[tor-talk] Hidden Service (Nginx) setup guide

CJ tor at tengu.ch
Fri Feb 13 07:50:11 UTC 2015



On 02/13/2015 08:15 AM, Thomas White wrote:
> So earlier I noticed a journalist on Twitter asking for good guides on
> setting up hidden services. After a quick search, nothing decent
> really came up aimed at people new to the command line or who haven't
> really configured hidden services before. So anyway, here is my
> contribution to that field:
> 
> https://www.thecthulhu.com/setting-up-a-hidden-service-with-nginx/
> 
> It isn't intended to be a hardening guide or an ultra secure way of
> hosting, but it is for people who want to casually publish some static
> HTML files or with a little extra configuration to host some applications.
> 
> Any feedback on this would be appreciated, as well as any other
> suggestions on what I could write about to help people out. Making
> hidden services more approachable and less "dark net" style should
> make privacy preserving technologies like hidden services more
> accepted and commonplace. And who wouldn't love that?
> 
> T
> 
> 
> 

gosh… the VPS configuration part is soooo long and, most probably,
useless (and there are some errors, see bellow).

I don't think "normal" people will read this post all the way just to
set up a hidden service — most probably there are some shorter way,
maybe split it into, at least, three parts (VPS configuration // Tor
hidden service // nginx)

Among the errors (confession: I read it fast, mainly jumping to commands):

> sudo adduser user sudo

should be
> adduser user sudo

> PermitRootLogin no

might be, on more recent servers (Jessie for example)
> PermitRootLogin without-password

> echo ‘deb http://deb.torproject.org/torproject.org wheezy main’ >>
/etc/apt/sources.list && echo ‘deb-src
http://deb.torproject.org/torproject.org wheezy main’ >>
/etc/apt/sources.list && gpg –keyserver keys.gnupg.net –recv 886DDD89 &&
gpg –export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add
– && apt-get

should be split in more lines, using sudo as we just logged in as "user"
(or so I think people will do in order to test the "user" access):

> echo ‘deb http://deb.torproject.org/torproject.org wheezy main’ | sudo
tee /etc/apt/sources.list.d/tor.list
> echo ‘deb-src http://deb.torproject.org/torproject.org wheezy main’ |
sudo tee -a /etc/apt/sources.list.d/tor.list
> gpg --keyserver keys.gnupg.net --recv 886DDD89
> gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 --armor | sudo
apt-key add -
> apt-get update

The next part is a bit unclear: previous block, you spoke about "ssh -p
22555 user@…", but now we're still root? well… err…

More over, doing "su user" just for the pleasure to run "sudo apt-get
install tor" is just useless, and might lead to great confusions for the
end-user… maybe rewrite this part, and make sure your readers know what
user we are on the system (introduce "whoami" maybe?)

Also, I'm not really sure a "sudo rm -f /etc/tor/torrc" is the right
thing to do — default configuration shipped with the package ensure we
get at least a tor client. Would be better to *append* the hidden
service to it.

You might as well just introduce "sudo nginx -t", nginx' version for
apache2ctl configtest, ensuring nginx is properly configured.



Don't take it hard, providing a doc is a good idea — this is just meant
to improve it and ensure people won't come back in comments complaining
about thing and stuff ;).

Cheers,

C-


More information about the tor-talk mailing list