7df8a8b72070c3cc1a619edfba5b0524f66c40d7
Roger Dingledine whoops, i missed a whole do...

Roger Dingledine authored 18 years ago

1) ## translation metadata
2) # Revision: $Revision$
Roger Dingledine add some more translation p...

Roger Dingledine authored 17 years ago

3) # Translation-Priority: 3-low
Roger Dingledine whoops, i missed a whole do...

Roger Dingledine authored 18 years ago

4) 
Roger Dingledine stop prefacing everything w...

Roger Dingledine authored 16 years ago

5) #include "head.wmi" TITLE="Tor: Hidden Service Configuration Instructions"
Roger Dingledine whoops, i missed a whole do...

Roger Dingledine authored 18 years ago

6) 
7) <div class="center">
8) 
9) <div class="main-column">
10) 
11) <h1>Configuring Hidden Services for <a href="<page index>">Tor</a></h1>
12) <hr />
13) 
Roger Dingledine continue the great relay te...

Roger Dingledine authored 17 years ago

14) <p>Tor allows clients and relays to offer hidden services. That is,
Roger Dingledine whoops, i missed a whole do...

Roger Dingledine authored 18 years ago

15) you can offer a web server, SSH server, etc., without revealing your
Roger Dingledine Get rid of the dangerous in...

Roger Dingledine authored 17 years ago

16) IP address to its users. In fact, because you don't use any public address,
Roger Dingledine whoops, i missed a whole do...

Roger Dingledine authored 18 years ago

17) you can run a hidden service from behind your firewall.
18) </p>
19) 
20) <p>If you have Tor and Privoxy installed, you can see hidden services
Roger Dingledine an example hidden service t...

Roger Dingledine authored 17 years ago

21) in action by visiting <a href="http://duskgytldkxiuqc6.onion/">an
22) example hidden service</a>.
Roger Dingledine whoops, i missed a whole do...

Roger Dingledine authored 18 years ago

23) </p>
24) 
25) <p>This howto describes the steps for setting up your own hidden service
Jan Reister add cross reference to hidd...

Jan Reister authored 15 years ago

26) website. For the technical details of how the hidden service protocol
27) works, see our <a href="<page hidden-services>">hidden service protocol</a> page.
Roger Dingledine whoops, i missed a whole do...

Roger Dingledine authored 18 years ago

28) </p>
29) 
30) <hr />
31) <a id="zero"></a>
32) <h2><a class="anchor" href="#zero">Step Zero: Get Tor and Privoxy working</a></h2>
33) <br />
34) 
Jens Kubieziel - HTML-ized the document a...

Jens Kubieziel authored 17 years ago

35) <p>Before you start, you need to make sure:</p>
36) <ol>
37) <li>Tor is up and running,</li>
38) <li>Privoxy is up and running,</li>
Runa A. Sandvik closed tags

Runa A. Sandvik authored 15 years ago

39) <li>Privoxy is configured to point to Tor and</li>
Jens Kubieziel - HTML-ized the document a...

Jens Kubieziel authored 17 years ago

40) <li>You actually set it up correctly.</li>
41) </ol>
42) 
Roger Dingledine whoops, i missed a whole do...

Roger Dingledine authored 18 years ago

43) 
44) <p>Windows users should follow the <a
Roger Dingledine and change the links

Roger Dingledine authored 16 years ago

45) href="<page docs/tor-doc-windows>">Windows
Roger Dingledine whoops, i missed a whole do...

Roger Dingledine authored 18 years ago

46) howto</a>, OS X users should follow the <a
47) href="<page docs/tor-doc-osx>">OS
48) X howto</a>, and Linux/BSD/Unix users should follow the <a
49) href="<page docs/tor-doc-unix>">Unix howto</a>.
50) </p>
51) 
52) <p>Once you've got Tor and Privoxy installed and configured,
53) you can see hidden services in action by following this link to <a
yGREK Heretix minor fix : duskgytldkxiuqc...

yGREK Heretix authored 17 years ago

54) href="http://duskgytldkxiuqc6.onion/">an example hidden service</a>.
Roger Dingledine whoops, i missed a whole do...

Roger Dingledine authored 18 years ago

55) It will typically take 10-60 seconds to load
56) (or to decide that it is currently unreachable). If it fails
57) immediately and your browser pops up an alert saying that
Roger Dingledine fix typo found by ruben

Roger Dingledine authored 17 years ago

58) "www.duskgytldkxiuqc6.onion could not be found, please check the name and
Roger Dingledine whoops, i missed a whole do...

Roger Dingledine authored 18 years ago

59) try again" then you haven't configured Tor and Privoxy correctly; see <a
Roger Dingledine patch from ararat to update...

Roger Dingledine authored 16 years ago

60) href="https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#ItDoesntWork">the
Roger Dingledine Get rid of the dangerous in...

