From b8b337f6fb83d873775b4765624db6920934484c Mon Sep 17 00:00:00 2001 From: v3d Date: Tue, 10 May 2022 21:04:53 +0000 Subject: [PATCH] Update pivilion manual setup --- pivilion-manual-setup.md | 37 +++++++++++++++++++++++++++---------- 1 file changed, 27 insertions(+), 10 deletions(-) diff --git a/pivilion-manual-setup.md b/pivilion-manual-setup.md index cde6abd..095ab41 100644 --- a/pivilion-manual-setup.md +++ b/pivilion-manual-setup.md @@ -1,5 +1,7 @@ # Pivilion Manual Setup +https://gitlab.com/hacklab01/pivilion/-/wikis/pivilion-manual-setup/ + [[_TOC_]] ## About Pivilion @@ -26,7 +28,7 @@ Tor is free software for enabling anonymous communication and censorship circumv 1. Micro USB power adapter (check RPi requirements, but ideally 2.5A or 3A for Pi4) - a cable is also fine (you can connect to any USB port) 1. Min 8 GB (micro)SD card 1. SD card reader (and a microSD to SD adapter if necessary) -1. Ethernet cable (or proper wpa_supplicant.conf to connect to WiFi with Pi Zero - generate one [here](https://wifi.pivilion.net/)) +1. Ethernet cable (or proper wpa_supplicant.conf to connect to WiFi with Pi Zero - generate one on [wifi.pivilion.net](https://wifi.pivilion.net/)) 1. HDMI cable - for connection to a screen - optional You can connect the RPi to a HDMI screen (with a USB mouse + keyboard) and connect it to WiFi as you would any computer. However, this setup is meant to be made over SSH - consider your Pi a server (even though it's on a table next to you :)). You can connect it to a display and once you input the WiFi password, just connect to the Pi via SSH from a different computer. @@ -42,7 +44,7 @@ You can connect the RPi to a HDMI screen (with a USB mouse + keyboard) and conne Pivilion runs on top of libre / free software which is avaliable in the Raspbberry Pi OS repositories. To download and install software we will use apt, the Advanced Package Tool. Apt is a free software user interface that works with core libraries to handle the installation and removal of software on Debian, Ubuntu, and related Linux distributions (Raspbnerry Pi OS is based on Debian). ### Installing Raspbperry Pi OS -Always get a current Raspbperry Pi OS Legacy image before installing Pivilion. It will drastically speed up the update / upgrade step of the manual. Use the guide on [this](https://www.raspberrypi.org/documentation/installation/installing-images/README.md) page to determine how to handle images on your OS. We’ll be using Linux + dd. +Always get a current Raspbperry Pi OS Legacy image before installing Pivilion. It will drastically speed up the update / upgrade step of the manual. Use the official [Raspberry Pi documentation gettig started guide](https://www.raspberrypi.com/documentation/computers/getting-started.html#installing-images-on-chrome-os) to learn how to handle images on your OS. ### Enabling SSH on Your Pi SSH access is turned off by default for security. We need to do a simple extra step to enable it. @@ -255,7 +257,7 @@ Tor will generate a hostname. To view your hostname run `sudo cat /var/lib/tor/hidden_service/hostname` Check if your hidden service works by opening Tor Browser and navigating to your onion domain. -(In case you'd like a vanity .onion address, there is [a way](https://github.com/lachesis/scallion) to customize it afterwards.) +(In case you'd like a vanity .onion address, there is [use scallion on github](https://github.com/lachesis/scallion) to customize it afterwards.) This should show the same Apache placeholder page as before. @@ -275,17 +277,19 @@ It will also redirect all non-encrypted traffic to this IP, meaning that all tra 1. "pikey" is used to setup a WiFi network and password to be used in onion mode. 1. "hotglue" is used to install or restore a hotglue installation 1. "static" is used to convert hotglue into a static website -1. "generator" will enable the pivilion generator on port 81 +1. "generator" will enable or disable the pivilion generator on port 81 +1. "htaccess" will remove or reset redirection in /var/www/html/pivilion/gen ### Using Hotglue to Setup a website -Hotglue is a unique tool for web publication & samizdat. It has a fun to use interface and is a community project. It also has some security issues and that's why we convert it to static HTML before serving it on the darknet. Websites generated with the generator script all look the same so this si the prefered way to setup a website when not using full custom HTML / javascript. In order to install or revert hotglue +Hotglue is a unique tool for web publication & samizdat. It has a fun to use interface and is a community project. It also has some security issues and that's why we convert it to static HTML before serving it on the darknet. Websites generated with the generator script all look the same so this si the prefered way to setup a website when not using full custom HTML / javascript. In order