Mix Installation for other Linux based systems
m (Changed protection level for "Mix Installation (Source for Linux)" ([edit=autoconfirmed] (indefinite) [move=sysop] (indefinite)))
Revision as of 14:39, 12 March 2010
HowTo install the mix server software
This HowTo describes the installation of the mix server and related software for RedHat Linux. For Debian and Ubuntu servers JonDos GmbH provides packages to simplify the installation. See: Mix Installation (Debian and Ubuntu).
The software for mix servers is distributed as source code.
In order to compile the mix sources the libraries OpenSSL (at least v.0.9.7) and Xerces-C++ are required. Additionally a C++ compiler, make and subversion are required, too. You can install all that stuff with the package manager of your operating system.
RedHat: yum install g++ make libssl-devel libxerces-c2-devel subversion
For premium mixes PostgreSQL database server, client and C-libraries for PostgreSQL clients are required, too.
RedHat: yum install postgresql postgresql-client libpq-devel
Compile the source code
Checkout the latest stable version from our subversion repository. We recommend the use of the directory /home/mix for sources.
mkdir /home/mix cd /home/mix svn checkout https://svn.jondos.de/svn/proxytest/proxytest/branches/stable
Afterwards compile and install the mix software:
cd /home/mix/stable ./configure --enable-new-channel-encryption --enable-new-flow-control make make install
Enable additional features
Depending on the features needed by your mix, you can enable some more features for your mix:
./configure --enable-new-channel-encryption --enable-new-flow-control --enable-payment .... ....
Mandatory feature for premium services:
- --enable-payment Specifies to build with payment support.
Monitoring your mix:
- --enable-server_monitoring Specifies to build with state tracking for server monitoring. You can specify a monitor port in the mix configuration (it is normally port 8080) and fetch a XML file from this IP:port time by time to check your mix. A plug-in for Nagios, which is using the monitoring port, will be found in the mix source tree misc.
Additional Logging features:
- --enable-crime-detection Enable crime detection mode. Crime detection parameters can be specified in the mix configuration file. Do ONLY use it, if you are under constraint by authorities and law. For working properly, all mixes of a cascade have to enable this feature.
- --enable-dataretentionlog Enable log messages according to data retention law.
- --enable-bandwidth-limitation Specifies to build with last mix bandwidth limitation. The limitation parameters can be specified in the mix configuration file. (only exit mixes)
Create a system user account
It is not a good solution to run the mix server with root privileges. Create a new system user account (recommended name: mix) and specify this user account in the mix configuration file. After startup, the mix server will switch to this UID.
Create a system user account with useradd:
adduser --quiet --system --disabled-password --shell=/bin/false --group mix
Create a log directory
The directory and file for log messages will be specified in the mix configuration file. You have to create the directory and set safe permissions:
mkdir /var/log/mix chown mix:adm /var/log/mix chmod 0750 /var/log/mix
No logrotate configuration is necessary. The mix server creates a new file, if the log file size exceeds the configured limit.
Start the mix server
You have to create a mix configuration, become root, raise the number of max. open descriptors to the value specified in the mix configuration file and you can start the mix:
ulimit -SHn 32768 mix -c /path/to/config.xml
After startup the mix server will switch to the sytem UID specified in the mix configuration file.
Update the mix software
Like other software the mix is updated time by time. New features will be added, bugs will be fixed ... and so on. Join the operator mailing list to stay up-to-date about software updates. If an update is announced, run the following steps.
cd /home/mix/stable make distclean svn update ./configure --enable-new-channel-encryption --enable-new-flow-control --enable-server_monitoring --enable-payment .... .... make make install
After successful update restart the mix.
HowTo install Squid proxy (only exit mixes)
The squid proxy can be installed by the package manager of your operating system. Do NOT install squid3, please use the latest stable version of squid v.2.7. Only for testing purposes lynx may be installed, too.
RedHat: yum install squid lynx
Stop the squid proxy if it was running after installation and make a backup of the original configuration.
/etc/init.d/squid stop cd /etc/squid mv squid.conf squid.conf.orig
Replace the configuration file with an optimized configuration and add the block list squid-block.acl. You may find the squid configuration files provided by Jondos GmbH in the mix source code, subdirectory misc/Linux. Choose the suitable squid config an put the file to /etc/squid. The example uses the config for free exit mixes.
cd /home/mix/stable/misc/Linux cp -f squid.conf.free /etc/squid/squid.conf cp squid-block.acl /etc/squid/squid-block.acl
Afterward create the cache directories, wait, until the cache is created....
squid -z -d -3
... and start the squid proxy.
... and check if squid is working.
http_proxy=http://127.0.0.1:3128; lynx http://www.anonymous-proxy-servers.net
Updating the JonDonym blocklist
Time by time the JonDonym blocklist will be updated. You will receive a notice by the mix operator mailing list.
cd /home/mix/stable svn update cp -f misc/Linux/squid-block.acl /etc/squid/squid-block.acl /etc/init.d/squid restart
HowTo install Dante SOCKS proxy (only premium exit mixes)
The Dante SOCKS proxy can be installed by the package manager of your operating system.
RedHat: yum install dante-server
Install the configuration files provided by JonDos GmbH. The template for the configuration is part of the stable mix source. You may find it in misc/Linux/danted.conf.template. Replace the template string [% extIP %] in line 9 with your external IP address (you may use the editor pico), copy the file to /etc/danted.conf and restart dante. It contains the block list for JonDonym mix servers and blocks port 25 for spam reasons.
cd /home/mix/stable/misc/Linux pico danted.conf.template cp -f danted.conf.template /etc/danted.conf /etc/init.d/danted restart
Updating the JonDonym blocklist
Time by time the JonDonym blocklist will be updated. You will receive a notice by the mix operator mailing list. Checkout the latest stable mix source and update your danted.conf. Please note: You have to replace the template string [% extIP %] again with your external IP address.
cd /home/mix/stable svn update cd misc/Linux pico danted.conf.template cp -f danted.conf.template /etc/danted.conf /etc/init.d/danted restart