We propose Operators to encrypt their server file system before installation. This will prevent an automatic restart of your server, but gives you some protection from possibly manipulating server hosters.
Stop all services that accept connections from the internet. Only SSH and the Mix process should listen to outside connections. (If you do not understand these terms, you should better not run a Mix).
For making it harder to hack your server login, use SSH certificates for login or install login protection software like fail2ban or portknocking.
To run the mix you should create the following directories:
To create a directory, type/home/mix/Mixproxy
binaries and configuration for Mix server
mkdir [directory name]
In each of the directories the subdirectories
will be generated by the scripts../backup
./cvs
./backup
holds old binaries and
their log files. As you see you may easily go back to an old but working
installation if an update has failed. In ./cvs
the source files
are stored (and overwritten) when getting a new source code version.
chmod -R /home/mix/* +x
You might also need to convert the executable files to the unix format by installing the sysutils or tofrodos package
e.g. with apt by
apt-get update
apt-get install tofrodos
and typing
dos2unix <filename>
on each of the files.
Download the newest squid 2.7 stable sourcecode from
http://www.squid-cache.org/Versions/v2/2.7/
and unpack to /home/mix by typing
tar xzf squid-2.7.STABLE6.tar.gz
Copy the executable squidconfigure into the newly created directory squid-2.7.STABLE6 and type
./squidconfigure
make
make install
Squid is now installed in /usr/local/squid. Link the squid executable to /usr/sbin
Create the cache filesln -s /usr/local/squid/sbin/squid /usr/sbin/squid
mv /usr/local/squid/etc/squid.conf
/usr/local/squid/etc/squid.conf~
ln -s /home/mix/squid.conf /usr/local/squid/etc/squid.conf
ln -s /home/mix/squid-block.acl /usr/local/squid/etc/squid-block.acl
mkdir /var/spool/squid
chown proxy:proxy /var/spool/squid
squid -z -d 3
and start squid:
ulimit -HSn 64000
squid
Dante is a SOCKS server you may add to your last Mix BESIDES squid. Squid is still necessary, but dante will add more features to your Mix.
For installation with apt, this command should be sufficient:
apt-get install dante-server
For non-Debian-Systems, you might have to use a non-apt package
Download Dante 1.1.9 (FTP) (or try the general download directory)
For Debian Lenny, this trick might work:
http://forums.debian.net/viewtopic.php?p=200782&sid=0ac40513a6bd89bbb5b052640ae09253
Now you may use the prepared configuration. It will block outgoing mail ports to prevent spam. If you do not care about that, you may open them, though. The configuration also contains the list of blocked web sites (for the squid configuration, this is a separate list, not so for dante).
mv /etc/danted.conf
/etc/danted.conf~
ln -s /home/mix/danted.conf /etc/danted.conf
Please edit the danted.conf so that your exit IP address is marked as external, e.g.
external: 87.230.20.185
(This is the example
entry)
Otherwise dante will not start.
Please note: You will have to edit the Mix configuration, add the SOCKS proxy with the right host and port (localhost, 1080) and restart the Mix before it can use the Dante server.
Then you should start or restart the dante server:
/etc/init.d/danted restart
su
ln -s /home/mix/Mixproxy/runMixproxy /usr/bin/mixproxy
exit
Before Mix compilation, may need to install some packages in order to compile the code:
and dependencies. If you do not find one or more of these libraries, you
may, on Debian/Ubuntu systems, look for them using the apt-cache
search
command.
If you do not run a Premium Mix but only a free one, please remove the
respective compile command "--enable-payment
" from the
runMixproxy
script first:
...
export COMPILE_OPTIONS="--enable-payment
--enable-server_monitoring"
...
You may now update the mix with the newest CVS code by typing
mixproxy cvs compile update
If, for some reason, the scripts do not work on your system, you should
first check the script options in runMixproxy
.
Maybe you find some unnecessary options here? if you do not run a
Premium Mix, you have to remove the option --enable-payment
,
for example.
Maybe you forgot to comment this option? If CVS_DATE is uncommented, the
scripts will fetch the code for a specific date. That means that you will
not necessarily get the latest code. You might want to put a #
before this line to comment it out, like
# CVS_DATE...
The date command is useful when you would like to stick to a stable version until the next one comes out.
If this does not help, you may try the following:
If you run pay Mixes, you moreover have to initialise the postgres database. it is only needed for the first Mix. However, you do not know if you may not switch position some time, and therefore also other Mixes should do that.
su postgres
(switches to user postgres
)createuser -A -D aiuser
(creates the new user
aiuser
)createdb -O aiuser aidb
(creates the accounting
database)psql -d aidb
(logs you into the database environment as user
postgres
)alter user aiuser with password 'PASSWORD';
(set the
password for this user)\q
(leave the database environment)pg_hba.conf
located
somewhere in /etc/postgresql
and allow connections with
password. Replace the commands there that enforce ident
or
md5
login. Note that Postgres looks only for the first line
matching a connection type, so don't insert several lines for the same
connection type.
# All other connections by UNIX sockets
local all all password
# All IPv4 connections from localhost
host all all 127.0.0.1 255.255.255.255 ident
passwordş
/etc/init.d/postgresql
restart
or similar commands)psql -U aiuser -d aidb <
/home/mix/Mixproxy/cvs/proxytest/mixtables.sql
(Fill the accounting
database with the accounting tables)psql -U aiuser -d aidb
(Login as aiuser with your
password)\dt
Check if you see the created tables or not... If you do,
everything is OK!)\q
(logout)exit
(switch back to your local user)New messages will be appended on the end of the logfiles. Please configure the Mix to store its logs at those positions:
/home/mix/Mixproxy/messages
messages / logging of the Mix server
Please note: if you have configured the Mix to use the Syslog only, no messages will be stored in this file.
The mix has to be started with 'root' rights if it should listen on ports lower than 1024. Start the process by running the skripts with the 'start', 'stop' and 'restart' options. With the 'process' option you can list the running processes, 'log' will list the log file entries. 'status' shows you if the Mix process is currently running.
You can test if the Mix process has started by typing
mixproxy status
If the status is "running", the configuration could be parsed and the Mix process has started so far.
If you expect your Mix to connect to other Mixes now, you should now check the logfile for an entry "connected" by typing
mixproxy log | grep connected
If you do not find this entry, you could further examine the log files, for example by typing
mixproxy log | less
and after the log file has opened
Shift+G
If your Mix does not start by using the scripts, you maybe should start it "by hand"
cd /home/mix/Mixproxy
./mix --config=config.xml
If the Mix starts, but takes much more than a minute for the connection, this usually has one of the following reasons:
If you want the services started automatically when starting the server machine, you have to set links to the executables in runlevel 3 and runlevel 5. Please note that this will only work if you have not set a password for your Mix certificate.
su
ln - s /home/mix/Mixproxy/runMixproxy /etc/init.d/mixproxy
exit
init 5
or permanently with editing the /etc/inittab
entries.