Browse code

Change hidden -> onion. (See #24285)

Renamed files, made new files with old names for redirects, updated
links to use new URLs.

kat authored on19/11/2017 22:01:11
Showing10 changed files
... ...
@@ -46,7 +46,7 @@
46 46
     Individuals use Tor to keep websites from tracking them and their family
47 47
     members, or to connect to news sites, instant messaging services, or the
48 48
     like when these are blocked by their local Internet providers.  Tor's <a
49
-    href="<page docs/hidden-services>">onion services</a>
49
+    href="<page docs/onion-services>">onion services</a>
50 50
     let users publish web sites and other services without needing to reveal
51 51
     the location of the site. Individuals also use Tor for socially sensitive
52 52
     communication: chat rooms and web forums for rape and abuse survivors,
... ...
@@ -353,7 +353,7 @@ using technology?</a></li>
353 353
     <h3><a class="anchor" href="#RemoveContent">I want some content removed from a .onion address.</a></h3>
354 354
     <p>The Tor Project does not host, control, nor have the ability to
355 355
     discover the owner or location of a .onion address.  The .onion address is
356
-    an address from <a href="<page docs/hidden-services>">an onion
356
+    an address from <a href="<page docs/onion-services>">an onion
357 357
     service</a>.  The name you see ending in .onion is an onion service descriptor.
358 358
     It's an automatically generated name which can be located on any Tor
359 359
     relay or client anywhere on the Internet.  Onion services are designed
... ...
@@ -3062,7 +3062,7 @@ diversity,
3062 3062
     onion service?</a></h3>
3063 3063
 
3064 3064
     <p>
3065
-    See the <a href="<page docs/tor-hidden-service>">
3065
+    See the <a href="<page docs/tor-onion-service>">
3066 3066
     official onion service configuration instructions</a>.
3067 3067
     </p>
3068 3068
 
... ...
@@ -1,162 +1,7 @@
1 1
 ## translation metadata
2 2
 # Revision: $Revision$
3
-# Translation-Priority: 3-low
3
+# Status: obsolete
4 4
 
5
-#include "head.wmi" TITLE="Tor: Onion Service Protocol" CHARSET="UTF-8"
6
-<div id="content" class="clearfix">
7
-  <div id="breadcrumbs">
8
-    <a href="<page index>">Home &raquo; </a>
9
-    <a href="<page docs/documentation>">Documentation &raquo; </a>
10
-    <a href="<page docs/hidden-services>">Onion Services</a>
11
-  </div>
12
-  <div id="maincol">
13
-    <h2>Tor: Onion Service Protocol</h2>
14
-    <hr>
5
+#include "head.wmi" TITLE="Redirecting" REDIRECT="docs/onion-services"
15 6
 
16
-    <p>
17
-    Tor makes it possible for users to hide their locations while offering
18
-    various kinds of services, such as web publishing or an instant
19
-    messaging server.  Using Tor "rendezvous points," other Tor users can
20
-	connect to these onion services, formerly known as hidden services, each
21
-	without knowing the other's network identity. This page describes the
22
-	technical details of how this rendezvous protocol works. For a more direct
23
-	how-to, see our <a href="<page docs/tor-hidden-service>">configuring onion
24
-	services</a> page.  </p>
25
-
26
-    <p>
27
-    An onion service needs to advertise its existence in the Tor network before
28
-    clients will be able to contact it. Therefore, the service randomly picks
29
-    some relays, builds circuits to them, and asks them to act as
30
-    <em>introduction points</em> by telling them its public key. Note
31
-    that in the following figures the green links are circuits rather
32
-    than direct connections. By using a full Tor circuit, it's hard for
33
-    anyone to associate an introduction point with the onion server's IP
34
-    address. While the introduction points and others are told the onion
35
-    service's identity (public key), we don't want them to learn about the
36
-    onion server's location (IP address).
37
-    </p>
38
-
39
-    <img alt="Tor onion service step one" src="$(IMGROOT)/tor-onion-services-1.png">
40
-    # maybe add a speech bubble containing "PK" to Bob, because that's what
41
-    # Bob tells to his introduction points
42
-
43
-    <p>
44
-	Step two: the onion service assembles an <em>onion service descriptor</em>,
45
-	containing its public key and a summary of each introduction point, and
46
-	signs this descriptor with its private key.  It uploads that descriptor to
47
-	a distributed hash table.  The descriptor will be found by clients
48
-	requesting XYZ.onion where XYZ is a 16 character name derived from the
49
-	service's public key. After this step, the onion service is set up.  </p>
50
-
51
-    <p>
52
-    Although it might seem impractical to use an automatically-generated
53
-    service name, it serves an important goal: Everyone &ndash; including
54
-	the introduction points, the distributed hash table directory, and of
55
-	course the clients &ndash; can verify that they are talking to the right
56
-	onion service. See also <a
57
-	href="https://en.wikipedia.org/wiki/Zooko%27s_triangle">Zooko's
58
-	conjecture</a> that out of Decentralized, Secure, and Human-Meaningful, you
59
-	can achieve at most two. Perhaps one day somebody will implement a <a
60
-	href="http://www.skyhunter.com/marcs/petnames/IntroPetNames.html">Petname</a>
61
-	design for onion service names?  </p>
62
-
63
-    <img alt="Tor onion service step two" src="$(IMGROOT)/tor-onion-services-2.png">
64
-    # maybe replace "database" with "DHT"; further: how incorrect
65
-    # is it to *not* add DB to the Tor cloud, now that begin dir cells are in
66
-    # use?
