Anonymous Blogging on Reclaim Cloud

Working with Reclaim Cloud has been amazing, and I’m not just saying that because I work for Reclaim Hosting; the Jelastic platform Reclaim Cloud is built on has opened up a new world for hosting with almost endless possibilities. It’s containers all the way down.

The first thing I started working on when we got the initial Jelastic test environment up and running was a writing a Jelastic version of the script I had written to automate the spin-up and licensing servers on DigitalOcean, and now we’re even starting to use it to deploy new DoOO servers on our own platform instead of DigitalOcean. But just as the initial script relied on the DigitalOcean API, the Jelastic version relied on using the Jelastic API/CLI to interact with Reclaim Cloud to set up a VPS, with all further configuration relying on shell scripts.

Our internal suite of scripts for setting up cPanel servers is useful in-house for our needs, but anything that is to be distributed to the wider public needs to be more portable than bash scripts that call ruby scripts that set up python scrips as cronjobs. Good thing Jelastic offers a method to develop apps for their platform that can be copied and pasted into a dashboard: Application Manifests.

The first manifest I wrote was essentially my guide to set up a Tor Hidden Service which served static pages with lighttpd. Sure, that’s useful, but there’s a limit with what you can do with static pages. So I thought about WordPress. If it can live on the clear web, why couldn’t it live on the Tor dark web too? Just to make things clear, I understand that WordPress has it’s vulnerabilities, and if you’re looking to stay 100% anonymous, running a WordPress probably isn’t the best choice for you. But then again, if you’re looking to stay 100% anonymous, you probably have a better idea on how to do that than I do.

The manifest is pretty much a glorified shell script, but it is a shell script that sets up its own server and runs itself on that server to set everything up. Maybe a Shell Script plus plus?

You can import the manifest as found in my GitLab to deploy WordPress as a Tor Hidden Service on Reclaim Cloud by copy-pasting the raw YAML file; Jelastic doesn’t seem to like GitLab links (maybe this link will work in the future). Just let it run and it’ll spit out the Onion URL for you new hidden service.

Assuming there were no catastrophic failures in my code, you should see the WordPress setup screen once you open that link up in the Tor Browser. Just follow along, creating secure credentials and whatnot.

And just like a standard WordPress site on the clear web, you’ll see the WordPress dashboard where you can post, make pages, and so on. But unlike a standard WordPress site it is only accessible through an Onion URL.

I still need to dedicate some more time to finding any limitations, and fixing any problems that I may come across, but it seems fully functioning from what I can tell. Once I feel a little more comfortable writing manifests, I may try my hand at Tor-ifying other applications.

Or maybe I’ll set up something to do with i2p next; an eepsite may be cool.

Leave a Reply

Your email address will not be published. Required fields are marked *