new tutorial mysqlmastermaster
|
@ -346,7 +346,7 @@
|
|||
<ol>
|
||||
<li><a href="high_availability/index.html">✅ Why is High Availability Important for Deniability ?</a><img src="logos/HA.png" class="logo"></li>
|
||||
<li><a href="tornginxphpmysql/index.html">✅ How to setup a basic NGINX / PHP / MySQL app</a><img src="logos/nginx.png" class="logo"><img src="logos/php.png" class="logo"><img src="logos/mysql.png" class="logo"></li>
|
||||
<li><a href="http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/188">❌ How to setup a MySQL Master-Master replication over Tor</a><img src="logos/mysql.png" class="logo"><img src="logos/Tor.png" class="logo"><img src="logos/HA.png" class="logo"></li>
|
||||
<li><a href="mysqlmastermaster/index.html">✅ How to setup a MySQL Master-Master replication over Tor</a><img src="logos/mysql.png" class="logo"><img src="logos/Tor.png" class="logo"><img src="logos/HA.png" class="logo"></li>
|
||||
<li><a href="http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/207">❌ OnionBalance for .onion domains load balancing</a><img src="logos/Tor.png" class="logo"><img src="logos/HA.png" class="logo"></li>
|
||||
<li><a href="endgame/index.html">🟠 Endgame V3 (.onion service Anti DDOS / Load Balancer / WAF + Captcha) ⭐</a><img src="logos/endgame.png" class="logo"></li>
|
||||
|
||||
|
|
BIN
opsec/mysqlmastermaster/0.mp4
Normal file
BIN
opsec/mysqlmastermaster/1.png
Normal file
After Width: | Height: | Size: 196 KiB |
BIN
opsec/mysqlmastermaster/3.png
Normal file
After Width: | Height: | Size: 57 KiB |
BIN
opsec/mysqlmastermaster/4.png
Normal file
After Width: | Height: | Size: 70 KiB |
BIN
opsec/mysqlmastermaster/5.png
Normal file
After Width: | Height: | Size: 30 KiB |
BIN
opsec/mysqlmastermaster/6.png
Normal file
After Width: | Height: | Size: 31 KiB |
BIN
opsec/mysqlmastermaster/7.png
Normal file
After Width: | Height: | Size: 45 KiB |
BIN
opsec/mysqlmastermaster/8.png
Normal file
After Width: | Height: | Size: 46 KiB |
926
opsec/mysqlmastermaster/index.html
Normal file
|
@ -0,0 +1,926 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<meta name="description" content="">
|
||||
<meta name="author" content="">
|
||||
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
|
||||
|
||||
<title>How to setup a MySQL Master-Master replication over Tor</title>
|
||||
|
||||
<!-- Bootstrap core CSS -->
|
||||
<link href="../../assets/css/bootstrap.css" rel="stylesheet">
|
||||
<link href="../../assets/css/xt256.css" rel="stylesheet">
|
||||
|
||||
<style>
|
||||
table {
|
||||
border-collapse: collapse;
|
||||
}
|
||||
|
||||
th, td {
|
||||
border: 1px solid black;
|
||||
padding: 10px;
|
||||
font-family: monospace;
|
||||
}
|
||||
|
||||
tr:nth-child(odd) {
|
||||
background-color: #0002;
|
||||
}
|
||||
|
||||
th:first-child,
|
||||
td:first-child,
|
||||
tr:first-child {
|
||||
background-color: #0006;
|
||||
font-weight: bold;
|
||||
}
|
||||
</style>
|
||||
|
||||
<!-- Custom styles for this template -->
|
||||
<link href="../../assets/css/main.css" rel="stylesheet">
|
||||
|
||||
|
||||
|
||||
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
|
||||
<!--[if lt IE 9]>
|
||||
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
|
||||
<script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
|
||||
<![endif]-->
|
||||
</head>
|
||||
|
||||
<body>
|
||||
|
||||
<!-- Static navbar -->
|
||||
<div class="navbar navbar-inverse-anon navbar-static-top">
|
||||
<div class="container">
|
||||
<div class="navbar-header">
|
||||
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
|
||||
<span class="icon-bar"></span>
|
||||
<span class="icon-bar"></span>
|
||||
<span class="icon-bar"></span>
|
||||
</button>
|
||||
<a class="navbar-brand-anon" href="\index.html">The Nihilism Blog</a>
|
||||
</div>
|
||||
<div class="navbar-collapse collapse">
|
||||
<ul class="nav navbar-nav navbar-right">
|
||||
|
||||
<li><a href="/about.html">About</a></li>
|
||||
<li><a href="/blog.html">Categories</a></li>
|
||||
<li><a href="https://blog.nowhere.moe/donate.html">Donate</a></li>
|
||||
<li><a href="/contact.html">Contact</a></li>
|
||||
</ul>
|
||||
</div><!--/.nav-collapse -->
|
||||
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- +++++ Posts Lists +++++ -->
|
||||
<!-- +++++ First Post +++++ -->
|
||||
<div id="anon2">
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-lg-8 col-lg-offset-2">
|
||||
<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>oxeo0 - 2025 / 02 / 21</ba></p>
|
||||
<h1>How to setup a MySQL Master-Master replication over Tor</h1>
|
||||
<video src="0.mp4" class="imgRz" controls loop></video>
|
||||
|
||||
</div>
|
||||
</div><!-- /row -->
|
||||
</div> <!-- /container -->
|
||||
</div><!-- /grey -->
|
||||
|
||||
<!-- +++++ Second Post +++++ -->
|
||||
<div id="anon3">
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-lg-8 col-lg-offset-2">
|
||||
<h2><b>Introduction</b></h2>
|
||||
<p>
|
||||
Your dark net <a href="../tornginxphpmysql/index.html">vegetable shop</a> turned out to be a <b>wild success</b>!<br>
|
||||
With the influx of new users placing orders, you might want to consider high availability and replication across different locations. MySQL has a built-in mechanism for automatic replication between database instances, requiring only a TCP connection and an account with replication permissions.</p>
|
||||
|
||||
<p>This works by having the <b>Master</b> DB send all queries to the <b>Slave</b> DB for execution. This setup is useful for real-time database backups through <b>Master-Slave</b> replication.</p>
|
||||
|
||||
<p>In this guide, we will configure MySQL <b>Master-Master</b> replication over Tor. In this configuration, each database acts as both <b>Master</b> and <b>Slave</b>, automatically replicating queries between them via a Tor connection.</p>
|
||||
|
||||
</div>
|
||||
</div><!-- /row -->
|
||||
</div> <!-- /container -->
|
||||
</div><!-- /white -->
|
||||
|
||||
<div id="anon2">
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-lg-8 col-lg-offset-2">
|
||||
<h2><b>Overview</b></h2>
|
||||
|
||||
<p>
|
||||
This guide assumes you already have the stack from the <a href="../tornginxphpmysql/index.html">last tutorial</a> running.<br>
|
||||
</p>
|
||||
|
||||
<p>
|
||||
We will synchronize databases automatically between our two hidden services. If a user makes a purchase on one server, the second server will be notified immediately, executing the same SQL query on both databases. All communication between servers will occur over the Tor network, providing authentication and encryption without opening ports or generating SSL certificates.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
The MariaDB server running on each machine will connect to an onion address using socat as a background service configured with systemd, since it cannot utilize the socks5 proxy provided by the Tor client directly.
