Format_C/pivilion
1
0
Fork 0
mirror of https://gitlab.com/hacklab01/pivilion.git synced 2025-04-29 16:47:17 +00:00
Code Issues Projects Releases Wiki Activity

Update pivilion manual setup

v3d 2019-02-23 21:02:24 +00:00
parent 811ae57d47
commit 0877e35f48
1 changed files with 109 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

143
pivilion-manual-setup.md

@ -1,21 +1,23 @@
# Pivilion manual setup
# Pivilion Manual Setup
You can choose to download one of our pre-installed images (not available atm) or follow this guide to install Pivilion on your Raspberry Pi from scratch and use it as a portable darknet gallery. It installs Tor with Lighttpd (Lighty) as a hidden service and runs a simple php based gallery system. Tor is free software for enabling anonymous communication and censorship circumvention. However, Pivilion doesn't use Tor for its anonimity features (but Tor still provides them). Tor is used to host a HTTP server as a hidden service. We make extensive use of its NAT punching capabilites to enable us to host a gallery behind NATs and firewalls. Keep in mind that this may or may not break your ISP contract if you do it from home. Using public WiFi to host hidden services, while not technically illegal if you were provided with the password by the owner of the WiFi, may present certain issues with their ISP. Since we're using Tor there is no way for you to get *caught*. With great power comes great responsibility. Be responsible in what you host and do on the darknet while using Pivilion.
[[_TOC_]]
### Use a Virtualbox image
For testing Pivilion without a Raspberry Pi, you can use Ubuntu server (or any other Debian-based OS) as a base and install all packages from this manual. Some package names may differ, depending on your system. Use
## Intro
`apt-cache search package name`
Pivilion is a decentralized, uncensored, user-curated web gallery operating system and gallery management software running on nodes hosted by the general public and distributed through clearnet and Tor.
The aim of the gallery-host project is to create a nomadic free virtual environment that connects art-oriented users (both creators and consumers) by offering a participatory model of interaction.
The base methodology of achieving this is allowing less experienced and community-driven users-curators to actively approach free network technologies while utilizing all the upsides of net tech, promoting connectibility, privacy and maximum freedom of curating content. (While the advanced users are welcome to re-create their own virtual Pi-based galleries.)
By removing the gallery sites from the blogs and domains to a physical gadget of the Pi - Pivilion engages & connects users on two levels of interaction - virtual and physical, ideological and technical.
The interaction with Pivilion could further concepts of freedom, education and spark collaborative potentials of ones communities.
to search for similar packages.
It runs on top of Raspberry Pi 1, 2, 3 or Zero hardware and is built on top of Raspbian GNU/Linux. It has Lighty server and Tor networking built in and uses the Tor network to host exhibitions out of the box.
The entire system and documentation is available for download on a central website, hosted both on clearnet and on the Tor network and distributed as SD card images available for free download. The website serves as both a central point for deployment of the system and for the announcement of global exhibitions running on nodes. It is designed so that the user-curator can use any network (even public networks behind firewalls) to host an exhibition.
Each Pivilion device receives a Tor onion domain automatically the first time its activated. The system provides the user with backend access to a system for publishing images, videos or websites within a gallery. The gallery runs on a CMS designed specially for hosting online gallery events, with features such as different rooms, complete with Mozillas Togetherjs integrated into each seperate room.
Run your appliance in bridged networking mode if you need to access your Pivilion appliance from your local network.
## About This Manual
This manual shows how to install Pivilion on your Raspberry Pi from scratch and use it as a portable darknet gallery. It installs Tor with Lighttpd (Lighty) as a hidden service and runs a simple php based gallery system. Tor is free software for enabling anonymous communication and censorship circumvention. However, Pivilion doesn't use Tor for its anonimity features (but Tor still provides them). Tor is used to host a HTTP server as a hidden service. We make extensive use of its NAT punching capabilites to enable us to host a gallery behind NATs and firewalls. Keep in mind that this may or may not break your ISP contract if you do it from home. Using public WiFi to host hidden services, while not technically illegal if you were provided with the password by the owner of the WiFi, may present certain issues with their ISP. Since we're using Tor there is no way for you to get *caught*. With great power comes great responsibility. Be responsible in what you host and do on the darknet while using Pivilion.
