Farside (Privacy Redirecting Gatway) in Docker
Post #1 • c0mmando Created: 2025-03-18 01:34 Updated: 2025-03-18 01:41
GitHub - benbusby/farside: A smart redirecting gateway for various frontend…
A smart redirecting gateway for various frontend services
About
A redirecting service for FOSS alternative frontends.
Farside provides links that automatically redirect to working instances of privacy-oriented alternative frontends, such as Nitter, Libreddit, etc. This allows for users to have more reliable access to the available public instances for a particular service, while also helping to distribute traffic more evenly across all instances and avoid performance bottlenecks and rate-limiting.
Farside also integrates smoothly with basic redirector extensions in most browsers. For a simple example setup, refer to the wiki.
Dockerfile
Below is an example Dockerfile that uses a multi-stage build to compile Farside (written in Go) and then copy the resulting binary into a minimal Debian-based container. This example uses the official Golang image for the build stage and debian:bullseye-slim for the runtime stage. Adjust paths or environment variables as needed for your setup.
# Stage 1: Builder stage
FROM golang:1.23 AS builder
# Set necessary environment variables for reproducible builds
ENV CGO_ENABLED=0 \
GOOS=linux \
GOARCH=amd64
# Install git so we can clone the repository
RUN apt-get update && apt-get install -y git && rm -rf /var/lib/apt/lists/*
# Create a working directory and switch into it
WORKDIR /build
# Clone the repository from GitHub
RUN git clone https://github.com/benbusby/farside.git .
# Download dependencies using go.mod and go.sum provided by the repo.
RUN go mod download
# Build the farside binary. Adjust '-ldflags' as necessary.
RUN go build -o farside -ldflags="-s -w" .
# Stage 2: Final image
FROM debian:bullseye-slim
# Create a non-root user (recommended)
RUN useradd -m farside
# Install ca-certificates & openssl for TLS certificate verification
RUN apt-get update && apt-get install -y openssl ca-certificates && rm -rf /var/lib/apt/lists/*
# Create a directory for runtime data and set correct permissions
RUN mkdir -p /data && chown farside:farside /data
# Copy the compiled binary from the builder stage
COPY --from=builder /build/farside /usr/local/bin/farside
# Expose the port Farside will use (default: 4001)
EXPOSE 4001
# Set environment variables for Farside runtime configuration
ENV FARSIDE_PORT=4001 \
FARSIDE_DB_DIR=/data
# Switch to the non-root user
USER farside
WORKDIR /data
# Set the entrypoint to run the Farside binary
ENTRYPOINT ["/usr/local/bin/farside"]
Add DNS Records
| Type | Name | IPv4 Address | TTL |
|---|---|---|---|
| A | farside.hackliberty.org | 93.95.228.245 | 3h |
| A | r.hackliberty.org | 93.95.228.245 | 3h |
Configure Reverse Proxy (swag)
GitHub - linuxserver/docker-swag: Nginx webserver and reverse proxy with php support…
Nginx webserver and reverse proxy with php support and a built-in Certbot (Let’s Encrypt) client. It also contains fail2ban for intrusion prevention.
Add Subdomains to .env File
SWAG_SUBDOMAINS=farside, r
Add Nginx Config
nano /swag/nginx/site-confs/farside.conf
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name farside.* r.*;
ssl_certificate /config/keys/cert.crt;
ssl_certificate_key /config/keys/cert.key;
ssl_session_timeout 10m;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
ssl_dhparam /config/nginx/dhparam4096.pem;
# intermediate configuration
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_conf_command Options PrioritizeChaCha;
ssl_conf_command Ciphersuites TLS_CHACHA20_POLY1305_SHA256;
ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384;
ssl_ecdh_curve X25519:X448:secp521r1:secp384r1;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /config/keys/cert.crt;
# Optional additional headers
add_header Permissions-Policy "interest-cohort=()";
# Add Onion-Location Header
# add_header Onion-Location http://.onion$request_uri;
location / {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app farside;
set $upstream_port 4001;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
Docker Compose
networks:
farside:
services:
swag:
image: ghcr.io/linuxserver/swag
restart: unless-stopped
container_name: swag
cap_add:
- NET_ADMIN
environment:
- PUID=1000
- PGID=1000
- URL=${SWAG_URL}
- SUBDOMAINS=${SWAG_SUBDOMAINS}
- VALIDATION=http
- EMAIL=${SWAG_EMAIL}
- ONLY_SUBDOMAINS=false
volumes:
- ./swag:/config:Z
- /etc/localtime:/etc/localtime:ro
ports:
- 443:443
- 80:80
networks:
- farside
security_opt:
- no-new-privileges:true
farside:
build:
context: .
dockerfile: farside/Dockerfile
container_name: farside
environment:
- FARSIDE_PORT=4001
- FARSIDE_DB_DIR=/data
volumes:
- ./farside:/data
restart: unless-stopped
networks:
- farside
Add services.json
Download or add your own services.json file to /farside
Start Services
sudo docker compose up --build -d
Check Logs
sudo docker logs farside
Check Service
To-do: Onion Gateway
- Build separate onion dockerfile (may require socat magic)
- Add Tor support (for both containers) and Tor proxy support (for Onion gateway)
- Implement onion location nginx header on clearnet (separate container)
- compile onion only services.json