diff options
author | Christian Grothoff <christian@grothoff.org> | 2012-10-09 19:31:21 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2012-10-09 19:31:21 +0000 |
commit | 54ecef1320213ab3f842825b2cfffb41534006c2 (patch) | |
tree | 6add765341d248e656078ffc018bc79c8fd6f72a | |
parent | 9467d5e5eeb21e85a6f481eecb24ccaa5fe83396 (diff) | |
download | gnunet-54ecef1320213ab3f842825b2cfffb41534006c2.tar.gz gnunet-54ecef1320213ab3f842825b2cfffb41534006c2.zip |
-updating docu
-rw-r--r-- | README | 74 | ||||
-rw-r--r-- | configure.ac | 45 |
2 files changed, 78 insertions, 41 deletions
@@ -76,8 +76,6 @@ $ adduser gnunet gnunet | |||
76 | $ ./configure --prefix=$GNUNET_PREFIX --with-extractor=$LE_PREFIX | 76 | $ ./configure --prefix=$GNUNET_PREFIX --with-extractor=$LE_PREFIX |
77 | $ make | 77 | $ make |
78 | # make install | 78 | # make install |
79 | # sudo -u gnunet mkdir ~gnunet/.gnunet/ | ||
80 | # sudo -u gnunet touch ~gnunet/.gnunet/gnunet.conf | ||
81 | # sudo -u gnunet gnunet-arm -s | 79 | # sudo -u gnunet gnunet-arm -s |
82 | 80 | ||
83 | This will create the users and groups needed for running GNUnet | 81 | This will create the users and groups needed for running GNUnet |
@@ -89,9 +87,13 @@ end-user applications as another user. | |||
89 | 87 | ||
90 | If you create a system user "gnunet", it is recommended that you edit | 88 | If you create a system user "gnunet", it is recommended that you edit |
91 | the configuration file slightly so that data can be stored in the | 89 | the configuration file slightly so that data can be stored in the |
92 | system user home directory at "/var/lib/gnunet"; you may also want to | 90 | system user home directory at "/var/lib/gnunet". Depending on what |
91 | the $HOME-directory of your "gnunet" user is, you might need to set | ||
92 | the SERVICEHOME option in section "[PATHS]" to "/var/lib/gnunet" to | ||
93 | do this. Depending on your personal preferences, you may also want to | ||
93 | use "/etc/gnunet.conf" for the location of the configuration file in | 94 | use "/etc/gnunet.conf" for the location of the configuration file in |
94 | this case. | 95 | this case (instead of ~gnunet/.gnunet/gnunet.conf"). In this case, |
96 | you need to start GNUnet using "gnunet-arm -s -c /etc/gnunet.conf". | ||
95 | 97 | ||
96 | You can avoid running 'make install' as root if you run configure | 98 | You can avoid running 'make install' as root if you run configure |
97 | with the "--with-sudo=yes" option and have extensive sudo rights | 99 | with the "--with-sudo=yes" option and have extensive sudo rights |
@@ -125,13 +127,23 @@ $ aclocal -I /usr/local/share/aclocal | |||
125 | Configuration | 127 | Configuration |
126 | ============= | 128 | ============= |
127 | 129 | ||
128 | Note that additional, per-user configuration files | 130 | Note that additional, per-user configuration files can be created by |
129 | (~/.gnunet/gnunet.conf) need to be created by each user (for example, | 131 | each user. However, this is usually not necessary as there are few |
130 | by running gnunet-setup). Note that gnunet-setup is a separate | 132 | per-user options that normal users would want to modify. The defaults |
131 | download and requires recent versions of GTK+ and Glade; you can also | 133 | that are shipped with the installation are usually just fine. |
132 | edit the configuration file by hand, but this is not recommended. For | 134 | |
133 | more general information about the GNU build process read the INSTALL | 135 | The gnunet-setup tool is particularly useful to generate the master |
134 | file. | 136 | configuration for the peer. gnunet-setup can be used to configure and |
137 | test (!) the network settings, choose which applications should be run | ||
138 | and configure databases. Other options you might want to control | ||
139 | include system limitations (such as disk space consumption, bandwidth, | ||
140 | etc.). The resulting configuration files are human-readable and can | ||
141 | theoretically be created or edited by hand. | ||
142 | |||
143 | gnunet-setup is a separate download and requires somewhat recent | ||
144 | versions of GTK+ and Glade. You can also create the configuration file | ||
145 | by hand, but this is not recommended. For more general information | ||
146 | about the GNU build process read the INSTALL file. | ||
135 | 147 | ||
