2005-07-23 00:23:45 +02:00
|
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
|
|
|
|
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
|
|
|
|
|
|
|
|
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
|
|
|
|
<head>
|
|
|
|
<title>Tor Hidden Service Configuration Instructions</title>
|
|
|
|
<meta name="Author" content="Roger Dingledine" />
|
|
|
|
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
|
|
|
|
<link rel="stylesheet" type="text/css" href="/stylesheet.css" />
|
|
|
|
<link rel="shortcut icon" type="image/x-icon" href="/favicon.ico" />
|
|
|
|
</head>
|
|
|
|
|
|
|
|
<body>
|
|
|
|
|
|
|
|
<!-- TITLE BAR & NAVIGATION -->
|
|
|
|
|
|
|
|
<table class="banner" border="0" cellpadding="0" cellspacing="0">
|
|
|
|
<tr>
|
|
|
|
<td class="banner-left"></td>
|
|
|
|
<td class="banner-middle">
|
|
|
|
<a href="/index.html">Home</a>
|
|
|
|
| <a href="/howitworks.html">How It Works</a>
|
|
|
|
| <a href="/download.html">Download</a>
|
|
|
|
| <a href="/documentation.html">Docs</a>
|
|
|
|
| <a href="/users.html">Users</a>
|
|
|
|
| <a href="/faq.html">FAQs</a>
|
|
|
|
| <a href="/volunteer.html">Volunteer</a>
|
|
|
|
| <a href="/developers.html">Developers</a>
|
|
|
|
| <a href="/research.html">Research</a>
|
|
|
|
| <a href="/people.html">People</a>
|
|
|
|
</td>
|
|
|
|
<td class="banner-right"></td>
|
|
|
|
</tr>
|
|
|
|
</table>
|
|
|
|
|
|
|
|
<!-- END TITLE BAR & NAVIGATION -->
|
|
|
|
|
|
|
|
<div class="center">
|
|
|
|
|
|
|
|
<div class="main-column">
|
|
|
|
|
|
|
|
<h1>Configuring Hidden Services for <a href="http://tor.eff.org/">Tor</a></h1>
|
|
|
|
<hr />
|
|
|
|
|
|
|
|
<p>Tor allows clients and servers to offer hidden services. That is,
|
|
|
|
you can offer a web server, SSH server, etc., without revealing your
|
|
|
|
IP to its users. In fact, because you don't need any public address,
|
|
|
|
you can run a hidden service from behind your firewall.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<p>This howto describes the steps for setting up your own hidden service
|
|
|
|
website.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<hr />
|
|
|
|
<a name="zero"></a>
|
|
|
|
<h3>Step Zero: Get Tor and Privoxy working</h3>
|
|
|
|
|
|
|
|
<p>Before you start, you need to make sure 1) Tor is up and running,
|
|
|
|
2) Privoxy is up and running, 3) Privoxy is configured to point
|
|
|
|
to Tor, and 4) You actually set it up correctly.</p>
|
|
|
|
|
|
|
|
<p>Windows users should follow the <a
|
|
|
|
href="http://tor.eff.org/doc/tor-doc-win32.html">Windows
|
|
|
|
howto</a>, and OS X users should follow the <a
|
|
|
|
href=http://tor.eff.org/doc/tor-doc-osx.html">OS
|
|
|
|
X howto</a>. Other users can find some hints <a
|
|
|
|
href="http://tor.eff.org/doc/tor-doc.html#installing">here</a>.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<p>Once you've got Tor and Privoxy installed and configured,
|
|
|
|
you can see hidden services in action by clicking on <a
|
|
|
|
href="http://6sxoyfb3h2nvok2d.onion/">the hidden wiki</a>
|
|
|
|
in your browser. It will typically take 10-60 seconds to load
|
|
|
|
(or to decide that it is currently unreachable). If it fails
|
|
|
|
immediately and your browser pops up an alert saying that that
|
|
|
|
"www.6sxoyfb3h2nvok2d.onion could not be found, please check the name and
|
|
|
|
try again" then you haven't configured Tor and Privoxy correctly; see <a
|
|
|
|
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ItDoesntWork">this
|
|
|
|
FAQ entry</a> for some help.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<hr />
|
|
|
|
<a name="one"></a>
|
|
|
|
<h3>Step One: Configure an example hidden service</h3>
|
|
|
|
|
|
|
|
<p>In this step, you're going to configure a hidden service that points
|
|
|
|
to www.google.com. This way we can make sure you've gotten this step
|
|
|
|
working before we start thinking about setting up a web server locally.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<p>First, open your torrc file in your favorite text editor. (See <a
|
|
|
|
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#torrc">this
|
|
|
|
FAQ entry</a> to learn what this means.) Go to the middle section and
|
2005-07-23 10:07:58 +02:00
|
|
|
look for the line</p>
|
|
|
|
|
|
|
|
<pre>
|
|
|
|
############### This section is just for location-hidden services ###
|
|
|
|
</pre>
|
2005-07-23 00:23:45 +02:00
|
|
|
|
|
|
|
<p>
|
|
|
|
This section of the file consists of groups of lines, each representing
|
|
|
|
one hidden service. Right now they are all commented out (the lines
|
|
|
|
start with #), so now hidden services are enabled. Each group of lines
|
|
|
|
consists of one HiddenServiceDir line, and one or more HiddenServicePort
|
|
|
|
lines:</p>
|
|
|
|
<ul>
|
|
|
|
<li><b>HiddenServiceDir</b> is a directory where Tor will store information
|
|
|
|
about that hidden service. In particular, Tor will create a file here named
|
|
|
|
<i>hostname</i> which will tell you the onion URL. You don't need to add any
|
|
|
|
files to this directory.</li>
|
|
|
|
<li><b>HiddenServicePort</b> lets you specify a virtual port (that is, what
|
|
|
|
port people accessing the hidden service will think they're using) and an
|
|
|
|
IP address and port for redirecting connections to this virtual port.</li>
