{{Header}} {{#seo: |description=Instructions on how to set up a {{project name}} Download Mirror |image=https://www.whonix.org/w/images/4/4c/Hosting-13348640.jpg }} {{Anchor|Landing}} {{CodeSelect|code= sudo rsync -rtvp --delete rsync://rsync.whonix.org/whonix /var/www/whonix }} = Current Mirrors = * https://mirror.koljasagorski.de/whonix [Whonix permitted use exclusivity] [no traffic limit for now] [permitted to hotlink] * https://mirrors.dotsrc.org/whonix/ [Whonix permitted use exclusivity] [no traffic limit for now] [permitted to hotlink] * https://quantum-mirror.hu/mirrors/pub/whonix [Whonix permitted use exclusivity] [no traffic limit for now] [permitted to hotlink] https://quantum-mirror.hu/web/status_en.html quantum-mirror.hu (DNS round robin) super.quantum-mirror.hu 1000/350 Mb/s 78.131.56.189 nova.quantum-mirror.hu 1000/350 Mb/s 195.38.126.147 IPv4 only no FTP supports rsync * https://archive.org/download/Whonix/ - not uploaded yet - can upload somehow using rsync or download to archive.org using rsync? * https://ftp.icm.edu.pl/pub/Linux/dist/whonix/ [only updated daily for now] [Whonix could ask to update more frequently] * ftp://ftp.icm.edu.pl/pub/Linux/dist/whonix/ * rsync://ftp.icm.edu.pl/pub/Linux/dist/whonix/ * gopher://ftp.icm.edu.pl/1/pub/Linux/dist/whonix/ * https://mirrors.gigenet.com/whonix/ = Mirror Speed Test = Whonix-XFCE-15.0.0.9.4.ova 1.56G 21 April 2020 * whonix.org 44 MB/s in 39s * dotsrc 138 MB/s in in 12s 03 Mai 2020 * dotsrc 103 MB/s in in 16s [acting as primary mirror since] __TOC__ = rsync from whonix.org = * Available over clearnet port 874. (Default port by openssl-rsync.) * Available over clearnet port 1874. (Default port by Debian ftpsync package, rsync-ssl-tunnel script.) * Available over onion, port 873. (rsync default port) Commands below use * --dry-run and * --quiet. Initially you might wish to drop --quiet. Later you might wish to drop --dry-run and add a destination folder. == rsync over TLS == === openssl-rsync port 874 === Preparation. {{CodeSelect|code= sudo apt install rsync }} Use following command. Or better, use a [[Secure Downloads|more secure way]] to download. [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961827 please add openssl-rsync script for use of encrypted rsync over TLS] {{CodeSelect|code= wget https://download.samba.org/pub/rsync/openssl-rsync }} Make openssl-rsync executable. {{CodeSelect|code= chmod +x openssl-rsync }} openssl-rsync uses by default port 874. {{CodeSelect|code= rsync --rsh="./openssl-rsync" --dry-run --recursive --times --quiet rsync://whonix.org/whonix }} === rsync-ssl-tunnel using socat port 874 === Preparation. {{CodeSelect|code= sudo apt install socat ftpsync rsync }} Setting port 874 with command below. {{CodeSelect|code= RSYNC_SSL_PORT=874 RSYNC_SSL_METHOD=socat rsync --rsh=rsync-ssl-tunnel --dry-run --recursive --times --quiet rsync://whonix.org/whonix }} === rsync-ssl-tunnel using stunnel port 874 === Preparation. {{CodeSelect|code= sudo apt install stunnel ftpsync rsync }} Setting port 874 with command below. {{CodeSelect|code= RSYNC_SSL_PORT=874 rsync --rsh=rsync-ssl-tunnel --dry-run --recursive --times --quiet rsync://whonix.org/whonix }} === rsync-ssl-tunnel using stunnel port 1874 === Preparation. {{CodeSelect|code= sudo apt install stunnel ftpsync rsync }} rsync-ssl-tunnel uses by default port 1874. {{CodeSelect|code= rsync --rsh=rsync-ssl-tunnel --dry-run --recursive --times --quiet rsync://whonix.org/whonix }} == rsync over onion port 873 == Preparation. {{CodeSelect|code= sudo apt install torsocks rsync }} rsync over onion from Whonix onion. {{CodeSelect|code= torsocks rsync --dry-run --recursive --times --quiet "rsync://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/whonix" }} = Deprecated Instructions = {{mbox | image = [[File:Ambox_warning_pn.svg.png|40px|alt=Whonix first time users warning]] | text = The rest of this page is OUTDATED. Please ignore this for now. (Kept for historic purposes.) }} == Requirements == Running a {{project name}} mirror can be immensely helpful, but it also takes some knowledge, proper configuration and adequate resources to be truly useful. The following are necessary: * A server with a publicly accessible IP address. You might already have one of these, but [http://lowendbox.com/ lowendbox] often has decent boxes at low prices. Look for those with higher bandwidth caps, as you will be serving a lot of data (~2 GB for a download of Workstation+Gateway for {{project name}} 14). The load on your individual mirror will decrease as more mirrors are added. If you exceed the allocated bandwidth, then depending on the provider, additional charges may be incurred or the service could even be terminated; be careful and overestimate bandwidth requirements. * SSH root access to that server (sudo is fine). * Recommended: Debian [https://www.debian.org/releases/{{Stable_project_version_based_on_Debian_codename}}/ {{Stable_project_version_based_on_Debian_codename}}] as the operating system. Other distributions are possible, but this guide is written using stretch. == Install Apache == First, install Apache. {{CodeSelect|code= sudo apt-get install apache2 }} This will create the directory structure where we will put our mirrored copy of {{project_name}}, as well as install Apache in order to serve the mirrored content. == Getting {{project name}} == Install rsync. {{CodeSelect|code= sudo apt-get install rsync }} Then get {{project name}} from the rsync master. {{CodeSelect|code= sudo rsync -rtvp --delete rsync://rsync.whonix.org/whonix /var/www/whonix }} This will put the contents of http://rsync.whonix.org/ in your server's directory {{Code|/var/www/whonix}} == Automating Updates from Master == To ensure your mirror is up-to-date whenever a new version of {{project name}} is released, add an entry to the crontab to check for updates every hour. {{CodeSelect|code= sudo crontab -e }} In Debian stretch, crontab will be visible (open) in nano. Hit "Page Down" or the down cursor key until you are on the last line (below "m h dom mon dow command") and enter: {{CodeSelect|code= 0 * * * * rsync -rtp --delete rsync://rsync.whonix.org/whonix /var/www/whonix }} The numbers do not have to line up exactly with the heading, but this makes it easier to read. == Serving the Mirror Content == Paste the following text into {{Code|/etc/apache2/sites-available/download.whonix.org.conf}} {{CodeSelect|code= # # download.whonix.org (/etc/apache2/sites-available/download.whonix.org.conf) # ServerAdmin EDIT THIS ServerName download.whonix.org DocumentRoot /var/www/whonix/ # Logfile ErrorLog /var/log/apache2/whonix/error.log }} Make the directory for the new logs. This has been modified from: https://www.debian-administration.org/articles/412 {{CodeSelect|code= sudo mkdir /var/log/apache2/whonix }} After entering your contact email (it will throw errors otherwise), enable the site. {{CodeSelect|code= sudo a2ensite download.whonix.org.conf }} A prompt will appear to reload apache. {{CodeSelect|code= sudo service apache2 reload }} == Stripping User IPs == While the config file above does not have an access log, user IPs can still be logged in {{Code|error.log}} It is therefore recommended to install mod-removeip to make Apache "blind" to the IP addresses of users. Install mod-removeip. {{CodeSelect|code= sudo apt-get install libapache2-mod-removeip }} Activate it. {{CodeSelect|code= sudo a2enmod removeip }} Reload Apache. {{CodeSelect|code= sudo service apache2 restart }} == Test the Mirror == Replace {{Code2|109.230.212.54}} below with the IP of your server. {{CodeSelect|code= curl -H "Host: download.whonix.org" 109.230.212.54 }} The output should appear similar to this.

Index of /

Index of /


../
9/                                                 10-Oct-2014 13:56                   -
9.2/                                               27-Sep-2014 12:46                   -
9.3/                                               18-Oct-2014 01:49                   -
WikiBackups/                                       15-Apr-2014 01:17                   -
\
== Getting the Mirror Added == Email the IP address of your new mirror to [[Contact|Patrick Schleizer]], and you will be notified when it has been added to the rotation. Due to the way DNS propagates, it may take up to 24 hours before your system starts seeing traffic. '''Thank you for your support!''' == Optional Customization == It is possible to customize the header and footer of your directory listing as explained [http://answers.oreilly.com/topic/118-how-to-display-a-standard-header-and-footer-on-directory-listings/ here]. Feel free to have something like "Mirror provided by ", but please do not go overboard. Mirrors with blatant banner ads or user-tracking scripts will be rejected. {{reflist|close=1}} {{Footer}} [[Category:Development]]