67
-
68
-    <p>
69
-    Step three: A client that wants to contact an onion service needs
70
-    to learn about its onion address first. After that, the client can
71
-    initiate connection establishment by downloading the descriptor from
72
-    the distributed hash table. If there is a descriptor for XYZ.onion
73
-    (the onion service could also be offline or have left long ago,
74
-    or there could be a typo in the onion address), the client now
75
-    knows the set of introduction points and the right public key to
76
-    use. Around this time, the client also creates a circuit to another
77
-    randomly picked relay and asks it to act as <em>rendezvous point</em>
78
-    by telling it a one-time secret.
79
-    </p>
80
-
81
-    <img alt="Tor onion service step three" src="$(IMGROOT)/tor-onion-services-3.png">
82
-    # maybe add "cookie" to speech bubble, separated from the surrounded
83
-    # "IP1-3" and "PK"
84
-
85
-    <p>
86
-    Step four: When the descriptor is present and the rendezvous
87
-    point is ready, the client assembles an <em>introduce</em> message
88
-    (encrypted to the onion service's public key) including the address
89
-    of the rendezvous point and the one-time secret. The client sends
90
-    this message to one of the introduction points, requesting it be
91
-    delivered to the onion service. Again, communication takes place
92
-    via a Tor circuit: nobody can relate sending the introduce message
93
-    to the client's IP address, so the client remains anonymous.
94
-    </p>
95
-
96
-    <img alt="Tor onion service step four" src="$(IMGROOT)/tor-onion-services-4.png">
97
-
98
-    <p>
99
-    Step five: The onion service decrypts the client's introduce message
100
-    and finds the address of the rendezvous point and the one-time secret
101
-    in it. The service creates a circuit to the rendezvous point and
102
-    sends the one-time secret to it in a rendezvous message.
103
-    </p>
104
-
105
-    <p>
106
-    At this point it is of special importance that the onion service sticks to
107
-    the same set of <a
108
-    href="<wikifaq>#Whatsthisaboutentryguardformerlyknownashelpernodes">entry
109
-    guards</a> when creating new circuits. Otherwise an attacker
110
-    could run his own relay and force an onion service to create an arbitrary
111
-    number of circuits in the hope that the corrupt relay is picked as entry
112
-    node and he learns the onion server's IP address via timing analysis. This
113
-    attack was described by &Oslash;verlier and Syverson in their paper titled
114
-    <a href="http://freehaven.net/anonbib/#hs-attack06">Locating Hidden
115
-    Servers</a>.
116
-    </p>
117
-
118
-    <img alt="Tor onion service step five" src="$(IMGROOT)/tor-onion-services-5.png">
119
-    # it should say "Bob connects to Alice's ..."
120
-
121
-    <p>
122
-    In the last step, the rendezvous point notifies the client about successful
123
-    connection establishment. After that, both client and onion service can
124
-    use their circuits to the rendezvous point for communicating with each
125
-    other. The rendezvous point simply relays (end-to-end encrypted) messages
126
-    from client to service and vice versa.
127
-    </p>
128
-
129
-    <p>
130
-    One of the reasons for not using the introduction circuit
131
-    for actual communication is that no single relay should
132
-    appear to be responsible for a given onion service. This is why the
133
-    rendezvous point never learns about the onion service's identity.
134
-    </p>
135
-
136
-    <p>
137
-    In general, the complete connection between client and onion service
138
-    consists of 6 relays: 3 of them were picked by the client with the third
139
-    being the rendezvous point and the other 3 were picked by the onion
140
-    service.
141
-    </p>
142
-
143
-    <img alt="Tor onion service step six" src="$(IMGROOT)/tor-onion-services-6.png">
144
-
145
-    <p>
146
-    There are more detailed descriptions about the onion service protocol than
147
-    this one. See the
148
-    <a href="<svnprojects>design-paper/tor-design.pdf">Tor design paper</a>
149
-    for an in-depth design description and the
150
-    <a href="<specblob>rend-spec.txt">rendezvous specification</a>
151
-    for the message formats.
152
-    </p>
153
-  </div>
154
-  <!-- END MAINCOL -->
155
-  <div id = "sidecol">
156
-#include "side.wmi"
157
-#include "info.wmi"
158
-  </div>
159
-  <!-- END SIDECOL -->
160
-</div>
161
-<!-- END CONTENT -->
162 7
 #include <foot.wmi>
163 8
new file mode 100644
... ...
@@ -0,0 +1,162 @@
1
+## translation metadata
2
+# Revision: $Revision$
3
+# Translation-Priority: 3-low
4
+
5
+#include "head.wmi" TITLE="Tor: Onion Service Protocol" CHARSET="UTF-8"
6
+<div id="content" class="clearfix">
7
+  <div id="breadcrumbs">
8
+    <a href="<page index>">Home &raquo; </a>
9
+    <a href="<page docs/documentation>">Documentation &raquo; </a>
10
+    <a href="<page docs/onion-services>">Onion Services</a>
11
+  </div>
12
+  <div id="maincol">
13
+    <h2>Tor: Onion Service Protocol</h2>
14
+    <hr>
15
+
16
+    <p>
17
+    Tor makes it possible for users to hide their locations while offering
18
+    various kinds of services, such as web publishing or an instant
19
+    messaging server.  Using Tor "rendezvous points," other Tor users can
20
+	connect to these onion services, formerly known as hidden services, each
21
+	without knowing the other's network identity. This page describes the
22
+	technical details of how this rendezvous protocol works. For a more direct
23
+	how-to, see our <a href="<page docs/tor-onion-service>">configuring onion
24
+	services</a> page.  </p>
25
+
26
+    <p>
27
+    An onion service needs to advertise its existence in the Tor network before
28
+    clients will be able to contact it. Therefore, the service randomly picks
29
+    some relays, builds circuits to them, and asks them to act as
30
+    <em>introduction points</em> by telling them its public key. Note
31
+    that in the following figures the green links are circuits rather
32
+    than direct connections. By using a full Tor circuit, it's hard for
33
+    anyone to associate an introduction point with the onion server's IP
34
+    address. While the introduction points and others are told the onion
35
+    service's identity (public key), we don't want them to learn about the
36
+    onion server's location (IP address).
