AWS Setup - mangei/onion-routing GitHub Wiki

Notes

for log output you can check for detached tmuxsessions. we use a reverse proxy since we dont want to bind to port 80 with our app (this would require them running as root [in the simplest case]). in some of the machines i didn't use a "onion" user but the default "ubuntu" one. the applications are in his home directory.

the originator node has a root password. there you will find my private key which you can use to connect to the other machines. ill give you the password for the originator via other channels.

Setup of the Originator Node

  • Setup new aws machine with ubuntu 14.04 image
  • ssh into the machine using the aws console and change the root password and permit ssh logon with the new password
    • sudo -i
    • vim /etc/ssh/sshd_config
    • service ssh restart
  • apt-get update && apt-get install openjdk-7-jdk git unzip
  • wget http://downloads.typesafe.com/typesafe-activator/1.2.10/typesafe-activator-1.2.10.zip
    • building the whole stuff locally takes forever to upload
  • unzip typesafe-activator-1.2.10.zip
  • rm -f typesafe-activator-1.2.10.zip
  • add export PATH=$PATH:/root/activator-1.2.10 to .bashrc
  • bash
  • git clone https://github.com/mangei/onion-routing.git
  • cd onion-routing
  • chmod +x build.sh
  • ./build.sh
  • edit nginx (see below)
  • cd /opt
  • mkdir onion
  • cd onion
  • copy previously built files here
  • unzip files
  • adduser onion
  • chown onion:onion -R .
  • su onion
  • cd $service_you_want_to_start
  • bin/$service_you_want_to_start -Dconfig.file=conf/application.conf

Reverse Proxy

  • apt-get update && apt-get install nginx unzip openjdk-7-jdk git -y
  • change /etc/nginx/sites-enabled/default:
echo '
server {
        listen 80 default_server;
        listen [::]:80 default_server ipv6only=on;

        root /usr/share/nginx/html;
        index index.html index.htm;

        # Make site accessible from http://localhost/
        server_name localhost;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                # Uncomment to enable naxsi on this location
                # include /etc/nginx/naxsi.rules

                proxy_pass  http://localhost:9000;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_set_header Host $http_host;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Forwarded-For $remote_addr;
                proxy_set_header X-Forwarded-Port $server_port;
                proxy_set_header X-Request-Start $msec;
        }
}' > /etc/nginx/sites-enabled/default
  • service nginx restart