Changes

Page history
Apply conversion script to all *.md files. authored by Alexander Hansen Færøy's avatar Alexander Hansen Færøy
Show whitespace changes
Inline Side-by-side
doc/TorifyHOWTO/mediawiki.md
View page @ a1a4b621
[[TOC(noheading, depth=0)]] [[TOC(noheading, depth=0)]]
'''DRAFT!!! UNFINISHED!!! ''' **DRAFT!!! UNFINISHED!!! **
= Introduction = # Introduction
Tested on Ubuntu 12.04 Precise and suited for a home, virtual or dedicated server. Tested on Ubuntu 12.04 Precise and suited for a home, virtual or dedicated server.
An Isolating Proxy, where the webserver can not find out it's own external IP address and can only connect through Tor, is always preferred. ([https://www.whonix.org Whonix] is an Isolating Proxy.) Due to the design of Isolating Proxies you need more RAM compared to installing a hidden service directly. If you are going for a virtual or [http://www.webhostingreviewsx.co.uk/best-dedicated-server-hosting-uk/ dedicated server], RAM is money. The more RAM the more you have, the more you have to pay per month. This guide is about installing a hidden service directly and preventing IP leaks by correctly configuring everything. However, this guide will also work for Isolating Proxies. An Isolating Proxy, where the webserver can not find out it's own external IP address and can only connect through Tor, is always preferred. ([Whonix](https://www.whonix.org) is an Isolating Proxy.) Due to the design of Isolating Proxies you need more RAM compared to installing a hidden service directly. If you are going for a virtual or [dedicated server](http://www.webhostingreviewsx.co.uk/best-dedicated-server-hosting-uk/), RAM is money. The more RAM the more you have, the more you have to pay per month. This guide is about installing a hidden service directly and preventing IP leaks by correctly configuring everything. However, this guide will also work for Isolating Proxies.
= Install required software = # Install required software
{{{ ```
sudo apt-get install php5-cgi mediawiki lighttpd sudo apt-get install php5-cgi mediawiki lighttpd
}}} ```
= Remove apache = # Remove apache
Just to be sure. Just to be sure.
{{{ ```
sudo apt-get remove apache* sudo apt-get remove apache*
}}} ```
= Check you have no mailsend installed = # Check you have no mailsend installed
A non-torified mail send could de-anonymize the server. Look if something like sendmail is installed and manually uninstall if it is the case. A non-torified mail send could de-anonymize the server. Look if something like sendmail is installed and manually uninstall if it is the case.
{{{ ```
dpkg -l | grep mail dpkg -l | grep mail
}}} ```
= lighttpd.conf = # lighttpd.conf
{{{ ```
sudo nano /etc/lighttpd/lighttpd.conf sudo nano /etc/lighttpd/lighttpd.conf
}}} ```
{{{ ```
server.modules = ( server.modules = (
"mod_access", "mod_access",
"mod_alias", "mod_alias",
...@@ -99,79 +99,79 @@ dir-listing.exclude = ("^\.", "~$") ...@@ -99,79 +99,79 @@ dir-listing.exclude = ("^\.", "~$")
# Deactivate IP logs. Just in case. # Deactivate IP logs. Just in case.
accesslog.format = "- - - %t \"%r\" %s %b \"%{Referer}i\" \"%{User-Agent}i\"" accesslog.format = "- - - %t \"%r\" %s %b \"%{Referer}i\" \"%{User-Agent}i\""
}}} ```
= Find path to php-cgi = # Find path to php-cgi
Might only be required when not using Ubuntu or Debian. Might only be required when not using Ubuntu or Debian.
{{{ ```
which php-cgi which php-cgi
}}} ```
= Change php-cgi path in lighttpd.conf = # Change php-cgi path in lighttpd.conf
Might only be required when not using Ubuntu. Might only be required when not using Ubuntu.
{{{ ```
nano /etc/lighttpd/lighttpd.conf nano /etc/lighttpd/lighttpd.conf
}}} ```
= Where Ubuntu installed mediawiki = # Where Ubuntu installed mediawiki
For your interest only. For your interest only.
Ubuntu installed mediawiki to: Ubuntu installed mediawiki to:
{{{ ```
/var/lib/mediawiki /var/lib/mediawiki
}}} ```
= Enabling fastcgi = # Enabling fastcgi
{{{ ```
mv /etc/lighttpd/conf-available/10-fastcgi.conf /etc/lighttpd/conf-enabled/. mv /etc/lighttpd/conf-available/10-fastcgi.conf /etc/lighttpd/conf-enabled/.
mv /etc/lighttpd/conf-available/15-fastcgi-php.conf /etc/lighttpd/conf-enabled/. mv /etc/lighttpd/conf-available/15-fastcgi-php.conf /etc/lighttpd/conf-enabled/.
}}} ```
= Syntax for creating symlinks = # Syntax for creating symlinks
For your interest only. For your interest only.
{{{ ```
ln -s {/path/to/file-name} {link-name} ln -s {/path/to/file-name} {link-name}
}}} ```
= Create the symlink = # Create the symlink
{{{ ```
ln -s /var/lib/mediawiki /var/www/wiki ln -s /var/lib/mediawiki /var/www/wiki
}}} ```
= Tweak LocalSettings.php to prevent IP leaks = # Tweak LocalSettings.php to prevent IP leaks
Read through https://www.mediawiki.org/wiki/Manual:Configuration_settings and search for "IP ". Read through https://www.mediawiki.org/wiki/Manual:Configuration_settings and search for "IP ".
{{{ ```
https://www.mediawiki.org/wiki/Manual:Configuration_settings https://www.mediawiki.org/wiki/Manual:Configuration_settings
}}} ```
= Deactivate mediawiki IP logging = # Deactivate mediawiki IP logging
Just to be sure. Just to be sure.
Edit /var/lib/mediawiki/includes/ProxyTools.php. Edit /var/lib/mediawiki/includes/ProxyTools.php.
{{{ ```
nano /var/lib/mediawiki/includes/ProxyTools.php nano /var/lib/mediawiki/includes/ProxyTools.php
}}} ```
Look out for: Look out for:
{{{ ```
return $ip return $ip
}}} ```
And add "$ip = '127.0.0.1';" before "return $ip". Must look like this: And add "$ip = '127.0.0.1';" before "return $ip". Must look like this:
{{{ ```
$ip = '127.0.0.1'; $ip = '127.0.0.1';
return $ip return $ip
}}} ```
= Secure permissions = # Secure permissions
Ensure other users may not view passwords or edit content. Ensure other users may not view passwords or edit content.
{{{ ```
chown --recursive www-data:www-data /var/www chown --recursive www-data:www-data /var/www
chmod --recursive o-rwx /var/www chmod --recursive o-rwx /var/www
chmod --recursive g-rwx /var/www chmod --recursive g-rwx /var/www
}}} ```
= Setup = # Setup
http://127.0.0.1/wiki/mw-config/index.php http://127.0.0.1/wiki/mw-config/index.php
= Sources = # Sources
Helpful sources while compiling this guide. Helpful sources while compiling this guide.
* http://www.cyberciti.biz/tips/lighttpd-php-fastcgi-configuration.html * http://www.cyberciti.biz/tips/lighttpd-php-fastcgi-configuration.html
... ...
......