37
+    </p>
38
+
39
+    <img alt="Tor onion service step one" src="$(IMGROOT)/tor-onion-services-1.png">
40
+    # maybe add a speech bubble containing "PK" to Bob, because that's what
41
+    # Bob tells to his introduction points
42
+
43
+    <p>
44
+	Step two: the onion service assembles an <em>onion service descriptor</em>,
45
+	containing its public key and a summary of each introduction point, and
46
+	signs this descriptor with its private key.  It uploads that descriptor to
47
+	a distributed hash table.  The descriptor will be found by clients
48
+	requesting XYZ.onion where XYZ is a 16 character name derived from the
49
+	service's public key. After this step, the onion service is set up.  </p>
50
+
51
+    <p>
52
+    Although it might seem impractical to use an automatically-generated
53
+    service name, it serves an important goal: Everyone &ndash; including
54
+	the introduction points, the distributed hash table directory, and of
55
+	course the clients &ndash; can verify that they are talking to the right
56
+	onion service. See also <a
57
+	href="https://en.wikipedia.org/wiki/Zooko%27s_triangle">Zooko's
58
+	conjecture</a> that out of Decentralized, Secure, and Human-Meaningful, you
59
+	can achieve at most two. Perhaps one day somebody will implement a <a
60
+	href="http://www.skyhunter.com/marcs/petnames/IntroPetNames.html">Petname</a>
61
+	design for onion service names?  </p>
62
+
63
+    <img alt="Tor onion service step two" src="$(IMGROOT)/tor-onion-services-2.png">
64
+    # maybe replace "database" with "DHT"; further: how incorrect
65
+    # is it to *not* add DB to the Tor cloud, now that begin dir cells are in
66
+    # use?
67
+
68
+    <p>
69
+    Step three: A client that wants to contact an onion service needs
70
+    to learn about its onion address first. After that, the client can
71
+    initiate connection establishment by downloading the descriptor from
72
+    the distributed hash table. If there is a descriptor for XYZ.onion
73
+    (the onion service could also be offline or have left long ago,
74
+    or there could be a typo in the onion address), the client now
75
+    knows the set of introduction points and the right public key to
76
+    use. Around this time, the client also creates a circuit to another
77
+    randomly picked relay and asks it to act as <em>rendezvous point</em>
78
+    by telling it a one-time secret.
79
+    </p>
80
+
81
+    <img alt="Tor onion service step three" src="$(IMGROOT)/tor-onion-services-3.png">
82
+    # maybe add "cookie" to speech bubble, separated from the surrounded
83
+    # "IP1-3" and "PK"
84
+
85
+    <p>
86
+    Step four: When the descriptor is present and the rendezvous
87
+    point is ready, the client assembles an <em>introduce</em> message
88
+    (encrypted to the onion service's public key) including the address
89
+    of the rendezvous point and the one-time secret. The client sends
90
+    this message to one of the introduction points, requesting it be
91
+    delivered to the onion service. Again, communication takes place
92
+    via a Tor circuit: nobody can relate sending the introduce message
93
+    to the client's IP address, so the client remains anonymous.
94
+    </p>
95
+
96
+    <img alt="Tor onion service step four" src="$(IMGROOT)/tor-onion-services-4.png">
97
+
98
+    <p>
99
+    Step five: The onion service decrypts the client's introduce message
100
+    and finds the address of the rendezvous point and the one-time secret
101
+    in it. The service creates a circuit to the rendezvous point and
102
+    sends the one-time secret to it in a rendezvous message.
103
+    </p>
104
+
105
+    <p>
106
+    At this point it is of special importance that the onion service sticks to
107
+    the same set of <a
108
+    href="<wikifaq>#Whatsthisaboutentryguardformerlyknownashelpernodes">entry
109
+    guards</a> when creating new circuits. Otherwise an attacker
110
+    could run his own relay and force an onion service to create an arbitrary
111
+    number of circuits in the hope that the corrupt relay is picked as entry
112
+    node and he learns the onion server's IP address via timing analysis. This
113
+    attack was described by &Oslash;verlier and Syverson in their paper titled
114
+    <a href="http://freehaven.net/anonbib/#hs-attack06">Locating Hidden
115
+    Servers</a>.
116
+    </p>
117
+
118
+    <img alt="Tor onion service step five" src="$(IMGROOT)/tor-onion-services-5.png">
119
+    # it should say "Bob connects to Alice's ..."
120
+
121
+    <p>
122
+    In the last step, the rendezvous point notifies the client about successful
123
+    connection establishment. After that, both client and onion service can
124
+    use their circuits to the rendezvous point for communicating with each
125
+    other. The rendezvous point simply relays (end-to-end encrypted) messages
126
+    from client to service and vice versa.
