Configuration Guide - 2langnic/GlobaLeaks GitHub Wiki

The following guide let you configure a GlobaLeaks node by following the procedure and instruction reported below.

At the end of the procedure you will have a working globaleaks installation, capable of receiving submission anonymous that get dispatched to configured receivers.

STEP 1 - Access Authentication interface

You should access to the authentication interface to be able to login. From this interface both admin and receivers users can authenticate with username and password.

You can reach the authentication interface with your browser in two way:

Note: The interface loading may take a while, due to the High Latency of Tor Hidden Service.

STEP 2 - Login as admin

You should login to the admin interface of your GlobaLeaks node.

Login with the following default credentials:

  • Username: admin
  • Password: globaleaks

STEP 3 - Change your admin password

Click on Admin Password . As a first step you should change the default globaleaks password.

Change your password by filling:

  • Old Password: globaleaks
  • New Password: YourOwnChoosenPassword

STEP 4 - Configure GlobaLeaks Basic Data

Click on Content Settings . Now you should configure your basic branding information about your node.

Fill the following data:

  • Logo: You should upload your logo in 140x140 pixel, png format
    • Select File
    • Click Upload
  • Node Name: The name of your Node initiative (will appear in the header)
  • Node Subtitle: The payoff to be shown under your Node Name (will appear in the header)
  • Description: The description of your node (will appear in the header)
  • Email: The email of the node maintainer (Currently not used by the software)
  • Presentation: The text shown on the main entry page
  • Footer: The footer shown on each page
  • Tor Hidden Service: Your Tor Hidden Service hostname with HTTP:// (Used in notification email)
  • Tor2web Public Site: Your Tor2web Public Site with HTTPS:// (Used in notification email)

Please consider that currently GlobaLeaks does only allow "text" editing with no formatting or url linking. We will improve in future those editing with a dual WYSIWYG rich text editor, enabling markdown manual tweaking as per https://github.com/globaleaks/GlobaLeaks/issues/618 . If you want to help us improving this functionality please consider making a donation at http://logioshermes.org/home/about-mission/support-us/ .

STEP 5 - Configure Email Notification

Click on Notification Settings . Now you should configure the email account and related server configuration parameters, that will be used by GlobaLeaks to send out notifications related to Submission to the Receivers.

We suggest you to setup a dedicated email account to send out notifications of GlobaLeaks.

Fill the following data:

  • Username: The email account you are going to use as a username to authenticated to send email
  • Password: Password of the email account
  • SMTP Server: The SMTP server you use to send email with this account
  • SMTP Port: The port used to send email out (It maybe 465 or 587 depending on server settings)
  • Transport Security: The Security of SMTP (SMTP/TLS is at tcp port 587, but SMTP/SSL is at 465)

STEP 6 - Create new Receivers

Click on Receiver. Now you should add the Receivers, that are the people handling the Submission from Whistleblowers.

Each Receiver has to be associated to one or more than one Context, this can be done both from the Receiver Configuration page and from the Context Configuration page after the creation of the first context.

So let's first create at least one receiver.

Add the first receiver by filling the following data then click Add .

  • Name: The email account you are going to use as a username to authenticated to send email
  • Email: Password of the email account
  • Password: The password that the receiver will use

Now you should add some other detail for the receiver

  • Picture: Upload the picture of the receiver (this will be shown on Whistleblower submission interface)
  • Description: A brief description of the Receiver

Then you should add the Receiver's PGP key by clicking Configure PGP Key . The PGP key must be loaded with a cut&paste of the text-ascii version of PGP public key of the receiver.

As a last step you may configure the extra authority of the receiver:

  • Permit the Receiver to postpone expiration date of the Tips
  • ** Permit the Receiver to delete Tips**

Now save the receiver by clicking

  • Save

STEP 7 - Create new Context & Submission fields

Click on Context Configuration .

The Context represent the topic / category of your whistleblowing site.