You can skip all the Raspberry-specific steps if you chose to use Virtualbox. You can also download prepared Virtualbox appliances with Pivilion completely installed, or a base system to install Pivilion yourself [here](https://download.pivilion.net/).
You can also download the complete pre-installed appliance image and run Pivilion in Virtualbox without having to install anything.
## What you need
## What You Will Need
### Hardware
1. Raspberry Pi
1. Micro USB power adapter (check RPi requirements, but ideally 2.5A) - a cable is also fine (you can connect to any USB port)
@ -27,21 +29,43 @@ You can also download the complete pre-installed appliance image and run Pivilio
You can connect the RPi to a HDMI screen (plus a USB mouse + keyboard) and connect it to WiFi as you would any computer. However, this setup is meant to be made over SSH - consider your Pi a server (even though it's on a table next to you :)). You can connect it to a display and once you input the WiFi password, just connect to the Pi via SSH from a different computer.
### Software
1. [Raspbian image](https://www.raspberrypi.org/downloads/raspbian/)
1. [Raspbian image](https://www.raspberrypi.org/downloads/raspbian/) - the "lite" image is reccomended for Pivlion - note that this version doesn't have a graphical user interface installed - you can only use the terminal interface if you connect the Pi to a screen with a HDMI cable
1. [Tor Browser](https://www.torproject.org/download/download-easy.html.en) - used only for checking if the gallery works on the darknet (not for generating galleries)
1. [Nmap](https://nmap.org/) - network scanning tool. **Be careful with nmap - scanning networks that are not yours may be illegal in your country!**
1. A network scanning tool like [Nmap](https://nmap.org/) or Fing (avaliable for iOS and Android) **Be careful with netwrok scanning software - scanning networks that are not yours may be illegal in your country!**
1. [Putty SSH client](http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html) - Windows only
1. [Filezilla sFTP client](https://filezilla-project.org/) - optional, for backing up and uploading files to the Pi
## Software Installation
Pivilion runs on top of libre / free software which is avaliable in the Raspbian repositories. To download and install software we will use APT. Advanced Package Tool, or APT, is a free-software user interface that works with core libraries to handle the installation and removal of software on Debian, Ubuntu, and related Linux distributions.
### Installing Raspbian
Always get a fresh and current Raspbian image before installing Pivilion. It will drastically speed up the update / upgrade step of the manual. Use [this guide](https://www.raspberrypi.org/documentation/installation/installing-images/README.md) from Raspberry Pi's official website. You can use either the full or the lite image, its up to you. Choose your system. Well be using Linux + dd.
### Enabling SSH on your Pi
### Enabling SSH on Your Pi
SSH access is turned off by default for security. We need to do a simple extra step to enable it.
The boot partition on a Pi should be accessible from any machine with an SD card reader, on Windows, Mac, or Linux. If you want to enable SSH, all you need to do is to put a file called ssh in the boot partition. The contents of the file dont matter: it can contain any text you like, or even nothing at all. When the Pi boots, it looks for this file; if it finds it, it enables SSH and then deletes the file. SSH can still be turned on or off from the Raspberry Pi Configuration application or raspi-config; this is simply an additional way to turn it on if you cant easily run either of those applications.
### Connecting to your Pi
Once thats done, connect your RPi to a DHCP network with an ethernet cable and power it on. Depending on your network configuration, you can login to your RPi using it's hostname "raspberry", or use a network discovery tool to find it's IP address. Logging into your local router and checking the list of connected devices is also an option.
### Connecting to the Pi
Once thats done, connect your RPi to a DHCP network and power it on. Depending on your network configuration, you can login to your RPi using it's hostname "raspberry", or use a network discovery tool to find it's IP address.
#### Using WiFi Only to Connect to the Pi
If a physical network connection is unavailable or you're using the Raspberry Pi Zero W that uses wireless networking only, you need to generate a wpa_supplicant.conf file and use a card reader to place the file in the root of the FAT32 formatted boot partition of your RPi SD card. You can do this manually or generate a conf file with a generator at the following URL. https://wifi.pivilion.net/
wpa_supplicant is a free software implementation of an IEEE 802.11i supplicant for Linux, FreeBSD, NetBSD, QNX, AROS, Microsoft Windows, Solaris, OS/2 (including eComStation) and Haiku. In addition to being a fully featured WPA2 supplicant, it also implements WPA and older wireless LAN security protocols.
The config file generated will assume you're using WPA2 security on your network. If not, you will have to modify it manually according to your network settings.
It also adds a country code to your WiFi settings which Raspbian made mandatory for the RPi 3b+ and it has been known to cause issues for some people. In the generated config file the country will be set to Bolivia which will allow you to push your WiFi to higher power then legally allowed in your country. If you feel uneasy about this please change this to your country code. Note that your Pi won't automatically transmit at a higher rate without being instructed to do so, but that's outside the scope of this document.
### Finding the Pi's IP
There are several options for finding the IP of your device:
1. Logging into your local router and checking the list of connected devices
2. Using a network scanning tool like [Nmap](https://nmap.org/) or Fing (avaliable for iOS and Android)
3. Connecting it to a display with a HDMI cable and just reading the IP from the screen. If you installed Raspbian lite it will just write the IP address before prompting you to login. If you installed the full Raspbian version with a GUI you can find your IP in the upper right corner by hovering over the networking icon
We will use nmap to scan our DHCP IP range for all hosts that are up. Replace 10.0.0.1/24 with your IP address range. You can also check your router's settings to see all devices connected to your network and their IPs.
@ -55,7 +79,7 @@ and password (which will, for security reasons, not be visible as you type it in
(Replace 10.0.0.5 with your RPi's IP)
### Change the default password
### Changing the Default Password
It's really important to change the default password for obvious security reasons. Change it with
@ -63,7 +87,7 @@ It's really important to change the default password for obvious security reason
and input the new password.
### Expand your filesystem
### Expanding the Filesystem
This is optional depending on the Raspbian version you are using.
@ -84,11 +108,11 @@ Now that you've gained access to your RPi you can continue installing packages (
If so, skip [here](#lazy-mode).
### Upgrade your system
### Upgrading the System
`sudo apt update && sudo apt upgrade -y`
### Install Lighttpd
### Installing Lighttpd
Lighttpd (pronounced "lighty") is an open-source web server optimized for speed-critical environments while remaining standards-compliant, secure and flexible.
@ -98,7 +122,7 @@ You can now navigate to your RPi's IP (or hostname - raspberry) using a browser.
You will see lighttpd's placeholder page.
### Install PHP and modules
### Installing PHP and Modules
`sudo apt install php-cgi -y`
@ -108,7 +132,7 @@ php-cgi is a PHP to CGI interpreter. CGI (Common Gateway Interface) offers a sta
Apt will install all required dependencies.
### Enable PHP support in Lighty
### Enabling PHP Support in Lighty
Enable the fastcgi module and the php configuration with
@ -120,7 +144,7 @@ Reload the lighttpd daemon
`sudo service lighttpd force-reload`
### Install Hostapd
### Installing Hostapd
`sudo apt install hostapd -y`
@ -129,25 +153,25 @@ Hostapd (Host access point daemon) is a user space software access point capable
If you pull Pivilion scripts and settings from Gitlab later on, the default SSID will be "Pivilion" and the default WPA2 passphrase will be "darknetofthings".
These can be edited in /etc/hostapd/hostapd.conf. Do this after pulling from git or your config file will get overwritten!
### Install Dnsmasq
### Installing Dnsmasq
`sudo apt install dnsmasq -y`
Dnsmasq is a Domain Name System (DNS) forwarder and Dynamic Host Configuration Protocol (DHCP) server for small computer networks. We use it to provide the clients connected to our access point with IP addresses.
### Install git
### Installing Git
`sudo apt install git -y`
Git (/ɡɪt/) is a version control system (VCS) that is used for software development and other version control tasks. We use it download settings and scripts from our GitLab repository.
### Install Tor
### Installing Tor
`sudo apt install tor -y`
You can now choose to either pull the Pivilion scripts and Tor / RPi configuration or make the next step [manually](#configuring-tor) and make your own custom Tor hidden service.
## Cloning Pivilion settings and scripts via Git
## Cloning Pivilion Settings and Scripts via Git
We assume that your user is named *pi*. It will create directories in pi's home dir (/home/pi) and use scripts that reference that directory.
