Titus Stahl

Setup a free and secure academic collaboration platform with Fiduswriter and Tor hidden services (Tutorial)

Why Fiduswriter?

Fiduswriter is an open-source collaborative document editor for academic documents. As such it handles citations, bibliographies, footnotes and other features common to academic texts. It also exports to LaTeX and HTML.

You might want to use Fiduswriter if you – like me – reject Google Docs and its competitors for the reason that they are unfree software – to use them, you have to agree to hand over all your data to a giant surveillance machine. You are not allowed to fix bugs or add features, and any features (including access to your data) can be removed at the discretion of others. In short, by using such tools you give away all control over the means of academic production to a corporation that certainly is not motivated to protect academics’ best interests.

In an ideal world, academic institutions would set up ethical collaborative tools for their students and employees, but as things are now, we academics have to do it for ourselves. Luckily, it is not too difficult.

In this tutorial, I will lay out all the steps you need to get make an instance of Fiduswriter accessible to your collaborators via the Tor network. Tor not only protects the anonymity of its users (which might not be that important in an academic context), but it also allows you to run “hidden services”. A hidden service is an Internet server to which people can connect only via Tor. Running Fiduswriter as a hidden service makes things easier insofar Tor takes care of making your server accessible via the public Internet without you having to reconfigure your network and it also encrypts the connection, so that no one can read passwords etc.

Installing and using Fiduswriter not only preserves your control and your privacy, Fiduswriter is also much more suited to academic work than other tools, as you can collaboratively comment on texts, administer bibliographies and export your work in formats that provide proper layout for academic articles.

What you need to get started

  • Some basic knowledge about how to use a Linux shell.
  • A computer running a current version of Ubuntu with systemd. I used Ubuntu 15.10 which includes systemd by default.
  • root access to this computer.
  • You can use your personal computer, but that means that other people only can access Fiduswriter when your computer is online. It is better to either use a dedicated computer as a personal server or just to rent a machine in a server facility. I hear that people use DigitalOcean and are happy with it. An Ubuntu machine costs 5 USD a month there.
  • You also need an email account and have its login data and the configuration for sending mail (SMTP) ready.
  • Finally, you need to have the Tor Browser Bundle installed on your local computer.

Installing the necessary prerequisites on the server

Log in to the computer where you want to run Fiduswriter (the server) using a shell and install the following packages:

1
sudo apt-get install libjpeg-dev python-dev python-virtualenv gettext tor git 

This will also automatically connect this computer to the Tor network.

Getting Fiduswriter

Go to your home directory and download Fiduswriter’s current development version:

1
2
3
cd 
git clone https://github.com/fiduswriter/fiduswriter.git
cd fiduswriter

If you want to, you can checkout the exact version I use and which I have tested to work. But usually, this should not be necessary:

1
git checkout fe3373bc0dca6c30b2b9ec3455a86fe7b6a085e9

Now setup Fiduswriter by entering the following commands

1
2
3
4
5
6
virtualenv venv
source venv/bin/activate
pip install -U pip # upgrade Ubuntu's outdated pip
pip install -U setuptools # upgrade ubuntu's outdated setuptools
pip install -r requirements.txt
python manage.py init

Configuring Fiduswriter

Having now installed Fiduswriter (hopefully with success), there is some configuration work to do.

Enter now the following command:

1
python manage.py createsuperuser

This will ask you for an email and password. Write down the password that you chose.

In the next step, prepare the configuration file:

1
cp configuration.py-default configuration.py

Now you have to edit this configuration file, for example by typing

1
nano configuration.py

Once you have opened the file, make the following edits

  • Look for the ADMINS variable and replace the user name and email with the data you just entered in the “createsuperuser” step.
  • Edit the lines that start with “EMAIL” and uncomment them (remove the leading “#”). Here you have to enter the details of your email setup. Most likely, you will use an email account that uses a TLS connection. Replace “False” with “True” for the TLS variable and pay attention to the capitalization.

Setting up the Tor hidden service

In the next step, you will have to configure Tor to start a hidden service.

Edit the Tor configuration, for example, by typing:

1
sudo nano /etc/tor/torrc

and add the following two lines add the end

1
2
HiddenServiceDir /var/lib/tor/fiduswriter
HiddenServicePort 8000 127.0.0.1:8000

This sets up a hidden service that uses port 8000 and forwards it to port 8000 on your local machine. In order to get the hidden service started, you have to setup the hidden service directory:

1
2
3
4
sudo mkdir /var/lib/tor/fiduswriter
sudo chown debian-tor /var/lib/tor/fiduswriter
sudo chmod 700 /var/lib/tor/fiduswriter
sudo service tor restart

Having restarted Tor, it creates a hidden service address. You can find out the address of your newly created hidden service by typing

1
sudo cat /var/lib/tor/fiduswriter/hostname

Fiduswriter now must be told to accept connections from Tor. To accomplish this, you must edit the settings file of the underlying web framework.

1
nano fiduswriter/settings.py

(Attention: This file is in /home/yourusername/fiduswriter/fiduswriter – if you changed directories in the meantime, go back to the original directory for this command to work).

In this file, you have to edit the “ALLOWED_HOSTS” part to look like this

1
2
3
4
ALLOWED_HOSTS = [
    'localhost',
    'yourhiddenservicename.onion',
]

See if your hidden service works

Now you can see whether your hidden service works!

Run

1
python manage.py runserver

and go to “yourhiddenservicename.onion:8000” in the Tor Browser Bundle. Login to Fiduswriter with the superuser account you created earlier. It will tell you that you have to confirm your email address. Wait for the email to arrive.

If the email does not arrive, you might have configured the email settings incorrectly. Look in the console output for error messages.

After having confirmed your email address and having accepted the Terms and Conditions, login properly.

Last configuration steps

In order to configure Fiduswriter properly, go, while logged in to “yourhiddenservicename.onion:8000/admin/” to see the server configuration. In the “sites” section, add a new site, using your onion address and a name of your choosing.

Now stop the server by bringing up the console window and pressing “Control-C”.

Edit fiduswriter/settings.py again. Set “TEST_SERVER” to “False” and change the “SITE_ID” to your new site. Most likely, you just have to change it to “2” instead of “1”.

Setting up a systemd service

In order for the Fiduswriter server to be automatically started when you reboot the server, we have to inform Ubuntu’s init system, called “systemd”, about it.

First, create a new file in the main fiduswriter directory called “start.sh”, containing the following lines:

1
2
3
4
#!/bin/bash
cd /home/titus/fiduswriter
source venv/bin/activate
python manage.py runserver

Make it an executable:

1
chmod +x start.sh

Now create a systemd configuration file

1
sudo nano /etc/systemd/system/fiduswriter.service

containing the following lines:

1
2
3
4
5
6
7
8
9
10
11
12
[Unit]
Description=Fiduswriter
After=network.target

[Service]
Type=simple
User=yourlinuxusername
Group=users
ExecStart=/home/yourlinuxusername/fiduswriter/start.sh

[Install]
WantedBy=multi-user.target

(obviously, replace “yourlinuxusername” with your real Linux user name).

Finally, run the following commands:

1
2
sudo systemctl enable fiduswriter
sudo systemctl start fiduswriter

Your Fiduswriter setup should now be done! Just tell your collaborators to install the Tor Browser Bundle and give them the hidden service address.