|
|
[[TOC(noheading, depth=0)]]
|
|
|
|
|
|
'''DRAFT!!! UNFINISHED!!! '''
|
|
|
**DRAFT!!! UNFINISHED!!! **
|
|
|
|
|
|
= Introduction =
|
|
|
# Introduction
|
|
|
Tested on Ubuntu 12.04 Precise and suited for a home, virtual or dedicated server.
|
|
|
|
|
|
An Isolating Proxy, where the webserver can not find out it's own external IP address and can only connect through Tor, is always preferred. ([https://www.whonix.org Whonix] is an Isolating Proxy.) Due to the design of Isolating Proxies you need more RAM compared to installing a hidden service directly. If you are going for a virtual or [http://www.webhostingreviewsx.co.uk/best-dedicated-server-hosting-uk/ dedicated server], RAM is money. The more RAM the more you have, the more you have to pay per month. This guide is about installing a hidden service directly and preventing IP leaks by correctly configuring everything. However, this guide will also work for Isolating Proxies.
|
|
|
An Isolating Proxy, where the webserver can not find out it's own external IP address and can only connect through Tor, is always preferred. ([Whonix](https://www.whonix.org) is an Isolating Proxy.) Due to the design of Isolating Proxies you need more RAM compared to installing a hidden service directly. If you are going for a virtual or [dedicated server](http://www.webhostingreviewsx.co.uk/best-dedicated-server-hosting-uk/), RAM is money. The more RAM the more you have, the more you have to pay per month. This guide is about installing a hidden service directly and preventing IP leaks by correctly configuring everything. However, this guide will also work for Isolating Proxies.
|
|
|
|
|
|
= Install required software =
|
|
|
{{{
|
|
|
# Install required software
|
|
|
```
|
|
|
sudo apt-get install php5-cgi mediawiki lighttpd
|
|
|
}}}
|
|
|
= Remove apache =
|
|
|
```
|
|
|
# Remove apache
|
|
|
Just to be sure.
|
|
|
|
|
|
{{{
|
|
|
```
|
|
|
sudo apt-get remove apache*
|
|
|
}}}
|
|
|
= Check you have no mailsend installed =
|
|
|
```
|
|
|
# Check you have no mailsend installed
|
|
|
A non-torified mail send could de-anonymize the server. Look if something like sendmail is installed and manually uninstall if it is the case.
|
|
|
|
|
|
{{{
|
|
|
```
|
|
|
dpkg -l | grep mail
|
|
|
}}}
|
|
|
= lighttpd.conf =
|
|
|
{{{
|
|
|
```
|
|
|
# lighttpd.conf
|
|
|
```
|
|
|
sudo nano /etc/lighttpd/lighttpd.conf
|
|
|
}}}
|
|
|
{{{
|
|
|
```
|
|
|
```
|
|
|
server.modules = (
|
|
|
"mod_access",
|
|
|
"mod_alias",
|
... | ... | @@ -99,79 +99,79 @@ dir-listing.exclude = ("^\.", "~$") |
|
|
|
|
|
# Deactivate IP logs. Just in case.
|
|
|
accesslog.format = "- - - %t \"%r\" %s %b \"%{Referer}i\" \"%{User-Agent}i\""
|
|
|
}}}
|
|
|
= Find path to php-cgi =
|
|
|
```
|
|
|
# Find path to php-cgi
|
|
|
Might only be required when not using Ubuntu or Debian.
|
|
|
|
|
|
{{{
|
|
|
```
|
|
|
which php-cgi
|
|
|
}}}
|
|
|
= Change php-cgi path in lighttpd.conf =
|
|
|
```
|
|
|
# Change php-cgi path in lighttpd.conf
|
|
|
Might only be required when not using Ubuntu.
|
|
|
|
|
|
{{{
|
|
|
```
|
|
|
nano /etc/lighttpd/lighttpd.conf
|
|
|
}}}
|
|
|
= Where Ubuntu installed mediawiki =
|
|
|
```
|
|
|
# Where Ubuntu installed mediawiki
|
|
|
For your interest only.
|
|
|
|
|
|
Ubuntu installed mediawiki to:
|
|
|
|
|
|
{{{
|
|
|
```
|
|
|
/var/lib/mediawiki
|
|
|
}}}
|
|
|
= Enabling fastcgi =
|
|
|
{{{
|
|
|
```
|
|
|
# Enabling fastcgi
|
|
|
```
|
|
|
mv /etc/lighttpd/conf-available/10-fastcgi.conf /etc/lighttpd/conf-enabled/.
|
|
|
mv /etc/lighttpd/conf-available/15-fastcgi-php.conf /etc/lighttpd/conf-enabled/.
|
|
|
}}}
|
|
|
= Syntax for creating symlinks =
|
|
|
```
|
|
|
# Syntax for creating symlinks
|
|
|
For your interest only.
|
|
|
|
|
|
{{{
|
|
|
```
|
|
|
ln -s {/path/to/file-name} {link-name}
|
|
|
}}}
|
|
|
= Create the symlink =
|
|
|
{{{
|
|
|
```
|
|
|
# Create the symlink
|
|
|
```
|
|
|
ln -s /var/lib/mediawiki /var/www/wiki
|
|
|
}}}
|
|
|
= Tweak LocalSettings.php to prevent IP leaks =
|
|
|
```
|
|
|
# Tweak LocalSettings.php to prevent IP leaks
|
|
|
Read through https://www.mediawiki.org/wiki/Manual:Configuration_settings and search for "IP ".
|
|
|
|
|
|
{{{
|
|
|
```
|
|
|
https://www.mediawiki.org/wiki/Manual:Configuration_settings
|
|
|
}}}
|
|
|
= Deactivate mediawiki IP logging =
|
|
|
```
|
|
|
# Deactivate mediawiki IP logging
|
|
|
Just to be sure.
|
|
|
|
|
|
Edit /var/lib/mediawiki/includes/ProxyTools.php.
|
|
|
|
|
|
{{{
|
|
|
```
|
|
|
nano /var/lib/mediawiki/includes/ProxyTools.php
|
|
|
}}}
|
|
|
```
|
|
|
Look out for:
|
|
|
|
|
|
{{{
|
|
|
```
|
|
|
return $ip
|
|
|
}}}
|
|
|
```
|
|
|
And add "$ip = '127.0.0.1';" before "return $ip". Must look like this:
|
|
|
|
|
|
{{{
|
|
|
```
|
|
|
$ip = '127.0.0.1';
|
|
|
return $ip
|
|
|
}}}
|
|
|
= Secure permissions =
|
|
|
```
|
|
|
# Secure permissions
|
|
|
Ensure other users may not view passwords or edit content.
|
|
|
|
|
|
{{{
|
|
|
```
|
|
|
chown --recursive www-data:www-data /var/www
|
|
|
chmod --recursive o-rwx /var/www
|
|
|
chmod --recursive g-rwx /var/www
|
|
|
}}}
|
|
|
= Setup =
|
|
|
```
|
|
|
# Setup
|
|
|
http://127.0.0.1/wiki/mw-config/index.php
|
|
|
|
|
|
= Sources =
|
|
|
# Sources
|
|
|
Helpful sources while compiling this guide.
|
|
|
|
|
|
* http://www.cyberciti.biz/tips/lighttpd-php-fastcgi-configuration.html
|
... | ... | |