[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] r25622: {website} finish the process of not recommending a particular web serv (website/trunk/docs/en)
Author: arma
Date: 2012-04-23 04:27:55 +0000 (Mon, 23 Apr 2012)
New Revision: 25622
Modified:
website/trunk/docs/en/tor-hidden-service.wml
Log:
finish the process of not recommending a particular web server for
hidden service operators
Modified: website/trunk/docs/en/tor-hidden-service.wml
===================================================================
--- website/trunk/docs/en/tor-hidden-service.wml 2012-04-23 04:12:22 UTC (rev 25621)
+++ website/trunk/docs/en/tor-hidden-service.wml 2012-04-23 04:27:55 UTC (rev 25622)
@@ -74,16 +74,22 @@
</p>
<p>
+ You need to configure your web server so it doesn't give away any
+ information about you, your computer, or your location. Be sure to
+ bind the web server only to localhost (if people could get to it
+ directly, they could confirm that your computer is the one offering
+ the hidden service). Be sure that its error messages don't list
+ your hostname or other hints. Consider putting the web server in a
+ sandbox or VM to limit the damage from code vulnerabilities.
+ </p>
+
+ <p>
Once your web server is set up, make
sure it works: open your browser and go to <a
href="http://localhost:8080/";>http://localhost:8080/</a>, where
8080 is the webserver port you chose during setup (you can choose any
port, 8080 is just an example). Then try putting a file in the main
html directory, and make sure it shows up when you access the site.
- The reason we bind the web server only to localhost is to make sure
- it isn't publically accessible. If people could get to it directly,
- they could confirm that your computer is the one offering the
- hidden service.
</p>
<hr>
@@ -193,16 +199,6 @@
want to make a backup copy of the <var>private_key</var> file somewhere.
</p>
- <p>We avoided recommending Apache above, a) because many people might
- already be running it for a public web server on their computer, and b)
- because it's big
- and has lots of places where it might reveal your IP address or other
- identifying information, for example in 404 pages. For people who need
- more functionality, though, Apache may be the right answer. Can
- somebody make us a checklist of ways to lock down your Apache when you're
- using it as a hidden service? Savant probably has these problems too.
- </p>
-
<p>If you want to forward multiple virtual ports for a single hidden
service, just add more <var>HiddenServicePort</var> lines.
If you want to run multiple hidden services from the same Tor
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits