[or-cvs] Added how to set up a hidden service. Thanks Tyranix.
thomass at seul.org
thomass at seul.org
Sun May 15 00:04:35 UTC 2005
Update of /home2/or/cvsroot/tor/doc
In directory moria.mit.edu:/tmp/cvs-serv14808
Modified Files:
tor-doc.html
Log Message:
Added how to set up a hidden service. Thanks Tyranix.
Index: tor-doc.html
===================================================================
RCS file: /home2/or/cvsroot/tor/doc/tor-doc.html,v
retrieving revision 1.70
retrieving revision 1.71
diff -u -d -r1.70 -r1.71
--- tor-doc.html 13 May 2005 18:46:06 -0000 1.70
+++ tor-doc.html 15 May 2005 00:04:32 -0000 1.71
@@ -386,11 +386,14 @@
<a name="hidden-service"></a>
<h2>Configuring a hidden service</h2>
-<p>Tor allows clients and servers to offer <em>hidden services</em>. That
+<p>Tor allows clients and servers to offer hidden services. That
is, you can offer an apache, sshd, etc, without revealing your IP to its
users. This works via Tor's rendezvous point design: both sides build
a Tor circuit out, and they meet in the middle.</p>
+<p>Using the built-in redirection (see below), it is possible to have a
+server setup on localhost and only remote Tor connections can access it.</p>
+
<p>If you're using Tor and <a href="http://www.privoxy.org/">Privoxy</a>,
you can <a href="http://6sxoyfb3h2nvok2d.onion/">go to the hidden wiki</a>
to see hidden services in action.</p>
@@ -402,6 +405,61 @@
can tell people the url, and they can connect to it via their Tor client,
assuming they're using a proxy (such as Privoxy) that speaks SOCKS 4A.</p>
+<p>Assume you want to have a hidden service to allow people to access your
+Apache http server through tor. By doing this, they can access your server
+but won't know who they are connecting to. You want them to access your
+Apache server using the standard port 80. However, your Apache
+server is actually running on port 8080 so it needs to be
+redirected.</p>
+
+<p><b>HiddenServiceDir</b> is a directory where Tor will store information
+about that hidden service. In particular, it will store a file here named
+<i>hostname</i> which will tell you the onion URL. You don't need to add any
+files to this directory.</p>
+
+<p><b>HiddenServicePort</b> is where you specify a virtual port and where
+it should be redirected to. For instance, you tell tor there's a virtual
+port 80 and then redirect traffic to your local webserver at
+127.0.0.1:8080.</p>
+
+<p>Example lines from a torrc file</p>
+
+<pre>
+HiddenServiceDir /usr/local/etc/tor/hidden_service/
+HiddenServicePort 80 127.0.0.1:8080
+</pre>
+
+<p>This tells tor to store its files in <tt>/usr/local/etc/tor/hidden_service/</tt>
+and allow people to connect to your onion address on port 80. It
+will then redirect requests to your localhost webserver on port 8080.
+</p>
+
+<p>To let people access your hidden service, look at the file
+<tt>/usr/local/etc/tor/hidden_service/hostname</tt> which will tell you what the
+hostname is (such as xyz.onion). Then, as long as they have tor and privoxy
+configured, they can access your webserver with a web browser by connecting
+to http://xyz.onion.</p>
+
+<p>You can have multiple tor hidden services by repeating Dir and Ports:</p>
+
+<pre>
+HiddenServiceDir /usr/local/etc/tor/hidden_service/
+HiddenServicePort 80 127.0.0.1:8080
+
+HiddenServiceDir /usr/local/etc/tor/other_hidden_service/
+HiddenServicePort 6667 127.0.0.1:6667
+HiddenServicePort 22 127.0.0.1:22
+</pre>
+
+<p>The above example will allow people to connect to the hostname in
+<tt>/usr/local/etc/tor/hidden_service/hostname</tt> for an HTTP server and
+to a different hostname in
+<tt>/usr/local/etc/tor/other_hidden_service/hostname</tt> for an IRC and
+SSH server.</p>
+
+<p>To an end user, this appears to be two separate hosts with one running an
+HTTP server and another running an IRC/SSH server.</p>
+
<a name="own-network"></a>
<h2>Setting up your own network</h2>
More information about the tor-commits
mailing list