|
|
|
|
</ul>
|
|
|
|
|
|
|
|
<p>In this example, we're going to set up a hidden service that points to
|
|
|
|
Google. So add the following lines to your torrc:
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<pre>
|
2005-07-23 10:07:58 +02:00
|
|
|
HiddenServiceDir /home/username/hidserv/
|
|
|
|
HiddenServicePort 80 www.google.com:80
|
|
|
|
</pre>
|
|
|
|
|
|
|
|
<p>You're going to want to change the HiddenServiceDir line, so it
|
|
|
|
points to an actual directory that you have read/write access to. Fill
|
|
|
|
in your own username in place of "username". For
|
|
|
|
example, in Windows you might pick:</p>
|
|
|
|
<pre>
|
|
|
|
HiddenServiceDir C:\Documents and Settings\username\hidden_service/
|
2005-07-23 00:23:45 +02:00
|
|
|
HiddenServicePort 80 www.google.com:80
|
|
|
|
</pre>
|
|
|
|
|
2005-07-23 10:07:58 +02:00
|
|
|
<p>Now save the torrc, and restart your Tor.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<p>If Tor starts up again, great. Otherwise, something is wrong. Look
|
|
|
|
at your torrc for obvious mistakes like typos. Then double-check
|
|
|
|
that the directory you picked is writeable by you. If it's still
|
|
|
|
not working, you should look at the Tor logs for hints. (See <a
|
|
|
|
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#Logs">this
|
|
|
|
FAQ entry</a> if you don't know how to enable or find your log file.)
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<p>When Tor starts, it will automatically create two files in the
|
|
|
|
HiddenServiceDir that you specified. First, it will generate a new
|
|
|
|
public/private keypair for your hidden service, and write it into a
|
|
|
|
file called "private_key". Don't share this key with others -- if you
|
|
|
|
do they will be able to impersonate your hidden service. If you plan to
|
|
|
|
keep your service available for a long time, you might want to make a
|
|
|
|
backup copy of the private_key somewhere.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<p>The other file it will create is called "hostname". This contains
|
|
|
|
a short summary of your public key -- it will look something like
|
|
|
|
<tt>6sxoyfb3h2nvok2d.onion</tt>. This is the public name for your service,
|
|
|
|
and you can tell it to people, publish it on websites, put it on business
|
|
|
|
cards, etc.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<p>Now that you've restarted Tor, it is busy picking introduction points
|
|
|
|
in the Tor network, and generating what's called a "hidden service
|
|
|
|
descriptor", which is a signed list of introduction points along with
|
|
|
|
the service's full public key. It anonymously publishes this descriptor
|
|
|
|
to the directory servers, and other people anonymously fetch it from the
|
|
|
|
directory servers when they're trying to access your service.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<p>Try it now: paste the contents of the hostname file into your web
|
|
|
|
browser. If it works, you'll get the google frontpage, but the URL in your
|
|
|
|
browser's window will be your hidden service hostname. If it doesn't work,
|
|
|
|
look in your logs for some hints, and keep playing with it until it works.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<hr />
|
|
|
|
<a name="two"></a>
|
|
|
|
<h3>Step Two: Now install a web server locally</h3>
|
|
|
|
|
|
|
|
<p>Now that you've got hidden services working on Tor, you need to
|
|
|
|
set up your web server locally. Setting up a web server is tricky,
|
|
|
|
so we're just going to go over a few basics here. If you get stuck
|
|
|
|
or want to do more, find a friend who can help you.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<p>If you're on Unix or OS X and you're comfortable with
|
|
|
|
the command-line, by far the best way to go is to install <a
|
|
|
|
href="http://www.acme.com/software/thttpd/">thttpd</a>. Just grab the
|
|
|
|
latest tarball, untar it (it will create its own directory), and run
|
|
|
|
./configure && make. Then mkdir hidserv, cd hidserv, and run
|
|
|
|
"../thttpd -p 5222 -h localhost". Wham, you're running a webserver on
|
|
|
|
port 5222. You can put files to serve in the hidserv directory.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<p>If you're on Windows, ...
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
|
|
<hr />
|
|
|
|
<a name="three"></a>
|
|
|
|
<h3>Step Three: Connect your web server to your hidden service</h3>
|
|
|
|
|
|
|
|
<p>This part is very simple. Open up your torrc again, and change the
|
|
|
|
HiddenServicePort line from "www.google.com:80" to "localhost:5222".
|
|
|
|
Then restart Tor. Make sure that it's working by reloading your hidden
|
|
|
|
service hostname in your browser.
|
|
|
|
</p>
|
2005-07-23 00:23:45 +02:00
|
|
|
|
|
|
|
<hr />
|
|
|
|
|
|
|
|
<p>If you have suggestions for improving this document, please <a
|
|
|
|
href="mailto:tor-bugs@freehaven.net">send them to us</a>. Thanks!</p>
|
|
|
|
|
|
|
|
</div><!-- #main -->
|
|
|
|
</div>
|
|
|
|
<div class="bottom" id="bottom">
|
|
|
|
<i><a href="mailto:tor-webmaster@freehaven.net"
|
|
|
|
class="smalllink">Webmaster</a></i> - $Id: overview.html,v 1.37
|
|
|
|
2005/07/15 22:19:37 arma Exp $
|
|
|
|
</div>
|
|
|
|
</body>
|
|
|
|
</html>
|
|
|
|
|