[tor-talk] Hidden Service (Nginx) setup guide
CJ
tor at tengu.ch
Fri Feb 13 07:50:11 UTC 2015
On 02/13/2015 08:15 AM, Thomas White wrote:
> So earlier I noticed a journalist on Twitter asking for good guides on
> setting up hidden services. After a quick search, nothing decent
> really came up aimed at people new to the command line or who haven't
> really configured hidden services before. So anyway, here is my
> contribution to that field:
>
> https://www.thecthulhu.com/setting-up-a-hidden-service-with-nginx/
>
> It isn't intended to be a hardening guide or an ultra secure way of
> hosting, but it is for people who want to casually publish some static
> HTML files or with a little extra configuration to host some applications.
>
> Any feedback on this would be appreciated, as well as any other
> suggestions on what I could write about to help people out. Making
> hidden services more approachable and less "dark net" style should
> make privacy preserving technologies like hidden services more
> accepted and commonplace. And who wouldn't love that?
>
> T
>
>
>
gosh… the VPS configuration part is soooo long and, most probably,
useless (and there are some errors, see bellow).
I don't think "normal" people will read this post all the way just to
set up a hidden service — most probably there are some shorter way,
maybe split it into, at least, three parts (VPS configuration // Tor
hidden service // nginx)
Among the errors (confession: I read it fast, mainly jumping to commands):
> sudo adduser user sudo
should be
> adduser user sudo
> PermitRootLogin no
might be, on more recent servers (Jessie for example)
> PermitRootLogin without-password
> echo ‘deb http://deb.torproject.org/torproject.org wheezy main’ >>
/etc/apt/sources.list && echo ‘deb-src
http://deb.torproject.org/torproject.org wheezy main’ >>
/etc/apt/sources.list && gpg –keyserver keys.gnupg.net –recv 886DDD89 &&
gpg –export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add
– && apt-get
should be split in more lines, using sudo as we just logged in as "user"
(or so I think people will do in order to test the "user" access):
> echo ‘deb http://deb.torproject.org/torproject.org wheezy main’ | sudo
tee /etc/apt/sources.list.d/tor.list
> echo ‘deb-src http://deb.torproject.org/torproject.org wheezy main’ |
sudo tee -a /etc/apt/sources.list.d/tor.list
> gpg --keyserver keys.gnupg.net --recv 886DDD89
> gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 --armor | sudo
apt-key add -
> apt-get update
The next part is a bit unclear: previous block, you spoke about "ssh -p
22555 user@…", but now we're still root? well… err…
More over, doing "su user" just for the pleasure to run "sudo apt-get
install tor" is just useless, and might lead to great confusions for the
end-user… maybe rewrite this part, and make sure your readers know what
user we are on the system (introduce "whoami" maybe?)
Also, I'm not really sure a "sudo rm -f /etc/tor/torrc" is the right
thing to do — default configuration shipped with the package ensure we
get at least a tor client. Would be better to *append* the hidden
service to it.
You might as well just introduce "sudo nginx -t", nginx' version for
apache2ctl configtest, ensuring nginx is properly configured.
Don't take it hard, providing a doc is a good idea — this is just meant
to improve it and ensure people won't come back in comments complaining
about thing and stuff ;).
Cheers,
C-
More information about the tor-talk
mailing list