[tor-onions] CMS in onion services?
Fabio Pietrosanti (naif) - lists
lists at infosecurity.ch
Mon Apr 30 07:28:12 UTC 2018
On 28/04/2018 13:31, Jason S. Evans wrote:
> Hi all,
>
> The way that I see it, there are two different ways to think about
> running applications like a CMS in an onion site.
>
> 1. If you are a non-profit or some other org/person who doesn't care if
> visitors know who they are, but they want their visitors privacy to be
> protected.
>
> 2. You both want your privacy and your visitors privacy to be
> protected.
>
> I'm looking for suggestions for both of these two categories. The
> easiest, I think would be to just host flat html files on a hardened
> web server, but that is both tedious and ugly (unless you are really
> good at html). I's prefer something a but more automated.
GlobaLeaks embedd a webserver based on Twisted framework, integrate
txtorcon for automatic generation of onion address and also LetsEncrypt
to have HTTPS (on the internet-side, if required), everything
apparmored, debian packaged, etc
In upcoming weeks we are going to deploy a project that require hosting
of a self-contained html-only files for a foundation that provide
psychological support to child pornographer on .onion.
As we already have all of those facilities in-place, with GlobaLeaks
already serving static files from /public/ directory, include URL
redirection and multi-sites with multi-hostname configuration, admin UI
interface to make upload/download of static files in the public
directory, we are considering the options to make some improvements to
facilitate it's uses for that small CMS for .onion.
Do you think it would be useful to get a 1-cmdline install
self-contained software like GlobaLeaks, disabling the "whistleblowing"
functionalities, leaving all of the rest in-place as a static, hardened
webserver for .onion, with mutiple-site and a web-admin interface?
Fabio
More information about the tor-onions
mailing list