Free as in Freedom: Codeberg.org. Create your repos!

#50 onion site wanted

Open
opened 1 week ago by libBletchley · 8 comments

Please setup an onion site so Tor users can avoid the exit node bottleneck. Notice that Notabug has done this.

Please setup an onion site so Tor users can avoid the exit node bottleneck. Notice that Notabug has [done this](https://notabug.org/tor).
hw commented 1 week ago
Owner

interesting idea. Any contributors?

interesting idea. Any contributors?
Ghost commented 4 days ago

It can’t be done from user side. Only the server owner can.

https://2019.www.torproject.org/docs/tor-onion-service.html.en#zero

Only a few git services support Tor. If you support it, that’ll be really cool!

(I’m Tor contributor and relay owner.)

e.g.

apt install tor
mkdir /hidden/codeberg_tor/
nano /etc/tor/torrc

HiddenServiceDir /hidden/codeberg_tor/
HiddenServicePort 443 127.0.0.1:443

https://(your onion).onion/ == https://codeberg.org/
It can't be done from user side. Only the server owner can. https://2019.www.torproject.org/docs/tor-onion-service.html.en#zero Only a few git services support Tor. If you support it, that'll be _really_ cool! (I'm Tor contributor and relay owner.) e.g. ``` apt install tor mkdir /hidden/codeberg_tor/ nano /etc/tor/torrc HiddenServiceDir /hidden/codeberg_tor/ HiddenServicePort 443 127.0.0.1:443 https://(your onion).onion/ == https://codeberg.org/ ```
ashimokawa commented 4 days ago
Owner

@not_cloudflare Would that require us to become an “exit node”? Or just an endpoint for traffic to codeberg.org?

@not_cloudflare Would that require us to become an "exit node"? Or just an endpoint for traffic to codeberg.org?
ashimokawa commented 4 days ago
Owner

A quick research says that we do not have to become an exit node, so personally I am open to the idea.

A quick research says that we do not have to become an exit node, so personally I am open to the idea.
Ghost commented 4 days ago

Hosting onion service is easy. You have to install Tor[1] and edit “torrc” file. Even Facebook, New York Times, and CIA have onions.

You don’t have to become a relay(middle node, exit node).

Here’s a list of WeSupportTor. If codeberg become accessible over Tor, I will use it & add you to the list.

https://trac.torproject.org/projects/tor/wiki/org/projects/WeSupportTor

  • http://onion is safe because onion connection is encrypted.
  • https://onion is more safe, but unnecessary.
  • You can assign any subdomains, such as http://codeberg.generatedonionname.onion/
  • v3 onionname(long onion name) is secure than v2(short onion name).

[1] https://2019.www.torproject.org/docs/debian.html.en#ubuntu

Hosting onion service is easy. You have to install Tor[1] and edit "torrc" file. Even Facebook, New York Times, and CIA have onions. You don't have to become a relay(middle node, exit node). Here's a list of WeSupportTor. If codeberg become accessible over Tor, I will use it & add you to the list. https://trac.torproject.org/projects/tor/wiki/org/projects/WeSupportTor - http://onion is safe because onion connection is encrypted. - https://onion is _more_ safe, but unnecessary. - You can assign any subdomains, such as http://_codeberg_.generatedonionname.onion/ - v3 onionname(long onion name) is secure than v2(short onion name). [1] https://2019.www.torproject.org/docs/debian.html.en#ubuntu
hw commented 4 days ago
Owner

@not_cloudflare: Would you like to contribute an example of the config as PR, for example against the etc/ template folder in https://codeberg.org/Codeberg/build-deploy-gitea/src/branch/master/etc/?

(these files are directly deployed into /etc/, after templates for ${HOSTNAME_FQDN} etc have been resolved)

@not_cloudflare: Would you like to contribute an example of the config as PR, for example against the etc/ template folder in https://codeberg.org/Codeberg/build-deploy-gitea/src/branch/master/etc/? (these files are directly deployed into /etc/, after templates for ${HOSTNAME_FQDN} etc have been resolved)
Ghost commented 4 days ago

Tor is a server, not gitea. (below should work for debian system)

e.g.

