[tor-commits] [ooni-probe/master] Update oonib README.md
art at torproject.org
art at torproject.org
Fri Dec 21 14:32:28 UTC 2012
commit 41fb481e55a353f72779590b38a76e34cb25960c
Author: aagbsn <aagbsn at extc.org>
Date: Wed Dec 12 16:34:41 2012 +0000
Update oonib README.md
Add insructions for configuring oonib, additional iptables rules for
redirecting tcp and udp dns, and building Tor with tor2webmode.
---
oonib/README.md | 79 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 79 insertions(+), 0 deletions(-)
diff --git a/oonib/README.md b/oonib/README.md
index 27c1163..3192e52 100644
--- a/oonib/README.md
+++ b/oonib/README.md
@@ -5,6 +5,11 @@ The extra dependencies necessary to run OONIB are:
* twisted-names
* cyclone: https://github.com/fiorix/cyclone
+We recommend that you use a python virtualenv. See OONI's README.md.
+
+#XXX: add instructions for isolating the python environment, sandboxing
+#XXX: see pypy-sandbox
+
# Generate self signed certs for OONIB
openssl genrsa -des3 -out private.key 4096
@@ -21,3 +26,77 @@ The extra dependencies necessary to run OONIB are:
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 57001
# Map port 443 to config.helpers.ssl.port (default: 57006)
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 57006
+ # Map port 53 udp to config.helpers.dns.udp_port (default: 57004)
+ iptables -t nat -A PREROUTING -p tcp -m udp --dport 53 -j REDIRECT --tor-ports
+ # Map port 53 tcp to config.helpers.dns.tcp_port (default: 57005)
+ iptables -t nat -A PREROUTING -p tcp -m tcp --dport 53 -j REDIRECT --tor-ports
+
+# Install Tor (Debian).
+
+See also: https://www.torproject.org/docs/tor-doc-unix.html.en,
+https://www.torproject.org/docs/rpms.html.en
+
+Add this line to your /etc/apt/sources.list, replacing <DISTRIBUTION>
+where appropriate:
+
+ deb http://deb.torproject.org/torproject.org <DISTRIBUTION> main
+
+Add the Tor Project gpg key to apt:
+
+ gpg --keyserver keys.gnupg.net --recv 886DDD89
+ gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
+ # Update apt and install the torproject keyring, tor, and geoipdb
+ apt-get update
+ apt-get install deb.torproject.org-keyring tor tor-geoipdb
+
+# Edit ooni-probe/oonib/config.py and configure
+
+ Set config.main.tor_binary to your Tor path
+ Set config.main.tor2webmode = False
+
+# (For Experts Only) To use Tor2webmode:
+
+WARNING: provides no anonymity! Use only if you know what you are doing!
+Tor2webmode will improve the performance of the collector Hidden Service
+by discarding server-side anonymity.
+
+You will need to build Tor from source. At the time of writing, the latest stable Tor is tor-0.2.3.25. You should use the most recent stable Tor.
+
+Example:
+
+ git clone https://git.torproject.org/tor.git
+ git checkout tor-0.2.3.25
+ git verify-tag -v tor-0.2.3.25
+
+You should see:
+
+ object 17c24b3118224d6536c41fa4e1493a831fb29f0a
+ type commit
+ tag tor-0.2.3.25
+ tagger Roger Dingledine <arma at torproject.org> 1353399116 -0500
+
+ tag 0.2.3.25
+ gpg: Signature made Tue 20 Nov 2012 08:11:59 AM UTC using RSA key ID 19F78451
+ gpg: Good signature from "Roger Dingledine <arma at mit.edu>"
+ gpg: aka "Roger Dingledine <arma at freehaven.net>"
+ gpg: aka "Roger Dingledine <arma at torproject.org>"
+
+It is always good idea to verify.
+
+ gpg --fingerprint 19F78451
+ pub 4096R/19F78451 2010-05-07
+ Key fingerprint = F65C E37F 04BA 5B36 0AE6 EE17 C218 5258 19F7 8451
+ uid Roger Dingledine <arma at mit.edu>
+ uid Roger Dingledine <arma at freehaven.net>
+ uid Roger Dingledine <arma at torproject.org>
+ sub 4096R/9B11185C 2012-05-02 [expires: 2013-05-02]
+
+Build Tor with enable-tor2web-mode
+
+ ./autogen.sh ; ./configure --enable-tor2web-mode ; make
+
+Copy the tor binary from src/or/tor somewhere and set the corresponding
+options in oonib/config.py
+
+#XXX: add instructions for launching on boot
+#XXX: see: supervisord, crontab @restart, etc
More information about the tor-commits
mailing list