summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorThomas Sjögren <thomas@northernsecurity.net>2005-05-15 00:04:32 +0000
committerThomas Sjögren <thomas@northernsecurity.net>2005-05-15 00:04:32 +0000
commit4e92a0afea3a2321d38de15ec2defdb5145d4be4 (patch)
tree8b9bba1cddd821891cc86fca609a204242b7cc39 /doc
parent3a69011d5e472977e82d32973d1f2c4c10a33b28 (diff)
downloadtor-4e92a0afea3a2321d38de15ec2defdb5145d4be4.tar.gz
tor-4e92a0afea3a2321d38de15ec2defdb5145d4be4.zip
Added how to set up a hidden service. Thanks Tyranix.
svn:r4211
Diffstat (limited to 'doc')
-rw-r--r--doc/tor-doc.html60
1 files changed, 59 insertions, 1 deletions
diff --git a/doc/tor-doc.html b/doc/tor-doc.html
index db689bdb86..6fc55934d1 100644
--- a/doc/tor-doc.html
+++ b/doc/tor-doc.html
@@ -386,11 +386,14 @@ otherwise it is listed only by its fingerprint.</p>
<a name="hidden-service"></a>
<h2>Configuring a hidden service</h2>
-<p>Tor allows clients and servers to offer <em>hidden services</em>. That
+<p>Tor allows clients and servers to offer hidden services. That
is, you can offer an apache, sshd, etc, without revealing your IP to its
users. This works via Tor's rendezvous point design: both sides build
a Tor circuit out, and they meet in the middle.</p>
+<p>Using the built-in redirection (see below), it is possible to have a
+server setup on localhost and only remote Tor connections can access it.</p>
+
<p>If you're using Tor and <a href="http://www.privoxy.org/">Privoxy</a>,
you can <a href="http://6sxoyfb3h2nvok2d.onion/">go to the hidden wiki</a>
to see hidden services in action.</p>
@@ -402,6 +405,61 @@ create each HiddenServiceDir you have configured, and it will create a
can tell people the url, and they can connect to it via their Tor client,
assuming they're using a proxy (such as Privoxy) that speaks SOCKS 4A.</p>
+<p>Assume you want to have a hidden service to allow people to access your
+Apache http server through tor. By doing this, they can access your server
+but won't know who they are connecting to. You want them to access your
+Apache server using the standard port 80. However, your Apache
+server is actually running on port 8080 so it needs to be
+redirected.</p>
+
+<p><b>HiddenServiceDir</b> is a directory where Tor will store information
+about that hidden service. In particular, it will store a file here named
+<i>hostname</i> which will tell you the onion URL. You don't need to add any
+files to this directory.</p>
+
+<p><b>HiddenServicePort</b> is where you specify a virtual port and where
+it should be redirected to. For instance, you tell tor there's a virtual
+port 80 and then redirect traffic to your local webserver at
+127.0.0.1:8080.</p>
+
+<p>Example lines from a torrc file</p>
+
+<pre>
+HiddenServiceDir /usr/local/etc/tor/hidden_service/
+HiddenServicePort 80 127.0.0.1:8080
+</pre>
+
+<p>This tells tor to store its files in <tt>/usr/local/etc/tor/hidden_service/</tt>
+and allow people to connect to your onion address on port 80. It
+will then redirect requests to your localhost webserver on port 8080.
+</p>
+
+<p>To let people access your hidden service, look at the file
+<tt>/usr/local/etc/tor/hidden_service/hostname</tt> which will tell you what the
+hostname is (such as xyz.onion). Then, as long as they have tor and privoxy
+configured, they can access your webserver with a web browser by connecting
+to http://xyz.onion.</p>
+
+<p>You can have multiple tor hidden services by repeating Dir and Ports:</p>
+
+<pre>
+HiddenServiceDir /usr/local/etc/tor/hidden_service/
+HiddenServicePort 80 127.0.0.1:8080
+
+HiddenServiceDir /usr/local/etc/tor/other_hidden_service/
+HiddenServicePort 6667 127.0.0.1:6667
+HiddenServicePort 22 127.0.0.1:22
+</pre>
+
+<p>The above example will allow people to connect to the hostname in
+<tt>/usr/local/etc/tor/hidden_service/hostname</tt> for an HTTP server and
+to a different hostname in
+<tt>/usr/local/etc/tor/other_hidden_service/hostname</tt> for an IRC and
+SSH server.</p>
+
+<p>To an end user, this appears to be two separate hosts with one running an
+HTTP server and another running an IRC/SSH server.</p>
+
<a name="own-network"></a>
<h2>Setting up your own network</h2>