Hello,
after a lot of tinkering around with Tails codebase, reading through
Debian Live and a few other manuals, I was finally able to hack together
a simple configuration script for setting up a persistent hidden HTTP
service via nginx. I decided on doing HTTP as the example service, since
it would probably get by far most widespread use.
It's really hackish right now and makes a lot of assumptions it
shouldn't, but I wanted to get something working as soon as possible.
That way, I have something to present my way of thinking and can ask
more experienced developers for some pointers/corrections.
So right now, what the script does:
* checks for line containing "/etc/nginx" in
/live/persistence/sdb2_unlocked/live-persistence.conf and if it exists,
stops execution - as a very simple sanity check preventing the script
from being run twice and doing something potentially harmful
* creates /var/www directory with proper permissions and a hello world
/var/www/index.htm
* creates /var/lib/tor/nginx directory with proper permissions
* adds lines at the end of /etc/tor/torrc, adding a new hidden service
with location in /var/lib/tor/nginx
* makes /var/lib/tor, /var/www, /etc/tor and /etc/nginx persistent by
adding proper lines at the end of /live/persistence.conf and copying
their contents to the persistent volume immediately
* displays message that all changes will take place upon next reboot and
localizations of the file containing .onion address and site data (/var/www)
The script and all the modifications to Tails I'm making can be publicly
viewed on my github:
https://github.com/zaroth/tails-server
(the script itself is at
config/chroot_local-includes/usr/local/bin/tails-server-setup )
So, what do you think?
As far as my thoughts go:
* I'd very much like to start improving the script with some detection
of the persistent media, checking the localization, existence, etc. I'm
aware of the fact that it's already done in the tails_persistence_setup
Perl application. I'd looked through it before, but since I hadn't known
much Perl, I decided to write this hack for now instead. However, in the
long run I see the value of these Perl modules and I can probably pick
up the language quickly enough. Any advice/documentation on these
modules? Or maybe an alternative way of handling these issues,
preferably a Python one?
* As of now, editing of /var/www and /etc/nginx obviously requires root
access. I don't know if this should be the desired result. I mean,
obviously we can expect a user trying to set up a webserver to be at
least a bit webserver savvy, but not necessarily linux root console
savvy... Thoughts on solving this issue?
* Because of the excellent firewall rules already in Tails, I didn't
feel it was necessary to modify anything in nginx configuration to make
the server less visible to other hosts than Tor nodes. However, there is
also the question, how much private info does nginx leak with default
settings and what would be the best way to prevent that. Since I'm no
expert on this matter, I'd appreciate any input here.
* I would very much like to display the generated .onion address to the
user instantly after setup. However, I'm not sure how to do it without
restarting tor to use the new torrc and potentially breaking something.
(I'm not sure if it's safe to restart tor in tails when it's started by
vidalia...?)
* By default, nginx init.d script will start nginx during boot
automatically. However, since /etc/nginx is stored on an encrypted
device, it is clearly undesirable to start nginx before mounting it.
Right now, the nginx service requires restart after booting to work,
which is unacceptable. If there is an init.d service responsible for
mounting the persistent volumes, this would be a trivial fix - simply
make this service a requirement for nginx. However, I couldn't find such
a service, did I miss it?
* I added nginx-full to the tails-common packagelist. It is roughly 2M
in size, so it's not increasing the image size by a lot, and it
simplifies a lot of things (since Tails doesn't have any convenient
support for persistent user installed packages right now).
* as this hidden service configuration framework grows, a better method
for automatically adding/removing hidden services to/from torrc should
be used. An ideal scenario would be if we could use an include statement
in the torrc file and put all the hidden services declarations in a
separate file. However, Tor doesn't have support for include statement
and is unlikely to have it anytime soon (
https://trac.torproject.org/projects/tor/ticket/1922 ) Any suggestions here?
* the wiki page covering the server edition idea (
https://tails.boum.org/todo/server_edition/ ) suggests a separate
"server mode" choosable at boottime. I wondered about how to simply
implement this two modes and came up with the idea of using Debian
runlevels. Since by default all of the 2,3,4,5 runlevels are exactly the
same, couldn't we e.g. define runlevel 5 as GUI runlevel and runlevel 2
as server runlevel and rc-update accordingly? Are there downsides to
this approach? Automatic modification to bootloader menu adding the new
runlevel option upon setting up hidden services should be easy enough to
implement.
Cheers,
Łukasz Dobrogowski
