[tor-commits] r25611: {website} clean up the directions some more. (website/trunk/docs/en)
Andrew Lewman
andrew at torproject.org
Mon Apr 16 14:11:26 UTC 2012
Author: phobos
Date: 2012-04-16 14:11:26 +0000 (Mon, 16 Apr 2012)
New Revision: 25611
Modified:
website/trunk/docs/en/tor-hidden-service.wml
Log:
clean up the directions some more.
Modified: website/trunk/docs/en/tor-hidden-service.wml
===================================================================
--- website/trunk/docs/en/tor-hidden-service.wml 2012-04-16 14:04:09 UTC (rev 25610)
+++ website/trunk/docs/en/tor-hidden-service.wml 2012-04-16 14:11:26 UTC (rev 25611)
@@ -12,13 +12,13 @@
<div id="maincol">
<h1>Configuring Hidden Services for <a href="<page index>">Tor</a></h1>
<hr>
-
+
<p>Tor allows clients and relays to offer hidden services. That is,
you can offer a web server, SSH server, etc., without revealing your
IP address to its users. In fact, because you don't use any public address,
you can run a hidden service from behind your firewall.
</p>
-
+
<p>If you have Tor installed, you can see hidden services
in action by visiting one of our official hidden services:
<ul>
@@ -42,7 +42,7 @@
</p>
<p>
- This howto describes the steps for setting up your own hidden service
+ This page describes the steps for setting up your own hidden service
website. For the technical details of how the hidden service protocol
works, see our <a href="<page docs/hidden-services>">hidden service
protocol</a> page.
@@ -52,14 +52,13 @@
<a id="zero"></a>
<h2><a class="anchor" href="#zero">Step Zero: Get Tor working</a></h2>
<br>
-
+
<p>Before you start, you need to make sure:</p>
<ol>
<li>Tor is up and running,</li>
<li>You actually set it up correctly.</li>
</ol>
-
-
+
<p>Windows users should follow the <a
href="<page docs/tor-doc-windows>">Windows
howto</a>, OS X users should follow the <a
@@ -72,46 +71,46 @@
<a id="one"></a>
<h2><a class="anchor" href="#one">Step One: Install a web server locally</a></h2>
<br>
-
+
<p>
First, you need to set up a web server locally. Setting up a web
- server can be tricky, so we're just going to go over a few basics
- here. If you get stuck or want to do more, find a friend who can
- help you. We recommend you install a new separate web server for
+ server can be complex. We're not going to cover how to setup a web
+ server here. If you get stuck or want to do more, find a friend who
+ can help you. We recommend you install a new separate web server for
your hidden service, since even if you already have one installed,
you may be using it (or want to use it later) for an actual website.
</p>
<p>
- Once you've got your web server set up, make
+ Once your web server is set up, make
sure it works: open your browser and go to <a
- href="http://localhost:5222/">http://localhost:5222/</a>, where
- 5222 is the port that you picked above. Then try putting a file in
- the main html directory, and make sure it shows up when you access
- the site. The reason we bind the web server only to localhost is to
- make sure it isn't publically accessible. If people could get to it
- directly, they could confirm that your computer is the one offering
- the hidden service.
+ href="http://localhost:8080/">http://localhost:8080/</a>, where
+ 8080 is the webserver port you chose during setup (you can choose any
+ port, 8080 is just an example). Then try putting a file in the main
+ html directory, and make sure it shows up when you access the site.
+ The reason we bind the web server only to localhost is to make sure
+ it isn't publically accessible. If people could get to it directly,
+ they could confirm that your computer is the one offering the
+ hidden service.
</p>
<hr>
<a id="two"></a>
<h2><a class="anchor" href="#two">Step Two: Configure your hidden service</a></h2>
<br>
-
+
<p>Next, you need to configure your hidden service to point to your
local web server.