|
||||
</p>
|
||||
|
||||
<p>For each server, we will later generate two onion v3 vanity URLs:<br>
|
||||
<ul>
|
||||
<li><b>Public Hidden Service URL</b> - This is used for accessing the hidden service as a client. Place this URL in your NGINX configuration to expose the vegetable shop service at port <b>80</b>.</li><br>
|
||||
<li><b>Internal Hidden Service URL</b> - Used exclusively for inter-service communication.</li>
|
||||
</ul></p>
|
||||
|
||||
<p>Note that you can use only numbers <b>2-7</b> in the onion URL, as they are not part of the <a href="https://en.wikipedia.org/wiki/Base32">base32 alphabet</a> used for encoding onion URLs. In this guide, I use words like <b>one</b> and <b>two</b> instead.</p>
|
||||
|
||||
<p>
|
||||
Below is a table showing what ports and services will be active on each server:
|
||||
</p>
|
||||
|
||||
<table>
|
||||
<tr>
|
||||
<td></td>
|
||||
<td>Server 1</td>
|
||||
<td>Server 2</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Hostname</td>
|
||||
<td>server1</td>
|
||||
<td>server2</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Local HTTP (NGINX) port</td>
|
||||
<td>4440</td>
|
||||
<td>4440</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Public HS URL</td>
|
||||
<td>srvone[...].onion</td>
|
||||
<td>srvtwo[...].onion</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>External HTTP port</td>
|
||||
<td>80</td>
|
||||
<td>80</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Internal<a>*</a> HS URL</td>
|
||||
<td>intone[...].onion</td>
|
||||
<td>inttwo[...].onion</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Local MySQL port</td>
|
||||
<td>3306</td>
|
||||
<td>3306</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>MySQL HS port</td>
|
||||
<td>33061</td>
|
||||
<td>33062</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
<p><a>*</a> The <b>Internal Hidden Service</b> is used exclusively for inter-server communication, and its URL should remain private.</p>
|
||||
|
||||
<p>
|
||||
Here is a full diagram of what we aim to achieve:
|
||||
</p>
|
||||
|
||||
<img src="1.png" class="imgRz">
|
||||
|
||||
</div>
|
||||
</div><!-- /row -->
|
||||
</div> <!-- /container -->
|
||||
</div><!-- /white -->
|
||||
|
||||
<div id="anon1">
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-lg-8 col-lg-offset-2">
|
||||
<h2><b>Prerequisites</b></h2>
|
||||
<p>To follow this guide, you need two instances running the stack set up in the <a href="../tornginxphpmysql/index.html">previous tutorial</a>. In production, it's recommended to place them on different servers and networks for high availability. However, for demonstration purposes, you may use <a href="https://www.proxmox.com/en/">Proxmox VE</a>.</p>
|
||||
|
||||
<p>
|
||||
If using Proxmox, after setting up the vegetable store once, you can clone it to create a second instance.
|
||||
</p>
|
||||
<img src="4.png">
|
||||
<img src="5.png">
|
||||
|
||||
<br>
|
||||
<br>
|
||||
|
||||
<p>Ensure you have socat installed on both servers:</p>
|
||||
|
||||
<pre><code class="nim">oxeo@serverN:~$ sudo apt update
|
||||
oxeo@serverN:~$ sudo apt install socat
|
||||
</code></pre>
|
||||
|
||||
</div>
|
||||
</div><!-- /row -->
|
||||
</div> <!-- /container -->
|
||||
</div><!-- /white -->
|
||||
|
||||
<div id="anon2">
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-lg-8 col-lg-offset-2">
|
||||
<h2 id="part-1"><b>Part 1</b></h2>
|
||||
|
||||
<p>The steps listed below should be executed on your first server. The <a href="#part-2">second part</a> of this guide will include commands for the second server with slight modifications, but they are mostly the same.<br>
|
||||
This part contains explanations of how things work; the <a href="#part-2">second part</a> is primarily a list of commands.</p>
|
||||
|
||||
</div>
|
||||
</div><!-- /row -->
|
||||
</div> <!-- /container -->
|
||||
</div><!-- /white -->
|
||||
|
||||
<div id="anon1">
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-lg-8 col-lg-offset-2">
|
||||
<h2><b>MySQL Service Configuration</b></h2>
|
||||
|
||||
<p>
|
||||
You need to create a location for storing relay and binlog log files:
|
||||
</p>
|
||||
|
||||
<pre><code class="nim">oxeo@server1:~$ sudo mkdir /var/log/mysql
|
||||
oxeo@server1:~$ sudo chown mysql:mysql /var/log/mysql
|
||||
</code></pre>
|
||||
|
||||
<p>
|
||||
Now edit the <b>/etc/mysql/mariadb.conf.d/50-server.cnf</b> adding the following lines under the <b>[mysqld]</b> section:
|
||||
</p>
|
||||
|
||||
<pre><code class="nim">[mysqld]
|
||||
server-id = 1
|
||||
log_bin = /var/log/mysql/mysql-bin.log
|
||||
binlog-ignore-db = test
|
||||
binlog-ignore-db = information_schema
|
||||
replicate-ignore-db = test
|
||||
replicate-ignore-db = information_schema
|
||||
relay-log = "mysql-relay-log"
|
||||
auto-increment-increment = 2
|
||||
auto-increment-offset = 1
|
||||
</code></pre>
|
||||
|
||||
<ul>
|
||||
<li>
|
||||
<b>server-id</b> - sets a unique identifier for this MySQL server instance within a replication setup. Each server in a replication topology must have a distinct server-id.
|
||||
</li>
|
||||
<li>
|
||||
<b>log_bin</b> - specifies the path to hold binary logging data used by <b>Master</b> to queue SQL events to send.
|
||||
</li>
|
||||
<li>
|
||||
<b>binlog-ignore-db</b> - excludes metadata and testing databases from being logged in binlog.
|
||||
</li>
|
||||
<li>
|
||||
<b>replicate-ignore-db</b> - same thing but prevents replication of those databases.
|
||||
</li>
|
||||
<li>
|
||||
<b>relay-log</b> - specifies the path for relay log data used by the <b>Slave</b> to queue events received from <b>Master</b>.
|
||||
</li>
|
||||
<li>
|
||||
<b>auto-increment-increment</b> - the same as number of master nodes, it ensures every second row insertion to prevent write collisions.
|
||||
</li>
|
||||
<li>
|
||||
<b>auto-increment-offset</b> - the same as current server number, sets the first row index to write into. In our setup it will write odd rowse for server 1 and even for server 2.
