[tor-dev] Putting onion services behind a third-party TCP proxy

teor teor at riseup.net
Tue Aug 20 05:59:36 UTC 2019

> On 20 Aug 2019, at 13:31, Pop Chunhapanya <pop at cloudflare.com> wrote:
> Hi Tim,
>> TCPProxy protocol host:port
>> Tor will use the given protocol to make all its OR (SSL) connections through a TCP proxy on host:port, rather than connecting directly to servers. You may want to set FascistFirewall to restrict the set of ports you might try to connect to, if your proxy only allows connecting to certain ports. There is no equivalent option for directory connections, because all Tor client versions that support this option download directory documents via OR connections.
>> The only protocol supported right now 'haproxy'. This option is only for clients. (Default: none)
> The other point that I want to make is that haproxy has 2 versions. I think it's better to also put the version number in the protocol name like 'haproxy1'.
> However I saw you already used 'haproxy' in the HiddenServiceExportCircuitID option.

I would be happy with "haproxy" and "haproxy2".

But minimal patches are good - let's not implement features that no-one is using.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20190820/769cdb40/attachment.html>

More information about the tor-dev mailing list