Mix Installation for other Linux based systems

From JonDonym Wiki
(Difference between revisions)
Jump to: navigation, search
(HowTo install Dante SOCKS proxy (only premium exit mixes))
(Checkout the source code)
 
(45 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 
[[Category:MixOpLinux]]
 
[[Category:MixOpLinux]]
<iimg>[[Mix Installation (Source for Linux)]]![[Image:en.png]]</iimg><iimg>[[Mix Installation (Sourcen für Linux)]]![[Image:de.png]]</iimg>
+
<iimg>[[Mix Installation (Source for Linux)]]![[Image:en2.png]]</iimg><iimg>[[Mix Installation (Sourcen für Linux)]]![[Image:de2.png]]</iimg>&nbsp;&nbsp;&nbsp;[[Mix Installation (Debian and Ubuntu)|<- prev]] | [[MixOperatorTutorials|Content]] | [[Mix Installation (FreeBSD Jail)|next ->]]
== HowTo install the mix server software ==
+
== HowTo install the mix server software for Linux ==
This HowTo describes the installation of the mix server and related software for RedHat Linux. For Debian and Ubuntu servers JonDos GmbH provides packages to simplify the installation. See: [[Mix Installation (Debian/Ubuntu)]].
+
This HowTo describes the installation of the mix server and related software for RedHat Linux. For Debian and Ubuntu servers JonDos GmbH provides packages to simplify the installation. See: [[Mix Installation (Debian and Ubuntu)]].
  
 
The software for mix servers is distributed as source code.
 
The software for mix servers is distributed as source code.
  
 
==== Requirements ====
 
==== Requirements ====
To compile the mix sources the libraries [http://www.openssl.org OpenSSL] (at least v.0.9.7) and [http://xml.apache.org/xerces-c/index.html Xerces-C++] are required. Additional a ''C++ compiler'', ''make'' and ''subversion'' are required too. You can install all stuff with the package manager of your your operating system. For FreeBSD it may be usefull to install ''subversion'' from ports, to disable BDB.
+
In order to compile the mix sources the libraries [http://www.openssl.org OpenSSL] (at least v.0.9.7) and [http://xml.apache.org/xerces-c/index.html Xerces-C++] are required. Additionally a ''C++ compiler'', ''make'', ''automake'', ''autoconf'' and ''subversion'' are required, too. You can install all that stuff with the package manager of your operating system.
  
  <code>RedHat:  yum install g++ make libssl-devel libxerces-c2-devel subversion</code>
+
  <code>RedHat:  yum install g++ make automake libssl-devel libxerces-c2-devel subversion</code>
  
For premium mixes PostgreSQL database server, client and C-libraries for PostgreSQL clients are requiered too.
+
For premium mixes PostgreSQL database server, client and C-libraries for PostgreSQL clients are required, too.
  
 
  <code>RedHat:  yum install postgresql postgresql-client libpq-devel</code>
 
  <code>RedHat:  yum install postgresql postgresql-client libpq-devel</code>
  
==== Compile the source code ====
+
 
 +
==== Checkout the source code ====
 
Checkout the latest stable version from our subversion repository. We recommend the use of the directory ''/home/mix'' for sources.
 
Checkout the latest stable version from our subversion repository. We recommend the use of the directory ''/home/mix'' for sources.
  
 
  <code>mkdir /home/mix
 
  <code>mkdir /home/mix
 
  cd /home/mix
 
  cd /home/mix
svn checkout https://svn.jondos.de/svn/proxytest/proxytest/branches/stable</code>
+
</code>
 +
<strike>  svn checkout https://svn.jondos.de/svn/proxytest/proxytest/branches/stable</strike>
 +
 
 +
Note you should now use this code here in revision 6700 (version 00.11.14):
 +
<code>
 +
svn checkout https://svn.jondos.de/svn/proxytest/proxytest/trunk/
 +
svn up -r 6700
 +
</code>
  
Afterwards compile and install the mix software:
+
==== Compile and install using make (version 1) ====
 +
You can compile and install the mix software using make. Please enable the required compile options for your mix:
  