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<p>
|
||||
Restart the MariaDB service to apply these changes:
|
||||
</p>
|
||||
|
||||
<pre><code class="nim">oxeo@server1:~$ sudo systemctl restart mariadb
|
||||
</code></pre>
|
||||
|
||||
</div>
|
||||
</div><!-- /row -->
|
||||
</div> <!-- /container -->
|
||||
</div><!-- /white -->
|
||||
|
||||
<div id="anon2">
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-lg-8 col-lg-offset-2">
|
||||
<h2><b>MySQL Replication User</b></h2>
|
||||
|
||||
<p>
|
||||
Add a replication user on the first server using MySQL shell.
|
||||
</p>
|
||||
|
||||
<pre><code class="nim">oxeo@server1:~$ sudo mysql
|
||||
[...]
|
||||
MariaDB [(none)]> CREATE USER 'repl'@'%' IDENTIFIED BY 'YOUR_GENERATED_SLAVE_PASSWORD';
|
||||
Query OK, 0 rows affected (0.001 sec)
|
||||
|
||||
MariaDB [(none)]> grant replication slave on *.* to 'repl'@'%';
|
||||
Query OK, 0 rows affected (0.001 sec)
|
||||
</code></pre>
|
||||
|
||||
<p>
|
||||
You can generate a reasonably secure slave password with the following command:
|
||||
</p>
|
||||
|
||||
<pre><code class="nim">oxeo@server1:~$ tr -dc 'A-Za-z0-9' < /dev/urandom | head -c 12 && echo
|
||||
3adaQtXsu50w
|
||||
</code></pre>
|
||||
|
||||
<p>
|
||||
Replace <b>YOUR_GENERATED_SLAVE_PASSWORD</b> with the generated password and note it down for configuring the second server.
|
||||
</p>
|
||||
|
||||
</div>
|
||||
</div><!-- /row -->
|
||||
</div> <!-- /container -->
|
||||
</div><!-- /white -->
|
||||
|
||||
<div id="anon1">
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-lg-8 col-lg-offset-2">
|
||||
<h2><b>Tor Configuration</b></h2>
|
||||
|
||||
<p>
|
||||
To make our MySQL instance accessible to the second server, create another hidden service in <b>/etc/tor/torrc</b>. You should have two hidden services: one public and one internal.<br>
|
||||
On the internal hidden service, we will also expose SSH which will come handy later.
|
||||
</p>
|
||||
|
||||
<pre><code class="nim">HiddenServiceDir /var/lib/tor/veggie_service/
|
||||
HiddenServicePort 80 127.0.0.1:4440
|
||||
|
||||
HiddenServiceDir /var/lib/tor/internal_service/
|
||||
HiddenServicePort 33061 127.0.0.1:3306
|
||||
HiddenServicePort 22 127.0.0.1:22
|
||||
</code></pre>
|
||||
|
||||
<p>
|
||||
Restart the Tor daemon to apply these changes (Tor will automatically create necessary directories and set permissions):
|
||||
</p>
|
||||
|
||||
<pre><code class="nim">oxeo@server1:~$ sudo systemctl restart tor
|
||||
</code></pre>
|
||||
|
||||
<p>
|
||||
Verify that the directories were successfully created.
|
||||
</p>
|
||||
|
||||
<pre><code class="nim">oxeo@server1:~$ sudo ls -la /var/lib/tor/internal_service
|
||||
total 23
|
||||
drwx--S--- 3 debian-tor debian-tor 6 Feb 16 17:23 .
|
||||
drwx--S--- 5 debian-tor debian-tor 11 Feb 16 17:23 ..
|
||||
drwx--S--- 2 debian-tor debian-tor 2 Feb 16 17:23 authorized_clients
|
||||
-rw------- 1 debian-tor debian-tor 63 Feb 16 17:23 hostname
|
||||
-rw------- 1 debian-tor debian-tor 64 Feb 16 17:23 hs_ed25519_public_key
|
||||
-rw------- 1 debian-tor debian-tor 96 Feb 16 17:23 hs_ed25519_secret_key
|
||||
</code></pre>
|
||||
|
||||
<p>
|
||||
Of course automatically generated hidden service hostname will be random so you need to <a href="../torwebsite/index.html#mkp224o">generate vanity URLs</a> for <b>srvone[...].onion</b> and <b>intone[...].onion</b> and copy appropriate keys to <b>/var/lib/tor/veggie_service</b> and <b>/var/lib/tor/internal_service</b> respectively.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
If you haven't already, update the <b>server_name</b> also in <b>/etc/nginx/sites-available/veggie-shop.conf</b>:
|
||||
<pre><code class="nim">server {
|
||||
listen 127.0.0.1:4440;
|
||||
server_name srvone4oj33rvnykz252tf2holi5ae6pz5w62znumesgmzg7mjbnhtyd.onion;
|
||||
root /srv/shop/;
|
||||
index index.php;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
include snippets/fastcgi-php.conf;
|
||||
fastcgi_pass unix:/var/run/php/php-fpm.sock;
|
||||
}
|
||||
}
|
||||
</code></pre>
|
||||
</p>
|
||||
|
||||
<p>
|
||||
Restart Nginx and Tor once again, then verify you can access your veggie shop under new onion URL:
|
||||
</p>
|
||||
|
||||
<pre><code class="nim">oxeo@server1:~$ sudo systemctl restart tor nginx
|
||||
</code></pre>
|
||||
|
||||
<img src="6.png" class="imgRz">
|
||||
|
||||
</div>
|
||||
</div><!-- /row -->
|
||||
</div> <!-- /container -->
|
||||
</div><!-- /white -->
|
||||
|
||||
|
||||
<div id="anon2">
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-lg-8 col-lg-offset-2">
|
||||
<h2><b>Socat Forwarding Service</b></h2>
|
||||
|
||||
