Synced

remove ssl ciphers they bug out the new method (91ce5c1563) doc changes (aa9806300a)
2025-08-20 19:45:00 +05:30 · 2025-08-20 19:45:00 +05:30 · 61694d659e
commit 61694d659e
parent 29e1532be0
3 changed files with 46 additions and 41 deletions
--- a/docs/apache2.md
+++ b/docs/apache2.md
@ -7,19 +7,25 @@ Then, install the following dependencies:
 ```sh
 apt update
 apt upgrade
-apt install php-mbstring apache2 certbot php-imagick imagemagick php-curl curl php-apcu git libapache2-mod-php
+apt install php-mbstring apache2 certbot php-imagick imagemagick php-curl curl php-apcu git libapache2-mod-fcgid php-fpm
 ```

 Enable the required modules:
 ```sh
+a2dismod mpm_prefork
+a2enmod mpm_event
 a2enmod ssl
 a2enmod rewrite
+a2enmod proxy_fcgi setenvif actions alias
+a2enmod http2
+a2enmod headers
+a2enmod proxy
 ```

-And enable these optional ones, which might be useful to you later on. The `proxy` module is useful for setting up reverse proxies to services like gitea, and `headers` is useful to tweak global header values:
+Tune the performance of php-fpm. You will need to edit this file according to your server specs and number of users. Edit the file at `/etc/php/8.4/pool.d/www.conf`:
 ```sh
-a2enmod proxy
-a2enmod headers
+pm = static
+pm.max_children = 50
 ```

 Now, restart apache2:
@ -27,7 +33,7 @@ Now, restart apache2:
 service apache2 restart
 ```

-Just for good measure, please check if your webserver is running. Access it through HTTP, not HTTPS. You should see the apache2 default landing page.
+Just for good measure, please check if your webserver is running. Access it through HTTP, not HTTPS. You should see the apache2 default landing page. Just a note, http2 won't work just yet since you don't have SSL yet.

 ## 000-default.conf
 Now, edit the following file: `/etc/apache2/sites-available/000-default.conf`, remove everything and carefully add each rule specified here, while making sure to replace my domains with your own:
@ -73,6 +79,10 @@ Now, edit the following file: `/etc/apache2/sites-available/000-default.conf`, r
 	AddOutputFilterByType DEFLATE text/css

 	DocumentRoot /var/www/4get
+	
+	<FilesMatch \.php$>
+		SetHandler "proxy:unix:/run/php/php8.1-fpm.sock|fcgi://localhost/"
+	</FilesMatch>

 	Options -MultiViews
 	RewriteEngine On
@ -80,6 +90,17 @@ Now, edit the following file: `/etc/apache2/sites-available/000-default.conf`, r
 	RewriteCond %{REQUEST_FILENAME} !-f
 	RewriteRule ^([^\.]+)$ $1.php [NC,L]

+	<Directory /var/www/4get>
+		Options -MultiViews
+		AllowOverride All
+		Require all granted
+
+		RewriteEngine On
+		RewriteCond %{REQUEST_FILENAME} !-d
+		RewriteCond %{REQUEST_FILENAME} !-f
+		RewriteRule ^([^\.]+)$ $1.php [NC,L]
+	</Directory>
+
 	# deny access to private resources
 	<Directory /var/www/4get/data/>
 		Order Deny,allow
@ -115,7 +136,8 @@ Make sure to replace `4g.flossboxin.org.in` with your own domain under the `SSLC

 	ServerAdmin dev@flossboxin.org.in
 	DocumentRoot /var/www/4get
-	
+
+	Protocols h2 http/1.1	
 	SSLEngine On
 	SSLOptions +StdEnvVars
 	
@ -127,7 +149,11 @@ Make sure to replace `4g.flossboxin.org.in` with your own domain under the `SSLC
 	AddOutputFilterByType DEFLATE text/html
 	AddOutputFilterByType DEFLATE text/plain
 	AddOutputFilterByType DEFLATE text/css
-	
+
+	<FilesMatch \.php$>
+		SetHandler "proxy:unix:/run/php/php8.1-fpm.sock|fcgi://localhost/"
+	</FilesMatch>
+
 	SSLCertificateFile /etc/letsencrypt/live/4g.flossboxin.org.in/fullchain.pem
 	SSLCertificateKeyFile /etc/letsencrypt/live/4g.flossboxin.org.in/privkey.pem
 	SSLCertificateChainFile /etc/letsencrypt/live/4g.flossboxin.org.in/chain.pem
@ -213,4 +239,4 @@ chmod 777 -R icons/

 ... And try accessing your webserver. You should now have a working 4get instance!

-Please make sure to check out how to further <a href="https://git.flossboxin.org.in/FbIN/4get/src/branch/main/docs/configure.md">configure 4get</a> to your liking!
+Please make sure to check out how to further <a href="https://git.flossboxin.org.in/FbIN/4get/src/branch/main/docs/configure.md">configure 4get</a> to your liking!
--- a/docs/configure.md
+++ b/docs/configure.md
@ -30,38 +30,23 @@ sudo make firefox-install
 sudo ldconfig
 ```