 
  <code>cd /home/mix/stable
 
  <code>cd /home/mix/stable
  ./configure --enable-new-channel-encryption --enable-new-flow-control
+
  ./configure --enable-payment ...
 
  make
 
  make
 
  make install</code>
 
  make install</code>
  
==== Enable additional features ====
+
==== Compile and install using rc-scripts (version 2) ====
Depending of the features needed by your mix, you can enable some more features for your mix:
+
The mix source code contains a maintenace script and parameter file in ''misc/Linux/rc-scripts'' for simplify installation and software updates. First copy the files to their default destinations:
 +
<code>cd /home/mix/stable
 +
cp misc/Linux/rc-scripts/etc_default_mix /etc/default/mix
 +
cp misc/Linux/rc-scripts/etc_init.d_mix /etc/init.d/mix</code>
 +
 
 +
Edit the settings in ''/etc/default/mix'' to fit your preferences. Very important: choose the correct compile options for your mix. Two examples are prepared: one for free mixes and one for premium mixes.
 +
 
 +
<code>SOURCE_PATH="/home/mix/"
 +
 
 +
# compile optins for free mixes
 +
COMPILE_OPTIONS="--enable-server_monitoring"
 +
 
 +
MIXCONF="/etc/mix/config.xml"
 +
MAXFILEDESCRIPTORS=32768</code>
 +
 
 +
Afterwards you can compile and install the mix:
  
  <code> ./configure --enable-new-channel-encryption --enable-new-flow-control --enable-payment .... ....</code>
+
  <code>/etc/init.d/mix compile
 +
/etc/init.d/mix install</code>
 +
 
 +
==== Enable additional features ====
 +
Depending on the features needed by your mix, you can enable some more features for your mix with COMPILE_OPTIONS:
  
 +
<code> ./configure --enable-payment .... ....</code>
  
 
Mandatory feature for premium services:
 
Mandatory feature for premium services:
* '''--enable-payment''' Specify if to build with payment support.  
+
* '''--enable-payment''' Specifies to build with payment support.  
  
 +
Mandatory for free mixes:
 +
* '''--enable-with-integrity-check''' security feature
 +
 +
Mandatory feature for free entry mixes:
 +
* '''--enable-user-bandwidth-limitation''' Specifies to build with with bandwidth limitation. The limitation parameters can be specified in the mix configuration file. (only free entry mixes)
 +
* '''--enable-with-integrity-check''' Enables the new integrity check security protocol.
  
 
Monitoring your mix:
 
Monitoring your mix:
* '''--enable-server_monitoring''' Specify if to build with state tracking for server monitoring. You can specify a monitor port in the mix configuration and fetch a XML file from this IP:port time by time to check your mix. A plug-in for Nagios, which is using the monitoring port, you will find in the mix source tree ''misc''.
+
* '''--enable-server_monitoring''' Specifies to build with state tracking for server monitoring. You can specify a monitor port in the mix configuration (it is normally port 8080) and fetch a XML file from this IP:port time by time to check your mix. A plug-in for Nagios, which is using the monitoring port, will be found in the mix source tree ''misc''.
  
 +
Disable infoservice threads:
 +
* '''--enable-infoservice-no-threads''' Do not use threads for communication with infoservices. You use this feature in case of problems with infoservice communication.
  
 
Additional Logging features:
 
Additional Logging features:
* '''--enable-crime-detection''' Enable crime detection mode. Crime detection parameters can be specified in the mix configuration file. Do ONLY use it, if you are under constraint by authorities and law. For working well, all mixes of a cascade have to enable this feature.
+
* '''--enable-crime-detection''' Enable crime detection mode. Crime detection parameters can be specified in the mix configuration file. Do ONLY use it, if you are under constraint by authorities and law. For working properly, all mixes of a cascade have to enable this feature.
* '''--enable-dataretentionlog''' Enable log messages according to German data retention law.
+
* '''--enable-dataretentionlog''' Enable log messages according to data retention law.
 