<p>
|
||||
Now we need to create a systemd service forwarding MySQL traffic to the onion address.<br>
|
||||
Here's how it will look like from the perspective of first server:<br>
|
||||
<img src="3.png" style="max-height: 600px;">
|
||||
</p>
|
||||
|
||||
<p>
|
||||
To achieve this, create a new systemd service by creating file under <b>/etc/systemd/system/socat-tor.service</b> with following contents:
|
||||
</p>
|
||||
|
||||
<pre><code class="nim">[Unit]
|
||||
Description=Socat TCP Listener to SOCKS4A Proxy
|
||||
After=network.target tor.service
|
||||
Requires=tor.service
|
||||
|
||||
[Service]
|
||||
ExecStart=/usr/bin/socat TCP-LISTEN:33062,fork,bind=127.0.0.1 SOCKS4A:127.0.0.1:inttwo6kfloukru2ggozocyhce25fnomlx76du7rugbnj5v46iydtdqd.onion:33062,socksport=9050
|
||||
Restart=always
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
</code></pre>
|
||||
|
||||
<p>
|
||||
Remember to replace <b>inttwo[...].onion</b> with your actual second server internal URL.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
And enable the service:
|
||||
</p>
|
||||
|
||||
<pre><code class="nim">oxeo@server1:~$ sudo systemctl daemon-reload
|
||||
oxeo@server1:~$ sudo systemctl enable --now socat-tor
|
||||
</code></pre>
|
||||
|
||||
</div>
|
||||
</div><!-- /row -->
|
||||
</div> <!-- /container -->
|
||||
</div><!-- /white -->
|
||||
|
||||
<div id="anon1">
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-lg-8 col-lg-offset-2">
|
||||
<h2 id="part-2"><b>Part 2</b></h2>
|
||||
|
||||
<p>
|
||||
Now log into your 2nd server and run the commands listed below. They're mostly the same with very slight differences. When you need to change something I will add a note but generally, if you get stuck on something, you should look it up in the <a href="#part-1">first part</a>.
|
||||
</p>
|
||||
|
||||
</div>
|
||||
</div><!-- /row -->
|
||||
</div> <!-- /container -->
|
||||
</div><!-- /white -->
|
||||
|
||||
<div id="anon2">
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-lg-8 col-lg-offset-2">
|
||||
<h2><b>MySQL Service Configuration</b></h2>
|
||||
|
||||
<pre><code class="nim">oxeo@server2:~$ sudo mkdir /var/log/mysql
|
||||
oxeo@server2:~$ sudo chown mysql:mysql /var/log/mysql
|
||||
</code></pre>
|
||||
|
||||
<p>
|
||||
<b>/etc/mysql/mariadb.conf.d/50-server.cnf</b>:
|
||||
</p>
|
||||
|
||||
<pre><code class="nim">[mysqld]
|
||||
server-id = 2
|
||||
log_bin = /var/log/mysql/mysql-bin.log
|
||||
binlog-ignore-db = test
|
||||
binlog-ignore-db = information_schema
|
||||
replicate-ignore-db = test
|
||||
replicate-ignore-db = information_schema
|
||||
relay-log = "mysql-relay-log"
|
||||
auto-increment-increment = 2
|
||||
auto-increment-offset = 2
|
||||
</code></pre>
|
||||
|
||||
<pre><code class="nim">oxeo@server2:~$ sudo systemctl restart mariadb
|
||||
</code></pre>
|
||||
|
||||
</div>
|
||||
</div><!-- /row -->
|
||||
</div> <!-- /container -->
|
||||
</div><!-- /white -->
|
||||
|
||||
<div id="anon1">
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-lg-8 col-lg-offset-2">
|
||||
<h2><b>MySQL Replication User</b></h2>
|
||||
|
||||
<p>
|
||||
Now you can open MySQL shell on the first server and add replication user.
|
||||
</p>
|
||||
|
||||
<pre><code class="nim">oxeo@server2:~$ sudo mysql
|
||||
[...]
|
||||
|
||||
MariaDB [(none)]> CREATE USER 'repl'@'%' IDENTIFIED BY 'YOUR_GENERATED_SLAVE_PASSWORD';
|
||||
Query OK, 0 rows affected (0.001 sec)
|
||||
|
||||
MariaDB [(none)]> grant replication slave on *.* to 'repl'@'%';
|
||||
Query OK, 0 rows affected (0.001 sec)
|
||||
</code></pre>
|
||||
|
||||
<p>
|
||||
Replace <b>YOUR_GENERATED_SLAVE_PASSWORD</b> with the one you generated earlier.
|
||||
</p>
|
||||
|
||||
</div>
|
||||
</div><!-- /row -->
|
||||
</div> <!-- /container -->
|
||||
</div><!-- /white -->
|
||||
|
||||
<div id="anon2">
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-lg-8 col-lg-offset-2">
|
||||
<h2><b>Tor Configuration</b></h2>
|
||||
|
||||
<p>
|
||||
Add to <b>/etc/tor/torrc</b>:
|
||||
</p>
|
||||
|
||||
<pre><code class="nim">HiddenServiceDir /var/lib/tor/veggie_service/
|
||||
HiddenServicePort 80 127.0.0.1:4440
|
||||
|
||||
HiddenServiceDir /var/lib/tor/internal_service/
|
||||
HiddenServicePort 33062 127.0.0.1:3306
|
||||
HiddenServicePort 22 127.0.0.1:22
|
||||
</code></pre>
|
||||
|
||||
<pre><code class="nim">oxeo@server2:~$ sudo systemctl restart tor
|
||||
</code></pre>
|
||||
|
||||
<pre><code class="nim">oxeo@server2:~$ sudo ls -la /var/lib/tor/internal_service
|
||||
total 23
|
||||
drwx--S--- 3 debian-tor debian-tor 6 Feb 16 17:23 .
|
||||
drwx--S--- 5 debian-tor debian-tor 11 Feb 16 17:23 ..
|
||||
drwx--S--- 2 debian-tor debian-tor 2 Feb 16 17:23 authorized_clients
|
||||
-rw------- 1 debian-tor debian-tor 63 Feb 16 17:23 hostname
|
||||
-rw------- 1 debian-tor debian-tor 64 Feb 16 17:23 hs_ed25519_public_key
|
||||
-rw------- 1 debian-tor debian-tor 96 Feb 16 17:23 hs_ed25519_secret_key
|
||||
</code></pre>
|
||||
|
||||
<p>
|
||||
<a href="../torwebsite/index.html#mkp224o">Generate vanity URLs</a> for <b>srvtwo[...].onion</b> and <b>inttwo[...].onion</b> and copy appropriate keys to <b>/var/lib/tor/veggie_service</b> and <b>/var/lib/tor/internal_service</b> respectively.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
<b>/etc/nginx/sites-available/veggie-shop.conf</b>:
|
||||
<pre><code class="nim">server {
|
||||
listen 127.0.0.1:4440;
|
||||
server_name srvtwo7a3ddvt5kncimkh5esstmzomdjx2fr7o73q66fzdrsbtnexhyd.onion;
|
||||
root /srv/shop/;
|
||||
index index.php;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
include snippets/fastcgi-php.conf;
|
||||
fastcgi_pass unix:/var/run/php/php-fpm.sock;
|
||||
}
|
||||
}
|
||||
</code></pre>
|
||||
</p>
|
||||
|
||||
<pre><code class="nim">oxeo@server1:~$ sudo systemctl restart tor nginx
|
||||
</code></pre>
|
||||
|
||||
</div>
|
||||
</div><!-- /row -->
|
||||
</div> <!-- /container -->
|
||||
</div><!-- /white -->
|
||||
|
||||
|
||||
<div id="anon1">
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-lg-8 col-lg-offset-2">
|
||||
<h2><b>Socat Forwarding Service</b></h2>
|
||||
|
||||
<p>
|
||||
<b>/etc/systemd/system/socat-tor.service</b>:
|
||||
</p>
|
||||
|
||||
<pre><code class="nim">[Unit]
|
||||
Description=Socat TCP Listener to SOCKS4A Proxy
|
||||
After=network.target tor.service
|
||||
Requires=tor.service
|
||||
|
||||
[Service]
|
||||
ExecStart=/usr/bin/socat TCP-LISTEN:33061,fork,bind=127.0.0.1 SOCKS4A:127.0.0.1:intone74u43zmapi3a3k3vesrvyhcfmqp6alzgzwhv6oz32bn63jjbad.onion:33061,socksport=9050
|
||||
Restart=always
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
</code></pre>
|
||||
|
||||
<p>
|
||||
Remember to replace <b>intone[...].onion</b> with your actual first server internal URL.
|
||||
</p>
|
||||
|
||||
<pre><code class="nim">oxeo@server2:~$ sudo systemctl daemon-reload
|
||||
oxeo@server2:~$ sudo systemctl enable --now socat-tor
|
||||
</code></pre>
|
||||
|
||||
</div>
|
||||
</div><!-- /row -->
|
||||
</div> <!-- /container -->
|
||||
</div><!-- /white -->
|
||||
|
||||
<div id="anon2">
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-lg-8 col-lg-offset-2">
|
||||
<h2><b>Part 3 - MySQL Master Configuration</b></h2>
|
||||
|
||||
<p>
|
||||
To enable <b>Master-Master</b> replication, both databases must be synchronized. Export the database from the first server and restore it on the second one.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
Dump the database on the first server and calculate its MD5 checksum:
|
||||
</p>
|
||||
|
||||
<pre><code class="nim">oxeo@server1:~$ sudo mysqldump -uroot --all-databases --master-data > master1dump.sql
|
||||
oxeo@server1:~$ md5sum master1dump.sql
|
||||
40c3cfa7e778cc276b6a3b670a3823a6
|
||||
</code></pre>
|
||||
|
||||
<p>Transfer the dump to your second server using <b>SCP</b> (a wrapper over SSH enabling file transfer). To not reveal your public IP address, we will connect via the internal hidden service with <b>torsocks</b>. Remember to replace <b>int[...].onion</b> URLs with ones you generated.
|
||||
</p>
|
||||
|
||||
<p>First, transfer from the first server to your computer:</p>
|
||||
|
||||
<pre><code class="nim">oxeo@main-pc:~$ torsocks scp oxeo@intone74u43zmapi3a3k3vesrvyhcfmqp6alzgzwhv6oz32bn63jjbad.onion:/home/oxeo/master1dump.sql /tmp/master1dump.sql
|
||||
master1dump.sql 100% 2428KB 1.1MB/s 00:03
|
||||
</code></pre>
|
||||
|
||||
<p>Then, transfer from your computer to the second server:</p>
|
||||
|
||||
<pre><code class="nim">oxeo@main-pc:~$ torsocks scp /tmp/master1dump.sql oxeo@inttwo6kfloukru2ggozocyhce25fnomlx76du7rugbnj5v46iydtdqd.onion:/home/oxeo/master1dump.sql
|
||||
master1dump.sql 100% 2428KB 1.4MB/s 00:02
|
||||
</code></pre>
|
||||
|
||||
<p>Verify the MD5 checksum on the second server and restore the database if it matches:</p>
|
||||
|
||||
<pre><code class="nim">oxeo@server2:~$ md5sum master1dump.sql
|
||||
40c3cfa7e778cc276b6a3b670a3823a6
|
||||
oxeo@server2:~$ sudo mysql -u root < master1dump.sql
|
||||
</code></pre>
|
||||
|
||||
<p>
|
||||
Finally, enable the <b>Master</b> role on each database. Here are the commands for the first server:
|
||||
</p>
|
||||
|
||||
<pre><code class="nim">oxeo@server1:~$ sudo mysql
|
||||
[...]
|
||||
|
||||
MariaDB [(none)]> STOP SLAVE;
|
||||
Query OK, 0 rows affected (0.001 sec)
|
||||
|
||||
MariaDB [(none)]> SHOW MASTER STATUS;
|
||||
+------------------+----------+--------------+-------------------------+
|
||||
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
|
||||
+------------------+----------+--------------+-------------------------+
|
||||
| mysql-bin.000001 | 328 | | test,information_schema |
|
||||
+------------------+----------+--------------+-------------------------+
|
||||
1 row in set (0.000 sec)
|
||||
|
||||
MariaDB [(none)]> CHANGE MASTER TO master_host = '127.0.0.1', master_user = 'repl', master_port=33062, master_password='YOUR_GENERATED_SLAVE_PASSWORD', master_log_file = 'mysql-bin.000001', master_log_pos = 2490521;
|
||||
Query OK, 0 rows affected, 1 warning (0.004 sec)
|
||||
|
||||
MariaDB [(none)]> START SLAVE;
|
||||
Query OK, 0 rows affected (0.001 sec)
|
||||
</code></pre>
|
||||
|
||||
<p>
|
||||
And on the second server:
|
||||
</p>
|
||||
|
||||
<pre><code class="nim">oxeo@server2:~$ sudo mysql
|
||||
[...]
