Re: [Tails-dev] Document how to serve files over HTTP behind…

Supprimer ce message

Répondre à ce message
Auteur: sajolida
Date:  
À: The Tails public development discussion list
Sujet: Re: [Tails-dev] Document how to serve files over HTTP behind a Tor Hidden Service
exit-1@??? wrote:
> Updated markdown file added:
> https://labs.riseup.net/code/issues/7879
> - comments welcome.


Hi, and sorry for the delay. Here are some more comments.

1. We usually wrap the lines of our source files to something like 80
characters. We are not very strict about this by avoiding very long
lines makes it easier to edit the file to some of us (to me at least!).

2. By curiosity, which text editor did you use to produce that document?
Because it appears has having weird end-of-line characters on my machine...

In the future, I'd suggest you to download the latest version available
in the Git repo here:

http://git.tails.boum.org/tails/plain/wiki/src/doc/advanced_topics/http_server.mdwn?h=doc/7879-http-server

And then modify it using gedit or vim from inside Tails.

3. I fixed the title formatting with commit 5d8eddf and 962d0d0, please
have a look. To do that you can check the changes from the Git web
interface:

http://git.tails.boum.org/tails/log/?h=doc/7879-http-server

4. I understand that you download thttpd from the Debian website and
install it by hand because it is not available in Wheezy. That doesn't
look really good to me:
  - That makes the instructions more complicated than running `apt-get`.
  - That proves that this package is not well maintained.
  - You don't get the OpenPGP verification of the package that you get
    when you run apt-get.


So I really think that you should find another HTTP server. The criteria
for selection could be:

  - Well maintained in wheezy, jessie and sid.
  - Easy to configure to start from a custom directory (instead of
    using /var/www as root, see my other comments on this).
  - Lightweight.
  - Security track and popcon.


I did a quick search in Debian and there are quite a few HTTP servers
available, finding the right one might be tricky. I see bozohttpd,
lighttpd, mini-httpd, micro-httpd, etc. Feel free to create a subtask
for that research in Redmine.

5. I understand your motivation behind step #4: providing a script ready
to be executed make it easier for people to start up the whole thing.
Nonetheless, I also think that it is worth explaining to people what
they are doing and why. With this in mind I would first try to limit the
number of commands that have to be run in the first place:

- Once we use a HTTP server included in Wheezy, people can use the
"Additional software packages" feature of persistence and get rid of
your dpkg line. See
https://tails.boum.org/doc/first_steps/persistence/configure/#index13h2

- What is the line "## Edit "2.25b-11_i386" if different" about?

- I would try to find a HTTP server that could be configured to start
directly from a custom directory (ideally from the command line). By
doing so people could have their files in /home/amnesia/Persistent/www
and start the server to serve from there directly. That would remove
your lines with cp and chmod.

- Have two separate `echo` lines (without -n) to patch torrc:

echo "HiddenServiceDir /var/lib/tor/hidden_service/" >> /etc/tor/torrc
echo "HiddenServicePort 80 127.0.0.1:80" >> /etc/tor/torrc

- Check that using 127.0.0.1 works. Your `hostname -I` add the local
IP there. It's better to avoid this if it is not needed!

    All that would have to be checked by some bash expert. But that can
be done later on.


6. If we manage to simplify the script that much, I think that it might
not even be needed to write that code down to a script file. And we
could explain all those steps in plain language. And for each step I
would explain, in a note maybe, how to store use persistence. The
structure of the document could then be:

- Prepare your website somewhere in your Home. Do that in
/home/amnesia/Persistence/www if you want it to be persistent. Check its
content by browsing to file:///home/amnesia/Persistence/www. I think
that using persistence will be the most common use case, so we shouldn't
hesitate to use that for the example command lines.

- Install and start the HTTP server (ideally one apt-get command, and
one command to start the server). Make sure that it works by browsing to
http://127.0.0.1/. Use the additional software feature to save the
package in persistence.

- Configure the hidden service. Explain how to save to persistence or
how to restore it from persistence.

- Restart Tor.

While doing this, consider separating the big logical blocks by titles
like we do on https://tails.boum.org/doc/first_steps/persistence/copy/.
According to the GNOME guidelines, we should have more than 7 steps in
each section.

7. You put "[//]: # (exit-1@???)" in the footer of the document.
Tails developer usually hide their pseudonym from their contribution and
use the collective pseudonym "Tails developers". Still, some people want
to sign their contribution but they usually do that in the commit
message and we credit them in our monthly reports. But if you really
want your pseudo to appear in the text of the documentation maybe we can
add a note about that.

--
sajolida