Jump to: navigation, search

Hosting a Whonix Mirror

Random News:

Check out Whonix blog.

Running a mirror for Whonix can be immensely helpful, but takes some knowledge, proper configuration and adequate resources to be truly useful.

Requirements[edit]

  • A server with a publicly accessible IP address. You may already have one of these, but lowendbox often has decent boxes at low prices. Look for ones with higher bandwidth caps, as you will be serving lots of data (~2.5GB for a download of Workstation+Gateway for Whonix 7). The load on your individual mirror will go down as more mirrors are added. If you exceed the allocated bandwidth, you may incur additional charges or even terminated service depending on your provider, so be careful, and overestimate on your bandwidth requirements.
  • SSH root access to that server (sudo is fine)
  • Recommended: Debian Wheezy as the operating system. You can use any distro you like, but this guide is written using Wheezy.

Install Apache[edit]

  1. Install Apache:
sudo apt-get install apache2

This will create the directory structure where we will put our mirrored copy of Whonix, as well as install Apache which will serve the mirrored content.

Getting Whonix[edit]

Install rsync:

sudo apt-get install rsync

and get Whonix from the rsync master:

sudo rsync -rtvp --delete rsync://rsync.whonix.org/whonix /var/www/whonix

This will put the contents of http://rsync.whonix.org/ in your server's directory /var/www/whonix.

Automating updates from master[edit]

So your mirror will be up to date whenever a new version of Whonix is released, we will add an entry to the crontab to check for updates every hour:

sudo crontab -e

You will see the crontab opened in nano (at least on Wheezy 7.3). Hit "Page Down" or the down cursor key until you are on the last line (below "m h dom mon dow command") and enter:

0 *   *   *   *    rsync -rtp --delete rsync://rsync.whonix.org/whonix /var/www/whonix

The numbers don't have to line up exactly with the heading, but it makes it easier to read.

Serving the Mirror Content[edit]

Paste this into /etc/apache2/sites-available/mirror.whonix.de.conf:

#
#  mirror.whonix.de (/etc/apache2/sites-available/mirror.whonix.de.conf)
#
<VirtualHost *:80>
        ServerAdmin <YourContactEmail>EDIT THIS
        ServerName  mirror.whonix.de
        DocumentRoot /var/www/whonix/
        # Logfile
        ErrorLog /var/log/apache2/whonix/error.log
</VirtualHost>
Modified from [1]

Make the directory for the new logs:

sudo mkdir /var/log/apache2/whonix

Once you filled in your contact email (it will throw errors otherwise), enable the site:

sudo a2ensite mirror.whonix.de.conf

You will be prompted to reload apache:

sudo service apache2 reload

Stripping User IPs[edit]

While the config file above does not have an access log, user IPs can still be logged in error.log. It is therefore recommended to install mod-removeip to make Apache "blind" to the IP addresses of users. Install it:

sudo apt-get install libapache2-mod-removeip

Activate it:

sudo a2enmod removeip

and reload Apache

sudo service apache2 restart

Test Your Mirror[edit]

Replace 109.230.212.54 with the IP of your server.

curl -H "Host: mirror.whonix.de" 109.230.212.54

Should look similar to this.

<html>
<head><title>Index of /</title></head>
<body bgcolor="white">
<h1>Index of /</h1><hr><pre><a href="../">../</a>
<a href="9/">9/</a>                                                 10-Oct-2014 13:56                   -
<a href="9.2/">9.2/</a>                                               27-Sep-2014 12:46                   -
<a href="9.3/">9.3/</a>                                               18-Oct-2014 01:49                   -
<a href="WikiBackups/">WikiBackups/</a>                                       15-Apr-2014 01:17                   -
\</pre\><hr></body>
</html>

(Should also look similar to this: http://mirror.whonix.de/)

Getting Your Mirror Added[edit]

Email the IP address of your new mirror to Patrick Schleizer, and you will be notified when it has been added to the rotation. Due to the way DNS propagates, it may be up to 24 hours before your system starts seeing traffic.

Thanks for your support!

Optional Customization[edit]

You can customize the header and footer of your directory listing as explained here. Feel free to have something like "Mirror provided by <link to your blog or company>", but please don't go overboard. Mirrors with blatant banner ads or user-tracking scripts will be rejected.

  1. http://www.debian-administration.org/articles/412


Log in | OpenID | Contact | Impressum | Datenschutz | Haftungsausschluss | Investors | Donate

https | Mirror | Mirror | Share: Twitter | Facebook | Google+

This is a wiki. Want to improve this page? Help welcome, volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.

Whonix (g+) is a licensee of the Open Invention Network. Unless otherwise noted above, content of this page is copyrighted and licensed under the same Free (as in speech) license as Whonix itself.