Skip to content

Installation Instructions

Michael Hardy edited this page May 13, 2017 · 6 revisions

Installing the Required Packages

Debian and Ubuntu

Simply run


Other Linux Distributions

  1. Install python-virtualenv, mongodb, and nginx with your package manager (e.g. pacman or yum)
  2. Setup virtualenv:
virtualenv venv -p python3
source venv/bin/activate
pip install --upgrade pip
pip install -r requirements.txt



  1. Copy static/ from the project to /var/www
  2. Modify /etc/nginx/nginx.conf to serve the static files from /static and proxy to a Tornado server for other pages.
    An example nginx.conf is supplied below for those who do not need to customize the installation.
# Modified Nginx config file for Tornado applications
# Based on:
user www-data;
worker_processes auto;
pid /run/;

events {
	worker_connections 768;
	# multi_accept on;

http {
	# Enumerate all the Tornado servers here
	upstream frontends {

	server {
		listen 80;
		# Allow file uploads
		client_max_body_size 50M;

		location ^~ /static/ {
			root /var/www;
			if ($query_string) {
				expires max;
		location = /favicon.ico {
			rewrite (.*) /static/favicon.ico;
		location = /robots.txt {
			rewrite (.*) /static/robots.txt;

		location / {
			proxy_pass_header Server;
			proxy_set_header Host $http_host;
			proxy_redirect off;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header X-Scheme $scheme;
			proxy_pass http://localhost:8080;

	# Basic Settings

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	# server_tokens off;

	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	# SSL Settings

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	# Logging Settings

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	# Gzip Settings

	gzip on;
	gzip_disable "msie6";

	gzip_vary on;
	gzip_proxied any;
	gzip_comp_level 6;
	gzip_buffers 16 8k;
	gzip_http_version 1.1;
	gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

	# Virtual Host Configs

#	include /etc/nginx/conf.d/*.conf;
#	include /etc/nginx/sites-enabled/*;

Mongo DB

To setup the database run the two commands provided bellow and follow the onscreen instructions.

source venv/bin/activate

Integration with Your Site:

In order for this system to help secure your site you will have to add my verification system to the software running your site. This can be done by embedding the data collection scripts on your site and setting your server software up to make a set of API calls to verify the data. The API documentation can be found here.

When adding the API calls please make sure of the following:

  1. Your site registration page has the data collection scripts embedded and when a user is registered /api/reg_usr is called.
  2. Your server calls /api/get_trust before sensitive pages are loaded and the pages preceding them have the collection script embedded.
  3. You have a device registration page that calls /api/val_usr.
You can’t perform that action at this time.