finish the process of not recommending a particular web server for hidden service operators
Roger Dingledine commited on 2012-04-23 06:27:55
Zeige 1 geänderte Dateien mit 10 Einfügungen und 14 Löschungen.
- docs/en/tor-hidden-service.wml c54fe77c0..9999049d7
| ... | ... |
@@ -73,6 +73,16 @@ |
| 73 | 73 |
you may be using it (or want to use it later) for an actual website. |
| 74 | 74 |
</p> |
| 75 | 75 |
|
| 76 |
+ <p> |
|
| 77 |
+ You need to configure your web server so it doesn't give away any |
|
| 78 |
+ information about you, your computer, or your location. Be sure to |
|
| 79 |
+ bind the web server only to localhost (if people could get to it |
|
| 80 |
+ directly, they could confirm that your computer is the one offering |
|
| 81 |
+ the hidden service). Be sure that its error messages don't list |
|
| 82 |
+ your hostname or other hints. Consider putting the web server in a |
|
| 83 |
+ sandbox or VM to limit the damage from code vulnerabilities. |
|
| 84 |
+ </p> |
|
| 85 |
+ |
|
| 76 | 86 |
<p> |
| 77 | 87 |
Once your web server is set up, make |
| 78 | 88 |
sure it works: open your browser and go to <a |
| ... | ... |
@@ -80,10 +90,6 @@ |
| 80 | 90 |
8080 is the webserver port you chose during setup (you can choose any |
| 81 | 91 |
port, 8080 is just an example). Then try putting a file in the main |
| 82 | 92 |
html directory, and make sure it shows up when you access the site. |
| 83 |
- The reason we bind the web server only to localhost is to make sure |
|
| 84 |
- it isn't publically accessible. If people could get to it directly, |
|
| 85 |
- they could confirm that your computer is the one offering the |
|
| 86 |
- hidden service. |
|
| 87 | 93 |
</p> |
| 88 | 94 |
|
| 89 | 95 |
<hr> |
| ... | ... |
@@ -193,16 +199,6 @@ |
| 193 | 199 |
want to make a backup copy of the <var>private_key</var> file somewhere. |
| 194 | 200 |
</p> |
| 195 | 201 |
|
| 196 |
- <p>We avoided recommending Apache above, a) because many people might |
|
| 197 |
- already be running it for a public web server on their computer, and b) |
|
| 198 |
- because it's big |
|
| 199 |
- and has lots of places where it might reveal your IP address or other |
|
| 200 |
- identifying information, for example in 404 pages. For people who need |
|
| 201 |
- more functionality, though, Apache may be the right answer. Can |
|
| 202 |
- somebody make us a checklist of ways to lock down your Apache when you're |
|
| 203 |
- using it as a hidden service? Savant probably has these problems too. |
|
| 204 |
- </p> |
|
| 205 |
- |
|
| 206 | 202 |
<p>If you want to forward multiple virtual ports for a single hidden |
| 207 | 203 |
service, just add more <var>HiddenServicePort</var> lines. |
| 208 | 204 |
If you want to run multiple hidden services from the same Tor |
| 209 | 205 |