@ -155,7 +179,8 @@ Make sure you are root before doing these steps. The root account is disabled on
`sudo -s`
### Pull config and settings from GiLtab
### Pulling Config and Settings from GiLtab
`cd /` (DO NOT SKIP THIS STEP)
`git init`
@ -166,7 +191,7 @@ Make sure you are root before doing these steps. The root account is disabled on
`git checkout -f --track origin/master`
### Fix some permission issues
### Fixing Some Permission issues
Git creates everything as root so we have to fix file permissions in Pi's home directory by issuing
@ -198,7 +223,7 @@ Run pivilion to copy some extra files to their proper positions!
And follow the brief tutorial.
### Editing config files
### Editing Config Files
You should now edit the hostapd config file by issuing
`sudo nano /etc/hostapd/hostapd.conf`
@ -245,7 +270,7 @@ This should show the same lighttpd placeholder page as before.
That's it - everything should be working now!
### Lazy mode
### Lazy Mode
If you don't feel like learning about the various components used to build a Tor hidden service, you can just use lazy mode to bundle up individual installations.
All you need to do is paste the following line into your terminal and hit Enter. It will take a couple of minutes to finish.
@ -257,7 +282,7 @@ The system will reboot automatically and all you need to do is run
after that to set up some final stuff and you should be good to go! :)
### Command overview
### Command Overview
While logged in to the Pi via SSH there are four commands at your disposal.
@ -270,7 +295,7 @@ It will also redirect all non-encrypted traffic to this IP, meaning that all tra
**Please remember to set the mode properly before each reboot or you might have to access your Pi via ethernet cable or screen.**
1. "pikey" is used to setup a WiFi network and password to be used in onion mode.
### Using the generator script to setup a gallery
### Using the Generator Script to Setup a Gallery
After setting everything up, you can find the generator script by entering your Pi's IP address into your browser on port 81. This is only available on your local network, not through Tor - e.g. http://192.168.1.5:81.
@ -284,6 +309,56 @@ The gallery generator takes in some basic data such as the name, description, ti
You can also choose to overwrite anything the generator script generates or edit it manually just like you would HTML / PHP on any server. Use an FTP client such as [Filezilla](https://filezilla-project.org/) and the same username / password you would for logging in via SSH (point Filezilla to your Pi's IP and port 22). The directory that's served is /var/www/html/pivilion/gen. You can also edit Lighty's config in /etc/ lighttpd.conf and move the directory to where you see fit.
### Backing Up HTML Content
Since Pivlion is a server, we can use an sFTP client like [Filezilla](https://filezilla-project.org/) to access it and download and upload files. It uses the same username and password and the same IP that is used for SSH.
In the Filezilla connection boxes
Host: your Pi's IP (the one used for SSH)
Username: pi
Password: your password (default: raspberry)
Port: 22
The remote filesystem will open in the right pane, and your local directories / folders will be in the left. You can drag and drop or right click and upload or download files and directories to and from your Pi.
To back up your gallery navigate to /var/www/html/pivilion/gen in the right pane side and download the contects of the entire directory to a local directory on the left hand side.
To restore a backup, simply upload fromt he local directory to the same remote directory, overwriting its contents.
## Upgrading the Pivilion Installation
Since there's a lot of bugs to fix, we fix them often. :)
To upgrade use
`sudo -s`
`cd /`
`git reset --hard origin/master`
`git fetch --all`
**This will *delete* everything in your gallery and reset to default.**
Please make sure to back up!
## Alternative Installation Methods
### Using a Virtualbox Image
For testing Pivilion without a Raspberry Pi, you can use Ubuntu server (or any other Debian-based OS) as a base and install all packages from this manual. Some package names may differ, depending on your system. Use
`apt-cache search package name`
to search for similar packages.
Run your appliance in bridged networking mode if you need to access your Pivilion appliance from your local network.
You can skip all the Raspberry-specific steps if you chose to use Virtualbox. You can also download prepared Virtualbox appliances with Pivilion completely installed, or a base system to install Pivilion yourself [here](https://download.pivilion.net/).
You can also download the complete pre-installed appliance image and run Pivilion in Virtualbox without having to install anything.
Please note that Pivilion is in public beta and is sure to have some errors. Don't hesitate to help development by raising issues here https://gitlab.com/hacklab01/pivilion/issues
Now go make some darknet of things galleries! :)