Home » Uncategorized » HOW TO CREATE A “WE FIGHT CENSORSHIP MIRROR SITE

HOW TO CREATE A “WE FIGHT CENSORSHIP MIRROR SITE

The wefightcensorship website has been  designed to be easily duplicated by miror sites. You can host a copy of wefightcensorship on your webserver and be involved in the fight against censorship in the world. The more mirror websites, the more difficult it will be for censors to block WeFightCensorhip. The procedure outlined in this chapter explains how to create a secondary mirror of the wefightcensorship.org website on a machine located anywhere on the Internet. This script relies on OpenSSH and rsync. Alternatively, you can also install a website copying software on your server (such as httrack) and run it at regular intervals (using cron for example) in order to have an updated version of our website. Even simplier, you can use the autoblog script developped by SebSauvage.

REQUIREMENTS

The following are required:

  1. A machine running Unix operating as a Web server. There is no restriction on the Unix type and distribution or on the Web server. It is up to the person who creates the mirror to configure it.
  2. The machine (in addition to the Web server) must have the following tools: rsync and OpenSSH

If you do not have all of the above, you should not begin the procedure.

OPERATING PROCEDURE

Technical requirements

The machine acting as a Web server must be installed and configured before the procedure is launched. This document does not cover the installation and configuration of software (virtual host, for example), or set up local users. This is specific to each server. There are few technical restrictions. A web server that can host static content is needed (for example there is no use of PHP language or a MySQL database). A user account must be available which allows the creation of files in the virtualhost hierarchy. This account will be used to operate the server synchronisation script and should be able to run the rsync synchronization command. In the following examples, we are using an account called www-data.

How synchronization works

Secondary mirrors are static web servers whose purpose is to make available to users the content of the website wefightcensorship.org. The hierarchy to be published is retrieved from a primary mirror site using rsync synchronization. Secondary mirrors must be authenticated on the primary mirrors using an OpenSSH key. The key serves both as an authentication of the secondary mirror and means of encrypting the data flow.

How to create an authentication key

If the user www-data does not have an OpenSSH key pair, here are the commands to create them:

www-data@mirror:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/var/www/.ssh/id_rsa):

Accept the default path, or choose a place where you can store the key. If you change the default path (for www-data it would be “homedir”), you must make sure that OpenSSH can access the keys. If necessary use an SSH agent for this.

Enter passphrase (empty for no passphrase):
 Enter same passphrase again:
 Your identification has been saved in /var/www/.ssh/id_rsa.
 Your public key has been saved in /var/www/.ssh/id_rsa.pub.
 The key fingerprint is:
 79:01:ff:20:c5:65:0d:ff:0c:76:9c:db:34:a0:da:3f www-data@mirror
 The key's randomart image is:
 +--[ RSA 2048]----+
 |        ....++   |
 |         +....o..|
 |        . +.  +o+|
 |         oo+ . *+|
 |        S....  .+|
 |         .  .    |
 |             E   |
 |              .  |
 |                 |
 +-----------------+

Registration of the mirror with WeFightCensorShip.org

Access to the WeFightCensorShip.org synchronization servers must be requested and the public key (but not the private key) must be sent when your request is made. To do this you should send an e-mail to wefightcensorship@rsf.org with “creation of a mirror site” in the subject line. You will receive by return a synchronization script and the associated configuration files.

Creation of Web server hierarchy

The creation of the server hierarchy and the associated virtualhost are the responsibity of the owner of the mirror site. These vary according to the distribution, Web server and the operating procedures that are in effect. For the next phase we are assuming that the hierarchy is under /var/www/ mirror.wefightcensorship.org-443/htdocs. Adaptations can be made by the person using the mirror site.

Implementation of synchronization script

After the mirror site has been registered with WeFightCensorship.org, three files will be sent to you. First you will receive the synchronization script, followed by the associated configuration files. In accordance the usual practice, these will be place respectively in /opt/cybershelter/bin (synchronization script) and /opt/cybershelter/etc (configuration files). You should make sure that the script is permissioned for the user www-data. .

