From 61694d659e3a4156d7dafd87aa5e58f31dba9a35 Mon Sep 17 00:00:00 2001 From: vdbhb59 Date: Wed, 20 Aug 2025 19:45:00 +0530 Subject: [PATCH] Synced remove ssl ciphers they bug out the new method (https://git.lolcat.ca/lolcat/4get/commit/91ce5c1563edfb18f1dd9547443955464394b26f) doc changes (https://git.lolcat.ca/lolcat/4get/commit/aa9806300aa83278f65c37664e404cf233d74efb) --- docs/apache2.md | 42 ++++++++++++++++++++++++++++++++++-------- docs/configure.md | 35 ++++++++++------------------------- scraper/yep.php | 10 ++-------- 3 files changed, 46 insertions(+), 41 deletions(-) diff --git a/docs/apache2.md b/docs/apache2.md index 11368e1..9f868be 100644 --- a/docs/apache2.md +++ b/docs/apache2.md @@ -7,19 +7,25 @@ Then, install the following dependencies: ```sh apt update apt upgrade -apt install php-mbstring apache2 certbot php-imagick imagemagick php-curl curl php-apcu git libapache2-mod-php +apt install php-mbstring apache2 certbot php-imagick imagemagick php-curl curl php-apcu git libapache2-mod-fcgid php-fpm ``` Enable the required modules: ```sh +a2dismod mpm_prefork +a2enmod mpm_event a2enmod ssl a2enmod rewrite +a2enmod proxy_fcgi setenvif actions alias +a2enmod http2 +a2enmod headers +a2enmod proxy ``` -And enable these optional ones, which might be useful to you later on. The `proxy` module is useful for setting up reverse proxies to services like gitea, and `headers` is useful to tweak global header values: +Tune the performance of php-fpm. You will need to edit this file according to your server specs and number of users. Edit the file at `/etc/php/8.4/pool.d/www.conf`: ```sh -a2enmod proxy -a2enmod headers +pm = static +pm.max_children = 50 ``` Now, restart apache2: @@ -27,7 +33,7 @@ Now, restart apache2: service apache2 restart ``` -Just for good measure, please check if your webserver is running. Access it through HTTP, not HTTPS. You should see the apache2 default landing page. +Just for good measure, please check if your webserver is running. Access it through HTTP, not HTTPS. You should see the apache2 default landing page. Just a note, http2 won't work just yet since you don't have SSL yet. ## 000-default.conf Now, edit the following file: `/etc/apache2/sites-available/000-default.conf`, remove everything and carefully add each rule specified here, while making sure to replace my domains with your own: @@ -73,6 +79,10 @@ Now, edit the following file: `/etc/apache2/sites-available/000-default.conf`, r AddOutputFilterByType DEFLATE text/css DocumentRoot /var/www/4get + + + SetHandler "proxy:unix:/run/php/php8.1-fpm.sock|fcgi://localhost/" + Options -MultiViews RewriteEngine On @@ -80,6 +90,17 @@ Now, edit the following file: `/etc/apache2/sites-available/000-default.conf`, r RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^([^\.]+)$ $1.php [NC,L] + + Options -MultiViews + AllowOverride All + Require all granted + + RewriteEngine On + RewriteCond %{REQUEST_FILENAME} !-d + RewriteCond %{REQUEST_FILENAME} !-f + RewriteRule ^([^\.]+)$ $1.php [NC,L] + + # deny access to private resources Order Deny,allow @@ -115,7 +136,8 @@ Make sure to replace `4g.flossboxin.org.in` with your own domain under the `SSLC ServerAdmin dev@flossboxin.org.in DocumentRoot /var/www/4get - + + Protocols h2 http/1.1 SSLEngine On SSLOptions +StdEnvVars @@ -127,7 +149,11 @@ Make sure to replace `4g.flossboxin.org.in` with your own domain under the `SSLC AddOutputFilterByType DEFLATE text/html AddOutputFilterByType DEFLATE text/plain AddOutputFilterByType DEFLATE text/css - + + + SetHandler "proxy:unix:/run/php/php8.1-fpm.sock|fcgi://localhost/" + + SSLCertificateFile /etc/letsencrypt/live/4g.flossboxin.org.in/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/4g.flossboxin.org.in/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/4g.flossboxin.org.in/chain.pem @@ -213,4 +239,4 @@ chmod 777 -R icons/ ... And try accessing your webserver. You should now have a