to install or revert hotglue. +When using hotglue just add "?edit" to the index.php of your homeapge and log in with the username and password you setup. When done use the command `static` to convert the page into static HTML. If you'd like to edit again, use `hotglue` to restore (or reinstall) Hotglue. ### Using the Generator Script to Setup a website After setting everything up, you can find the generator script by entering your Pi's IP address into your browser on port 81. This is only available on your local network, not through Tor - e.g. http://192.168.1.5:81. -The script is very simple - it uses PHP to generate a static HTML site. It can take audio, video and images. The audio and video need to be encoded with certain codecs compatible with HTML5 media reproduction because of patents. [Here](https://developer.mozilla.org/en-US/docs/Web/HTML/Supported_media_formats)'s a breakdown on what's supported where. You should test and make sure your media files work. The use of WebM, an open, royalty-free media file format is recommended. [Here](http://wiki.webmproject.org/ffmpeg/vp9-encoding-guide)'s a VP9 encoding guide for video. +The script is very simple - it uses PHP to generate a static HTML site. It can take audio, video and images. The audio and video need to be encoded with certain codecs compatible with HTML5 media reproduction because of patents. [Media type and format guide: image, audio, and video content] on MDN (https://developer.mozilla.org/en-US/docs/Web/HTML/Supported_media_formats) has a nice breakdown on what's supported where. You should test and make sure your media files work. The use of WebM, an open, royalty-free media file format is recommended. [FFmpeg Wiki FFmpeg and VP9 Encoding Guide](hhttps://trac.ffmpeg.org/wiki/Encode/VP9) is a good VP9 encoding guide for video. **Keep in mind that Tor is slow and optimize your images, audio and video properly!** @@ -300,7 +304,9 @@ If you want to change file size limits, you can edit the php.ini file with There you will find options such as `post_max_size` + `upload_max_filesize` + `max_file_uploads` You can observe their values and read the comments around them to figure out what they do and what inputs they take. After it's adjusted you need to restart Apache with @@ -363,7 +369,6 @@ RewriteCond %{REQUEST_URI} !(\/*.php)$ RewriteRule ^(.*)$ http://10.1.1.1/index.php [L,R=301] ``` - The last line `RewriteRule ^(.*)$ http://10.1.1.1/index.php [L,R=301]` @@ -391,6 +396,20 @@ To back up your gallery navigate to /var/www/html/pivilion/gen in the right pane To restore a backup, simply upload fromt he local directory to the same remote directory, overwriting its contents. +### Tips'n'tricks + +Pivilion changes constantly and it's being developed by basically two people. We do our best to test stuff but it will often break. With the addition of captive portal mode and Hotglue, stuff got a bit complicated and configurations from different modes may "leak" and cause havoc. + +A couple of helpful tips: + +- if networking doesn't seem to work reset it to with `onion` - it will disable hotspot captive portal redirection and allow you to access your Pi via your local network after reboot +- use `htaccess` to remove or reset redirection if the .htaccess file stays behind in onion mode (it should only be there in hotspot mode). +- if hotglue fails to install you can also back it up and restore it manually by copying everything to and from /var/www/html/pivilion/gen with an SFTP client like Filezilla +- all the configuration files are located in /home/pi/piviilion/config/ - the scripts copy everything from there +- the scripts are in /usr/local/bin/, feel free to open and change them or use only the parts you need to get your desired configuration working +- if you can't write in the home dir or in /var/www/ fix persmissions with `sudo chown -R pi:pi /home/pi; sudo chown -R www-data:www-data /var/www/; sudo chmod -R 775 /var/www;` +- feel free to ask questions in + ### Upgrading the Pivilion Installation Since there's a lot of bugs to fix, we fix them often. :) @@ -420,9 +439,7 @@ to search for similar packages. Run your appliance in bridged networking mode if you need to access your Pivilion appliance from your local network. -You can skip all the Raspberry-specific steps if you chose to use Virtualbox. You can also download prepared Virtualbox appliances with Pivilion completely installed, or a base system to install Pivilion yourself [here](https://download.pivilion.net/). - -You can also download the complete pre-installed appliance image and run Pivilion in Virtualbox without having to install anything. +You can skip all the Raspberry-specific steps if you chose to use Virtualbox. ### Lazy Mode If you don't feel like learning about the various components used to build a Tor hidden service, you can just use lazy mode to bundle up individual installations.