|
||||
|
||||
MariaDB [(none)]> STOP SLAVE;
|
||||
Query OK, 0 rows affected (0.001 sec)
|
||||
|
||||
MariaDB [(none)]> SHOW MASTER STATUS;
|
||||
+------------------+----------+--------------+-------------------------+
|
||||
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
|
||||
+------------------+----------+--------------+-------------------------+
|
||||
| mysql-bin.000001 | 2490521 | | test,information_schema |
|
||||
+------------------+----------+--------------+-------------------------+
|
||||
1 row in set (0.000 sec)
|
||||
|
||||
MariaDB [(none)]> CHANGE MASTER TO master_host = '127.0.0.1', master_user = 'repl', master_port=33061, master_password='YOUR_GENERATED_SLAVE_PASSWORD', master_log_file = 'mysql-bin.000001', master_log_pos = 328;
|
||||
Query OK, 0 rows affected, 1 warning (0.022 sec)
|
||||
|
||||
MariaDB [(none)]> START SLAVE;
|
||||
Query OK, 0 rows affected (0.001 sec)
|
||||
</code></pre>
|
||||
|
||||
<p>
|
||||
Replace <b>YOUR_GENERATED_SLAVE_PASSWORD</b> with the one you generated earlier.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
Now a breakdown of what they do:
|
||||
<ul>
|
||||
<li>
|
||||
<b>STOP SLAVE</b> - stops the <b>Slave</b> role. We need to stop it temporarily when configuring <b>Master</b> parameters.
|
||||
</li><br>
|
||||
<li>
|
||||
<b>SHOW MASTER STATUS</b> - displays information about the binary log status of <b>Master</b> server. Here, the <b>Position</b> column is the most important. It indicates the position within the binary log file where replication or recovery would begin. In the next command you need to put the <b>Position</b> value from the 2nd database into the <b>master_log_pos</b> of the 1st database. And the other way around for the <b>master_log_pos</b> on 2nd database.
|
||||
</li><br>
|
||||
<li>
|
||||
<b>CHANGE MASTER TO [...]</b> - tells the database to connect to <b>Master</b> at socat forwared port with the password we configured for <b>repl</b> user. The replication should start from <b>master_log_pos</b> as described above.
|
||||
</li><br>
|
||||
<li>
|
||||
<b>START SLAVE</b> - starts the <b>Slave</b> role with a newly configured <b>Master</b>.
|
||||
</li>
|
||||
</ul>
|
||||
</p>
|
||||
|
||||
</div>
|
||||
</div><!-- /row -->
|
||||
</div> <!-- /container -->
|
||||
</div><!-- /white -->
|
||||
|
||||
<div id="anon1">
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-lg-8 col-lg-offset-2">
|
||||
<h2><b>Testing Replication</b></h2>
|
||||
|
||||
<p>
|
||||
Now to test if both databases are synchronized, we will modify the data directly on one database and verify that both services are updated after reloading the site.
|
||||
</p>
|
||||
|
||||
<pre><code class="nim">oxeo@server1:~$ sudo mysql
|
||||
[...]
|
||||
|
||||
MariaDB [(none)]> USE veggie_shop;
|
||||
Database changed
|
||||
MariaDB [veggie_shop]> INSERT INTO products (name, price, quantity) VALUES ('Pear', 0.65, 10);
|
||||
Query OK, 1 row affected (0.005 sec)
|
||||
</code></pre>
|
||||
|
||||
<img src="7.png" class="imgRz">
|
||||
|
||||
<br>
|
||||
<br>
|
||||
|
||||
<p>
|
||||
Changes to the second database should be replicated as well so we'll test it by updating the number of pears.
|
||||
</p>
|
||||
|
||||
<pre><code class="nim">oxeo@server2:~$ sudo mysql
|
||||
[...]
|
||||
|
||||
MariaDB [(none)]> USE veggie_shop;
|
||||
Database changed
|
||||
MariaDB [veggie_shop]> UPDATE products SET quantity = 42 WHERE name = 'Pear';
|
||||
Query OK, 1 row affected (0.002 sec)
|
||||
Rows matched: 1 Changed: 1 Warnings: 0
|
||||
</code></pre>
|
||||
|
||||
<img src="8.png" class="imgRz">
|
||||
|
||||
</div>
|
||||
</div><!-- /row -->
|
||||
</div> <!-- /container -->
|
||||
</div><!-- /white -->
|
||||
|
||||
<div id="anon2">
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-lg-8 col-lg-offset-2">
|
||||
<h2><b>Troubleshooting</b></h2>
|
||||
|
||||
<p>
|
||||
If for whatever reason your replication works only in one way or doesn't work at all, you can check the system journal:
|
||||
</p>
|
||||
|
||||
<pre><code class="nim">oxeo@server1:~$ sudo journalctl -xe
|
||||
[...]
|
||||
Feb 16 20:27:55 server1 /etc/mysql/debian-start[392]: Upgrading MySQL tables if necessary.
|
||||
Feb 16 20:27:55 server1 /etc/mysql/debian-start[433]: Triggering myisam-recover for all MyISAM tables and aria-recover for all Aria tables
|
||||
Feb 16 20:27:58 server1 mariadbd[311]: 2025-02-16 20:27:58 5 [Note] Slave I/O thread: connected to master 'repl@127.0.0.1:33062',replication started in log 'mysql-bin.000003' at position 682
|
||||
Feb 16 20:29:57 server1 mariadbd[311]: 2025-02-16 20:29:57 38 [Note] Start binlog_dump to slave_server(2), pos(mysql-bin.000003, 1022), using_gtid(0), gtid('')
|
||||
[...]
