Mix Server Configuration Guide

From JonDonym Wiki
(Difference between revisions)
Jump to: navigation, search
 
(48 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 
[[Category:MixOpLinux]] [[Category:MixOpFreeBSD]]
 
[[Category:MixOpLinux]] [[Category:MixOpFreeBSD]]
<iimg>[[Mix Server Configuration Guide]]![[Image:en.png]]</iimg><iimg>[[Mix-Server Konfiguration]]![[Image:de.png]]</iimg>
+
<iimg>[[Mix Server Configuration Guide]]![[Image:en2.png]]</iimg><iimg>[[Mix-Server Konfiguration]]![[Image:de2.png]]</iimg>&nbsp;&nbsp;&nbsp;[[Setup Accounting Database|<- prev]] | [[MixOperatorTutorials|Content]] | [[tahoe-lafs-setup|next ->]]
 
== Install MixConfigTool ==
 
== Install MixConfigTool ==
The config file for the mix proxy ist a complex XML file. We provide a '''MixConfigTool''', which assists you. MixConfigTool ist a Java application. First you need a Java Runtime Environment, to run the application. We recommend Sun-Java6 or OpenJDK6.  
+
The configuration file for the mix proxy is a complex XML file. We provide a '''MixConfigTool''' which assists you. MixConfigTool is a Java application. First you need a Java Runtime Environment to run the application. We recommend Sun-Java6 or OpenJDK6. Please note that this is a grahical tool - you will need a graphical desktop environment to use it, command line will not work.
  
* For Windows you may download Java fom the website http://www.java.sun.com.  
+
* For Windows you may download Java from website [http://www.java.sun.com http://www.java.sun.com].  
 
* For Linux/UNIX, you may install the package ''sun-java6-jre'' or ''openjdk6-jre'' with the package manager of your distribution.
 
* For Linux/UNIX, you may install the package ''sun-java6-jre'' or ''openjdk6-jre'' with the package manager of your distribution.
  
MixConfigTool is aviable for download: [http://debian.anonymous-proxy-servers.net/java/MixConfig.jar MixConfig.jar]. Download the JAR file and start it at command line. You may create a destop/menu entry for more easy use.
+
MixConfigTool is available for download: [https://anonymous-proxy-servers.net/downloads/MixConfig.jar MixConfig.jar] ([https://anonymous-proxy-servers.net/downloads/MixConfig.jar.asc sig]). Download the JAR file and start it at command line.  
  
 
  <code>java -jar /path/to/MixConfig.jar</code>
 
  <code>java -jar /path/to/MixConfig.jar</code>
 +
 +
You may create a dekstop/menu entry for easy use.
  
 
==== Debian/Ubuntu package of MixConfigTool ====
 
==== Debian/Ubuntu package of MixConfigTool ====
Line 16: Line 18:
 
  <code>deb http://debian.anonymous-proxy-servers.net DISTRI main</code>
 
  <code>deb http://debian.anonymous-proxy-servers.net DISTRI main</code>
  
The repository ist signed with the OpenPGP key [http://anonymous-proxy-servers.net/downloads/JonDos_GmbH.asc 0xF1305880]. Download the key, verify the fingerprint and add it to your apt keyring:
+
The repository ist signed with the OpenPGP key [https://anonymous-proxy-servers.net/downloads/JonDos_GmbH.asc 0xF1305880]. Download the key, verify the fingerprint and add it to your apt keyring:
  
 
  <code>gpg --recv 0xF1305880
 
  <code>gpg --recv 0xF1305880
Line 23: Line 25:
 
  gpg --export 0xF1305880 | sudo apt-key add -</code>
 
  gpg --export 0xF1305880 | sudo apt-key add -</code>
  
Afterwards you can install MixConfigTool and all depencies by running:
+
Afterwards you can install the MixConfigTool and all dependencies by running:
  
 
  <code>sudo apt-get update  
 
  <code>sudo apt-get update  
Line 31: Line 33:
  
 
== Create a Mix Configuration ==
 
== Create a Mix Configuration ==
After startup choose the button ''"Create new configuration..."'' and follow the wizzard.
+
After startup choose the button ''"Create new configuration..."'' and follow the wizard.
  