-Now, after compiling, you should have a `libcurl-impersonate-ff.so` sitting somewhere. Mine is located at `/usr/local/lib/libcurl-impersonate-ff.so`. Do some patch fuckery:
+Now, after compiling, you should have a `libcurl-impersonate-ff.so` sitting somewhere. Mine is located at `/usr/local/lib/libcurl-impersonate-ff.so`. Patch your PHP install so that it loads the right library: 

 ```sh
-sudo su
-LD_PRELOAD=/usr/local/lib/libcurl-impersonate-ff.so
-CURL_IMPERSONATE=firefox117
-patchelf --set-soname libcurl.so.4 /usr/local/lib/libcurl-impersonate-ff.so
-ldconfig
+sudo systemctl edit php8.4-fpm.service
 ```

-From here, you will have a broken curl:
+^This will open a text editor. Add the following in there, in between those 2 comments I pasted just for reference:
 ```sh
-root@fuckedmachine:/# curl --version
-curl: /usr/local/lib/libcurl.so.4: no version information available (required by curl)
-curl: symbol lookup error: curl: undefined symbol: curl_global_trace, version CURL_OPENSSL_4
+### Editing /etc/systemd/system/php8.4-fpm.service.d/override.conf
+### Anything between here and the comment below will become the contents of the>
+[Service]
+Environment="LD_PRELOAD=/usr/local/lib/libcurl-impersonate-ff.so"
+Environment="CURL_IMPERSONATE=firefox117"
+### Edits below this comment will be discarded
 ```

-Or not... During testing, I've seen that sometimes curl still works for some reason. What really matters is the output of this command:
-```
-root@fuckedmachine:/# php -r 'print_r(curl_version());' | grep ssl_version
-    [ssl_version_number] => 0
-    [ssl_version] => NSS/3.92
-```
-
-It **MUST** say NSS, otherwise it didn't work. There's also the option of using the [forked project](https://github.com/lexiforest/curl-impersonate), but that garbage doesn't support NSS. I'm kind of against impersonating chrome cause you never know when Google is gonna add more fingerprinting bullshit.
-
-Appendix: If you want a functioning `curl` command line utility again in case it doesn't work anymore, you can do the following hack:
-
-```
-sudo apt remove curl
-sudo ln -s /usr/local/bin/curl-impersonate-ff /usr/bin/curl
-```
+Restart php8.4-fpm. (`sudo service php8.4-fpm restart`). To test things out, try making a search on "Yep", they check for SSL. If you get results (or a timeout) that means it works! 

 # Robots.txt
 Make sure you configure this right to optimize your search engine presence! Head over to `/robots.txt` and change the 4get.ca domain to your own domain.
--- a/scraper/yep.php
+++ b/scraper/yep.php
@ -254,14 +254,7 @@ class yep{
 		
 		// use http2
 		curl_setopt($curlproc, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2_0);
-		
-		// set ciphers
-		curl_setopt(
-			$curlproc,
-			CURLOPT_SSL_CIPHER_LIST,
-			"aes_128_gcm_sha_256,chacha20_poly1305_sha_256,aes_256_gcm_sha_384,ecdhe_ecdsa_aes_128_gcm_sha_256,ecdhe_rsa_aes_128_gcm_sha_256,ecdhe_ecdsa_chacha20_poly1305_sha_256,ecdhe_rsa_chacha20_poly1305_sha_256,ecdhe_ecdsa_aes_256_gcm_sha_384,ecdhe_rsa_aes_256_gcm_sha_384,ecdhe_ecdsa_aes_256_sha,ecdhe_ecdsa_aes_128_sha,ecdhe_rsa_aes_128_sha,ecdhe_rsa_aes_256_sha,rsa_aes_128_gcm_sha_256,rsa_aes_256_gcm_sha_384,rsa_aes_128_sha,rsa_aes_256_sha"
-		);
-		
+
 		curl_setopt($curlproc, CURLOPT_ENCODING, ""); // default encoding
 		curl_setopt($curlproc, CURLOPT_HTTPHEADER,
 			["User-Agent: " . config::USER_AGENT,
@ -351,6 +344,7 @@ class yep{
 						"type" => "web"
 					]
 				);
+
 		}catch(Exception $error){
 			
 			throw new Exception("Failed to fetch JSON");