127
+    </p>
128
+
129
+    <p>
130
+    One of the reasons for not using the introduction circuit
131
+    for actual communication is that no single relay should
132
+    appear to be responsible for a given onion service. This is why the
133
+    rendezvous point never learns about the onion service's identity.
134
+    </p>
135
+
136
+    <p>
137
+    In general, the complete connection between client and onion service
138
+    consists of 6 relays: 3 of them were picked by the client with the third
139
+    being the rendezvous point and the other 3 were picked by the onion
140
+    service.
141
+    </p>
142
+
143
+    <img alt="Tor onion service step six" src="$(IMGROOT)/tor-onion-services-6.png">
144
+
145
+    <p>
146
+    There are more detailed descriptions about the onion service protocol than
147
+    this one. See the
148
+    <a href="<svnprojects>design-paper/tor-design.pdf">Tor design paper</a>
149
+    for an in-depth design description and the
150
+    <a href="<specblob>rend-spec.txt">rendezvous specification</a>
151
+    for the message formats.
152
+    </p>
153
+  </div>
154
+  <!-- END MAINCOL -->
155
+  <div id = "sidecol">
156
+#include "side.wmi"
157
+#include "info.wmi"
158
+  </div>
159
+  <!-- END SIDECOL -->
160
+</div>
161
+<!-- END CONTENT -->
162
+#include <foot.wmi>
... ...
@@ -51,7 +51,7 @@
51 51
           {'url'  => 'docs/tor-doc-relay',
52 52
            'txt'  => 'Configuring a Relay graphically',
53 53
           },
54
-          {'url'  => 'docs/tor-hidden-service',
54
+          {'url'  => 'docs/tor-onion-service',
55 55
            'txt'  => 'Configuring an Onion Service',
56 56
           },
57 57
           {'url'  => 'docs/bridges',
... ...
@@ -1,258 +1,7 @@
1 1
 ## translation metadata
2 2
 # Revision: $Revision$
3
-# Translation-Priority: 3-low
3
+# Status: obsolete
4 4
 
5
-#include "head.wmi" TITLE="Tor Project: Onion Service Configuration Instructions" CHARSET="UTF-8"
6
-<div id="content" class="clearfix">
7
-  <div id="breadcrumbs">
8
-    <a href="<page index>">Home &raquo; </a>
9
-    <a href="<page docs/documentation>">Documentation &raquo; </a>
10
-    <a href="<page docs/tor-hidden-service>">Tor Onion Service</a>
11
-  </div>
12
-  <div id="maincol">
13
-    <h1>Configuring Onion Services for <a href="<page index>">Tor</a></h1>
14
-    <hr>
5
+#include "head.wmi" TITLE="Redirecting" REDIRECT="docs/tor-onion-service"
15 6
 
16
-    <p>Tor allows clients and relays to offer onion services. That is,
17
-    you can offer a web server, SSH server, etc., without revealing your
18
-    IP address to its users. In fact, because you don't use any public address,
19
-    you can run an onion service from behind your firewall.
20
-    </p>
21
-
22
-    <p>If you have Tor installed, you can see onion services in action
23
-    by visiting this <a href="http://duskgytldkxiuqc6.onion/">sample
24
-    site</a>.
25
-    </p>
26
-
27
-    <p>
28
-    This page describes the steps for setting up your own onion service
29
-    website. For the technical details of how the onion service protocol
30
-    works, see our <a href="<page docs/hidden-services>">onion service
31
-    protocol</a> page.
32
-    </p>
33
-
34
-    <hr>
35
-    <a id="zero"></a>
36
-    <h2><a class="anchor" href="#zero">Step Zero: Get Tor working</a></h2>
37
-    <br>
38
-
39
-    <p>Before you start, you need to make sure:</p>
40
-    <ol>
41
-    <li>Tor is up and running,</li>
42
-    <li>You actually set it up correctly.</li>
43
-    </ol>
44
-
45
-    <p>Windows users should follow the <a
46
-    href="<page docs/tor-doc-windows>">Windows
47
-    howto</a>, OS X users should follow the <a
48
-    href="<page docs/tor-doc-osx>">OS
49
-    X howto</a>, and Linux/BSD/Unix users should follow the <a
50
-    href="<page docs/tor-doc-unix>">Unix howto</a>.
51
-    </p>
52
-
53
-    <hr>
54
-    <a id="one"></a>
55
-    <h2><a class="anchor" href="#one">Step One: Install a web server locally</a></h2>
56
-    <br>
57
-
58
-    <p>
59
-    First, you need to set up a web server locally. Setting up a web
60
-    server can be complex. We're not going to cover how to set up a web
61
-    server here. If you get stuck or want to do more, find a friend who
62
-    can help you. We recommend you install a new separate web server for
63
-    your onion service, since even if you already have one installed,
64
-    you may be using it (or want to use it later) for a normal website.
65
-    </p>
66
-
67
-    <p>
68
-    You need to configure your web server so it doesn't give away any
69
-    information about you, your computer, or your location. Be sure to
70
-    bind the web server only to localhost (if people could get to it
71
-    directly, they could confirm that your computer is the one offering
72
-    the onion service). Be sure that its error messages don't list
73
-    your hostname or other hints. Consider putting the web server in a
74
-    sandbox or VM to limit the damage from code vulnerabilities.