It maybe a representation of a vertical topic (Corruption, Human Rights Abuse, etc) or of a geographical area for which you MUST carefully define:

  • A set of Context Description that will be shown to the whistleblower (such as Name, Description)
  • A set of Submission fields that represent the questions you want to ask to the whistleblower
  • A set of Receivers (that would take care of the submission for that specific topic)
  • A set of Advanced Configurations to customize various Security/Authorization criteria & Behaviors of UI

On this step you will edit:

  • Context: Represent the different topic for which your GlobaLeaks node accepts Submissions
  • Receivers: The receivers that are part of this Context and that will receive submissions
  • Submission fields: Represent the web form inquiry and data you are asking to the Whistleblower
  • Context Configuration: Security, Authorization and UI behavior specific for that context

The Context configuration procedure is as follow:

  • Type the name of your Context and then click Add
  • Select the Receiver that will receive submissions for that Context
  • Add a Description about what this context is about (which kind of submission information you would like to collect)

Note: You can have multiple context to manage multiple topics and multiple submission forms on a single node.

Now you can manage the Submission Fields in the Fields section of the context editing area, by clicking Add field .

The submission fields can be configured to create the submission forms with the following information:

  • Name: a short string that represents the field (ex. my title, will not be visualized)
  • Label: What is the title of the field (will be visualized to the submitter)
  • Hint: What is shown on mouseover to explain the meaning of this field (will be visualized to the submitter)
  • Required: Yes/No
  • Type: Radio Buttons, Drop Menu (Select), Multi-Select, Checkboxes, Paragraph(s), Number, Url, Phone, Email

The fields will be shown exactly in the order that's here defined. Still it's possible to change the order by dragging the context with the mouse and dropping to the appropriate order. It's also possible to change the order of the Contexts trough the UI with drag & drop.

It's very important to mark at least a couple of the most relevant fields as "Preview". Those will be shown to the Receiver in it's Tip List interface, to provide better sorting and understanding of each Tip available into the system.

By default there are two Fields (that MUST be modified):

  • Headline
  • Description
  • Description of file

Note: "Description of file" will became a dedicated field associated to each file uploaded with implementation of https://github.com/globaleaks/GlobaLeaks/issues/719 . If you want to help us improving this functionality please consider making a donation at http://logioshermes.org/home/about-mission/support-us/ .

In the context advanced settings is possible to modify all of the following values and behaviours:

  • Require at least one file to be uploaded: It's mandatory to upload at least one file to submit a submission on this context?
  • Select all receivers by default: Should all receiver be selected by default for the submission on this context? (The whistleblower can always deselect them)
  • Show small receiver cards on submission interface: If there are many receivers and you want to improve the visualization, enable it to display receiver's cards in lines of 4.
  • Permit Receivers to postpone expiration date of the Tips: Can all of the receivers of this context be able to postpone the expiration of a Tip? (To avoid a Tip expire while dealing with a whistleblower for more days than the expiration time)
  • Permit Receivers to delete Tips: Can all of the receivers of this context be able to delete Tips?
  • Incomplete submissions expiry time (hours): After how much time an incomplete submission need to be self-deleted
  • Maximum file downloads: How many times a file can be downloaded by receivers
  • Submitted Tip expiry time (days): When the Tip will self-delete (default 2 weeks)
  • Receipt format (regular expression): Which format is the receipt (default 10 digits)

STEP 8 - Tweak Advanced Settings

You may need to adjust some advanced settings depending on your needs.

Those you may be most interested in are:

  • Maximum File Size: The maximum size of the files that can be uploaded (default 30Mb)
  • Data Retention Policy: After how many days the submissions will get cleaned up and automatically deleted -deleted (default 15 days)
  • Error Reporting: Where to send software exception if the software hit an unexpected bug (default [email protected])

If you like to have one of the actors to be able to interact with the node via Tor2web:

  • Permit Admin access via Tor2web
  • Permit Receivers access via Tor2web
  • Permit Whistleblower submissions via Tor2web
  • Permit access of public resources via Tor2web

Read Advanced Configuration to know how to change that settings.

STEP 9 - Customize your node

Now that your GlobaLeaks node is installed and configured, you may need to further customize it.

Please follow the Customization Guide to adjust the text, css and overall look and feel.

Ⓚ 2011-2015, Hermes Center for Transparency and Digital Human Rights. All rights reversed.

⚠️ **GitHub.com Fallback** ⚠️