curben
/
blog
mirror of https://gitlab.com/curben/blog
1
0
Fork 0
Code Issues Releases Wiki Activity

post(tor-nixos): mention nat traversal

This commit is contained in:
MDLeom 2020-03-16 07:41:38 +00:00
parent d8a75f00f2
commit e46e443adc
No known key found for this signature in database
GPG Key ID: 5D9DB57A25D34EE3
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
source/_posts/tor-hidden-onion-nixos.md
View File

@ -60,6 +60,7 @@ The first step is to bring up a Tor hidden service to get an onion address. Add
3. Set the `version` to 3, which is a [more secure](https://trac.torproject.org/projects/tor/wiki/doc/NextGenOnions#Howtoconnecttothetesthubfornextgenonionservices) version. The most noticable difference is that the generated onion address will be 56-character long, which is much longer than v2's 16-character. Tor already defaults to v3 since 0.3.5, but I set it just to make sure. 3. Set the `version` to 3, which is a [more secure](https://trac.torproject.org/projects/tor/wiki/doc/NextGenOnions#Howtoconnecttothetesthubfornextgenonionservices) version. The most noticable difference is that the generated onion address will be 56-character long, which is much longer than v2's 16-character. Tor already defaults to v3 since 0.3.5, but I set it just to make sure.
4. `port` is to set the port number that the hidden service binds to. Recommend to set it to port **80**. 4. `port` is to set the port number that the hidden service binds to. Recommend to set it to port **80**.
* If you set it to "1234", visitor needs to specify the port number to browse your site, e.g. http://foobar.onion:1234 * If you set it to "1234", visitor needs to specify the port number to browse your site, e.g. http://foobar.onion:1234
* There is no need to grant CAP_NET_BIND_SERVICE capability nor open port 80. Tor has NAT traversal capability and can function without opening any inbound port.
5. `toHost` is location of your web server. In my case, it is the IPv6 loopback **[::1]**. If your server supports IPv4 (mine doesn't), you can set it to "127.0.0.1" or "localhost". If it's an IPv6 address, you need to wrap the address with square brackets **[]**. 5. `toHost` is location of your web server. In my case, it is the IPv6 loopback **[::1]**. If your server supports IPv4 (mine doesn't), you can set it to "127.0.0.1" or "localhost". If it's an IPv6 address, you need to wrap the address with square brackets **[]**.
6. `toPort` is the port number of your web server listens to. The [next section](#caddyTor.nix) shows how to set up the web server yet. 6. `toPort` is the port number of your web server listens to. The [next section](#caddyTor.nix) shows how to set up the web server yet.
7. `extraConfig` is optional. The options I use here are only applicable if the server is IPv6 only. 7. `extraConfig` is optional. The options I use here are only applicable if the server is IPv6 only.