---request---> server [{Codeberg Tor} <===localhost===> {Codeberg WWW server}]

---request---> Tor(redirect to 127.0.0.1:80) ======> WWW(listen 127.0.0.1:80)

easy guide: https://www.reddit.com/r/TOR/comments/8tyrye/how_to_create_onion_website_on_web_server_which/

TLDR Example:

0. Create a directory for private key (mkdir /var/dontshareme/codebergonion/)

1. "apt install tor"  <--- https://2019.www.torproject.org/docs/debian.html.en

2. "nano /etc/tor/torrc"

3. Add 3 lines:

HiddenServiceDir /var/dontshareme/codebergonion/
HiddenServicePort 80 127.0.0.1:80
HiddenServiceVersion 3

4. "service tor restart"

Tor will connect to the network and generate your .onion hostname(domain).
Don't upload /var/dontshareme/codebergonion/ contents
because these are private keys!

5. You'll find your .onion in /var/dontshareme/codebergonion/.

6. Open http://(your onion).onion/ on Tor Browser and enjoy!

Here’s my test server’s torrc (I’ve hidden some lines but it will be useful):

And manual. https://2019.www.torproject.org/docs/tor-manual.html.en

Log err /dev/null

AvoidDiskWrites 1
CookieAuthentication 1

DataDirectory ????????????
GeoIPFile ????????????
GeoIPv6File ????????????

DirReqStatistics 0
ExtraInfoStatistics 0
HiddenServiceStatistics 0

ExcludeNodes default,CIA,NSA,{us}

ReachableAddresses *:443
ReachableAddresses reject *:*

HiddenServiceDir ????????????
HiddenServicePort 80 127.0.0.1:80
HiddenServicePort 465 unix:/var/lib/mailer2/usocket.sox
HiddenServiceVersion 3
Tor is a server, not gitea. (below should work for debian system) e.g. ``` ---request---> server [{Codeberg Tor} <===localhost===> {Codeberg WWW server}] ---request---> Tor(redirect to 127.0.0.1:80) ======> WWW(listen 127.0.0.1:80) ``` easy guide: https://www.reddit.com/r/TOR/comments/8tyrye/how_to_create_onion_website_on_web_server_which/ TLDR Example: ``` 0. Create a directory for private key (mkdir /var/dontshareme/codebergonion/) 1. "apt install tor" <--- https://2019.www.torproject.org/docs/debian.html.en 2. "nano /etc/tor/torrc" 3. Add 3 lines: HiddenServiceDir /var/dontshareme/codebergonion/ HiddenServicePort 80 127.0.0.1:80 HiddenServiceVersion 3 4. "service tor restart" Tor will connect to the network and generate your .onion hostname(domain). Don't upload /var/dontshareme/codebergonion/ contents because these are private keys! 5. You'll find your .onion in /var/dontshareme/codebergonion/. 6. Open http://(your onion).onion/ on Tor Browser and enjoy! ``` --- Here's my test server's torrc (I've hidden some lines but it will be useful): And manual. https://2019.www.torproject.org/docs/tor-manual.html.en ``` Log err /dev/null AvoidDiskWrites 1 CookieAuthentication 1 DataDirectory ???????????? GeoIPFile ???????????? GeoIPv6File ???????????? DirReqStatistics 0 ExtraInfoStatistics 0 HiddenServiceStatistics 0 ExcludeNodes default,CIA,NSA,{us} ReachableAddresses *:443 ReachableAddresses reject *:* HiddenServiceDir ???????????? HiddenServicePort 80 127.0.0.1:80 HiddenServicePort 465 unix:/var/lib/mailer2/usocket.sox HiddenServiceVersion 3 ```
hw commented 4 days ago
Owner

Plain vanilla debian, no 3rdparty apt sources. All local services are routed through haproxy (we want to publish the infrastructure deployment files too, but didn’t have the time for a thourough review yet).

Plain vanilla debian, no 3rdparty apt sources. All local services are routed through haproxy (we want to publish the infrastructure deployment files too, but didn't have the time for a thourough review yet).
Sign in to join this conversation.
No Milestone
No Assignees
4 Participants
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
Cancel
Save
There is no content yet.