+
 
+
Other features:
+
* '''--enable-bandwidth-limitation''' Specify if to build with last mix bandwidth limitation. The limitation parameters can be specified in the mix configuration file. (only exit mixes)
+
  
 
==== Create a system user account ====
 
==== Create a system user account ====
It is not a good solution to run the mix server with root privileges. Create a new system user account (recommended name: ''mix'') and specify this user account in the mix configuration file. After start up, the mix server will switch to this UID.
+
It is not a good solution to run the mix server with root privileges. Create a new system user account (recommended name: ''mix'') and specify this user account in the mix configuration file. After startup, the mix server will switch to this UID.
  
 
Create a system user account with ''useradd'':
 
Create a system user account with ''useradd'':
  
 
  <code>adduser --quiet --system --disabled-password --shell=/bin/false --group mix</code>
 
  <code>adduser --quiet --system --disabled-password --shell=/bin/false --group mix</code>
 +
  
 
==== Create a log directory ====
 
==== Create a log directory ====
Line 65: Line 99:
 
  chmod 0750 /var/log/mix</code>
 
  chmod 0750 /var/log/mix</code>
  
No logrotate configuration is necessary. The mix server creates a new file, if the log file size exceeded the configured limit.
+
No logrotate configuration is necessary. The mix server creates a new file, if the log file size exceeds the configured limit.
 +
 
  
 
==== Start the mix server ====
 
==== Start the mix server ====
You have to [[Mix Configuration Guide |create a mix configuration]], became root, raise the number of max. open descriptors to the value specified in the mix configuration file and you can start the mix:
+
You have to [[Mix Server Configuration Guide |create a mix configuration]], save the config in ''/etc/mix/config.xml'' and start or stop the mix:
  
  <code>ulimit -SHn 32768
+
  <code>start: /etc/init.d/mix start
  mix -c /path/to/config.xml</code>
+
stop:  /etc/init.d/mix stop</code>
  
After startup the mix server will switch to the sytem UID specified in the mix configuration file.
+
Alternativly you can raise the number of max. open descriptors to the value specified in the mix configuration file and you can start the mix at command line:
  
==== Update the mix software ====
+
<code>start:  ulimit -SHn 32768
Like other software the mix is updated time by time. New features will be added, bugs will be fixed ... and so on. Join the operator mailing list to stay up-to-date about software updates. If an update is announced, run the following steps.
+
          mix -c /path/to/config.xml
 +
stop:    killall mix</code>
  
<code>cd /home/mix/stable
+
After startup the mix server will switch to the sytem UID specified in the mix configuration file.
make distclean
+
svn update
+
./configure  --enable-new-channel-encryption --enable-new-flow-control --enable-server_monitoring --enable-payment .... ....
+
make
+
make install</code>
+
  
After successful update restart the mix.
 
  
== HowTo install squid proxy (only exit mixes) ==
+
==== Update the mix software using rc-scripts ====
The squid proxy can be installed by the package manager of your your operating system. Do NOT install ''squid3'', please use the latest stable version of squid v.2.7. Only for testing purposes ''lynx'' may be installed too.
+
Like other software the mix is updated time by time. New features will be added, bugs will be fixed ... and so on. Join the operator mailing list to stay up-to-date about software updates. If an update is announced, run the following steps.
  
  <code>RedHat: yum install squid lynx</code>
+
  <code>/etc/init.d/mix upgrade
 +
  /etc/init.d/mix restart</code>
  
Stop the squid proxy if it was running after installation and make a backup of the original configuration.
+
The update creates a backup of the old mix binary in ''$SOURCE_PATH/backup''. If you were run in trouble with the new version, you can restore the old version by:
  
  <code>/etc/init.d/squid stop
+
  <code>/etc/init.d/mix restore
  cd /etc/squid
+
  /etc/init.d/mix restart</code>
mv squid.conf squid.conf.orig</code>
+
  
Replace the configuration file with an optimized configuration and add the block list ''squid-block.acl''. You may find the squid configuration files provided by Jondos in the mix source code, subdirectory ''misc/Linux''. Choose the suitable squid config an put the files to /etc/squid. The example uses the config for free exit mixes.
+
==== Update the mix software by hand ====
 