136 | GNUnet uses two types of configuration files, one that specifies the | 148 | GNUnet uses two types of configuration files, one that specifies the |
137 | system-wide defaults (typically located in | 149 | system-wide defaults (typically located in |
@@ -141,20 +153,13 @@ configuration file should be located in "~/.gnunet/gnunet.conf" or its | |||
141 | location can be specified by giving the "-c" option to the respective | 153 | location can be specified by giving the "-c" option to the respective |
142 | GNUnet application. | 154 | GNUnet application. |
143 | 155 | ||
144 | The defaults that are shipped with the installation are usually ok, | ||
145 | you may want to adjust the limitations (space consumption, bandwidth, | ||
146 | etc.) though. The configuration files are human-readable. Note that | ||
147 | you MUST create "~/.gnunet/gnunet.conf" explicitly before starting | ||
148 | GNUnet. You can either run gnunet-setup (available as part of the | ||
149 | gnunet-gtk source package) or simply create an empty file. | ||
150 | |||
151 | 156 | ||
152 | Usage | 157 | Usage |
153 | ===== | 158 | ===== |
154 | 159 | ||
155 | First, you must obtain an initial list of GNUnet hosts. Knowing a | 160 | First, you must obtain an initial list of GNUnet hosts. Knowing a |
156 | single peer is sufficient since after that GNUnet propagates | 161 | single peer is sufficient since after that GNUnet propagates |
157 | information about other peers. Note that the default "gnunet.conf" | 162 | information about other peers. Note that the default configuration |
158 | contains URLs from where GNUnet downloads an initial hostlist | 163 | contains URLs from where GNUnet downloads an initial hostlist |
159 | whenever it is started. If you want to create an alternative URL for | 164 | whenever it is started. If you want to create an alternative URL for |
160 | others to use, the file can be generated on any machine running | 165 | others to use, the file can be generated on any machine running |
@@ -170,16 +175,24 @@ HTTPPORT to the public. | |||
170 | If the solution with the hostlist URL is not feasible for your | 175 | If the solution with the hostlist URL is not feasible for your |
171 | situation, you can also add hosts manually. Simply copy the hostkeys | 176 | situation, you can also add hosts manually. Simply copy the hostkeys |
172 | to "$SERVICEHOME/data/hosts/" (where $SERVICEHOME is the directory | 177 | to "$SERVICEHOME/data/hosts/" (where $SERVICEHOME is the directory |
173 | specified in the gnunet.conf configuration file). | 178 | specified in the gnunet.conf configuration file). You can also use |
179 | "gnunet-peerinfo -g" to GET a URI for a peer and "gnunet-peerinfo -p | ||
180 | URI" to add a URI from another peer. Finally, GNUnet peers that use | ||
181 | UDP or WLAN will discover each other automatically (if they are in the | ||
182 | vicinity of each other) using broadcasts (IPv4/WLAN) or multicasts | ||
183 | (IPv6). | ||
174 | 184 | ||
175 | Now start the local node using "gnunet-arm -s". GNUnet should run 24/7 if | 185 | The local node is started using "gnunet-arm -s". GNUnet should run |
176 | you want to maximize your anonymity. | 186 | 24/7 if you want to maximize your anonymity, as this makes partitioning |
187 | attacks harder. | ||
177 | 188 | ||
178 | You should then be able to access GNUnet using the shell: | 189 | Once your peer is running, you should then be able to access GNUnet |
190 | using the shell: | ||
179 | 191 | ||
180 | $ gnunet-search KEYWORD | 192 | $ gnunet-search KEYWORD |
181 | 193 | ||
182 | This will display a list of results to the console. Then use | 194 | This will display a list of results to the console. You can abort |
195 | the command using "CTRL-C". Then use | ||
183 | 196 | ||
184 | $ gnunet-download -o FILENAME GNUNET_URI | 197 | $ gnunet-download -o FILENAME GNUNET_URI |
185 | 198 | ||
@@ -228,7 +241,7 @@ information about the failing testcase to the Mantis bugtracking | |||
228 | system at https://gnunet.org/bugs/. | 241 | system at https://gnunet.org/bugs/. |
229 | 242 | ||
230 | 243 | ||
231 | Running http on port 80 and https on port 443 | 244 | Running HTTP on port 80 and HTTPS on port 443 |
232 | ============================================= | 245 | ============================================= |
233 | 246 | ||
