|
|
[[TOC(noheading, depth=0)]]
|
|
|
|
|
|
'''DRAFT!!! UNFINISHED!!! '''
|
|
|
|
|
|
= Introduction =
|
|
|
Tested on Ubuntu 12.04 Precise and suited for a home, virtual or dedicated server.
|
|
|
|
|
|
An Isolating Proxy, where the webserver can not find out it's own external IP address and can only connect through Tor, is always preferred. ([https://www.whonix.org Whonix] is an Isolating Proxy.) Due to the design of Isolating Proxies you need more RAM compared to installing a hidden service directly. If you are going for a virtual or [http://www.webhostingreviewsx.co.uk/best-dedicated-server-hosting-uk/ dedicated server], RAM is money. The more RAM the more you have, the more you have to pay per month. This guide is about installing a hidden service directly and preventing IP leaks by correctly configuring everything. However, this guide will also work for Isolating Proxies.
|
|
|
|
|
|
= Install required software =
|
|
|
{{{
|
|
|
sudo apt-get install php5-cgi mediawiki lighttpd
|
|
|
}}}
|
|
|
= Remove apache =
|
|
|
Just to be sure.
|
|
|
|
|
|
{{{
|
|
|
sudo apt-get remove apache*
|
|
|
}}}
|
|
|
= Check you have no mailsend installed =
|
|
|
A non-torified mail send could de-anonymize the server. Look if something like sendmail is installed and manually uninstall if it is the case.
|
|
|
|
|
|
{{{
|
|
|
dpkg -l | grep mail
|
|
|
}}}
|
|
|
= lighttpd.conf =
|
|
|
{{{
|
|
|
sudo nano /etc/lighttpd/lighttpd.conf
|
|
|
}}}
|
|
|
{{{
|
|
|
server.modules = (
|
|
|
"mod_access",
|
|
|
"mod_alias",
|
|
|
"mod_compress",
|
|
|
"mod_fastcgi"
|
|
|
)
|
|
|
|
|
|
# Not required. We use standard path /var/www/wiki.
|
|
|
# "mod_redirect",
|
|
|
# "mod_rewrite",
|
|
|
|
|
|
server.port = 80
|
|
|
|
|
|
server.document-root = "/var/www"
|
|
|
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
|
|
|
server.errorlog-use-syslog = "enable"
|
|
|
server.errorlog = "/var/log/lighttpd/error.log"
|
|
|
server.pid-file = "/var/run/lighttpd.pid"
|
|
|
server.username = "www-data"
|
|
|
server.groupname = "www-data"
|
|
|
|
|
|
index-file.names = ( "index.php", "index.html",
|
|
|
"index.htm", "default.htm",
|
|
|
" index.lighttpd.html" )
|
|
|
|
|
|
url.access-deny = ( "~", ".inc" )
|
|
|
|
|
|
## Use ipv6 if available
|
|
|
#include_shell "/usr/share/lighttpd/use-ipv6.pl"
|
|
|
|
|
|
dir-listing.encoding = "utf-8"
|
|
|
server.dir-listing = "enable"
|
|
|
|
|
|
compress.cache-dir = "/var/cache/lighttpd/compress/"
|
|
|
compress.filetype = ( "application/x-javascript", "text/css", "text/html", "text/plain" )
|
|
|
|
|
|
include_shell "/usr/share/lighttpd/create-mime.assign.pl"
|
|
|
include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
|
|
|
|
|
|
fastcgi.server = ( ".php" =>
|
|
|
( "localhost" =>
|
|
|
(
|
|
|
"host" => "127.0.0.1",
|
|
|
"port" => 1026,
|
|
|
#"bin-path" => "/opt/php-fcgi/bin/php-cgi"
|
|
|
"bin-path" => "/usr/bin/php-cgi"
|
|
|
)
|
|
|
)
|
|
|
)
|
|
|
|
|
|
# Not required. We use standard path /var/www/wiki.
|
|
|
#url.rewrite-once = (
|
|
|
# "^/wiki/upload/(.+)" => "/wiki/upload/$1",
|
|
|
# "^/$" => "/mw/index.php",
|
|
|
# "^/wiki/([^?]*)(?:\?(.*))?" => "/mw/index.php?title=$1&$2"
|
|
|
# )
|
|
|
|
|
|
# Not required. We use standard path /var/www/wiki.
|
|
|
# url.redirect = ( "^/(?!w|wiki|robots\.txt|favicon\.ico)(.*)" => "/mw/$1" )
|
|
|
|
|
|
static-file.exclude-extensions = ( ".php", ".pl", ".cgi", ".fcgi" )
|
|
|
|
|
|
# We created a symlink for mediawiki...
|
|
|
server.follow-symlink = "enable"
|
|
|
|
|
|
dir-listing.activate = "disable"
|
|
|
dir-listing.hide-dotfiles = "disable"
|
|
|
dir-listing.exclude = ("^\.", "~$")
|
|
|
|
|
|
# Deactivate IP logs. Just in case.
|
|
|
accesslog.format = "- - - %t \"%r\" %s %b \"%{Referer}i\" \"%{User-Agent}i\""
|
|
|
}}}
|
|
|
= Find path to php-cgi =
|
|
|
Might only be required when not using Ubuntu or Debian.
|
|
|
|
|
|
{{{
|
|
|
which php-cgi
|
|
|
}}}
|
|
|
= Change php-cgi path in lighttpd.conf =
|
|
|
Might only be required when not using Ubuntu.
|
|
|
|
|
|
{{{
|
|
|
nano /etc/lighttpd/lighttpd.conf
|
|
|
}}}
|
|
|
= Where Ubuntu installed mediawiki =
|
|
|
For your interest only.
|
|
|
|
|
|
Ubuntu installed mediawiki to:
|
|
|
|
|
|
{{{
|
|
|
/var/lib/mediawiki
|
|
|
}}}
|
|
|
= Enabling fastcgi =
|
|
|
{{{
|
|
|
mv /etc/lighttpd/conf-available/10-fastcgi.conf /etc/lighttpd/conf-enabled/.
|
|
|
mv /etc/lighttpd/conf-available/15-fastcgi-php.conf /etc/lighttpd/conf-enabled/.
|
|
|
}}}
|
|
|
= Syntax for creating symlinks =
|
|
|
For your interest only.
|
|
|
|
|
|
{{{
|
|
|
ln -s {/path/to/file-name} {link-name}
|
|
|
}}}
|
|
|
= Create the symlink =
|
|
|
{{{
|
|
|
ln -s /var/lib/mediawiki /var/www/wiki
|
|
|
}}}
|
|
|
= Tweak LocalSettings.php to prevent IP leaks =
|
|
|
Read through https://www.mediawiki.org/wiki/Manual:Configuration_settings and search for "IP ".
|
|
|
|
|
|
{{{
|
|
|
https://www.mediawiki.org/wiki/Manual:Configuration_settings
|
|
|
}}}
|
|
|
= Deactivate mediawiki IP logging =
|
|
|
Just to be sure.
|
|
|
|
|
|
Edit /var/lib/mediawiki/includes/ProxyTools.php.
|
|
|
|
|
|
{{{
|
|
|
nano /var/lib/mediawiki/includes/ProxyTools.php
|
|
|
}}}
|
|
|
Look out for:
|
|
|
|
|
|
{{{
|
|
|
return $ip
|
|
|
}}}
|
|
|
And add "$ip = '127.0.0.1';" before "return $ip". Must look like this:
|
|
|
|
|
|
{{{
|
|
|
$ip = '127.0.0.1';
|
|
|
return $ip
|
|
|
}}}
|
|
|
= Secure permissions =
|
|
|
Ensure other users may not view passwords or edit content.
|
|
|
|
|
|
{{{
|
|
|
chown --recursive www-data:www-data /var/www
|
|
|
chmod --recursive o-rwx /var/www
|
|
|
chmod --recursive g-rwx /var/www
|
|
|
}}}
|
|
|
= Setup =
|
|
|
http://127.0.0.1/wiki/mw-config/index.php
|
|
|
|
|
|
= Sources =
|
|
|
Helpful sources while compiling this guide.
|
|
|
|
|
|
* http://www.cyberciti.biz/tips/lighttpd-php-fastcgi-configuration.html
|
|
|
* http://www.educalpes.fr/CoffreFort
|
|
|
* http://www.cyberciti.biz/faq/unix-creating-symbolic-link-ln-command/
|
|
|
* https://svn.torproject.org/svn/incognito/trunk/root_overlay/etc/init.d/hidden-service |
|
|
\ No newline at end of file |