+
Alternatively you can update the mix by hand. You have to know the compile options.
<code>cd /home/mix/stable/misc/Linux
+
cp -f squid.conf.free /etc/squid/squid.conf
+
cp squid-block.acl /etc/squid/squid-block.acl</code>
+
 
+
Afterward create the cache directories, wait, until the cache is created....
+
<code>squid -z -d -3</code>
+
 
+
... and start the squid proxy.
+
<code>/etc/init.d/squid start</code>
+
 
+
... and check if ''squid'' was working.
+
<code>http_proxy=http://127.0.0.1:3128; lynx http://www.anonymous-proxy-servers.net</code>
+
 
+
=== Update the JonDonym block list ===
+
Time by time the JonDonym block list will be updated. You will receive a notice by the mix operator mailing list.  
+
  
 
  <code>cd /home/mix/stable
 
  <code>cd /home/mix/stable
 +
make distclean
 
  svn update
 
  svn update
  cp -f misc/Linux/squid-block.acl /etc/squid/squid-block.acl
+
  ./configure --enable-server_monitoring --enable-payment .... ....
  /etc/init.d/squid restart</code>
+
  make
 +
make install</code>
  
== HowTo install Dante SOCKS proxy (only premium exit mixes) ==
+
After successful update restart the mix.
The Dante SOCKS proxy can be installed by the package manager of your your operating system. For FreeBSD it is recommeded to install dante from the ports tree.
+
+
<code>RedHat:  yum install dante-server</code>
+
 
+
Install the configuration files provided by JonDos GmbH. The template for the configuration is part of the stable mix source. You may find it in ''misc/Linux/danted.conf.template''. Replace the template string ''[% extIP %]'' in line 9 with your external IP address (you may use the editor ''pico''), copy the file to /etc/danted.conf'' and restart dante. It contains the block list for JonDonym mix servers and blocks port 25 for spam reasons.
+
 
+
<code>cd /home/mix/stable/misc/Linux
+
pico danted.conf.template
+
cp -f danted.conf.template /etc/danted.conf
+
/etc/init.d/danted restart</code>
+
 
+
=== Update the JonDonym block list ===
+
Time by time the JonDonym block list will be updated. You will receive a notice by the mix operator mailing list. Checkout the latest stable mix source and update your danted.conf. Please note: You have to replace the template string ''[% extIP %]'' again with your external IP address.
+
 
+
<code>cd /home/mix/stable
+
svn update
+
cd misc/Linux
+
pico danted.conf.template
+
cp -f danted.conf.template /etc/danted.conf
+
/etc/init.d/danted restart</code>
+

Latest revision as of 14:25, 12 July 2018

En2.png De2.png    <- prev | Content | next ->

Contents

HowTo install the mix server software for Linux

This HowTo describes the installation of the mix server and related software for RedHat Linux. For Debian and Ubuntu servers JonDos GmbH provides packages to simplify the installation. See: Mix Installation (Debian and Ubuntu).

The software for mix servers is distributed as source code.

Requirements

In order to compile the mix sources the libraries OpenSSL (at least v.0.9.7) and Xerces-C++ are required. Additionally a C++ compiler, make, automake, autoconf and subversion are required, too. You can install all that stuff with the package manager of your operating system.

RedHat:  yum install g++ make automake libssl-devel libxerces-c2-devel subversion

For premium mixes PostgreSQL database server, client and C-libraries for PostgreSQL clients are required, too.

RedHat:  yum install postgresql postgresql-client libpq-devel


Checkout the source code

Checkout the latest stable version from our subversion repository. We recommend the use of the directory /home/mix for sources.

mkdir /home/mix
cd /home/mix

svn checkout https://svn.jondos.de/svn/proxytest/proxytest/branches/stable

Note you should now use this code here in revision 6700 (version 00.11.14):

svn checkout https://svn.jondos.de/svn/proxytest/proxytest/trunk/
svn up -r 6700

Compile and install using make (version 1)

You can compile and install the mix software using make. Please enable the required compile options for your mix:

cd /home/mix/stable
./configure --enable-payment ...
make
make install

Compile and install using rc-scripts (version 2)

The mix source code contains a maintenace script and parameter file in misc/Linux/rc-scripts for simplify installation and software updates. First copy the files to their default destinations:

cd /home/mix/stable
cp misc/Linux/rc-scripts/etc_default_mix /etc/default/mix
cp misc/Linux/rc-scripts/etc_init.d_mix /etc/init.d/mix

Edit the settings in /etc/default/mix to fit your preferences. Very important: choose the correct compile options for your mix. Two examples are prepared: one for free mixes and one for premium mixes.

