[tor-commits] [community/master] Update Onion-Locatio nginx example and torrc with unix socket

[gus at torproject.org]

commit 785f8968011f2b1f8746324f98eba4b77778a2f4
Author: gus <gus at torproject.org>
Date:   Tue Jun 2 12:35:52 2020 -0400

    Update Onion-Locatio nginx example and torrc with unix socket
---
 .../advanced/onion-location/contents.lr            | 32 +++++++++++++++++-----
 1 file changed, 25 insertions(+), 7 deletions(-)

diff --git a/content/onion-services/advanced/onion-location/contents.lr b/content/onion-services/advanced/onion-location/contents.lr
index 3c373a9..74664ab 100644
--- a/content/onion-services/advanced/onion-location/contents.lr
+++ b/content/onion-services/advanced/onion-location/contents.lr
@@ -82,9 +82,17 @@ Or open the website in Tor Browser and a purple pill will appear in the address
 
 ### Nginx
 
-To configure Onion-Location header, you will need to edit nginx website configuration file.
+To configure an Onion-Location header, the service operator should first configure an Onion service.
 
-**Step 1.** Edit website configuration file
+**Step 1.** Create an Onion service by setting the following in `torrc`:
+
+```
+HiddenServiceDir /var/lib/tor/hs-my-website/
+HiddenServiceVersion 3
+HiddenServicePort 80 unix:/var/run/tor-hs-my-website.sock
+```
+
+**Step 2.** Edit website configuration file
 
 In `/etc/nginx/conf.d/<your-website>.conf` add the Onion-Location header and the onion service address.
 For example:
@@ -113,7 +121,7 @@ server {
     listen 443 ssl http2;
     listen [::]:443 ssl http2;
 
-    server_name <your-website.tld> <your-onion-address.onion>;
+    server_name <your-website.tld>;
 
     # managed by Certbot - https://certbot.eff.org/
     ssl_certificate /etc/letsencrypt/live/<hostname>/fullchain.pem; 
@@ -125,7 +133,6 @@ server {
     add_header Onion-Location http://<your-onion-address>.onion$request_uri;
 
     # managed by Certbot
-
     include /etc/letsencrypt/options-ssl-nginx.conf;
     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 
@@ -138,9 +145,20 @@ server {
             try_files $uri $uri/ =404;
     }
 }
+
+server {
+        listen unix:/var/run/tor-hs-my-website.sock;
+
+        server_name <your-onion-address>.onion;
+
+        access_log /var/log/nginx/hs-my-website.log;
+
+        index index.html;
+        root /path/to/htdocs;
+}
 ```
 
-**Step 2.** Test website configuration
+**Step 3.** Test website configuration
 
      $ sudo nginx -t
 
@@ -151,13 +169,13 @@ nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
 nginx: configuration file /etc/nginx/nginx.conf test is successful
 ```
 
-**Step 3.** Restart nginx
+**Step 4.** Restart nginx
 
      $ sudo nginx -s reload
 
 If you get an error message, something has gone wrong and you cannot continue until you've figured out why this didn't work. 
 
-**Step 4.** Testing your Onion-Location
+**Step 5.** Testing your Onion-Location
 
 To test if the Onion-Location is working, fetch the web site HTTP headers, for example: