Changes

Alexander Hansen Færøy · 53a16e3a
--- a/doc/TorifyHOWTO/mediawiki.md
+++ b/doc/TorifyHOWTO/mediawiki.md
+[[TOC(noheading, depth=0)]]
+'''DRAFT!!! UNFINISHED!!! '''
+= Introduction =
+Tested on Ubuntu 12.04 Precise and suited for a home, virtual or dedicated server.
+An Isolating Proxy, where the webserver can not find out it's own external IP address and can only connect through Tor, is always preferred. ([https://www.whonix.org Whonix] is an Isolating Proxy.) Due to the design of Isolating Proxies you need more RAM compared to installing a hidden service directly. If you are going for a virtual or [http://www.webhostingreviewsx.co.uk/best-dedicated-server-hosting-uk/ dedicated server], RAM is money. The more RAM the more you have, the more you have to pay per month. This guide is about installing a hidden service directly and preventing IP leaks by correctly configuring everything. However, this guide will also work for Isolating Proxies.
+= Install required software =
+{{{
+sudo apt-get install php5-cgi mediawiki lighttpd
+}}}
+= Remove apache =
+Just to be sure.
+{{{
+sudo apt-get remove apache*
+}}}
+= Check you have no mailsend installed =
+A non-torified mail send could de-anonymize the server. Look if something like sendmail is installed and manually uninstall if it is the case.
+{{{
+dpkg -l | grep mail
+}}}
+= lighttpd.conf =
+{{{
+sudo nano /etc/lighttpd/lighttpd.conf
+}}}
+{{{
+server.modules = (
+	"mod_access",
+	"mod_alias",
+	"mod_compress",
+	"mod_fastcgi"
+)
+# Not required. We use standard path /var/www/wiki.
+# "mod_redirect",
+# "mod_rewrite",
+server.port                = 80
+server.document-root        = "/var/www"
+server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
+server.errorlog-use-syslog  = "enable"
+server.errorlog             = "/var/log/lighttpd/error.log"
+server.pid-file             = "/var/run/lighttpd.pid"
+server.username             = "www-data"
+server.groupname            = "www-data"
+index-file.names            = ( "index.php", "index.html",
+                                "index.htm", "default.htm",
+                               " index.lighttpd.html" )
+url.access-deny             = ( "~", ".inc" )
+## Use ipv6 if available
+#include_shell "/usr/share/lighttpd/use-ipv6.pl"
+dir-listing.encoding        = "utf-8"
+server.dir-listing          = "enable"
+compress.cache-dir          = "/var/cache/lighttpd/compress/"
+compress.filetype           = ( "application/x-javascript", "text/css", "text/html", "text/plain" )
+include_shell "/usr/share/lighttpd/create-mime.assign.pl"
+include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
+fastcgi.server = ( ".php" =>
+                   ( "localhost" =>
+                     (
+                       "host" => "127.0.0.1",
+                       "port" => 1026,
+                       #"bin-path" => "/opt/php-fcgi/bin/php-cgi"
+                       "bin-path" => "/usr/bin/php-cgi"
+                     )
+                   )
+                )
+# Not required. We use standard path /var/www/wiki.
+#url.rewrite-once = (
+#                     "^/wiki/upload/(.+)" => "/wiki/upload/$1",
+#                     "^/$" => "/mw/index.php",
+#                     "^/wiki/([^?]*)(?:\?(.*))?" => "/mw/index.php?title=$1&$2"
+#                   )
+# Not required. We use standard path /var/www/wiki.
+# url.redirect = ( "^/(?!w|wiki|robots\.txt|favicon\.ico)(.*)" => "/mw/$1" )
+static-file.exclude-extensions = ( ".php", ".pl", ".cgi", ".fcgi" )
+# We created a symlink for mediawiki...
+server.follow-symlink = "enable"
+dir-listing.activate = "disable"
+dir-listing.hide-dotfiles = "disable"
+dir-listing.exclude = ("^\.", "~$")
+# Deactivate IP logs. Just in case.
+accesslog.format = "- - - %t \"%r\" %s %b \"%{Referer}i\" \"%{User-Agent}i\""
+}}}
+= Find path to php-cgi =
+Might only be required when not using Ubuntu or Debian.
+{{{
+which php-cgi
+}}}
+= Change php-cgi path in lighttpd.conf =
+Might only be required when not using Ubuntu.
+{{{
+nano /etc/lighttpd/lighttpd.conf
+}}}
+= Where Ubuntu installed mediawiki =
+For your interest only.
+Ubuntu installed mediawiki to:
+{{{
+/var/lib/mediawiki
+}}}
+= Enabling fastcgi =
+{{{
+mv /etc/lighttpd/conf-available/10-fastcgi.conf /etc/lighttpd/conf-enabled/.
+mv /etc/lighttpd/conf-available/15-fastcgi-php.conf /etc/lighttpd/conf-enabled/.
+}}}
+= Syntax for creating symlinks =
+For your interest only.
+{{{
+ln -s {/path/to/file-name} {link-name}
+}}}
+= Create the symlink =
+{{{
+ln -s /var/lib/mediawiki /var/www/wiki
+}}}
+= Tweak LocalSettings.php to prevent IP leaks =
+Read through https://www.mediawiki.org/wiki/Manual:Configuration_settings and search for "IP ".
+{{{
+https://www.mediawiki.org/wiki/Manual:Configuration_settings
+}}}
+= Deactivate mediawiki IP logging =
+Just to be sure.
+Edit /var/lib/mediawiki/includes/ProxyTools.php.
+{{{
+nano /var/lib/mediawiki/includes/ProxyTools.php 
+}}}
+Look out for:
+{{{
+return $ip
+}}}
+And add "$ip = '127.0.0.1';" before "return $ip". Must look like this:
+{{{
+$ip = '127.0.0.1';
+return $ip
+}}}
+= Secure permissions =
+Ensure other users may not view passwords or edit content.
+{{{
+chown --recursive www-data:www-data /var/www
+chmod --recursive o-rwx /var/www
+chmod --recursive g-rwx /var/www
+}}}
+= Setup =
+http://127.0.0.1/wiki/mw-config/index.php
+= Sources =
+Helpful sources while compiling this guide.
+ * http://www.cyberciti.biz/tips/lighttpd-php-fastcgi-configuration.html
+ * http://www.educalpes.fr/CoffreFort
+ * http://www.cyberciti.biz/faq/unix-creating-symbolic-link-ln-command/
+ * https://svn.torproject.org/svn/incognito/trunk/root_overlay/etc/init.d/hidden-service
\ No newline at end of file