</p>
-
- <p>First, open your torrc file in your favorite text editor. (See <a
- href="<page docs/faq>#torrc">the
- torrc FAQ entry</a> to learn what this means.) Go to the middle section and
- look for the line</p>
-
+
+ <p>First, open your torrc file in your favorite text editor. (See
+ <a href="<page docs/faq>#torrc">the torrc FAQ entry</a> to learn
+ what this means.) Go to the middle section and look for the line</p>
+
<pre>
\############### This section is just for location-hidden services ###
</pre>
-
+
<p>
This section of the file consists of groups of lines, each representing
one hidden service. Right now they are all commented out (the lines
@@ -129,15 +128,15 @@
port people accessing the hidden service will think they're using) and an
IP address and port for redirecting connections to this virtual port.</li>
</ul>
-
+
<p>Add the following lines to your torrc:
</p>
-
+
<pre>
HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/
- HiddenServicePort 80 127.0.0.1:5222
+ HiddenServicePort 80 127.0.0.1:8080
</pre>
-
+
<p>You're going to want to change the <var>HiddenServiceDir</var> line, so it points
to an actual directory that is readable/writeable by the user that will
be running Tor. The above line should work if you're using the OS X Tor
@@ -145,13 +144,11 @@
username in place of "username". On Windows you might pick:</p>
<pre>
HiddenServiceDir C:\Users\username\Documents\tor\hidden_service
- HiddenServicePort 80 127.0.0.1:5222
+ HiddenServicePort 80 127.0.0.1:8080
</pre>
-
- <p>Now save the torrc, shut down
- your Tor, and then start it again.
- </p>
-
+
+ <p>Now save the torrc and restart your tor.</p>
+
<p>If Tor starts up again, great. Otherwise, something is wrong. First look at
your logfiles for hints. It will print some warnings or error messages. That
should give you an idea what went wrong. Typically there are typos in the torrc
@@ -159,10 +156,10 @@
logging FAQ entry</a> if you don't know how to enable or find your
log file.)
</p>
-
+
<p>When Tor starts, it will automatically create the <var>HiddenServiceDir</var>
that you specified (if necessary), and it will create two files there.</p>
-
+
<dl>
<dt><var>private_key</var></dt>
<dd>First, Tor will generate a new public/private keypair for your hidden
@@ -176,11 +173,11 @@
and you can tell it to people, publish it on websites, put it on business
cards, etc.</dd>
</dl>
-
+
<p>If Tor runs as a different user than you, for example on
OS X, Debian, or Red Hat, then you may need to become root to be able
to view these files.</p>
-
+
<p>Now that you've restarted Tor, it is busy picking introduction points
in the Tor network, and generating a <em>hidden service
descriptor</em>. This is a signed list of introduction points along with
@@ -188,22 +185,22 @@
to the directory servers, and other people anonymously fetch it from the
directory servers when they're trying to access your service.
</p>
-
+
<p>Try it now: paste the contents of the hostname file into your web
browser. If it works, you'll get the html page you set up in step one.
If it doesn't work, look in your logs for some hints, and keep playing
with it until it works.
</p>
-
+
<hr>
<a id="three"></a>
<h2><a class="anchor" href="#three">Step Three: More advanced tips</a></h2>
<br>
-
+
<p>If you plan to keep your service available for a long time, you might
want to make a backup copy of the <var>private_key</var> file somewhere.
</p>
-
+
<p>We avoided recommending Apache above, a) because many people might
already be running it for a public web server on their computer, and b)
because it's big
@@ -213,7 +210,7 @@
somebody make us a checklist of ways to lock down your Apache when you're
using it as a hidden service? Savant probably has these problems too.
</p>
-
+
<p>If you want to forward multiple virtual ports for a single hidden
service, just add more <var>HiddenServicePort</var> lines.
If you want to run multiple hidden services from the same Tor
@@ -221,16 +218,16 @@
<var>HiddenServicePort</var> lines refer to this <var>HiddenServiceDir</var> line, until
you add another <var>HiddenServiceDir</var> line:
</p>
-
+
<pre>
HiddenServiceDir /usr/local/etc/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:8080
-
+
HiddenServiceDir /usr/local/etc/tor/other_hidden_service/
HiddenServicePort 6667 127.0.0.1:6667
HiddenServicePort 22 127.0.0.1:22
</pre>
-
+
<p>There are some anonymity issues you should keep in mind too:
</p>
<ul>
@@ -242,9 +239,9 @@
won't be either. This leaks information to an observant adversary.</li>
<!-- increased risks over time -->
</ul>
-
+
<hr>
-
+
<p>If you have suggestions for improving this document, please <a
href="<page about/contact>">send them to us</a>. Thanks!</p>
</div>
More information about the tor-commits
mailing list