working 4get instance! -Please make sure to check out how to further configure 4get to your liking! +Please make sure to check out how to further configure 4get to your liking! \ No newline at end of file diff --git a/docs/configure.md b/docs/configure.md index a8d6492..3c68f96 100644 --- a/docs/configure.md +++ b/docs/configure.md @@ -30,38 +30,23 @@ sudo make firefox-install sudo ldconfig ``` -Now, after compiling, you should have a `libcurl-impersonate-ff.so` sitting somewhere. Mine is located at `/usr/local/lib/libcurl-impersonate-ff.so`. Do some patch fuckery: +Now, after compiling, you should have a `libcurl-impersonate-ff.so` sitting somewhere. Mine is located at `/usr/local/lib/libcurl-impersonate-ff.so`. Patch your PHP install so that it loads the right library: ```sh -sudo su -LD_PRELOAD=/usr/local/lib/libcurl-impersonate-ff.so -CURL_IMPERSONATE=firefox117 -patchelf --set-soname libcurl.so.4 /usr/local/lib/libcurl-impersonate-ff.so -ldconfig +sudo systemctl edit php8.4-fpm.service ``` -From here, you will have a broken curl: +^This will open a text editor. Add the following in there, in between those 2 comments I pasted just for reference: ```sh -root@fuckedmachine:/# curl --version -curl: /usr/local/lib/libcurl.so.4: no version information available (required by curl) -curl: symbol lookup error: curl: undefined symbol: curl_global_trace, version CURL_OPENSSL_4 +### Editing /etc/systemd/system/php8.4-fpm.service.d/override.conf +### Anything between here and the comment below will become the contents of the> +[Service] +Environment="LD_PRELOAD=/usr/local/lib/libcurl-impersonate-ff.so" +Environment="CURL_IMPERSONATE=firefox117" +### Edits below this comment will be discarded ``` -Or not... During testing, I've seen that sometimes curl still works for some reason. What really matters is the output of this command: -``` -root@fuckedmachine:/# php -r 'print_r(curl_version());' | grep ssl_version - [ssl_version_number] => 0 - [ssl_version] => NSS/3.92 -``` - -It **MUST** say NSS, otherwise it didn't work. There's also the option of using the [forked project](https://github.com/lexiforest/curl-impersonate), but that garbage doesn't support NSS. I'm kind of against impersonating chrome cause you never know when Google is gonna add more fingerprinting bullshit. - -Appendix: If you want a functioning `curl` command line utility again in case it doesn't work anymore, you can do the following hack: - -``` -sudo apt remove curl -sudo ln -s /usr/local/bin/curl-impersonate-ff /usr/bin/curl -``` +Restart php8.4-fpm. (`sudo service php8.4-fpm restart`). To test things out, try making a search on "Yep", they check for SSL. If you get results (or a timeout) that means it works! # Robots.txt Make sure you configure this right to optimize your search engine presence! Head over to `/robots.txt` and change the 4get.ca domain to your own domain. diff --git a/scraper/yep.php b/scraper/yep.php index bfe347f..00143ff 100644 --- a/scraper/yep.php +++ b/scraper/yep.php @@ -254,14 +254,7 @@ class yep{ // use http2 curl_setopt($curlproc, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2_0); - - // set ciphers - curl_setopt( - $curlproc, - CURLOPT_SSL_CIPHER_LIST, - "aes_128_gcm_sha_256,chacha20_poly1305_sha_256,aes_256_gcm_sha_384,ecdhe_ecdsa_aes_128_gcm_sha_256,ecdhe_rsa_aes_128_gcm_sha_256,ecdhe_ecdsa_chacha20_poly1305_sha_256,ecdhe_rsa_chacha20_poly1305_sha_256,ecdhe_ecdsa_aes_256_gcm_sha_384,ecdhe_rsa_aes_256_gcm_sha_384,ecdhe_ecdsa_aes_256_sha,ecdhe_ecdsa_aes_128_sha,ecdhe_rsa_aes_128_sha,ecdhe_rsa_aes_256_sha,rsa_aes_128_gcm_sha_256,rsa_aes_256_gcm_sha_384,rsa_aes_128_sha,rsa_aes_256_sha" - ); - + curl_setopt($curlproc, CURLOPT_ENCODING, ""); // default encoding curl_setopt($curlproc, CURLOPT_HTTPHEADER, ["User-Agent: " . config::USER_AGENT, @@ -351,6 +344,7 @@ class yep{ "type" => "web" ] ); + }catch(Exception $error){ throw new Exception("Failed to fetch JSON");