**DRAFT!!! UNFINISHED!!! **
Introduction
Tested on Ubuntu 12.04 Precise and suited for a home, virtual or dedicated server.
An Isolating Proxy, where the webserver can not find out it's own external IP address and can only connect through Tor, is always preferred. (Whonix is an Isolating Proxy.) Due to the design of Isolating Proxies you need more RAM compared to installing a hidden service directly. If you are going for a virtual or dedicated server, RAM is money. The more RAM the more you have, the more you have to pay per month. This guide is about installing a hidden service directly and preventing IP leaks by correctly configuring everything. However, this guide will also work for Isolating Proxies.
Install required software
sudo apt-get install php5-cgi mediawiki lighttpd
Remove apache
Just to be sure.
sudo apt-get remove apache*
Check you have no mailsend installed
A non-torified mail send could de-anonymize the server. Look if something like sendmail is installed and manually uninstall if it is the case.
dpkg -l | grep mail
lighttpd.conf
sudo nano /etc/lighttpd/lighttpd.conf
server.modules = (
"mod_access",
"mod_alias",
"mod_compress",
"mod_fastcgi"
)
# Not required. We use standard path /var/www/wiki.
# "mod_redirect",
# "mod_rewrite",
server.port = 80
server.document-root = "/var/www"
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
server.errorlog-use-syslog = "enable"
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/var/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
index-file.names = ( "index.php", "index.html",
"index.htm", "default.htm",
" index.lighttpd.html" )
url.access-deny = ( "~", ".inc" )
## Use ipv6 if available
#include_shell "/usr/share/lighttpd/use-ipv6.pl"
dir-listing.encoding = "utf-8"
server.dir-listing = "enable"
compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.filetype = ( "application/x-javascript", "text/css", "text/html", "text/plain" )
include_shell "/usr/share/lighttpd/create-mime.assign.pl"
include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
fastcgi.server = ( ".php" =>
( "localhost" =>
(
"host" => "127.0.0.1",
"port" => 1026,
#"bin-path" => "/opt/php-fcgi/bin/php-cgi"
"bin-path" => "/usr/bin/php-cgi"
)
)
)
# Not required. We use standard path /var/www/wiki.
#url.rewrite-once = (
# "^/wiki/upload/(.+)" => "/wiki/upload/$1",
# "^/$" => "/mw/index.php",
# "^/wiki/([^?]*)(?:\?(.*))?" => "/mw/index.php?title=$1&$2"
# )
# Not required. We use standard path /var/www/wiki.
# url.redirect = ( "^/(?!w|wiki|robots\.txt|favicon\.ico)(.*)" => "/mw/$1" )
static-file.exclude-extensions = ( ".php", ".pl", ".cgi", ".fcgi" )
# We created a symlink for mediawiki...
server.follow-symlink = "enable"
dir-listing.activate = "disable"
dir-listing.hide-dotfiles = "disable"
dir-listing.exclude = ("^\.", "~$")
# Deactivate IP logs. Just in case.
accesslog.format = "- - - %t \"%r\" %s %b \"%{Referer}i\" \"%{User-Agent}i\""
Find path to php-cgi
Might only be required when not using Ubuntu or Debian.
which php-cgi
Change php-cgi path in lighttpd.conf
Might only be required when not using Ubuntu.
nano /etc/lighttpd/lighttpd.conf
Where Ubuntu installed mediawiki
For your interest only.
Ubuntu installed mediawiki to:
/var/lib/mediawiki
Enabling fastcgi
mv /etc/lighttpd/conf-available/10-fastcgi.conf /etc/lighttpd/conf-enabled/.
mv /etc/lighttpd/conf-available/15-fastcgi-php.conf /etc/lighttpd/conf-enabled/.
Syntax for creating symlinks
For your interest only.
ln -s {/path/to/file-name} {link-name}
Create the symlink
ln -s /var/lib/mediawiki /var/www/wiki
Tweak LocalSettings.php to prevent IP leaks
Read through https://www.mediawiki.org/wiki/Manual:Configuration_settings and search for "IP ".
https://www.mediawiki.org/wiki/Manual:Configuration_settings
Deactivate mediawiki IP logging
Just to be sure.
Edit /var/lib/mediawiki/includes/ProxyTools.php.
nano /var/lib/mediawiki/includes/ProxyTools.php
Look out for:
return $ip
And add "$ip = '127.0.0.1';" before "return $ip". Must look like this:
$ip = '127.0.0.1';
return $ip
Secure permissions
Ensure other users may not view passwords or edit content.
chown --recursive www-data:www-data /var/www
chmod --recursive o-rwx /var/www
chmod --recursive g-rwx /var/www
Setup
http://127.0.0.1/wiki/mw-config/index.php
Sources
Helpful sources while compiling this guide.