75
-    </p>
76
-
77
-    <p>
78
-    Once your web server is set up, make
79
-    sure it works: open your browser and go to <a
80
-    href="http://localhost:8080/">http://localhost:8080/</a>, where
81
-    8080 is the webserver port you chose during setup (you can choose any
82
-    port, 8080 is just an example). Then try putting a file in the main
83
-    html directory, and make sure it shows up when you access the site.
84
-    </p>
85
-
86
-    <hr>
87
-    <a id="two"></a>
88
-    <h2><a class="anchor" href="#two">Step Two: Configure your onion service</a></h2>
89
-    <br>
90
-
91
-    <p>Next, you need to configure your onion service to point to your
92
-    local web server.
93
-    </p>
94
-
95
-    <p>First, open your torrc file in your favorite text editor. (See
96
-    <a href="<page docs/faq>#torrc">the torrc FAQ entry</a> to learn
97
-    what this means.) Go to the middle section and look for the line</p>
98
-
99
-    <pre>
100
-    \############### This section is just for location-hidden services ###
101
-    </pre>
102
-
103
-    <p>
104
-    This section of the file consists of groups of lines, each representing
105
-    one onion service. Right now they are all commented out (the lines
106
-    start with #), so onion services are disabled. Each group of lines
107
-    consists of one <var>HiddenServiceDir</var> line, and one or more
108
-    <var>HiddenServicePort</var> lines:</p>
109
-    <ul>
110
-	<li><var>HiddenServiceDir</var> is a directory where Tor will store
111
-	information about that onion service.  In particular, Tor will create a
112
-	file here named <var>hostname</var> which will tell you the onion URL.  You
113
-	don't need to add any files to this directory. Make sure this is not the
114
-	same directory as the hidserv directory you created when setting up thttpd,
115
-	as your HiddenServiceDir contains secret information!</li>
116
-	<li><var>HiddenServicePort</var> lets you specify a virtual port (that is,
117
-	what port people accessing the onion service will think they're using) and
118
-	an IP address and port for redirecting connections to this virtual
119
-	port.</li> </ul>
120
-
121
-    <p>Add the following lines to your torrc:
122
-    </p>
123
-
124
-    <pre>
125
-    HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/
126
-    HiddenServicePort 80 127.0.0.1:8080
127
-    </pre>
128
-
129
-	<p>You're going to want to change the <var>HiddenServiceDir</var> line, so
130
-	it points to an actual directory that is readable/writeable by the user
131
-	that will be running Tor. The above line should work if you're using the OS
132
-	X Tor package. On Unix, try "/home/username/hidden_service/" and fill in
133
-	your own username in place of "username". On Windows you might pick:</p>
134
-	<pre> HiddenServiceDir C:\Users\username\Documents\tor\hidden_service
135
-	HiddenServicePort 80 127.0.0.1:8080 </pre>
136
-
137
-    <p>Note that since 0.2.6, both <var>SocksPort</var> and <var>HiddenServicePort</var> support Unix sockets. 
138
-    This means that you can point the <var>HiddenServicePort</var> to a Unix socket:</p>
139
-    <pre>
140
-    HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/
141
-    HiddenServicePort 80 unix:/path/to/socket
142
-    </pre>
143
-
144
-    <p>Now save the torrc and restart your tor.</p>
145
-
146
-	<p>If Tor starts up again, great. Otherwise, something is wrong. First look
147
-	at your logfiles for hints. It will print some warnings or error messages.
148
-	That should give you an idea what went wrong. Typically there are typos in
149
-	the torrc or wrong directory permissions (See <a href="<page
150
-	docs/faq>#Logs">the logging FAQ entry</a> if you don't know how to enable
151
-	or find your log file.) </p>
152
-
153
-	<p>When Tor starts, it will automatically create the
154
-	<var>HiddenServiceDir</var> that you specified (if necessary), and it will
155
-	create two files there.</p>
156
-
157
-    <dl>
158
-    <dt><var>private_key</var></dt>
159
-    <dd>First, Tor will generate a new public/private keypair for your onion
160
-    service. It is written into a file called "private_key". Don't share this key
161
-    with others -- if you do they will be able to impersonate your onion
162
-    service.</dd>
163
-    <dt><var>hostname</var></dt>
164
-    <dd>The other file Tor will create is called "hostname". This contains
165
-    a short summary of your public key -- it will look something like
166
-    <tt>duskgytldkxiuqc6.onion</tt>. This is the public name for your service,
167
-    and you can tell it to people, publish it on websites, put it on business
168
-    cards, etc.</dd>
169
-    </dl>
170
-
171
-    <p>If Tor runs as a different user than you, for example on
172
-    OS X, Debian, or Red Hat, then you may need to become root to be able
173
-    to view these files.</p>
174
-
175
-    <p>Now that you've restarted Tor, it is busy picking introduction points
176
-    in the Tor network, and generating an <em>onion service
177
-    descriptor</em>. This is a signed list of introduction points along with
178
-    the service's full public key. It anonymously publishes this descriptor
179
-    to the directory servers, and other people anonymously fetch it from the
180
-    directory servers when they're trying to access your service.
181
-    </p>
182
-
183
-    <p>Try it now: paste the contents of the hostname file into your web
184
-    browser. If it works, you'll get the html page you set up in step one.
185
-    If it doesn't work, look in your logs for some hints, and keep playing
186
-    with it until it works.
