Hosting a Whonix Mirror
Running a mirror for Whonix can be immensely helpful, but takes some knowledge, proper configuration and adequate resources to be truly useful.
- A server with a publicly accessible IP address. You may already have one of these, but lowendbox often has decent boxes at low prices. Look for ones with higher bandwidth caps, as you will be serving lots of data (~2.5GB for a download of Workstation+Gateway for Whonix 7). The load on your individual mirror will go down as more mirrors are added. If you exceed the allocated bandwidth, you may incur additional charges or even terminated service depending on your provider, so be careful, and overestimate on your bandwidth requirements.
- SSH root access to that server (sudo is fine)
- Recommended: Debian Wheezy as the operating system. You can use any distro you like, but this guide is written using Wheezy.
- Install Apache:
sudo apt-get install apache2
This will create the directory structure where we will put our mirrored copy of Whonix, as well as install Apache which will serve the mirrored content.
sudo apt-get install rsync
and get Whonix from the rsync master:
sudo rsync -rtvp --delete rsync://rsync.whonix.org/whonix /var/www/whonix
This will put the contents of http://rsync.whonix.org/ in your server's directory /var/www/whonix.
Automating updates from master
So your mirror will be up to date whenever a new version of Whonix is released, we will add an entry to the crontab to check for updates every hour:
sudo crontab -e
You will see the crontab opened in nano (at least on Wheezy 7.3). Hit "Page Down" or the down cursor key until you are on the last line (below "m h dom mon dow command") and enter:
0 * * * * rsync -rtp --delete rsync://rsync.whonix.org/whonix /var/www/whonix
The numbers don't have to line up exactly with the heading, but it makes it easier to read.
Serving the Mirror Content
Paste this into /etc/apache2/sites-available/mirror.whonix.de.conf:
# # mirror.whonix.de (/etc/apache2/sites-available/mirror.whonix.de.conf) # <VirtualHost *:80> ServerAdmin <YourContactEmail>EDIT THIS ServerName mirror.whonix.de DocumentRoot /var/www/whonix/ # Logfile ErrorLog /var/log/apache2/whonix/error.log </VirtualHost>Modified from 
Make the directory for the new logs:
sudo mkdir /var/log/apache2/whonix
Once you filled in your contact email (it will throw errors otherwise), enable the site:
sudo a2ensite mirror.whonix.de.conf
You will be prompted to reload apache:
sudo service apache2 reload
Stripping User IPs
While the config file above does not have an access log, user IPs can still be logged in error.log. It is therefore recommended to install mod-removeip to make Apache "blind" to the IP addresses of users. Install it:
sudo apt-get install libapache2-mod-removeip
sudo a2enmod removeip
and reload Apache
sudo service apache2 restart
Test Your Mirror
Replace 188.8.131.52 with the IP of your server.
curl -H "Host: mirror.whonix.de" 184.108.40.206
Should look similar to this.
<html> <head><title>Index of /</title></head> <body bgcolor="white"> <h1>Index of /</h1><hr><pre><a href="../">../</a> <a href="9/">9/</a> 10-Oct-2014 13:56 - <a href="9.2/">9.2/</a> 27-Sep-2014 12:46 - <a href="9.3/">9.3/</a> 18-Oct-2014 01:49 - <a href="WikiBackups/">WikiBackups/</a> 15-Apr-2014 01:17 - \</pre\><hr></body> </html>
(Should also look similar to this: http://mirror.whonix.de/)
Getting Your Mirror Added
Email the IP address of your new mirror to Patrick Schleizer, and you will be notified when it has been added to the rotation. Due to the way DNS propagates, it may be up to 24 hours before your system starts seeing traffic.
Thanks for your support!
You can customize the header and footer of your directory listing as explained here. Feel free to have something like "Mirror provided by <link to your blog or company>", but please don't go overboard. Mirrors with blatant banner ads or user-tracking scripts will be rejected.
Log in | OpenID | Contact | Impressum | Datenschutz | Haftungsausschluss | Investors | Donate