|
||||
</code></pre>
|
||||
|
||||
<p>
|
||||
You can also check the listening ports using the <b>ss</b> command. Here's how it should look like:
|
||||
</p>
|
||||
|
||||
<pre><code class="nim">oxeo@server1:~$ sudo ss -tulp
|
||||
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
|
||||
udp UNCONN 0 0 0.0.0.0:bootpc 0.0.0.0:* users:(("dhclient",pid=93,fd=7))
|
||||
tcp LISTEN 0 5 127.0.0.1:33062 0.0.0.0:* users:(("socat",pid=156,fd=5))
|
||||
tcp LISTEN 0 100 127.0.0.1:smtp 0.0.0.0:* users:(("master",pid=445,fd=13))
|
||||
tcp LISTEN 0 80 127.0.0.1:mysql 0.0.0.0:* users:(("mariadbd",pid=311,fd=25))
|
||||
tcp LISTEN 0 511 127.0.0.1:4440 0.0.0.0:* users:(("nginx",pid=9278,fd=5),("nginx",pid=9277,fd=5),("nginx",pid=9276,fd=5))
|
||||
tcp LISTEN 0 4096 127.0.0.1:9050 0.0.0.0:* users:(("tor",pid=187,fd=6))
|
||||
tcp LISTEN 0 100 [::1]:smtp [::]:* users:(("master",pid=445,fd=14))
|
||||
tcp LISTEN 0 4096 *:ssh *:* users:(("sshd",pid=175,fd=3),("systemd",pid=1,fd=39))
|
||||
</code></pre>
|
||||
|
||||
</div>
|
||||
</div><!-- /row -->
|
||||
</div> <!-- /container -->
|
||||
</div><!-- /white -->
|
||||
|
||||
<div id="anon1">
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-lg-8 col-lg-offset-2">
|
||||
<h2><b>Closing Remarks</b></h2>
|
||||
|
||||
<p>
|
||||
<b>Congratulations!</b> - You have just succesfully configured MySQL replication over Tor. Not many people ever achieved that ;)
|
||||
</p>
|
||||
|
||||
<p>
|
||||
If you need even more security for inter-server communication, you could configure <a href="https://community.torproject.org/onion-services/advanced/client-auth/">Client Authorization</a>. Nowadays it <a href="https://forum.torproject.org/t/is-there-an-index-for-onion-domains/6893/3">shouldn't be necessary</a> unless your internal onion URL has been compromised. It provides additional protection by requiring a private key approved by your Hidden Service to access internal services.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
In the <a href="#TODO">next tutorial</a> of this series, we will configure <a href="https://onionservices.torproject.org/apps/base/onionbalance/">Onionbalance</a> - a service that automatically distributes requests over multiple backends on the same onion URL.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
<b>Additional resources</b>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="../../selfhosting/db/msql_mm.html">MySQL master-master replication in local network</a> (written by Nihilist)
|
||||
</li><br>
|
||||
<li>
|
||||
<a href="https://andrewhofmans.com/blog/how-to/mysql-master-slave-replication-over-ssh-tunnel/">MySQL master-slave replication over SSH tunnel</a>
|
||||
</li>
|
||||
</ul>
|
||||
</p>
|
||||
|
||||
</div>
|
||||
</div><!-- /row -->
|
||||
</div> <!-- /container -->
|
||||
</div><!-- /white -->
|
||||
|
||||
<!-- +++++ Footer Section +++++ -->
|
||||
|
||||
<div id="anonb">
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-lg-4">
|
||||
<h4>Nihilism</h4>
|
||||
<p>
|
||||
Until there is Nothing left.</p></br></br><p>Creative Commons Zero: <a href="../../../../opsec/runtheblog/index.html">No Rights Reserved</a></br><img src="\CC0.png">
|
||||
|
||||
</p>
|
||||
</div><!-- /col-lg-4 -->
|
||||
|
||||
<div class="col-lg-4">
|
||||
<h4>My Links</h4>
|
||||
<p>
|
||||
|
||||
<a target="_blank" rel="noopener noreferrer" href="http://blog.nowhere.moe/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://simplex.chat/contact#/?v=2-7&smp=smp%3A%2F%2FBD4qkVq8lJUgjHt0kUaxeQBYsKaxDejeecxm6-2vOwI%3D%40b6geeakpwskovltbesvy3b6ah3ewxfmnhnshojndmpp7wcv2df7bnead.onion%2FdXQ3FLM5ufTNQxgXU6jm07fRXSq9Ujkt%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEAzABUDXe4g0bjXyPcNOU0QzWxMYMMGgR3kcOQacoEaQ0%253D&data=%7B%22groupLinkId%22%3A%22G3yklv9753AcNA7lGV3FBw%3D%3D%22%7D">SimpleX Chat</a><br/>
|
||||
|
||||
</p>
|
||||
</div><!-- /col-lg-4 -->
|
||||
|
||||
<div class="col-lg-4">
|
||||
<h4 class="readable">About nihilist</h4>
|
||||
<p style="word-wrap: break-word;"><u>Donate XMR:</u>
|
||||
8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8
|
||||
</p></br>
|
||||
<p style="word-wrap: break-word;"><u>Donate XMR to the author:</u>
|
||||
862Sp3N5Y8NByFmPVLTPrJYzwdiiVxkhQgAdt65mpYKJLdVDHyYQ8swLgnVr8D3jKphDUcWUCVK1vZv9u8cvtRJCUBFb8MQ</p>
|
||||
<p class="readable"><u>Contact:</u> nihilist@contact.nowhere.moe (<a
|
||||
href="https://nowhere.moe/nihilist.pubkey">PGP</a>)</p>
|
||||
</div><!-- /col-lg-4 -->
|
||||
|
||||
</div>
|
||||
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
||||
<!-- Bootstrap core JavaScript
|
||||
================================================== -->
|
||||
<!-- Placed at the end of the document so the pages load faster -->
|
||||
|
||||
</body>
|
||||
</html>
|
0
opsec/qubesos/Screenshot From 2024-12-05 11-20-03.png
Normal file → Executable file
Before Width: | Height: | Size: 162 KiB After Width: | Height: | Size: 162 KiB |
0
opsec/qubesos/Screenshot From 2024-12-05 16-26-38.png
Normal file → Executable file
Before Width: | Height: | Size: 11 KiB After Width: | Height: | Size: 11 KiB |
0
opsec/qubesos/Screenshot From 2024-12-05 16-28-18.png
Normal file → Executable file
Before Width: | Height: | Size: 178 KiB After Width: | Height: | Size: 178 KiB |
0
opsec/qubesos/Screenshot From 2024-12-05 16-28-40.png
Normal file → Executable file
Before Width: | Height: | Size: 137 KiB After Width: | Height: | Size: 137 KiB |
0
opsec/qubesos/Screenshot From 2024-12-05 16-28-51.png
Normal file → Executable file
Before Width: | Height: | Size: 74 KiB After Width: | Height: | Size: 74 KiB |
0
opsec/qubesos/Screenshot From 2024-12-05 16-29-00.png
Normal file → Executable file