Roger Dingledine authored 17 years ago

61) it-doesn't-work FAQ entry</a> for some help.
Roger Dingledine whoops, i missed a whole do...

Roger Dingledine authored 18 years ago

62) </p>
63) 
64) <hr />
65) <a id="one"></a>
Roger Dingledine Get rid of the dangerous in...

Roger Dingledine authored 17 years ago

66) <h2><a class="anchor" href="#one">Step One: Install a web server locally</a></h2>
Roger Dingledine whoops, i missed a whole do...

Roger Dingledine authored 18 years ago

67) <br />
68) 
Roger Dingledine Get rid of the dangerous in...

Roger Dingledine authored 17 years ago

69) <p>First, you need to set up a web server locally. Setting up a web
70) server can be tricky,
71) so we're just going to go over a few basics here. If you get stuck
72) or want to do more, find a friend who can help you. We recommend you
73) install a new separate web server for your hidden service, since even
74) if you already have one installed, you may be using it (or want to use
75) it later) for an actual website.
76) </p>
77) 
78) <p>If you're on Unix or OS X and you're comfortable with
79) the command-line, by far the best way to go is to install <a
80) href="http://www.acme.com/software/thttpd/">thttpd</a>. Just grab the
81) latest tarball, untar it (it will create its own directory), and run
Jens Kubieziel - HTML-ized the document a...

Jens Kubieziel authored 17 years ago

82) <kbd>./configure &amp;&amp; make</kbd>. Then <kbd>mkdir hidserv; cd
83) hidserv</kbd>, and run
84) <kbd>../thttpd -p 5222 -h localhost</kbd>. It will give you back your prompt,
Roger Dingledine Get rid of the dangerous in...

Roger Dingledine authored 17 years ago

85) and now you're running a webserver on port 5222. You can put files to
86) serve in the hidserv directory.
87) </p>
88) 
89) <p>If you're on Windows, you might pick <a
90) href="http://savant.sourceforge.net/">Savant</a> or <a
91) href="http://httpd.apache.org/">Apache</a>, and be sure to configure it
92) to bind only to localhost. You should also figure out what port you're
93) listening on, because you'll use it below.
94) </p>
95) 
96) <p>(The reason we bind the web server only to localhost is to make
97) sure it isn't publically accessible. If people could get to it directly,
98) they could confirm that your computer is the one offering the hidden
99) service.)
100) </p>
101) 
102) <p>Once you've got your web server set up, make sure it works: open your
103) browser and go to <a
104) href="http://localhost:5222/">http://localhost:5222/</a>, where 5222 is
105) the port that you picked above. Then try putting a file in the main html
106) directory, and make sure it shows up when you access the site.
107) </p>
108) 
109) <hr />
110) <a id="two"></a>
111) <h2><a class="anchor" href="#two">Step Two: Configure your hidden service</a></h2>
112) <br />
113) 
114) <p>Next, you need to configure your hidden service to point to your
115) local web server.
Roger Dingledine whoops, i missed a whole do...

Roger Dingledine authored 18 years ago

116) </p>
117) 
118) <p>First, open your torrc file in your favorite text editor. (See <a
Roger Dingledine patch from ararat to update...

Roger Dingledine authored 16 years ago

119) href="https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#torrc">the
Roger Dingledine Get rid of the dangerous in...

Roger Dingledine authored 17 years ago

120) torrc FAQ entry</a> to learn what this means.) Go to the middle section and
Roger Dingledine whoops, i missed a whole do...

Roger Dingledine authored 18 years ago

121) look for the line</p>
122) 
123) <pre>
Roger Dingledine and resolve the other use-o...

Roger Dingledine authored 18 years ago

124) \############### This section is just for location-hidden services ###
Roger Dingledine whoops, i missed a whole do...

Roger Dingledine authored 18 years ago

125) </pre>
126) 
127) <p>
128) This section of the file consists of groups of lines, each representing
129) one hidden service. Right now they are all commented out (the lines
130) start with #), so hidden services are disabled. Each group of lines
Jens Kubieziel - HTML-ized the document a...

Jens Kubieziel authored 17 years ago

131) consists of one <var>HiddenServiceDir</var> line, and one or more
132) <var>HiddenServicePort</var> lines:</p>
Roger Dingledine whoops, i missed a whole do...

Roger Dingledine authored 18 years ago

133) <ul>
Jens Kubieziel - HTML-ized the document a...

Jens Kubieziel authored 17 years ago

134) <li><var>HiddenServiceDir</var> is a directory where Tor will store information
Roger Dingledine whoops, i missed a whole do...

Roger Dingledine authored 18 years ago

135) about that hidden service.  In particular, Tor will create a file here named
Jens Kubieziel - HTML-ized the document a...

