 248-248.4 248C113.6 504 0 394.5 0 256 0 123.1 104.7 8 247.6 8zm.8 44.7C130.2 52.7 44.7 150.6 44.7 256c0 109.8 91.2 202.8 203.7 202.8 103.2 0 202.8-81.1 202.8-202.8.1-113.8-90.2-203.3-202.8-203.3z"></path></svg></span><span class="twemoji"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.2.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2022 Fonticons, Inc.--><path d="M247.6 8C389.4 8 496 118.1 496 256c0 147.1-118.5 248-248.4 248C113.6 504 0 394.5 0 256 0 123.1 104.7 8 247.6 8zm.8 44.7C130.2 52.7 44.7 150.6 44.7 256c0 109.8 91.2 202.8 203.7 202.8 103.2 0 202.8-81.1 202.8-202.8.1-113.8-90.2-203.3-202.8-203.3zm94 144.3v42.5H162.1V197h180.3zm0 79.8v42.5H162.1v-42.5h180.3z"></path></svg></span>'
FOOTER_COPYRIGHT_LICENSE="Content license:"
FOOTER_COPYRIGHT="$FOOTER_COPYRIGHT_INTRO <br> $FOOTER_COPYRIGHT_AFFILIATE <br> &copy; $FOOTER_COPYRIGHT_DATE $FOOTER_COPYRIGHT_ICON $FOOTER_COPYRIGHT_LICENSE <a href='/license'><strong>CC BY-ND 4.0</strong></a>."
FOOTER_COPYRIGHT="$FOOTER_COPYRIGHT_INTRO <br> $FOOTER_COPYRIGHT_AFFILIATE <br> &copy; $FOOTER_COPYRIGHT_DATE $FOOTER_COPYRIGHT_ICON $FOOTER_COPYRIGHT_LICENSE <a href='/license'><strong>CC BY-ND 4.0</strong></a>. <a href='#__consent'>$FOOTER_COPYRIGHT_ANALYTICS</a>"
THEME_LIGHT="Switch to light mode"
THEME_DARK="Switch to dark mode"
THEME_AUTO="Switch to system theme"

View File

@ -0,0 +1,78 @@
function setCookie(cname, cvalue, exdays) {
const d = new Date();
d.setTime(d.getTime() + (exdays * 24 * 60 * 60 * 1000));
let expires = "expires="+d.toUTCString();
document.cookie = cname + "=" + cvalue + ";" + expires + ";path=/";
}
function getCookie(cname) {
let name = cname + "=";
let ca = document.cookie.split(';');
for(let i = 0; i < ca.length; i++) {
let c = ca[i];
while (c.charAt(0) == ' ') {
c = c.substring(1);
}
if (c.indexOf(name) == 0) {
return c.substring(name.length, c.length);
}
}
return "";
}
var consent = __md_get("__consent")
if (!consent) {
__md_set("__consent", {umami: true});
if (getCookie('resolution') == '') {
const resolution = `${window.screen.width}x${window.screen.height}`;
setCookie('resolution', resolution, 30);
}
}
if (consent && consent.umami) {
if (getCookie('resolution') == '') {
const resolution = `${window.screen.width}x${window.screen.height}`;
setCookie('resolution', resolution, 30);
}
setCookie('umami', 'true', 0);
} else {
setCookie('umami', 'false', 365);
setCookie('resolution', "0x0", 0);
}
var consent = __md_get("__consent")
if (consent) {
for (var input of document.forms.consent.elements)
if (input.name)
input.checked = consent[input.name] || false
/* Show consent with a small delay, but not if browsing locally */
} else if (location.protocol !== "file:") {
setTimeout(function() {
var el = document.querySelector("[data-md-component=consent]")
el.hidden = false
}, 250)
}
/* Intercept submission of consent form */
var form = document.forms.consent
for (var action of ["submit", "reset"])
form.addEventListener(action, function(ev) {
ev.preventDefault()
/* Reject all cookies */
if (ev.type === "reset")
for (var input of document.forms.consent.elements)
if (input.name)
input.checked = false
/* Grab and serialize form data */
__md_set("__consent", Object.fromEntries(
Array.from(new FormData(form).keys())
.map(function(key) { return [key, true] })
))
/* Remove anchor to omit consent from reappearing and reload */
location.hash = '';
location.reload()
})

View File

@ -0,0 +1 @@
<!-- moved to assets/javascripts/resolution.js -->