187
-    </p>
188
-
189
-    <hr>
190
-    <a id="three"></a>
191
-    <h2><a class="anchor" href="#three">Step Three: More advanced tips</a></h2>
192
-    <br>
193
-
194
-    <p>If you plan to keep your service available for a long time, you might
195
-    want to make a backup copy of the <var>private_key</var> file somewhere.
196
-    </p>
197
-
198
-    <p>If you want to forward multiple virtual ports for a single onion
199
-    service, just add more <var>HiddenServicePort</var> lines.
200
-    If you want to run multiple onion services from the same Tor
201
-    client, just add another <var>HiddenServiceDir</var> line. All the following
202
-    <var>HiddenServicePort</var> lines refer to this <var>HiddenServiceDir</var> line, until
203
-    you add another <var>HiddenServiceDir</var> line:
204
-    </p>
205
-
206
-    <pre>
207
-    HiddenServiceDir /usr/local/etc/tor/hidden_service/
208
-    HiddenServicePort 80 127.0.0.1:8080
209
-
210
-    HiddenServiceDir /usr/local/etc/tor/other_hidden_service/
211
-    HiddenServicePort 6667 127.0.0.1:6667
212
-    HiddenServicePort 22 127.0.0.1:22
213
-    </pre>
214
-
215
-    <p>Onion services operators need to practice proper operational security
216
-    and system administration to maintain security. For some security
217
-    suggestions please make sure you read over Riseup's <a
218
-	href="https://help.riseup.net/en/security/network-security/tor/onionservices-best-practices">"Tor
219
-	Hidden (Onion) Services Best Practices" document</a>. Also, here are some
220
-	more anonymity issues you should keep in mind:
221
-
222
-    </p>
223
-    <ul>
224
-    <li>As mentioned above, be careful of letting your web server reveal
225
-    identifying information about you, your computer, or your location.
226
-    For example, readers can probably determine whether it's thttpd or
227
-    Apache, and learn something about your operating system.</li>
228
-    <li>If your computer isn't online all the time, your onion service
229
-    won't be either. This leaks information to an observant adversary.</li>
230
-    <li>It is generally a better idea to host onion services on a Tor client
231
-    rather than a Tor relay, since relay uptime and other properties are
232
-    publicly visible.</li>
233
-    <li>The longer an onion service is online, the higher the risk that its
234
-    location is discovered. The most prominent attacks are building a
235
-    profile of the onion service's availability and matching induced
236
-    traffic patterns.</li>
237
-    </ul>
238
-
239
-    <p>Another common issue is whether to use HTTPS on your relay or
240
-    not. Have a look at this <a
241
-    href="https://blog.torproject.org/blog/facebook-hidden-services-and-https-certs">post</a> on the Tor Blog to learn more about these issues.
242
-    </p>
243
-
244
-    <p>Finally, feel free to use the <a
245
-    href="https://lists.torproject.org/pipermail/tor-onions/">[tor-onions]
246
-    mailing list</a> to discuss the secure administration and operation of
247
-    Tor onion services.</p>
248
-
249
-  </div>
250
-  <!-- END MAINCOL -->
251
-  <div id = "sidecol">
252
-#include "side.wmi"
253
-#include "info.wmi"
254
-  </div>
255
-  <!-- END SIDECOL -->
256
-</div>
257
-<!-- END CONTENT -->
258 7
 #include <foot.wmi>
259 8
new file mode 100644
... ...
@@ -0,0 +1,258 @@
1
+## translation metadata
2
+# Revision: $Revision$
3
+# Translation-Priority: 3-low
4
+
5
+#include "head.wmi" TITLE="Tor Project: Onion Service Configuration Instructions" CHARSET="UTF-8"
6
+<div id="content" class="clearfix">
7
+  <div id="breadcrumbs">
8
+    <a href="<page index>">Home &raquo; </a>
9
+    <a href="<page docs/documentation>">Documentation &raquo; </a>
10
+    <a href="<page docs/tor-onion-service>">Tor Onion Service</a>
11
+  </div>
12
+  <div id="maincol">
13
+    <h1>Configuring Onion Services for <a href="<page index>">Tor</a></h1>
14
+    <hr>
15
+
16
+    <p>Tor allows clients and relays to offer onion services. That is,
17
+    you can offer a web server, SSH server, etc., without revealing your
18
+    IP address to its users. In fact, because you don't use any public address,
19
+    you can run an onion service from behind your firewall.
20
+    </p>
21
+
22
+    <p>If you have Tor installed, you can see onion services in action
23
+    by visiting this <a href="http://duskgytldkxiuqc6.onion/">sample
24
+    site</a>.
25
+    </p>
26
+
27
+    <p>
28
+    This page describes the steps for setting up your own onion service
29
+    website. For the technical details of how the onion service protocol
30
+    works, see our <a href="<page docs/onion-services>">onion service
31
+    protocol</a> page.
32
+    </p>
33
+
34
+    <hr>
35
+    <a id="zero"></a>
36
+    <h2><a class="anchor" href="#zero">Step Zero: Get Tor working</a></h2>
37
+    <br>
38
+
39
+    <p>Before you start, you need to make sure:</p>
40
+    <ol>
41
+    <li>Tor is up and running,</li>
42
+    <li>You actually set it up correctly.</li>
43
+    </ol>
44
+
45
+    <p>Windows users should follow the <a
46
+    href="<page docs/tor-doc-windows>">Windows
47
+    howto</a>, OS X users should follow the <a
48
+    href="<page docs/tor-doc-osx>">OS
49
+    X howto</a>, and Linux/BSD/Unix users should follow the <a
50
+    href="<page docs/tor-doc-unix>">Unix howto</a>.
51
+    </p>
52
+
53
+    <hr>
54
+    <a id="one"></a>
55
+    <h2><a class="anchor" href="#one">Step One: Install a web server locally</a></h2>
56
+    <br>
57
+
58
+    <p>
59
+    First, you need to set up a web server locally. Setting up a web
60
+    server can be complex. We're not going to cover how to set up a web
61
+    server here. If you get stuck or want to do more, find a friend who
62
+    can help you. We recommend you install a new separate web server for
63
+    your onion service, since even if you already have one installed,
64
+    you may be using it (or want to use it later) for a normal website.
65
+    </p>
66
+
67
+    <p>
68
+    You need to configure your web server so it doesn't give away any
69
+    information about you, your computer, or your location. Be sure to
70
+    bind the web server only to localhost (if people could get to it
71
+    directly, they could confirm that your computer is the one offering
72
+    the onion service). Be sure that its error messages don't list
73
+    your hostname or other hints. Consider putting the web server in a
74
+    sandbox or VM to limit the damage from code vulnerabilities.
75
+    </p>
76
+
77
+    <p>
78
+    Once your web server is set up, make
79
+    sure it works: open your browser and go to <a
80
+    href="http://localhost:8080/">http://localhost:8080/</a>, where
81
+    8080 is the webserver port you chose during setup (you can choose any
82
+    port, 8080 is just an example). Then try putting a file in the main
83
+    html directory, and make sure it shows up when you access the site.
84
+    </p>
85
+
86
+    <hr>
87
+    <a id="two"></a>
88
+    <h2><a class="anchor" href="#two">Step Two: Configure your onion service</a></h2>
89
+    <br>
90
+
91
+    <p>Next, you need to configure your onion service to point to your
92
+    local web server.
93
+    </p>
94
+
95
+    <p>First, open your torrc file in your favorite text editor. (See
96
+    <a href="<page docs/faq>#torrc">the torrc FAQ entry</a> to learn
97
+    what this means.) Go to the middle section and look for the line</p>
98
+
99
+    <pre>
100
+    \############### This section is just for location-hidden services ###
101
+    </pre>
102
+
103
+    <p>
104
+    This section of the file consists of groups of lines, each representing
105
+    one onion service. Right now they are all commented out (the lines
106
+    start with #), so onion services are disabled. Each group of lines
107
+    consists of one <var>HiddenServiceDir</var> line, and one or more
108
+    <var>HiddenServicePort</var> lines:</p>
109
+    <ul>
110
+	<li><var>HiddenServiceDir</var> is a directory where Tor will store
111
+	information about that onion service.  In particular, Tor will create a
112
+	file here named <var>hostname</var> which will tell you the onion URL.  You
113
+	don't need to add any files to this directory. Make sure this is not the
114
+	same directory as the hidserv directory you created when setting up thttpd,
115
+	as your HiddenServiceDir contains secret information!</li>
116
+	<li><var>HiddenServicePort</var> lets you specify a virtual port (that is,
117
+	what port people accessing the onion service will think they're using) and
118
+	an IP address and port for redirecting connections to this virtual
119
+	port.</li> </ul>
120
+
121
+    <p>Add the following lines to your torrc:
122
+    </p>
123
+
124
+    <pre>
125
+    HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/
126
+    HiddenServicePort 80 127.0.0.1:8080
127
+    </pre>
128
+
129
+	<p>You're going to want to change the <var>HiddenServiceDir</var> line, so
130
+	it points to an actual directory that is readable/writeable by the user
131
+	that will be running Tor. The above line should work if you're using the OS
132
+	X Tor package. On Unix, try "/home/username/hidden_service/" and fill in
133
+	your own username in place of "username". On Windows you might pick:</p>
134
+	<pre> HiddenServiceDir C:\Users\username\Documents\tor\hidden_service
135
+	HiddenServicePort 80 127.0.0.1:8080 </pre>
136
+
137
+    <p>Note that since 0.2.6, both <var>SocksPort</var> and <var>HiddenServicePort</var> support Unix sockets. 
138
+    This means that you can point the <var>HiddenServicePort</var> to a Unix socket:</p>
139
+    <pre>
140
+    HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/
141
+    HiddenServicePort 80 unix:/path/to/socket
142
+    </pre>
143
+
144
+    <p>Now save the torrc and restart your tor.</p>
145
+
146
+	<p>If Tor starts up again, great. Otherwise, something is wrong. First look
147
+	at your logfiles for hints. It will print some warnings or error messages.
148
+	That should give you an idea what went wrong. Typically there are typos in
149
+	the torrc or wrong directory permissions (See <a href="<page
150
+	docs/faq>#Logs">the logging FAQ entry</a> if you don't know how to enable
151
+	or find your log file.) </p>
152
+
153
+	<p>When Tor starts, it will automatically create the
154
+	<var>HiddenServiceDir</var> that you specified (if necessary), and it will
155
+	create two files there.</p>
156
+
157
+    <dl>
158
+    <dt><var>private_key</var></dt>
159
+    <dd>First, Tor will generate a new public/private keypair for your onion
160
+    service. It is written into a file called "private_key". Don't share this key
161
+    with others -- if you do they will be able to impersonate your onion
162
+    service.</dd>
163
+    <dt><var>hostname</var></dt>
164
+    <dd>The other file Tor will create is called "hostname". This contains
165
+    a short summary of your public key -- it will look something like
166
+    <tt>duskgytldkxiuqc6.onion</tt>. This is the public name for your service,
167
+    and you can tell it to people, publish it on websites, put it on business
168
+    cards, etc.</dd>
169
+    </dl>
170
+
171
+    <p>If Tor runs as a different user than you, for example on
172
+    OS X, Debian, or Red Hat, then you may need to become root to be able
173
+    to view these files.</p>
174
+
175
+    <p>Now that you've restarted Tor, it is busy picking introduction points
176
+    in the Tor network, and generating an <em>onion service
177
+    descriptor</em>. This is a signed list of introduction points along with
178
+    the service's full public key. It anonymously publishes this descriptor
179
+    to the directory servers, and other people anonymously fetch it from the
180
+    directory servers when they're trying to access your service.