Jens Kubieziel authored 17 years ago

136) <var>hostname</var> which will tell you the onion URL.  You don't need to add any
Roger Dingledine whoops, i missed a whole do...

Roger Dingledine authored 18 years ago

137) files to this directory.</li>
Jens Kubieziel - HTML-ized the document a...

Jens Kubieziel authored 17 years ago

138) <li><var>HiddenServicePort</var> lets you specify a virtual port (that is, what
Roger Dingledine whoops, i missed a whole do...

Roger Dingledine authored 18 years ago

139) port people accessing the hidden service will think they're using) and an
140) IP address and port for redirecting connections to this virtual port.</li>
141) </ul>
142) 
Roger Dingledine Get rid of the dangerous in...

Roger Dingledine authored 17 years ago

143) <p>Add the following lines to your torrc:
Roger Dingledine whoops, i missed a whole do...

Roger Dingledine authored 18 years ago

144) </p>
145) 
146) <pre>
147) HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/
Roger Dingledine Get rid of the dangerous in...

Roger Dingledine authored 17 years ago

148) HiddenServicePort 80 127.0.0.1:5222
Roger Dingledine whoops, i missed a whole do...

Roger Dingledine authored 18 years ago

149) </pre>
150) 
Jens Kubieziel - HTML-ized the document a...

Jens Kubieziel authored 17 years ago

151) <p>You're going to want to change the <var>HiddenServiceDir</var> line, so it points
Roger Dingledine whoops, i missed a whole do...

Roger Dingledine authored 18 years ago

152) to an actual directory that is readable/writeable by the user that will
153) be running Tor. The above line should work if you're using the OS X Tor
154) package. On Unix, try "/home/username/hidserv/" and fill in your own
155) username in place of "username". On Windows you might pick:</p>
156) <pre>
Roger Dingledine repair the tor hidden servi...

Roger Dingledine authored 18 years ago

157) HiddenServiceDir C:\Documents and Settings\username\Application Data\hidden_service\\
Roger Dingledine Get rid of the dangerous in...

Roger Dingledine authored 17 years ago

158) HiddenServicePort 80 127.0.0.1:5222
Roger Dingledine whoops, i missed a whole do...

Roger Dingledine authored 18 years ago

159) </pre>
160) 
161) <p>Now save the torrc, shut down
Roger Dingledine Get rid of the dangerous in...

Roger Dingledine authored 17 years ago

162) your Tor, and then start it again.
Roger Dingledine whoops, i missed a whole do...

Roger Dingledine authored 18 years ago

163) </p>
164) 
Jens Kubieziel - HTML-ized the document a...

Jens Kubieziel authored 17 years ago

165) <p>If Tor starts up again, great. Otherwise, something is wrong. First look at
166) your logfiles for hints. It will print some warnings or error messages. That
167) should give you an idea what went wrong. Typically there are typos in the torrc
168) or wrong directory permissions (See <a
Roger Dingledine patch from ararat to update...

Roger Dingledine authored 16 years ago

169) href="https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#Logs">the
Roger Dingledine Get rid of the dangerous in...

Roger Dingledine authored 17 years ago

170) logging FAQ entry</a> if you don't know how to enable or find your
171) log file.)
Roger Dingledine whoops, i missed a whole do...

Roger Dingledine authored 18 years ago

172) </p>
173) 
Jens Kubieziel - HTML-ized the document a...

Jens Kubieziel authored 17 years ago

174) <p>When Tor starts, it will automatically create the <var>HiddenServiceDir</var>
175) that you specified (if necessary), and it will create two files there.</p>
176) 
177) <dl>
178) <dt><var>private_key</var></dt>
179) <dd>First, Tor will generate a new public/private keypair for your hidden
180) service. It is written into a file called "private_key". Don't share this key
181) with others -- if you do they will be able to impersonate your hidden
182) service.</dd>
Bogdan Drozdowski Translation/mainetance upda...

Bogdan Drozdowski authored 17 years ago

183) <dt><var>hostname</var></dt>
Jens Kubieziel - HTML-ized the document a...

Jens Kubieziel authored 17 years ago

184) <dd>The other file Tor will create is called "hostname". This contains
Roger Dingledine whoops, i missed a whole do...

Roger Dingledine authored 18 years ago

185) a short summary of your public key -- it will look something like
Roger Dingledine an example hidden service t...

Roger Dingledine authored 17 years ago

186) <tt>duskgytldkxiuqc6.onion</tt>. This is the public name for your service,
Roger Dingledine whoops, i missed a whole do...

Roger Dingledine authored 18 years ago

187) and you can tell it to people, publish it on websites, put it on business
Jens Kubieziel - HTML-ized the document a...

Jens Kubieziel authored 17 years ago

188) cards, etc.</dd>
Roger Dingledine fix some broken html

Roger Dingledine authored 17 years ago

189) </dl>
Jens Kubieziel - HTML-ized the document a...

