Mix Server Configuration Guide
m (Changed protection level for "Mix Server Configuration Guide" ([edit=autoconfirmed] (indefinite) [move=sysop] (indefinite)))
Revision as of 14:40, 12 March 2010
The config file for the mix proxy ist a complex XML file. We provide a MixConfigTool, which assists you. MixConfigTool ist a Java application. First you need a Java Runtime Environment, to run the application. We recommend Sun-Java6 or OpenJDK6.
- For Windows you may download Java fom the website http://www.java.sun.com.
- For Linux/UNIX, you may install the package sun-java6-jre or openjdk6-jre with the package manager of your distribution.
MixConfigTool is aviable for download: MixConfig.jar. Download the JAR file and start it at command line. You may create a destop/menu entry for more easy use.
java -jar /path/to/MixConfig.jar
Debian/Ubuntu package of MixConfigTool
You can use our software repository to install the Debian package and keep it up-to-date. Add the following line to /etc/apt/sources.list and replace DISTRI by the name of your distribution. At the moment lenny, squeeze, sid, intrepid, jaunty, karmic and lucid are supported.
deb http://debian.anonymous-proxy-servers.net DISTRI main
The repository ist signed with the OpenPGP key 0xF1305880. Download the key, verify the fingerprint and add it to your apt keyring:
gpg --recv 0xF1305880 gpg --fingerprint 0xF1305880 fingerprint: 1866 F973 8C97 A3D6 56A4 E142 F510 0840 F130 5880 gpg --export 0xF1305880 | sudo apt-key add -
Afterwards you can install MixConfigTool and all depencies by running:
sudo apt-get update sudo aptitude install mix-config-tool
The package will create a menu entry in "applications -> utilities" for MixConfigTool.
Create a Mix Configuration
After startup choose the button "Create new configuration..." and follow the wizzard.
1. step: parameters for placing your mix in a cascade
- select the position of your mix in the cascade (entry, middle or exit mix)
- enable payment for premium services,
- set the name of the cascade (only entry mixes have to set the name)
- configure the listener interfaces.
For entry mixes please configure 3 listener interfaces at port 80, 443 and 6544. For middle and exit mixes only port 6544 is ok.
2. step: parameters for your mix server
- Configure your logging options. Normally you will write log files to a directory. Set the limits for log data.
- Configure the system UID for the mix server, the number of max. open filedescriptors.
- For entry mixes only you may set the max. nuber of users of an cascade.
- You can encrypt your log file with a X509 certificate. This is recommended, if the log would contain sensible informations.
- Specify a monitoring port, if your mix was complied with --enable-server_monitoring
- For free entry mixes you have to set the traffic shaping parameters.
3. step: create or import your certificates
- First fill the informations below and choose the Buttons "Create" for the operator certificate.
- Alternativly you may import your operator certificate and key.
- Fill the informations about your mix server (name, location) and choose the button "Create".
- Sign you mix certificate with your oprator certificate.
- Export the certificates and send your certificates to your mix partners.
You can send the operator CSR and mix certificate to JonDos GmbH at the end of configuration process.
4. step: Import the certificates the certificates of your partner mix(es)
You can import the certificates of the previous or next mix here.
5. step: Exit mix configuration
For exit mixes only you have to configure the listener addresses of your Squid proxy and only for premium exit mixes you have to configure the listener address of your Dante SOCKS proxy.
6. step: Optionally send CSR and certificates to JonDos GmbH
At the last step you can create an email and send to JonDos GmbH for signing your operator CSR. You will get back a valid X509 certificate by mail. This certificate you have to import in your configuration.
Save the configuration and copy it to your server.