It is recommended that the first time the script is run it should be done manually. This will allow any configuration problems to be identified. Subsequently the script should be automated using a task in the crontab scheduler of the user www-data. For example the following crontab can be used for an hourly synchronization.

 www-data@mirror:~$ crontab -l50 * * * * /opt/cybershelter/bin/synchro-miroir-secondaire.sh

Configuration of the synchronization script

The synchronization script has two configuration files that allow the rsync parameters to be controlled. These are:

www-data@mirror:~$ cat /opt/cybershelter/etc/synchro-miroir-secondaire
MIROIR_PRIMAIRE=adresse.du-miroir.fournie
RSYNC_USER=synchro
REMOTE_PATH=/srv/synchro-miroir-secondaire

This file contains parameters set by WeFightCensorShip.org. They should not be changed, since this could stop the synchronization script from working. The first parameter is a list of primary mirror sites with which you can synchronize yours. This list is provided and cannot be changed. It may be updated automatically in the course of synchronization. The second parameter is the user account to be used for synchronization. This value is provided and cannot be changed. It may be updated automatically in the course of synchronization. The third parameter is the path on the server that contains the files to be synchronized. This value is provided and cannot be changed. It may be updated automatically in the course of synchronization.

www-data@mirror:~$ cat /opt/cybershelter/etc/synchro-miroir-secondaire.local
LOCAL_PATH=/var/www/$(hostname).wefightcensorship.org-443

This file contains the declaration of local variables that you can modify. The first parameter is the path to the local hierarchy of the site (the contents of vhost). The value should be adjusted to take account of the contents of the virtual host definition.

New versions of synchronization script and configuration file are sent during miror supdate. Files, and associated MD5 checksums, are available in the ${LOCAL_PATH}/synchro directory.

Miror owner can either update manually script and configuration file, or use symbolic links to use recevied files.

If you choose to use symbolic links, /opt/cybershelter/etc/synchro-miroir-secondaire should link to ${LOCAL_PATH}/synchro/synchro-miroir-secondaire, and /opt/cybershelter/bin/synchro-miroir-secondaire.sh should link to ${LOCAL_PATH}/synchro/synchro-miroir-secondaire.sh.

NB: if you re-enter an existing variable in the file /opt/cybershelter/etc/synchro-miroir- secondaire, its local value will be taken into account. To do so means, however, that no account will be taken of updates and this may change the way the synchronization script works.

WE ARE NOT POLITICAL – WE JUST STAND AGAINST DOMESTIC VIOLENCE, SEXUAL ASSAULT AND CHILD ABUSE BUT MORE IMPORTANTLY WE JUST WANT TO KNOW YOUR 2 CENTS ON MATTERS THAT MEANS THE MOST OR DEAR TO YOU.

MAKE A DONATION

How can we combat the scourge of child soldiers, protect the environment or campaign for women’s rights if journalists, bloggers and netizens are not free to expose abuses? WeFightCensorship gives a voice to campaigns stifled by censorship and thwart the machinations and pressures of authoritarian governments. WeFightCensorship shows that imprisoning a journalist, blogger or netizen, seizing copies of a newspaper or blocking access to a site where a video has been posted will not prevent their message from being spread around the world – on the contrary. Would you like to help us in our fight? Help us to bring this project to life, make a donation!

SEND IN CENSORED MATERIAL

Anyone can join in the fight against censorship. Do you have a document that has been censored or banned? Send it to Reporters Without Borders using our digital safe. We will evaluate it and make some journalist checks and if we consider it falls within RWB’s mandate – freedom of news and information – and the mission of WeFightCensorship, we shall disseminate it via WeFightCensorship. The digital safe is a group of tools designed to protect the safety and anonymity of Web users who want to send documents to Reporters Without Borders.

When a user sends a document using a secure application form, it is encrypted on the server then sent to the Reporters Without Borders storage area. The server that hosts the secure form retains no record of any documents or data that would allow the user to be traced – there is no record of the user’s log-in time or IP address. Once the document has been transferred to the storage area, it can be retrieved via a dedicated work station then de-crypted using a unique private key. It is then run through several types of anti-virus software.

Since our digital safe is encrypted, you do not have to use protection or anonymization tools for your communications and data, such as the Tor network or a virtual private network (VPN). Take a look at our digital survival kit.

CREATE A MIRROR SITE TO HELP THE FIGHT AGAINST CENSORSHIP

The WeFightCensorship site has been designed to be duplicated using the principle of mirror sites. You can also host a copy of our site on your own server and help the worldwide fight against censorship. The more copies there are, the more difficult it will be to filter and block WeFightCensorship and the content it disseminates throughout the world. To facilitate the creation of robust mirror sites, we have established aprocedure for copying our site. However, this is aimed at well-informed users who have a basic knowledge of Web server management. Others can take part and duplicate our site using “suction software” such as httrack.

BECOME A VOLUNTEER TRANSLATOR

You don’t need to be a computer expert to take part in the WeFightCensorship project. We need to translate documents from a variety of languages into the languages that the site uses, currently French and English. You can play a part by helping us to finish translating documents that may be partly translated, or suggest other languages. You can send your suggested translations toWeFightCensorship@rsf.org (PGP ID : 2BBC1ECE), or using our digital safe. By helping us to translate documents from the world’s languages, including those that are rare, you will be helping us to disseminate their contents. Information knows no borders.

Follow me on Twitter

%d bloggers like this: