[tor-commits] [community/master] Update Onion-Locatio nginx example and torrc with unix socket
gus at torproject.org
gus at torproject.org
Tue Jun 2 16:36:05 UTC 2020
commit 785f8968011f2b1f8746324f98eba4b77778a2f4
Author: gus <gus at torproject.org>
Date: Tue Jun 2 12:35:52 2020 -0400
Update Onion-Locatio nginx example and torrc with unix socket
---
.../advanced/onion-location/contents.lr | 32 +++++++++++++++++-----
1 file changed, 25 insertions(+), 7 deletions(-)
diff --git a/content/onion-services/advanced/onion-location/contents.lr b/content/onion-services/advanced/onion-location/contents.lr
index 3c373a9..74664ab 100644
--- a/content/onion-services/advanced/onion-location/contents.lr
+++ b/content/onion-services/advanced/onion-location/contents.lr
@@ -82,9 +82,17 @@ Or open the website in Tor Browser and a purple pill will appear in the address
### Nginx
-To configure Onion-Location header, you will need to edit nginx website configuration file.
+To configure an Onion-Location header, the service operator should first configure an Onion service.
-**Step 1.** Edit website configuration file
+**Step 1.** Create an Onion service by setting the following in `torrc`:
+
+```
+HiddenServiceDir /var/lib/tor/hs-my-website/
+HiddenServiceVersion 3
+HiddenServicePort 80 unix:/var/run/tor-hs-my-website.sock
+```
+
+**Step 2.** Edit website configuration file
In `/etc/nginx/conf.d/<your-website>.conf` add the Onion-Location header and the onion service address.
For example:
@@ -113,7 +121,7 @@ server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
- server_name <your-website.tld> <your-onion-address.onion>;
+ server_name <your-website.tld>;
# managed by Certbot - https://certbot.eff.org/
ssl_certificate /etc/letsencrypt/live/<hostname>/fullchain.pem;
@@ -125,7 +133,6 @@ server {
add_header Onion-Location http://<your-onion-address>.onion$request_uri;
# managed by Certbot
-
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
@@ -138,9 +145,20 @@ server {
try_files $uri $uri/ =404;
}
}
+
+server {
+ listen unix:/var/run/tor-hs-my-website.sock;
+
+ server_name <your-onion-address>.onion;
+
+ access_log /var/log/nginx/hs-my-website.log;
+
+ index index.html;
+ root /path/to/htdocs;
+}
```
-**Step 2.** Test website configuration
+**Step 3.** Test website configuration
$ sudo nginx -t
@@ -151,13 +169,13 @@ nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
```
-**Step 3.** Restart nginx
+**Step 4.** Restart nginx
$ sudo nginx -s reload
If you get an error message, something has gone wrong and you cannot continue until you've figured out why this didn't work.
-**Step 4.** Testing your Onion-Location
+**Step 5.** Testing your Onion-Location
To test if the Onion-Location is working, fetch the web site HTTP headers, for example:
More information about the tor-commits
mailing list