Deployment¶
Hardware requirements¶
Web server requirements¶
A Web server installed and running that supports HTTP
GET
,HEAD
andRange
(RFC 7233) requests. [Apache] HTTP Server and [nginx] support them.Important
Note that if the server is configured with
keep-alive
timeout, it’d need to be at least the same timeout as in the onbasca HTTP requests, which is 10 seconds by default (http_timeout
variable in the configuration file, see more about in the next section).TLS support to avoid HTTP content caches at the various exit nodes.
Certificates can be self-signed.
A large file; at the time of writing, at least 1 GiB in size It can be created running:
head -c $((1024*1024*1024)) /dev/urandom > 1GiB
A fixed IP address or a domain name.
Bandwidth: at least 12.5MB/s (100 Mbit/s).
Network traffic: around 12-15GB/day.
If you want, use a [ContentDeliveryNetwork] (CDN) in order to make the destination IP closer to the scanner exit.
onbasca scanner and generator or onbrisca scanner setup¶
Important
To facilitate debugging, it is recommended that the system timezone is set to UTC.
To set the timezone to UTC in Debian:
apt-get --reinstall install tzdata
ln -sf /usr/share/zoneinfo/UTC /etc/localtime
update-initramfs -u
Install onbasca
or onbrisca
according to INSTALL.rst (in the local
directory or Tor Project Gitlab) or INSTALL.html
(local build or [online_documentation]).
scanner and generator configuration for production¶
It is needed to create a configuration file with at least one Web server.
It is recommended to set several Web servers so that the onbasca
or
onbrisca
scanner
can continue if one fails.
If onbasca
is installed from the sources as a non-root user then create the
configuration file in ~/.onbasca/config.toml
.
In the case of onbrisca
, create the configuration file in
~/.onbrisca/config.toml
.
You can see an example with a minimal configuration for onbasca
here:
# SPDX-FileCopyrightText: 2022 The Tor Project, Inc.
#
# SPDX-License-Identifier: CC0-1.0
[default]
destinations_countries = "ZZ"
scanner_country = "ZZ"
[[default.WEB_SERVERS]]
url = "https://localhost:28888"
verify = "tests/integration/localhost.crt"
enabled = true
More details about the configuration file can be found in
./docs/source/config.toml.rst
(in the local directory or Tor Project
Gitlab) or config.toml.html (local build or [online_documentation].
onbrisca scanner and endpoint deployment for production¶
You can find scripts as an example to install and run onbrisca
in Debian
at ../../../deploy_onbrisca (in the local directory or Tor Project Gitlab)