commit 0452aad860e20a7a19c007382cd5f0e439c138d8 Author: gus gus@torproject.org Date: Tue Jun 2 09:19:48 2020 -0400
Small corrections: change onionsite to onion site and more little things. --- .../advanced/client-auth/contents.lr | 24 +++++++++++----------- .../advanced/onion-location/contents.lr | 20 +++++++++--------- 2 files changed, 22 insertions(+), 22 deletions(-)
diff --git a/content/onion-services/advanced/client-auth/contents.lr b/content/onion-services/advanced/client-auth/contents.lr index 071a8e7..18be426 100644 --- a/content/onion-services/advanced/client-auth/contents.lr +++ b/content/onion-services/advanced/client-auth/contents.lr @@ -18,20 +18,20 @@ body:
Client authorization is a method to make an onion service private and authenticated. It requires Tor clients to provide an authentication credential in order to connect to the onion service. -In version 3 Onion services, this method works with a pair of keys (a public and a private). -The service side will be configured with a public key and the client can only access with a private key. +In Onion services version 3, this method works with a pair of keys (a public and a private). +The service side is configured with a public key and the client can only access it with a private key.
-**Note:** Once you've configured client authorization, anyone else with the address won't be able to access it from this point on. +**Note:** Once you have configured client authorization, anyone with the address will not be able to access it from this point on. If no authorization is configured, the service will be accessible to anyone with the onion address.
-## Configuring version 3 Onion service +## Configuring Onion service version 3
### Service side
To configure client authorization on the service side, the `<HiddenServiceDir>/authorized_clients/` directory needs to exist. Following the instructions described in the section [Setup](https://community.torproject.org/onion-services/setup/) will automatically create this directory. Client authorization will only be enabled for the service if tor successfully loads at least one authorization file.
-At the moment you need to create the keys yourself with a script (like these written in [Bash](https://gist.github.com/mtigas/9c2386adf65345be34045dace134140b), [Rust](https://github.com/haxxpop/torkeygen) or [Python](https://github.com/pastly/python-snippits/blob/master/src/tor/x25519-gen.py)) or manually. +For now, you need to create the keys yourself with a script (like these written in [Bash](https://gist.github.com/mtigas/9c2386adf65345be34045dace134140b), [Rust](https://github.com/haxxpop/torkeygen) or [Python](https://github.com/pastly/python-snippits/blob/master/src/tor/x25519-gen.py)) or manually.
To manually generate the keys, you need to install `openssl` version 1.1+ and `basez`.
@@ -76,7 +76,7 @@ For example, the file `/var/lib/tor/hidden_service/authorized_clients/alice.auth
descriptor:x25519:N2NU7BSRL6YODZCYPN4CREB54TYLKGIE2KYOQWLFYC23ZJVCE5DQ
-If you're planning to have more authenticated clients, each file must contain one line only. Any malformed file will be ignored. +If you are planning to have more authenticated clients, each file must contain one line only. Any malformed file will be ignored.
**Step 5.** Restart the tor service
@@ -94,7 +94,7 @@ For example, add this line to `/etc/tor/torrc`: ClientOnionAuthDir /var/lib/tor/onion_auth
Then, in the `<ClientOnionAuthDir>` directory, create an `.auth_private` file for the onion service corresponding to this key (i.e. 'bob_onion.auth_private'). -The contents of the `<ClientOnionAuthDir>/<user>.auth_private` file should look like: +The content of the `<ClientOnionAuthDir>/<user>.auth_private` file should look like this:
<56-char-onion-addr-without-.onion-part>:descriptor:x25519:<x25519 private key in base32>
@@ -105,21 +105,21 @@ For example: If you manually generated the key pair following the instructions in this page, you can copy and use the private key created in **Step 2**. Then restart `tor` and you should be able to connect to the onion service address.
-If you're generating a private key for an onionsite, the user doesn't necessarily need to edit Tor Browser's torrc. It's possible to enter the private key directly in [Tor Browser](https://tb-manual.torproject.org/onion-services/) interface. +If you are generating a private key for an onion site, the user does not necessarily need to edit Tor Browser's torrc. It is possible to enter the private key directly in the [Tor Browser](https://tb-manual.torproject.org/onion-services/) interface.
For more information about client authentication, please see [Tor manual](https://2019.www.torproject.org/docs/tor-onion-service.html.en#ClientAuthori...).
