Skip to content
Branch: master
Find file Copy path
Find file Copy path
2 contributors

Users who have contributed to this file

@nopdotcom @fmakdemir
107 lines (62 sloc) 5.16 KB


Please read all installation instructions carefully before proceeding.

If you're an expert, and installing on a cloud provider Streisand doesn't support, make sure to read the advanced installation instructions.

Important: definitions

Streisand is based on Ansible, an automation tool that is typically used to provision and configure files and packages on remote servers. Streisand automatically sets up another server with the VPN packages and configuration. We call the machine that sets up the Streisand server the builder. Think of the builder as "a place to stand."

  • If you don't have a suitable builder machine, you could set up another cloud server to use as your builder. That means you'd have two cloud servers at the end — the builder, and your fresh new Streisand server. When you're done with the builder, make sure you download the builder's streisand directory — very important to keep the contents of that directory! — you could delete the builder cloud server.)

  • Although it's not recommended, sometimes you can use a fresh server as both the builder and the server. See the the advanced installation instructions.


The Streisand builder requires a Linux, macOS, or BSD system.

Complete all of these tasks on your local machine. All of the commands should be run inside a command-line session.

SSH key

Make sure an SSH public key is present in ~/.ssh/

  • SSH keys are a more secure alternative to passwords that allow you to prove your identity to a server or service built on public key cryptography. The public key is something that you can give to others, whereas the private key should be kept secret (like a password).

To check if you already have an SSH public key, enter the following command at a command prompt:

ls ~/.ssh

If you see an file, then you have an SSH public key. If you do not have an SSH key pair, you can generate one by using this command and following the defaults:


If you'd like to use an SSH key with a different name or from a non-standard location, please enter yes when asked if you'd like to customize your instance during installation.

  • Please note: You will need these keys to access your Streisand instance over SSH. Please keep ~/.ssh/id_rsa and ~/.ssh/ for the lifetime of the Streisand server.


Install the bootstrap packages: Git, and pip for Python 2.7. (Streisand still requires Python 2.7.) Some environments need additional packages.

Here's how to set up these packages:

  • On Debian and Ubuntu:
sudo apt-get install git python-pip
  • On Fedora 27, some additional packages are needed later:
sudo dnf install git python2-pip gcc python2-devel \
     python2-crypto python2-pycurl libcurl-devel
  • On CentOS 7, pip is available from the EPEL repository; some additional packages are needed later:
sudo yum -y update && sudo yum install -y epel-release
sudo yum -y update && sudo yum install -y \
    git gcc python-devel python-crypto python-pycurl \
    python-pip libcurl-devel
  • On macOS, git is part of the Developer Tools, and it will be installed the first time you run it. If there isn't already a pip command installed, install it with:
sudo python2.7 -m ensurepip


  1. Clone the Streisand repository and enter the directory.

     git clone && cd streisand
  2. Run the installer for Ansible and its dependencies. The installer will detect missing packages, and print the commands needed to install them. (Ignore the Python 2.7 DEPRECATION warning; ignore the warning from python-novaclient that pbr 5.1.3 is incompatible.)

    ./util/ ./venv
  3. Activate the Ansible packages that were installed.

     source ./venv/bin/activate
  4. Execute the Streisand script.

  5. Follow the prompts to choose your provider, the physical region for the server, and its name. You will also be asked to enter API information.

  6. Once login information and API keys are entered, Streisand will begin spinning up a new remote server.

  7. Wait for the setup to complete (this usually takes around ten minutes) and look for the corresponding files in the generated-docs folder in the Streisand repository directory. The HTML file will explain how to connect to the Gateway over SSL, or via the Tor hidden service. All instructions, files, mirrored clients, and keys for the new server can then be found on the Gateway. You are all done!

Keep the results!

You should keep a copy of the generated-docs directory for the life of the server.

Remember to save your ~/.ssh/id_rsa and ~/.ssh/ SSH keys too. You'll need them in case you want to troubleshoot or perform maintenance on your server later.

You can’t perform that action at this time.