more tips

svn:r4652

1 files changed, 50 insertions, 5 deletions

diff --git a/doc/tor-hidden-service.html b/doc/tor-hidden-service.html
index c1f00ce0ab..5680ab21f1 100644
--- a/doc/tor-hidden-service.html
+++ b/doc/tor-hidden-service.html
@@ -44,7 +44,7 @@
 
 <p>Tor allows clients and servers to offer hidden services. That is,
 you can offer a web server, SSH server, etc., without revealing your
-IP to its users. In fact, because you don't need any public address,
+IP to its users. In fact, because you don't use any public address,
 you can run a hidden service from behind your firewall.
 </p>
 
@@ -147,9 +147,7 @@ FAQ entry</a> if you don't know how to enable or find your log file.)
 HiddenServiceDir that you specified. First, it will generate a new
 public/private keypair for your hidden service, and write it into a
 file called "private_key". Don't share this key with others -- if you
-do they will be able to impersonate your hidden service. If you plan to
-keep your service available for a long time, you might want to make a
-backup copy of the private_key somewhere.
+do they will be able to impersonate your hidden service.
 </p>
 
 <p>The other file it will create is called "hostname". This contains
@@ -193,7 +191,13 @@ and now you're running a webserver on port 5222. You can put files to
 serve in the hidserv directory.
 </p>
 
-<p>If you're on Windows, ...
+<p>If you're on Windows, ...what should we suggest here? Is there
+a good simple free software web server for Windows? Please
+let me know what we should say here. In the meantime,
+check out <a href="http://httpd.apache.org/">apache</a> or
+<a href="http://savant.sourceforge.net/">savant</a>, and be sure to
+configure them to bind only to localhost. You should also figure out
+what port you're listening on, because you'll use it below.
 </p>
 
 
@@ -208,6 +212,47 @@ service hostname in your browser.
 </p>
 
 <hr />
+<a name="four"></a>
+<h3>Step Four: More advanced tips</h3>
+
+<p>If you plan to keep your service available for a long time, you might
+want to make a backup copy of the private_key somewhere.
+</p>
+
+<p>We avoided recommending Apache above, a) because many people might
+already be running it for a public server, and b) because it's big
+and has lots of places where it might reveal your IP address or other
+identifying information, for example in 404 pages. For people who need
+more functionality, though, Apache may still be the right answer. Can
+somebody make us a checklist of ways to lock down your Apache when you're
+using it as a hidden service?
+</p>
+
+<p>If you want to forward multiple virtual ports for a single hidden
+service, just add more HiddenServicePort lines.
+</p>
+
+<p>If you want to run multiple hidden services from the same Tor
+client, just add another HiddenServiceDir line. All the following
+HiddenServicePort lines refer to this HiddenServiceDir line, until
+you add another HiddenServiceDir line.
+</p>
+
+<p>There are some anonymity issues you should keep in mind too:
+</p>
+<ul>
+<li>As mentioned above, be careful of letting your web server reveal
+identifying information about you, your computer, or your location.
+For example, readers can probably determine whether it's thttpd or
+Apache, and learn something about your operating system.</li>
+<li>If your computer isn't online all the time, your hidden service
+won't be either. This leaks information to an observant adversary.</li>
+<!-- increased risks over time -->
+</ul>
+
+
+
+<hr />
 
 <p>If you have suggestions for improving this document, please <a
 href="mailto:tor-bugs@freehaven.net">send them to us</a>. Thanks!</p>