-## Configuring version 2 Onion service +## Configuring Onion service version 2
-To set up Cookie Authentication for **v2** services see the entries for the [HidServAuth](https://2019.www.torproject.org/docs/tor-manual.html.en#HidServAuth) and [HiddenServiceAuthorizeClient](https://2019.www.torproject.org/docs/tor-manual.html.en#HiddenServiceAuthori...) options in the tor manual. +To set up Cookie Authentication for **v2** services, see the entries for the [HidServAuth](https://2019.www.torproject.org/docs/tor-manual.html.en#HidServAuth) and [HiddenServiceAuthorizeClient](https://2019.www.torproject.org/docs/tor-manual.html.en#HiddenServiceAuthori...) options in the tor manual. First add the following line to the [torrc](https://2019.www.torproject.org/docs/faq.html.en#torrc) file of your onion service:
HiddenServiceAuthorizeClient [auth-type] [service-name]
Restart tor and read the cookie from the hostname file of your onion service, for example in `/var/lib/tor/hidden_service_path/hostname`. -To access it with a tor client add following line to torrc and restart tor: +To access it with a tor client, add following line to torrc and restart tor:
HidServAuth [onion-address] [auth-cookie] [service-name]
-You are now able to connect to the onion service address. +You can connect now to the onion service address. diff --git a/content/onion-services/advanced/onion-location/contents.lr b/content/onion-services/advanced/onion-location/contents.lr index 4796554..3c373a9 100644 --- a/content/onion-services/advanced/onion-location/contents.lr +++ b/content/onion-services/advanced/onion-location/contents.lr @@ -8,7 +8,7 @@ _template: layout.html --- title: Onion-Location --- -subtitle: Learn how to set up Onion-Location for your onionsite. +subtitle: Learn how to set up an Onion-Location for your onion site. --- key: 1 --- @@ -16,16 +16,16 @@ html: two-columns-page.html --- body:
-Onion-Location is an easy way to advertise an onionsite to the users. +Onion-Location is an easy way to advertise an onion site to the users. You can either configure a web server to show an Onion-Location Header or add an HTML meta attibute in the website.
For the header to be valid the following conditions need to be fulfilled:
* The Onion-Location value must be a valid URL with http: or https: protocol and a .onion hostname. * The webpage defining the Onion-Location header must be served over HTTPS. - * The webpage defining the Onion-Location header must not be an onionsite. + * The webpage defining the Onion-Location header must not be an onion site.
-In this page, the commands to manage the web server are based on Debian-like operating systems and may differ on other systems. +In this page, the commands to manage the web server are based Debian-like operating systems and may differ from other systems. Check your web server and operating system documentation.
### Apache @@ -65,7 +65,7 @@ Virtual Host example:
**Step 3.** Reload Apache
-Reload the apache2 service so your configuration changes take effect: +Reload the apache2 service, so your configuration changes take effect:
$ sudo systemctl reload apache2
@@ -94,7 +94,7 @@ For example: ```
-The configuration file with Onion-Location should look like: +The configuration file with the Onion-Location should look like this:
``` server { @@ -159,17 +159,17 @@ If you get an error message, something has gone wrong and you cannot continue un
**Step 4.** Testing your Onion-Location
-To test if Onion-Location is working, fetch the website HTTP headers, for example: +To test if the Onion-Location is working, fetch the web site HTTP headers, for example:
$ wget --server-response --spider your-website.tld
Look for `onion-location` entry and the onion service address. -Or open the website in Tor Browser and a purple pill will appear in the address bar. +Or, open the web site in Tor Browser and a purple pill will appear in the address bar.
### Using an HTML `<meta>` attribute
-The identical behaviour of Onion-Location and a Refresh header (with 0 seconds timeout) includes the option of defining it as a HTML `<meta>` http-equiv attribute. -This may be used by websites that prefer (or need) to define Onion-Location by modifying the served HTML content instead of adding a new HTTP header. +The identical behaviour of Onion-Location includes the option of defining it as a HTML `<meta>` http-equiv attribute. +This may be used by websites that prefer (or need) to define an Onion-Location by modifying the served HTML content instead of adding a new HTTP header. The Onion-Location header would be equivalent to a `<meta http-equiv="onion-location" content="http://<your-onion-service-address>.onion" />` added in the HTML head element of the webpage. Replace `<your-onion-service-address.onion>` with the onion service that you want to redirect.
### More information