curben
/
blog
mirror of https://gitlab.com/curben/blog
1
0
Fork 0
Code Issues Releases Wiki Activity

post(tor): snowflake

This commit is contained in:
Ming Di Leom 2022-07-31 11:40:04 +00:00
parent ae36b98fd9
commit b3a0a78826
No known key found for this signature in database
GPG Key ID: 32D3E28E96A695E8
1 changed files with 18 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
source/_posts/tor-hidden-onion-nixos.md
View File

@ -83,7 +83,7 @@ Run `# nixos-rebuild switch` and three important files will be generated in the
I set up another Caddy-powered reverse proxy which is separate from the {% post_link caddy-nixos-part-3 "mdleom.com's" %}. It's similar to [caddyProxy.nix](/blog/2020/03/14/caddy-nix-part-3/#caddyProxy.nix), except I replace "caddyProxy" with "caddyTor". This Nix file exposes `services.caddyTor` so that I can enable the Tor-related Caddy service from "configuration.nix".
``` plain /etc/caddy/CaddyTor.nix
``` nix /etc/caddy/CaddyTor.nix
{ config, lib, pkgs, ... }:
with lib;
@ -186,7 +186,7 @@ After you save the file to **/etc/caddy/CaddyTor.nix**, remember to restrict it
Create a new caddyFile in `/etc/caddy/caddyTor.conf` and starts with the following config:
```
``` Caddyfile
import common.conf
# Tor onion
@ -207,7 +207,7 @@ Update the onion address to the value shown in "[/var/lib/tor/onion/myOnion/host
The rest are similar to "[caddyProxy.conf](blog/2020/03/14/caddy-nix-part-3/#Complete-Caddyfile)". Content of "common.conf" is available at [this section](/blog/2020/03/14/caddy-nix-part-3/#Complete-Caddyfile).
``` plain /etc/caddy/caddyTor.conf
``` Caddyfile /etc/caddy/caddyTor.conf
import common.conf
# Tor onion
@ -230,7 +230,7 @@ There is another approach which has a much simpler Caddyfile, but it _doubles_ t
This is also suitable if you have a website that you can't root access.
```
``` Caddyfile
# Do not use this approach unless you are absolutely sure
http://xw226dvxac7jzcpsf4xb64r4epr6o5hgn46dxlqk7gnjptakik6xnzqd.onion:8080 {
bind ::1
@ -250,7 +250,7 @@ http://xw226dvxac7jzcpsf4xb64r4epr6o5hgn46dxlqk7gnjptakik6xnzqd.onion:8080 {
Start the Caddy service.
``` js /etc/nixos/configuration.nix
``` nix /etc/nixos/configuration.nix
require = [ /etc/caddy/caddyProxy.nix /etc/caddy/caddyTor.nix ];
services.caddyTor = {
enable = true;
@ -259,3 +259,16 @@ Start the Caddy service.
```
Tor hidden service needs some time to announce to the Tor network, wait for a few hours before trying your newfangled onion address.
## Snowflake proxy (optional)
[Snowflake](https://snowflake.torproject.org/) is an alternative method to connect to the Tor network, useful when connections to [entry nodes](https://metrics.torproject.org/rs.html#search/flag:Guard%20running:true) and [bridge](https://support.torproject.org/censorship/censorship-7/) have been restricted. Volunteers can run Snowflake proxy to enable people who are censored to use it to access the Tor network. Snowflake proxy is available in NixOS 22.05+.
``` nix /etc/nixos/configuration.nix
services.snowflake-proxy = {
enable = true;
capacity = 100;
};
```
`capacity` sets the maximum concurrent clients and there is no limit by default. I set `100` as a precaution. In my experience, on average there are 10-20 clients every hour, with a total 2 GB daily traffic for each direction (2 GB ingress & 2 GB egress). Assuming your VPS provider set a quota based on whichever direction is higher (like Vultr), expect less than 100 GB of monthly traffic.