234 | In order to hide GNUnet's HTTP/HTTPS traffic perfectly, you might | 247 | In order to hide GNUnet's HTTP/HTTPS traffic perfectly, you might |
@@ -252,6 +265,17 @@ to map them to a priviledged port (from the point of view of the | |||
252 | network). However, we are not aware of this providing any advantages | 265 | network). However, we are not aware of this providing any advantages |
253 | at this point. | 266 | at this point. |
254 | 267 | ||
268 | If you are already running an HTTP or HTTPS server on port 80 (or 443), | ||
269 | you may be able to configure it as a "ReverseProxy". Here, you tell | ||
270 | GNUnet that the externally visible URI is some sub-page on your website, | ||
271 | and GNUnet can then tunnel its traffic via your existing HTTP server. | ||
272 | This is particularly powerful if your existing server uses HTTPS, as | ||
273 | it makes it harder for an adversary to distinguish normal traffic to | ||
274 | your server from GNUnet traffic. Finally, even if you just use HTTP, | ||
275 | you might benefit (!) from ISP's traffic shaping as opposed to being | ||
276 | throttled by ISPs that dislike P2P. Details for configuring the | ||
277 | reverse proxy are documented on our website. | ||
278 | |||
255 | 279 | ||
256 | Stay tuned | 280 | Stay tuned |
257 | ========== | 281 | ========== |
diff --git a/configure.ac b/configure.ac index 151d76d2d..c1d463a26 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1203,25 +1203,38 @@ fi | |||
1203 | 1203 | ||
1204 | 1204 | ||
1205 | AC_MSG_NOTICE([******************************************** | 1205 | AC_MSG_NOTICE([******************************************** |
1206 | Please make sure that you have created a user and group 'gnunet' | 1206 | Please make sure NOW that you have created a user and group 'gnunet' |
1207 | and additionally a group 'gnunetdns'. Make sure that '/var/lib/gnunet' | 1207 | and additionally a group 'gnunetdns': |
1208 | is owned (and writable) by user 'gnunet'. Then, you can compile GNUnet | 1208 | addgroup gnunetdns |
1209 | with | 1209 | adduser gnunet |
1210 | make | 1210 | |
1211 | Make sure that '/var/lib/gnunet' is owned (and writable) by user | ||
1212 | 'gnunet'. Then, you can compile GNUnet with | ||
1213 | make | ||
1214 | |||
1211 | After that, run (if necessary as 'root') | 1215 | After that, run (if necessary as 'root') |
1212 | make install | 1216 | make install |
1213 | to install everything. | 1217 | to install everything. |
1214 | Then, in order to start your peer, run as the 'gnunet' user | ||
1215 | mkdir ~gnunet/.gnunet/ | ||
1216 | touch ~gnunet/.gnunet/gnunet.conf | ||
1217 | gnunet-arm -s | ||
1218 | 1218 | ||
1219 | Each GNUnet user should also be added to the 'gnunet' group (may | 1219 | Each GNUnet user should be added to the 'gnunet' group (may |
1220 | require fresh login to come into effect) and create an (at least | 1220 | require fresh login to come into effect): |
1221 | initially) empty configuration file: | 1221 | adduser $USERNAME gnunet |
1222 | mkdir $HOME/.gnunet/ | 1222 | (run the above command as root once for each of your users, replacing |
1223 | touch $HOME/.gnunet/gnunet.conf | 1223 | "$USERNAME" with the respective login names). If you have a global IP |
1224 | address, no further configuration is required. | ||
1224 | 1225 | ||
1225 | Optionally, download and compile: | 1226 | Optionally, download and compile gnunet-gtk to get a GUI for |
1226 | - gnunet-gtk to get a GUI for file-sharing and configuration. | 1227 | file-sharing and configuration. This is particularly recommended |
1228 | if your network setup is non-trivial, as gnunet-setup can be | ||
1229 | used to test in the GUI if your network configuration is working. | ||
1230 | gnunet-setup should be run as the "gnunet" user under X. As it | ||
1231 | does very little with the network, running it as "root" is likely | ||
1232 | also harmless. You can also run it as a normal user, but then | ||
1233 | you have to copy ~/.gnunet/gnunet.conf" over to the "gnunet" user's | ||
1234 | home directory in the end. | ||
1235 | |||
1236 | Once you have configured your peer, run (as the 'gnunet' user) | ||
1237 | gnunet-arm -s | ||
1238 | to start the peer. You can then run the various GNUnet-tools as | ||
1239 | your "normal" user (who should only be in the group 'gnunet'). | ||
1227 | ********************************************]) | 1240 | ********************************************]) |