Jens Kubieziel authored 17 years ago

190) 
191) <p>If Tor runs as a different user than you, for example on
Roger Dingledine whoops, i missed a whole do...

Roger Dingledine authored 18 years ago

192) OS X, Debian, or Red Hat, then you may need to become root to be able
Jens Kubieziel - HTML-ized the document a...

Jens Kubieziel authored 17 years ago

193) to view these files.</p>
Roger Dingledine whoops, i missed a whole do...

Roger Dingledine authored 18 years ago

194) 
195) <p>Now that you've restarted Tor, it is busy picking introduction points
Jens Kubieziel - HTML-ized the document a...

Jens Kubieziel authored 17 years ago

196) in the Tor network, and generating a <em>hidden service
197) descriptor</em>. This is a signed list of introduction points along with
Roger Dingledine whoops, i missed a whole do...

Roger Dingledine authored 18 years ago

198) the service's full public key. It anonymously publishes this descriptor
199) to the directory servers, and other people anonymously fetch it from the
200) directory servers when they're trying to access your service.
201) </p>
202) 
203) <p>Try it now: paste the contents of the hostname file into your web
Roger Dingledine Get rid of the dangerous in...

Roger Dingledine authored 17 years ago

204) browser. If it works, you'll get the html page you set up in step one.
205) If it doesn't work, look in your logs for some hints, and keep playing
206) with it until it works.
Roger Dingledine whoops, i missed a whole do...

Roger Dingledine authored 18 years ago

207) </p>
208) 
209) <hr />
210) <a id="three"></a>
Roger Dingledine Get rid of the dangerous in...

Roger Dingledine authored 17 years ago

211) <h2><a class="anchor" href="#three">Step Three: More advanced tips</a></h2>
Roger Dingledine whoops, i missed a whole do...

Roger Dingledine authored 18 years ago

212) <br />
213) 
214) <p>If you plan to keep your service available for a long time, you might
Jens Kubieziel - HTML-ized the document a...

Jens Kubieziel authored 17 years ago

215) want to make a backup copy of the <var>private_key</var> file somewhere.
Roger Dingledine whoops, i missed a whole do...

Roger Dingledine authored 18 years ago

216) </p>
217) 
218) <p>We avoided recommending Apache above, a) because many people might
219) already be running it for a public web server on their computer, and b)
220) because it's big
221) and has lots of places where it might reveal your IP address or other
222) identifying information, for example in 404 pages. For people who need
223) more functionality, though, Apache may be the right answer. Can
224) somebody make us a checklist of ways to lock down your Apache when you're
Roger Dingledine recommend savant as a webse...

Roger Dingledine authored 17 years ago

225) using it as a hidden service? Savant probably has these problems too.
Roger Dingledine whoops, i missed a whole do...

Roger Dingledine authored 18 years ago

226) </p>
227) 
228) <p>If you want to forward multiple virtual ports for a single hidden
Jens Kubieziel - HTML-ized the document a...

Jens Kubieziel authored 17 years ago

229) service, just add more <var>HiddenServicePort</var> lines.
Roger Dingledine whoops, i missed a whole do...

Roger Dingledine authored 18 years ago

230) If you want to run multiple hidden services from the same Tor
Jens Kubieziel - HTML-ized the document a...

Jens Kubieziel authored 17 years ago

231) client, just add another <var>HiddenServiceDir</var> line. All the following
232) <var>HiddenServicePort</var> lines refer to this <var>HiddenServiceDir</var> line, until
233) you add another <var>HiddenServiceDir</var> line:
Roger Dingledine whoops, i missed a whole do...

Roger Dingledine authored 18 years ago

234) </p>
235) 
236) <pre>
237) HiddenServiceDir /usr/local/etc/tor/hidden_service/
238) HiddenServicePort 80 127.0.0.1:8080
239) 
240) HiddenServiceDir /usr/local/etc/tor/other_hidden_service/
241) HiddenServicePort 6667 127.0.0.1:6667
242) HiddenServicePort 22 127.0.0.1:22
243) </pre>
244) 
245) <p>There are some anonymity issues you should keep in mind too:
246) </p>
247) <ul>
248) <li>As mentioned above, be careful of letting your web server reveal
249) identifying information about you, your computer, or your location.
250) For example, readers can probably determine whether it's thttpd or
251) Apache, and learn something about your operating system.</li>
252) <li>If your computer isn't online all the time, your hidden service
253) won't be either. This leaks information to an observant adversary.</li>
254) <!-- increased risks over time -->
255) </ul>
256) 
257) <hr />
258) 
259) <p>If you have suggestions for improving this document, please <a
Roger Dingledine add a step to tor-doc-serve...

Roger Dingledine authored 18 years ago

260) href="<page contact>">send them to us</a>. Thanks!</p>