==== 1. step: parameters for placing your mix in a cascade ====  
+
=== 1st step: parameters for placing your mix in a cascade ===  
[[Image:Screen1.png|thumb]]
+
[[Image:screen1_klein.png|link=http://anonymous-proxy-servers.net/wiki/screenshots/screen1.png|Screenshot 1]]
  
 
* select the position of your mix in the cascade (entry, middle or exit mix)
 
* select the position of your mix in the cascade (entry, middle or exit mix)
Line 41: Line 43:
 
* configure the listener interfaces.  
 
* configure the listener interfaces.  
  
For entry mixes please configure 3 listener interfaces at port 80, 443 and 6544. For middle and exit mixes only port 6544 is ok.
+
<u>For entry mixes please configure 3 listener interfaces at port 80, 443 and 6544</u>. For middle and exit mixes only port 6544 is needed.
 +
 
 +
=== 2nd step: parameters for your mix server ===
 +
[[Image:screen2_klein.png|link=http://anonymous-proxy-servers.net/wiki/screenshots/screen2.png|Screenshot 2]]
 +
 
 +
* Configure your logging options. Normally you will write log files to a directory. It case of trouble with your mix, it may be helpfull to send the log file to the developers or add it to the bug tracker message. This may be impossible for log files with a size of 100 MB or more. Limit the actual log file size to max. 2 MB. Log rotation is done by the mix.
 +
* Configure the system UID for the mix server and the number of max. open filedescriptors (usually 32684).
 +
* Only for entry mixes you may set the max. number of users on a cascade. You may use this to get a lower traffic on your service.
 +
* You can encrypt your log file with a X.509 certificate. This is recommended if the log contains sensitive information.
 +
* Specify a network interface and listen port for monitoring, if your mix was complied with ''--enable-server_monitoring''.
 +
==== Traffic shaping for free entry mixes====
 +
For <u>free entry mixes</u> you have to set the traffic shaping parameters. The shaping parameters are set for the individual user. To limit the traffic bandwidth to 120 kBit/sec for each user, you may set the following values:
 +
* ''Additional Latency (ms)'': 0
 +
* ''Shaping Interval (ms)'': 1000
 +
* ''Shaping Interval (packets)'': 20
 +
* ''Unshaped Traffic (packets)'': 0
  
==== 2. step: parameters for your mix server ====
+
==== Traffic shaping for free exit mixes====
[[Image:Screen2.png|thumb]]
+
For <u>free exit mixes</u> you have to set the traffic shaping parameters too. The shaping parameters are set for the individual user. To limit the traffic bandwidth to 120 kBit/sec for each user, you may set the following values:
 +
* ''Additional Latency (ms)'': 0
 +
* ''Shaping Interval (ms)'': 1000
 +
* ''Shaping Interval (packets)'': 14750
 +
* ''Unshaped Traffic (packets)'': 0
  
* Configure your logging options. Normally you will write log files to a directory. Set the limits for log data.
+
=== 3rd step: create or import your certificates ===
* Configure the system UID for the mix server, the number of max. open filedescriptors.
+
[[Image:screen3_klein.png|link=http://anonymous-proxy-servers.net/wiki/screenshots/screen3.png|Screenshot 3]]
* For entry mixes only you may set the max. nuber of users of an cascade.
+
* You can encrypt your log file with a X509 certificate. This is recommended, if the log would contain sensible informations.
+
* Specify a monitoring port, if your mix was complied with --enable-server_monitoring
+
* For free entry mixes you have to set the traffic shaping parameters.
+
  
==== 3. step: create or import your certificates ====
+
* First enter necessary the information below and choose the Buttons "Create" for the operator certificate.
[[Image:Screen3.png|thumb]]
+
* Alternatively, you may import your operator certificate and key.
 +
* Enter the information about your mix server (name, location) and choose the button "Create".
 +
* Sign your mix certificate with your operator certificate.
 +
* Export the public mix and operator certificates and send both to your mix partners.
  
