|
|
@@ -386,11 +386,14 @@ otherwise it is listed only by its fingerprint.</p>
|
|
|
<a name="hidden-service"></a>
|
|
|
<h2>Configuring a hidden service</h2>
|
|
|
|
|
|
-<p>Tor allows clients and servers to offer <em>hidden services</em>. That
|
|
|
+<p>Tor allows clients and servers to offer hidden services. That
|
|
|
is, you can offer an apache, sshd, etc, without revealing your IP to its
|
|
|
users. This works via Tor's rendezvous point design: both sides build
|
|
|
a Tor circuit out, and they meet in the middle.</p>
|
|
|
|
|
|
+<p>Using the built-in redirection (see below), it is possible to have a
|
|
|
+server setup on localhost and only remote Tor connections can access it.</p>
|
|
|
+
|
|
|
<p>If you're using Tor and <a href="http://www.privoxy.org/">Privoxy</a>,
|
|
|
you can <a href="http://6sxoyfb3h2nvok2d.onion/">go to the hidden wiki</a>
|
|
|
to see hidden services in action.</p>
|
|
|
@@ -402,6 +405,61 @@ create each HiddenServiceDir you have configured, and it will create a
|
|
|
can tell people the url, and they can connect to it via their Tor client,
|
|
|
assuming they're using a proxy (such as Privoxy) that speaks SOCKS 4A.</p>
|
|
|
|
|
|
+<p>Assume you want to have a hidden service to allow people to access your
|
|
|
+Apache http server through tor. By doing this, they can access your server
|
|
|
+but won't know who they are connecting to. You want them to access your
|
|
|
+Apache server using the standard port 80. However, your Apache
|
|
|
+server is actually running on port 8080 so it needs to be
|
|
|
+redirected.</p>
|
|
|
+
|
|
|
+<p><b>HiddenServiceDir</b> is a directory where Tor will store information
|
|
|
+about that hidden service. In particular, it will store a file here named
|
|
|
+<i>hostname</i> which will tell you the onion URL. You don't need to add any
|
|
|
+files to this directory.</p>
|
|
|
+
|
|
|
+<p><b>HiddenServicePort</b> is where you specify a virtual port and where
|
|
|
+it should be redirected to. For instance, you tell tor there's a virtual
|
|
|
+port 80 and then redirect traffic to your local webserver at
|
|
|
+127.0.0.1:8080.</p>
|
|
|
+
|
|
|
+<p>Example lines from a torrc file</p>
|
|
|
+
|
|
|
+<pre>
|
|
|
+HiddenServiceDir /usr/local/etc/tor/hidden_service/
|
|
|
+HiddenServicePort 80 127.0.0.1:8080
|
|
|
+</pre>
|
|
|
+
|
|
|
+<p>This tells tor to store its files in <tt>/usr/local/etc/tor/hidden_service/</tt>
|
|
|
+and allow people to connect to your onion address on port 80. It
|
|
|
+will then redirect requests to your localhost webserver on port 8080.
|
|
|
+</p>
|
|
|
+
|
|
|
+<p>To let people access your hidden service, look at the file
|
|
|
+<tt>/usr/local/etc/tor/hidden_service/hostname</tt> which will tell you what the
|
|
|
+hostname is (such as xyz.onion). Then, as long as they have tor and privoxy
|
|
|
+configured, they can access your webserver with a web browser by connecting
|
|
|
+to http://xyz.onion.</p>
|
|
|
+
|
|
|
+<p>You can have multiple tor hidden services by repeating Dir and Ports:</p>
|
|
|
+
|
|
|
+<pre>
|
|
|
+HiddenServiceDir /usr/local/etc/tor/hidden_service/
|
|
|
+HiddenServicePort 80 127.0.0.1:8080
|
|
|
+
|
|
|
+HiddenServiceDir /usr/local/etc/tor/other_hidden_service/
|
|
|
+HiddenServicePort 6667 127.0.0.1:6667
|
|
|
+HiddenServicePort 22 127.0.0.1:22
|
|
|
+</pre>
|
|
|
+
|
|
|
+<p>The above example will allow people to connect to the hostname in
|
|
|
+<tt>/usr/local/etc/tor/hidden_service/hostname</tt> for an HTTP server and
|
|
|
+to a different hostname in
|
|
|
+<tt>/usr/local/etc/tor/other_hidden_service/hostname</tt> for an IRC and
|
|
|
+SSH server.</p>
|
|
|
+
|
|
|
+<p>To an end user, this appears to be two separate hosts with one running an
|
|
|
+HTTP server and another running an IRC/SSH server.</p>
|
|
|
+
|
|
|
<a name="own-network"></a>
|
|
|
<h2>Setting up your own network</h2>
|
|
|
|
Thomas Sjögren