181
+    </p>
182
+
183
+    <p>Try it now: paste the contents of the hostname file into your web
184
+    browser. If it works, you'll get the html page you set up in step one.
185
+    If it doesn't work, look in your logs for some hints, and keep playing
186
+    with it until it works.
187
+    </p>
188
+
189
+    <hr>
190
+    <a id="three"></a>
191
+    <h2><a class="anchor" href="#three">Step Three: More advanced tips</a></h2>
192
+    <br>
193
+
194
+    <p>If you plan to keep your service available for a long time, you might
195
+    want to make a backup copy of the <var>private_key</var> file somewhere.
196
+    </p>
197
+
198
+    <p>If you want to forward multiple virtual ports for a single onion
199
+    service, just add more <var>HiddenServicePort</var> lines.
200
+    If you want to run multiple onion services from the same Tor
201
+    client, just add another <var>HiddenServiceDir</var> line. All the following
202
+    <var>HiddenServicePort</var> lines refer to this <var>HiddenServiceDir</var> line, until
203
+    you add another <var>HiddenServiceDir</var> line:
204
+    </p>
205
+
206
+    <pre>
207
+    HiddenServiceDir /usr/local/etc/tor/hidden_service/
208
+    HiddenServicePort 80 127.0.0.1:8080
209
+
210
+    HiddenServiceDir /usr/local/etc/tor/other_hidden_service/
211
+    HiddenServicePort 6667 127.0.0.1:6667
212
+    HiddenServicePort 22 127.0.0.1:22
213
+    </pre>
214
+
215
+    <p>Onion services operators need to practice proper operational security
216
+    and system administration to maintain security. For some security
217
+    suggestions please make sure you read over Riseup's <a
218
+	href="https://help.riseup.net/en/security/network-security/tor/onionservices-best-practices">"Tor
219
+	Hidden (Onion) Services Best Practices" document</a>. Also, here are some
220
+	more anonymity issues you should keep in mind:
221
+
222
+    </p>
223
+    <ul>
224
+    <li>As mentioned above, be careful of letting your web server reveal
225
+    identifying information about you, your computer, or your location.
226
+    For example, readers can probably determine whether it's thttpd or
227
+    Apache, and learn something about your operating system.</li>
228
+    <li>If your computer isn't online all the time, your onion service
229
+    won't be either. This leaks information to an observant adversary.</li>
230
+    <li>It is generally a better idea to host onion services on a Tor client
231
+    rather than a Tor relay, since relay uptime and other properties are
232
+    publicly visible.</li>
233
+    <li>The longer an onion service is online, the higher the risk that its
234
+    location is discovered. The most prominent attacks are building a
235
+    profile of the onion service's availability and matching induced
236
+    traffic patterns.</li>
237
+    </ul>
238
+
239
+    <p>Another common issue is whether to use HTTPS on your relay or
240
+    not. Have a look at this <a
241
+    href="https://blog.torproject.org/blog/facebook-hidden-services-and-https-certs">post</a> on the Tor Blog to learn more about these issues.
242
+    </p>
243
+
244
+    <p>Finally, feel free to use the <a
245
+    href="https://lists.torproject.org/pipermail/tor-onions/">[tor-onions]
246
+    mailing list</a> to discuss the secure administration and operation of
247
+    Tor onion services.</p>
248
+
249
+  </div>
250
+  <!-- END MAINCOL -->
251
+  <div id = "sidecol">
252
+#include "side.wmi"
253
+#include "info.wmi"
254
+  </div>
255
+  <!-- END SIDECOL -->
256
+</div>
257
+<!-- END CONTENT -->
258
+#include <foot.wmi>
... ...
@@ -52,7 +52,7 @@
52 52
           {'url'  => 'docs/tor-doc-relay',
53 53
            'txt'  => 'Configuring a Relay graphically',
54 54
           },
55
-          {'url'  => 'docs/tor-hidden-service',
55
+          {'url'  => 'docs/tor-onion-service',
56 56
            'txt'  => 'Configuring an Onion Service',
57 57
           }, 
58 58
           {'url'  => 'docs/bridges',
... ...
@@ -45,7 +45,7 @@
45 45
         <ul>
46 46
           <li><a href="<page donate/donate-foot>">Donate</a></li>
47 47
           <li><a href="<page docs/documentation>#MailingLists">Mailing Lists</a></li>
48
-          <li><a href="<page docs/hidden-services>">Onion Services</a></li>
48
+          <li><a href="<page docs/onion-services>">Onion Services</a></li>
49 49
           <li><a href="<page getinvolved/translation>">Translations</a></li>
50 50
 #          <li><a href="<page getinvolved/open-positions>">Careers</a></li>
51 51
         </ul>