Advanced Configuration - 2langnic/GlobaLeaks GitHub Wiki

This section show how advanced users could tweak advanced globaleaks settings by explaining:

Init Script Settings

Data Settings

Where all the globaleaks data (database, files, logs, Tor HS key) will be written.

# WORKING_DIR
#   must be configured with the daemon working directory
WORKING_DIR=/var/globaleaks/

System Settings

Many system settings related to the environment and technical parameters with which globaleaks is run.

# USER = [user_name]
#   permits to configure the USER privileges of the globaleaks process
USER=globaleaks

# GROUP = [group_name]
#   permits to configure the GROUP privileges of the globaleaks process
GROUP=globaleaks

# LISTENINGPORT = [port_number]
#   permits to configure a port at which globaleaks process will bind to
LISTENING_PORT=8082

Virtualhost

Virtual hosts from which globaleaks respond to (other than TorHS) .

To be used if you are exposing GlobaLeaks to the LAN (for example on local IP such as 192.168.x.x).

Please keep in mind to tweak also firewall configuration.

# HOST = [ip_address, hostname, other_hostname]
#   permits to configure a list of hosts at which globaleaks will be reachable
HOSTS_LIST=127.0.0.1,localhost

Network Sandboxing

Enable or disable network sandboxing (to prevent leaks outside Tor)

# NETWORKSANDBOX = 0/1
#   permits to enable network sandboxing; requires iptables
NETWORK_SANDBOXING=1

Firewall

Enable a strict firewall to allow, by default, only connection from localhost to localhost (Tor).

To be used if you are exposing GlobaLeaks to the LAN (for example on local IP such as 192.168.x.x).

Please keep in mind to tweak also Virtualhost configuration.

If you need to open up your node to be reachable from an internal network or internet, you should tweak at the same time ALLOWED_DST_IP, ALLOWED_SRC_IP, HOSTS_LIST .

# ALLOWED_DST_IP = ( ip_address1,  ip_address2, ... )
#   permits to configure a list of ip address used for outbound connections
ALLOWED_SRC_IP=( 127.0.0.1 )

# ALLOWED_SRC_IP = ( ip_address1,  ip_address2, ... )
#   permits to configure a list of ip address used for inbound connections
ALLOWED_DST_IP=( 127.0.0.1 )

Tor integration

Technical parameters for strict integration with Tor.

# TORSOCKSPORT = [port_number]
#   permits to configure a Tor Sock Port for outbound connections
TORSOCKSPORT=9050

# TORTRANSPORT = [port_number]
#   permits to configure a Tor Trans Port for outbound connections
TORTRANSPORT=9040

# TORDNSPORT = [port_number]
#   permits to configure a Tor DNS Port for outbound connections
TORDNSPORT=5353

Tor and Internet exposition

Parameter usable to specify the Tor Hidden Service (enabled by default)

# TOR_DIR
#   this contain the Tor hidden service directory
TOR_DIR=/var/globaleaks/torhs/

This parameter specify where the Tor hidden service hostname is fetch. The hidden service address is refreshed every time this address change (and update the database value, used in notification URLs). If the public website (commonly the tor2web version of the HS) is not configured, is generated a Tor2Web URL using the proxy services of onion.to

If the public website is already configured, is never replaced. Therefore a dedicated public site can be configured without being replaced.

GlobaLeaks widget

On various circumstances it would be necessary to open globaleaks from an existing website and on such situations it would be interesting to exploit iframe capabilities in order to prevent user access to be logged into browsers history. To this aim the following widget has been designed. The idea at the base is really simple; to make use of it you need to embed a simple javascript on your page and then include (and style as you prefer) a link that when clicked will run GlobaLeaks inside an iframed page.

The code snippet to deploy is:

<script type="text/javascript">
function globaleaks(url) {
    document.body.style.margin = "0";
    document.body.style.padding = "0";
    document.body.style.height = "100%";
    document.body.style.border =  "none";
    document.body.innerHTML='' +
        '<iframe src="' + url + '" height="100%" width="100%" frameBorder="0" style="overflow-y: auto; overflow-x: hidden;">' +
        '    Your browser does not support inline frames.' +
        '</iframe>';
}
</script>

Then from the existing initiative site you would be able to include a link like the following:

<a href="javascript:globaleaks('https://www.globaleaks.org')">Blow the Whistle!</a>

Cover traffic widget

It is possible to generate cover traffic to your GlobaLeaks node by embedding a widget on various websites.

It shall be loaded as an IFRAME and every viewer of your side will load it and perform random delayed and with random payload size requests to your tor2web node.

The code snippet to deploy it is:

<iframe src="https://myleaksite.tor2web.org/antanistaticmap/decoy.html"></iframe>

Ⓚ 2011-2015, Hermes Center for Transparency and Digital Human Rights. All rights reversed.

⚠️ **GitHub.com Fallback** ⚠️