[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Hidden Service (Nginx) setup guide

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Hidden Service (Nginx) setup guide
From: CJ <tor@xxxxxxxx>
Date: Fri, 13 Feb 2015 08:50:11 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 13 Feb 2015 02:50:27 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tengu.ch; s=2015; t=1423813813; bh=R/nQCW08Tj2YAodOcoZHUsUcg3+JvOc94dTirFRgKU4=; h=Date:From:To:Subject:References:In-Reply-To:From; b=XUUQSJLoGa3VvluoOMs7i/tLiPDeM9WV1FbUxeDnzZORmMkMAot+/ACAiyo1mQqWG lbzwrl5ePYR2A1VC5tU74W0oVxnk89GL8vscXccjq/1LlVSjIQe7pJPzrtBA8kN6bi QstoWq9Rz3WIgcvEoeCBnsi072CqlbZA/sxWicAA=
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tengu.ch; s=2015; t=1423813813; bh=R/nQCW08Tj2YAodOcoZHUsUcg3+JvOc94dTirFRgKU4=; h=Date:From:To:Subject:References:In-Reply-To:From; b=XUUQSJLoGa3VvluoOMs7i/tLiPDeM9WV1FbUxeDnzZORmMkMAot+/ACAiyo1mQqWG lbzwrl5ePYR2A1VC5tU74W0oVxnk89GL8vscXccjq/1LlVSjIQe7pJPzrtBA8kN6bi QstoWq9Rz3WIgcvEoeCBnsi072CqlbZA/sxWicAA=
In-reply-to: <54DDA477.7080804@xxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <54DDA477.7080804@xxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.4.0


On 02/13/2015 08:15 AM, Thomas White wrote:
> So earlier I noticed a journalist on Twitter asking for good guides on
> setting up hidden services. After a quick search, nothing decent
> really came up aimed at people new to the command line or who haven't
> really configured hidden services before. So anyway, here is my
> contribution to that field:
> 
> https://www.thecthulhu.com/setting-up-a-hidden-service-with-nginx/
> 
> It isn't intended to be a hardening guide or an ultra secure way of
> hosting, but it is for people who want to casually publish some static
> HTML files or with a little extra configuration to host some applications.
> 
> Any feedback on this would be appreciated, as well as any other
> suggestions on what I could write about to help people out. Making
> hidden services more approachable and less "dark net" style should
> make privacy preserving technologies like hidden services more
> accepted and commonplace. And who wouldn't love that?
> 
> T
> 
> 
> 

goshâ the VPS configuration part is soooo long and, most probably,
useless (and there are some errors, see bellow).

I don't think "normal" people will read this post all the way just to
set up a hidden service â most probably there are some shorter way,
maybe split it into, at least, three parts (VPS configuration // Tor
hidden service // nginx)

Among the errors (confession: I read it fast, mainly jumping to commands):

> sudo adduser user sudo

should be
> adduser user sudo

> PermitRootLogin no

might be, on more recent servers (Jessie for example)
> PermitRootLogin without-password

> echo âdeb http://deb.torproject.org/torproject.org wheezy mainâ >>
/etc/apt/sources.list && echo âdeb-src
http://deb.torproject.org/torproject.org wheezy mainâ >>
/etc/apt/sources.list && gpg âkeyserver keys.gnupg.net ârecv 886DDD89 &&
gpg âexport A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add
â && apt-get

should be split in more lines, using sudo as we just logged in as "user"
(or so I think people will do in order to test the "user" access):

> echo âdeb http://deb.torproject.org/torproject.org wheezy mainâ | sudo
tee /etc/apt/sources.list.d/tor.list
> echo âdeb-src http://deb.torproject.org/torproject.org wheezy mainâ |
sudo tee -a /etc/apt/sources.list.d/tor.list
> gpg --keyserver keys.gnupg.net --recv 886DDD89
> gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 --armor | sudo
apt-key add -
> apt-get update

The next part is a bit unclear: previous block, you spoke about "ssh -p
22555 user@â", but now we're still root? wellâ errâ

More over, doing "su user" just for the pleasure to run "sudo apt-get
install tor" is just useless, and might lead to great confusions for the
end-userâ maybe rewrite this part, and make sure your readers know what
user we are on the system (introduce "whoami" maybe?)

Also, I'm not really sure a "sudo rm -f /etc/tor/torrc" is the right
thing to do â default configuration shipped with the package ensure we
get at least a tor client. Would be better to *append* the hidden
service to it.

You might as well just introduce "sudo nginx -t", nginx' version for
apache2ctl configtest, ensuring nginx is properly configured.



Don't take it hard, providing a doc is a good idea â this is just meant
to improve it and ensure people won't come back in comments complaining
about thing and stuff ;).

Cheers,

C-
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Hidden Service (Nginx) setup guide
  - From: Thomas White

Prev by Author: Re: [tor-talk] "Confidant Mail"
Next by Author: Re: [tor-talk] CloudFlare fingerprinting
Previous by thread: [tor-talk] Hidden Service (Nginx) setup guide
Next by thread: Re: [tor-talk] Hidden Service (Nginx) setup guide
Index(es):
- Author
- Thread