[tor-commits] [flashproxy/master] Merge branch 'fac-build'

infinity0 at torproject.org infinity0 at torproject.org
Thu Nov 21 13:18:47 UTC 2013


commit 4ff2130c877f931ccd1e892fd96652a481003ae7
Merge: 6de8015 4c554d7
Author: Ximin Luo <infinity0 at gmx.com>
Date:   Wed Nov 20 16:05:12 2013 +0000

    Merge branch 'fac-build'
    
    Conflicts:
    	facilitator/doc/facilitator-howto.txt

 Makefile                                       |   12 +-
 facilitator/.gitignore                         |   28 ++
 facilitator/INSTALL                            |   31 ++
 facilitator/Makefile                           |   21 --
 facilitator/Makefile.am                        |  149 ++++++++
 facilitator/README                             |   37 +-
 facilitator/appengine/README                   |   11 -
 facilitator/appengine/app.yaml                 |    3 +-
 facilitator/appengine/config.go                |   16 +
 facilitator/appengine/fp-reg.go                |    7 +-
 facilitator/autogen.sh                         |    2 +
 facilitator/configure.ac                       |   49 +++
 facilitator/default/facilitator                |   11 +
 facilitator/default/facilitator-email-poller   |    7 +
 facilitator/default/facilitator-reg-daemon     |   11 +
 facilitator/doc/appengine-howto.txt            |   56 ---
 facilitator/doc/appspot-howto.txt              |   72 ++++
 facilitator/doc/email-howto.txt                |   75 ++++
 facilitator/doc/facilitator-design.txt         |   44 +++
 facilitator/doc/facilitator-howto.txt          |  199 -----------
 facilitator/doc/gmail-howto.txt                |   61 ----
 facilitator/doc/http-howto.txt                 |   49 +++
 facilitator/doc/server-howto.txt               |   55 +++
 facilitator/examples/facilitator-relays        |    7 +
 facilitator/examples/fp-facilitator.conf.in    |   30 ++
 facilitator/examples/reg-email.pass            |   10 +
 facilitator/fac.py                             |   35 +-
 facilitator/facilitator                        |   16 +-
 facilitator/facilitator-email-poller           |   47 ++-
 facilitator/facilitator-test                   |  437 -----------------------
 facilitator/facilitator-test.py                |  439 ++++++++++++++++++++++++
 facilitator/init.d/facilitator                 |  120 -------
 facilitator/init.d/facilitator-email-poller    |  119 -------
 facilitator/init.d/facilitator-email-poller.in |  131 +++++++
 facilitator/init.d/facilitator-reg-daemon      |  119 -------
 facilitator/init.d/facilitator-reg-daemon.in   |  132 +++++++
 facilitator/init.d/facilitator.in              |  133 +++++++
 facilitator/relays                             |    4 -
 38 files changed, 1591 insertions(+), 1194 deletions(-)

diff --cc facilitator/doc/server-howto.txt
index 0000000,6f71772..bf1bb0b
mode 000000,100644..100644
--- a/facilitator/doc/server-howto.txt
+++ b/facilitator/doc/server-howto.txt
@@@ -1,0 -1,55 +1,55 @@@
+ This document describes how to configure a server running the facilitator on
+ Debian 7. It is not necessary to make things work, but gives you some added
+ security, and is a good reference if you want to create a dedicated VM for a
+ facilitator from scratch.
+ 
+ We will use the domain name fp-facilitator.example.com.
+ 
+ == Basic and security setup
+ 
+ Install some essential packages and configure a firewall.
+ 
+ 	# cat >/etc/apt/apt.conf.d/90suggests<<EOF
+ APT::Install-Recommends "0";
+ APT::Install-Suggests "0";
+ EOF
 -	# apt-get remove portmap
++	# apt-get remove rpcbind
+ 	# apt-get update
+ 	# apt-get upgrade
+ 	# apt-get install shorewall shorewall6
+ 
+ Away from the facilitator, generate an SSH key for authentication:
+ 
+ 	$ ssh-keygen -f ~/.ssh/fp-facilitator
+ 	$ ssh-copy-id -i ~/.ssh/fp-facilitator.pub root at fp-facilitator.example.com
+ 
+ Then log in and edit /etc/ssh/sshd_config to disable password
+ authentication:
+ 
+ 	PasswordAuthentication no
+ 
+ Configure the firewall to allow only SSH and HTTPS.
+ 
+ 	# cd /etc/shorewall
+ 	# cp /usr/share/doc/shorewall/examples/Universal/{interfaces,policy,rules,zones} .
+ 	Edit /etc/shorewall/rules:
+ SECTION NEW
+ SSH(ACCEPT)	net	$FW
+ HTTPS(ACCEPT)	net	$FW
+ 
+ 	# cd /etc/shorewall6
+ 	# cp /usr/share/doc/shorewall6/examples/Universal/{interfaces,policy,rules,zones} .
+ 	Edit /etc/shorewall6/rules:
+ SECTION NEW
+ SSH(ACCEPT)	all	$FW
+ HTTPS(ACCEPT)	all	$FW
+ 
+ Edit /etc/default/shorewall and /etc/default/shorewall6 and set
+ 
+ 	startup=1
+ 
+ Restart servers.
+ 
+ 	# /etc/init.d/ssh restart
+ 	# /etc/init.d/shorewall start
+ 	# /etc/init.d/shorewall6 start



More information about the tor-commits mailing list