* First fill the informations below and choose the Buttons "Create" for the operator certificate.
+
You can send the operator CSR and the mix certificate to JonDos GmbH at the end of configuration process.
* Alternativly you may import your operator certificate and key.
+
* Fill the informations about your mix server (name, location) and choose the button "Create".
+
* Sign you mix certificate with your oprator certificate.
+
* Export the certificates and send your certificates to your mix partners.
+
  
You can send the operator CSR and mix certificate to JonDos GmbH at the end of configuration process.
+
=== 4th step: Import the certificates of your partner mix(es) ===
 +
[[Image:screen4_klein.png|link=http://anonymous-proxy-servers.net/wiki/screenshots/screen4.png|Screenshot 4]]
  
==== 4. step: Import the certificates the certificates of your partner mix(es) ====
+
You can import the certificates of the previous or next mix(es) here.
[[Image:Screen4.png|thumb]]
+
  
You can import the certificates of the previous or next mix here.
+
=== 5th step: Exit mix configuration ===
 +
[[Image:screen6_klein.png|link=http://anonymous-proxy-servers.net/wiki/screenshots/screen6.png|Screenshot 5]]
  
==== 5. step: Exit mix configuration ====
+
For exit mixes only you have to configure the listener addresses of your Squid proxy. For premium exit mixes only you have to add the listener address of your Dante SOCKS proxy. Default settings:
[[Image:Screen5.png|thumb]]
+
  
For exit mixes only you have to configure the listener addresses of your Squid proxy and only for premium exit mixes you have to configure the listener address of your Dante SOCKS proxy.
+
<code>Squid:  HTTP Proxy  |  Raw/TCP  |  localhost  |  3128
 +
Dante:  Socks Proxy  |  Raw/TCP  |  localhost  |  1080    (only for premium exits)</code>
  
==== 6. step: Optionally send CSR and certificates to JonDos GmbH  ====
+
=== 6th step: Optionally send the CSR and certificates to JonDos GmbH  ===
[[Image:Screen6.png|thumb]]
+
[[Image:screen5_klein.png|link=http://anonymous-proxy-servers.net/wiki/screenshots/screen5.png|Screenshot 6]]
  
At the last step you can create an email and send to JonDos GmbH for signing your operator CSR. You will get back a valid X509 certificate by mail. This certificate you have to import in your configuration.
+
At the last step you can create an email and send your operator CSR to JonDos GmbH for signing. You will get back a valid X.509 certificate by mail. You have to import this certificate in your configuration.
  
 
Save the configuration and copy it to your server.
 
Save the configuration and copy it to your server.

Latest revision as of 06:41, 26 September 2017

En2.png De2.png    <- prev | Content | next ->

Contents

Install MixConfigTool

The configuration file for the mix proxy is a complex XML file. We provide a MixConfigTool which assists you. MixConfigTool is a Java application. First you need a Java Runtime Environment to run the application. We recommend Sun-Java6 or OpenJDK6. Please note that this is a grahical tool - you will need a graphical desktop environment to use it, command line will not work.

  • For Windows you may download Java from website http://www.java.sun.com.
  • For Linux/UNIX, you may install the package sun-java6-jre or openjdk6-jre with the package manager of your distribution.

MixConfigTool is available for download: MixConfig.jar (sig). Download the JAR file and start it at command line.

java -jar /path/to/MixConfig.jar

You may create a dekstop/menu entry for easy use.