Before Width: | Height: | Size: 82 KiB After Width: | Height: | Size: 82 KiB |
0
opsec/qubesos/Screenshot From 2024-12-05 16-29-12.png
Normal file → Executable file
Before Width: | Height: | Size: 96 KiB After Width: | Height: | Size: 96 KiB |
0
opsec/qubesos/Screenshot From 2024-12-05 16-29-23.png
Normal file → Executable file
Before Width: | Height: | Size: 94 KiB After Width: | Height: | Size: 94 KiB |
0
opsec/qubesos/Screenshot From 2024-12-05 16-29-33.png
Normal file → Executable file
Before Width: | Height: | Size: 143 KiB After Width: | Height: | Size: 143 KiB |
0
opsec/qubesos/Screenshot From 2024-12-05 16-29-47.png
Normal file → Executable file
Before Width: | Height: | Size: 38 KiB After Width: | Height: | Size: 38 KiB |
0
opsec/qubesos/Screenshot From 2024-12-05 16-29-57.png
Normal file → Executable file
Before Width: | Height: | Size: 134 KiB After Width: | Height: | Size: 134 KiB |
0
opsec/qubesos/Screenshot From 2024-12-05 16-39-09.png
Normal file → Executable file
Before Width: | Height: | Size: 94 KiB After Width: | Height: | Size: 94 KiB |
0
opsec/qubesos/Screenshot From 2024-12-05 16-39-27.png
Normal file → Executable file
Before Width: | Height: | Size: 7.4 KiB After Width: | Height: | Size: 7.4 KiB |
0
opsec/qubesos/Screenshot From 2024-12-05 16-40-07.png
Normal file → Executable file
Before Width: | Height: | Size: 94 KiB After Width: | Height: | Size: 94 KiB |
0
opsec/qubesos/Screenshot From 2024-12-05 16-40-34.png
Normal file → Executable file
Before Width: | Height: | Size: 79 KiB After Width: | Height: | Size: 79 KiB |
0
opsec/qubesos/Screenshot From 2024-12-05 16-40-42.png
Normal file → Executable file
Before Width: | Height: | Size: 91 KiB After Width: | Height: | Size: 91 KiB |
0
opsec/qubesos/Screenshot From 2024-12-05 17-40-25.png
Normal file → Executable file
Before Width: | Height: | Size: 37 KiB After Width: | Height: | Size: 37 KiB |
0
opsec/qubesos/Screenshot From 2024-12-05 17-40-39.png
Normal file → Executable file
Before Width: | Height: | Size: 33 KiB After Width: | Height: | Size: 33 KiB |
0
opsec/qubesosnetwork/QubesManager.png
Normal file → Executable file
Before Width: | Height: | Size: 184 KiB After Width: | Height: | Size: 184 KiB |
0
opsec/qubesosnetwork/banking.png
Normal file → Executable file
Before Width: | Height: | Size: 322 KiB After Width: | Height: | Size: 322 KiB |
0
opsec/qubesosnetwork/copy_destination.png
Normal file → Executable file
Before Width: | Height: | Size: 109 KiB After Width: | Height: | Size: 109 KiB |
0
opsec/qubesosnetwork/copy_in_vm.png
Normal file → Executable file
Before Width: | Height: | Size: 67 KiB After Width: | Height: | Size: 67 KiB |
0
opsec/qubesosnetwork/create.png
Normal file → Executable file
Before Width: | Height: | Size: 212 KiB After Width: | Height: | Size: 212 KiB |
0
opsec/qubesosnetwork/destination_paste.png
Normal file → Executable file
Before Width: | Height: | Size: 80 KiB After Width: | Height: | Size: 80 KiB |
0
opsec/qubesosnetwork/disp_whonix.png
Normal file → Executable file
Before Width: | Height: | Size: 188 KiB After Width: | Height: | Size: 188 KiB |
0
opsec/qubesosnetwork/dom0_exec.png
Normal file → Executable file
Before Width: | Height: | Size: 110 KiB After Width: | Height: | Size: 110 KiB |
0
opsec/qubesosnetwork/file_arrived.png
Normal file → Executable file
Before Width: | Height: | Size: 131 KiB After Width: | Height: | Size: 131 KiB |
0
opsec/qubesosnetwork/file_await_transfer.png
Normal file → Executable file
Before Width: | Height: | Size: 84 KiB After Width: | Height: | Size: 84 KiB |
0
opsec/qubesosnetwork/firewall-net.png
Normal file → Executable file
Before Width: | Height: | Size: 112 KiB After Width: | Height: | Size: 112 KiB |
0
opsec/qubesosnetwork/firewall-service.png
Normal file → Executable file
Before Width: | Height: | Size: 137 KiB After Width: | Height: | Size: 137 KiB |
0
opsec/qubesosnetwork/manager.png
Normal file → Executable file
Before Width: | Height: | Size: 186 KiB After Width: | Height: | Size: 186 KiB |
0
opsec/qubesosnetwork/master_pasteboard.png
Normal file → Executable file
Before Width: | Height: | Size: 70 KiB After Width: | Height: | Size: 70 KiB |
0
opsec/qubesosnetwork/master_pasteboard_wiped.png
Normal file → Executable file
Before Width: | Height: | Size: 65 KiB After Width: | Height: | Size: 65 KiB |
0
opsec/qubesosnetwork/template_install.png
Normal file → Executable file
Before Width: | Height: | Size: 168 KiB After Width: | Height: | Size: 168 KiB |
0
opsec/qubesosnetwork/template_shutdown.png
Normal file → Executable file
Before Width: | Height: | Size: 295 KiB After Width: | Height: | Size: 295 KiB |
0
opsec/qubesosnetwork/terminal.png
Normal file → Executable file
Before Width: | Height: | Size: 48 KiB After Width: | Height: | Size: 48 KiB |
0
opsec/qubesosnetwork/text_arrived.png
Normal file → Executable file
Before Width: | Height: | Size: 68 KiB After Width: | Height: | Size: 68 KiB |
0
opsec/qubesosnetwork/torrent_transmission.png
Normal file → Executable file
Before Width: | Height: | Size: 246 KiB After Width: | Height: | Size: 246 KiB |
0
opsec/qubesosnetwork/torrent_vm.png
Normal file → Executable file
Before Width: | Height: | Size: 224 KiB After Width: | Height: | Size: 224 KiB |
0
opsec/qubesosnetwork/transmission_on.png
Normal file → Executable file
Before Width: | Height: | Size: 192 KiB After Width: | Height: | Size: 192 KiB |
0
opsec/qubesosnetwork/whonix-usage.png
Normal file → Executable file
Before Width: | Height: | Size: 153 KiB After Width: | Height: | Size: 153 KiB |
0
opsec/qubesosnetwork/whonix_dread.png
Normal file → Executable file
Before Width: | Height: | Size: 78 KiB After Width: | Height: | Size: 78 KiB |