SOURCE_PATH="/home/mix/"
# compile optins for free mixes
COMPILE_OPTIONS="--enable-server_monitoring"
MIXCONF="/etc/mix/config.xml"
MAXFILEDESCRIPTORS=32768

Afterwards you can compile and install the mix:

/etc/init.d/mix compile
/etc/init.d/mix install

Enable additional features

Depending on the features needed by your mix, you can enable some more features for your mix with COMPILE_OPTIONS:

 ./configure --enable-payment .... ....

Mandatory feature for premium services:

  • --enable-payment Specifies to build with payment support.

Mandatory for free mixes:

  • --enable-with-integrity-check security feature

Mandatory feature for free entry mixes:

  • --enable-user-bandwidth-limitation Specifies to build with with bandwidth limitation. The limitation parameters can be specified in the mix configuration file. (only free entry mixes)
  • --enable-with-integrity-check Enables the new integrity check security protocol.

Monitoring your mix:

  • --enable-server_monitoring Specifies to build with state tracking for server monitoring. You can specify a monitor port in the mix configuration (it is normally port 8080) and fetch a XML file from this IP:port time by time to check your mix. A plug-in for Nagios, which is using the monitoring port, will be found in the mix source tree misc.

Disable infoservice threads:

  • --enable-infoservice-no-threads Do not use threads for communication with infoservices. You use this feature in case of problems with infoservice communication.

Additional Logging features:

  • --enable-crime-detection Enable crime detection mode. Crime detection parameters can be specified in the mix configuration file. Do ONLY use it, if you are under constraint by authorities and law. For working properly, all mixes of a cascade have to enable this feature.
  • --enable-dataretentionlog Enable log messages according to data retention law.

Create a system user account

It is not a good solution to run the mix server with root privileges. Create a new system user account (recommended name: mix) and specify this user account in the mix configuration file. After startup, the mix server will switch to this UID.

Create a system user account with useradd:

adduser --quiet --system --disabled-password --shell=/bin/false --group mix


Create a log directory

The directory and file for log messages will be specified in the mix configuration file. You have to create the directory and set safe permissions:

mkdir /var/log/mix
chown mix:adm /var/log/mix
chmod 0750 /var/log/mix

No logrotate configuration is necessary. The mix server creates a new file, if the log file size exceeds the configured limit.


Start the mix server

You have to create a mix configuration, save the config in /etc/mix/config.xml and start or stop the mix:

start:  /etc/init.d/mix start
stop:   /etc/init.d/mix stop

Alternativly you can raise the number of max. open descriptors to the value specified in the mix configuration file and you can start the mix at command line:

start:   ulimit -SHn 32768
         mix -c /path/to/config.xml
stop:    killall mix

After startup the mix server will switch to the sytem UID specified in the mix configuration file.


Update the mix software using rc-scripts

Like other software the mix is updated time by time. New features will be added, bugs will be fixed ... and so on. Join the operator mailing list to stay up-to-date about software updates. If an update is announced, run the following steps.

/etc/init.d/mix upgrade
/etc/init.d/mix restart

The update creates a backup of the old mix binary in $SOURCE_PATH/backup. If you were run in trouble with the new version, you can restore the old version by:

/etc/init.d/mix restore
/etc/init.d/mix restart

Update the mix software by hand

Alternatively you can update the mix by hand. You have to know the compile options.

cd /home/mix/stable
make distclean
svn update
./configure --enable-server_monitoring --enable-payment .... ....
make
make install

After successful update restart the mix.

Personal tools