Debian/Ubuntu package of MixConfigTool

You can use our software repository to install the Debian package and keep it up-to-date. Add the following line to /etc/apt/sources.list and replace DISTRI by the name of your distribution. At the moment lenny, squeeze, sid, intrepid, jaunty, karmic and lucid are supported.

deb http://debian.anonymous-proxy-servers.net DISTRI main

The repository ist signed with the OpenPGP key 0xF1305880. Download the key, verify the fingerprint and add it to your apt keyring:

gpg --recv 0xF1305880
gpg --fingerprint 0xF1305880
fingerprint: 1866 F973 8C97 A3D6 56A4  E142 F510 0840 F130 5880
gpg --export 0xF1305880 | sudo apt-key add -

Afterwards you can install the MixConfigTool and all dependencies by running:

sudo apt-get update 
sudo aptitude install mix-config-tool

The package will create a menu entry in "applications -> utilities" for MixConfigTool.

Create a Mix Configuration

After startup choose the button "Create new configuration..." and follow the wizard.

1st step: parameters for placing your mix in a cascade

Screenshot 1

  • select the position of your mix in the cascade (entry, middle or exit mix)
  • enable payment for premium services,
  • set the name of the cascade (only entry mixes have to set the name)
  • configure the listener interfaces.

For entry mixes please configure 3 listener interfaces at port 80, 443 and 6544. For middle and exit mixes only port 6544 is needed.

2nd step: parameters for your mix server

Screenshot 2

  • Configure your logging options. Normally you will write log files to a directory. It case of trouble with your mix, it may be helpfull to send the log file to the developers or add it to the bug tracker message. This may be impossible for log files with a size of 100 MB or more. Limit the actual log file size to max. 2 MB. Log rotation is done by the mix.
  • Configure the system UID for the mix server and the number of max. open filedescriptors (usually 32684).
  • Only for entry mixes you may set the max. number of users on a cascade. You may use this to get a lower traffic on your service.
  • You can encrypt your log file with a X.509 certificate. This is recommended if the log contains sensitive information.
  • Specify a network interface and listen port for monitoring, if your mix was complied with --enable-server_monitoring.

Traffic shaping for free entry mixes

For free entry mixes you have to set the traffic shaping parameters. The shaping parameters are set for the individual user. To limit the traffic bandwidth to 120 kBit/sec for each user, you may set the following values:

  • Additional Latency (ms): 0
  • Shaping Interval (ms): 1000
  • Shaping Interval (packets): 20
  • Unshaped Traffic (packets): 0

Traffic shaping for free exit mixes

For free exit mixes you have to set the traffic shaping parameters too. The shaping parameters are set for the individual user. To limit the traffic bandwidth to 120 kBit/sec for each user, you may set the following values:

  • Additional Latency (ms): 0
  • Shaping Interval (ms): 1000
  • Shaping Interval (packets): 14750
  • Unshaped Traffic (packets): 0

3rd step: create or import your certificates

Screenshot 3

  • First enter necessary the information below and choose the Buttons "Create" for the operator certificate.
  • Alternatively, you may import your operator certificate and key.
  • Enter the information about your mix server (name, location) and choose the button "Create".
  • Sign your mix certificate with your operator certificate.
  • Export the public mix and operator certificates and send both to your mix partners.

You can send the operator CSR and the mix certificate to JonDos GmbH at the end of configuration process.

4th step: Import the certificates of your partner mix(es)

Screenshot 4

You can import the certificates of the previous or next mix(es) here.

5th step: Exit mix configuration

Screenshot 5

For exit mixes only you have to configure the listener addresses of your Squid proxy. For premium exit mixes only you have to add the listener address of your Dante SOCKS proxy. Default settings:

Squid:   HTTP Proxy  |  Raw/TCP  |  localhost  |  3128
Dante:  Socks Proxy  |  Raw/TCP  |  localhost  |  1080    (only for premium exits)

6th step: Optionally send the CSR and certificates to JonDos GmbH

Screenshot 6

At the last step you can create an email and send your operator CSR to JonDos GmbH for signing. You will get back a valid X.509 certificate by mail. You have to import this certificate in your configuration.

Save the configuration and copy it to your server.

Personal tools