diff --git a/content/post/proxy-clearnet-2-onion.md b/content/post/proxy-clearnet-2-onion.md index 13ebc4f..ee94b87 100644 --- a/content/post/proxy-clearnet-2-onion.md +++ b/content/post/proxy-clearnet-2-onion.md @@ -1,35 +1,83 @@ +++ title = "Clearnet -> Onion Website" -date = 2019-07-07T02:23:49+02:00 +date = 2019-07-08T12:00:00+02:00 author = "MH" cover = "" -tags = ["Tor", "Setup", "Concept", "Proxy"] +tags = ["Tor", "Setup", "Concept", "Proxy", "socat", "nginx"] description = "Why not have a hidden service on a normal Site?" showFullContent = false -draft = true +draft = false +++ +Say we like to share an onion site on the clearnet. +It's address is ```a1b2c3d4e5f6.onion``` and you are on a linux server. + +First install nginx and tor. ``` -root@wwwtest2tor2:/opt# grep '' * -nginx_site.conf:server { -nginx_site.conf: listen 80 default_server; -nginx_site.conf: listen [::]:80 default_server; -nginx_site.conf: root /var/www/html; -nginx_site.conf: server_name _; -nginx_site.conf: location / { -nginx_site.conf: -nginx_site.conf: proxy_pass http://127.0.0.1:81; -nginx_site.conf: proxy_set_header Host "mxoal6ts2kwnxkpbxuc6ls5c43jnaefpdjx27tnjncgmobnec2untnad.onion"; -nginx_site.conf: proxy_set_header Accept-Encoding ""; -nginx_site.conf: proxy_set_header Via "$host"; -nginx_site.conf: subs_filter 'mxoal6ts2kwnxkpbxuc6ls5c43jnaefpdjx27tnjncgmobnec2untnad.onion' '10.40.8.206'; -nginx_site.conf: -nginx_site.conf: } -nginx_site.conf:} -proxy_http_2_socks5.sh:#!/bin/bash -proxy_http_2_socks5.sh:export hiddenservice="mxoal6ts2kwnxkpbxuc6ls5c43jnaefpdjx27tnjncgmobnec2untnad.onion:80" -proxy_http_2_socks5.sh:socat tcp4-LISTEN:81,reuseaddr,fork,keepalive,bind=127.0.0.1 SOCKS4A:127.0.0.1:"$hiddenservice",socksport=9050 & -resolv.conf:nameserver 127.0.0.1 -torrc:DNSPort 53 -torrc:AutomapHostsOnResolve 1 +apt install -y nginx tor +systemctl start tor +``` +lets change the nginx config: + +``` +echo 'server { + listen 80 default_server; + listen [::]:80 default_server; + root /var/www/html; + server_name _; + location / { + proxy_pass http://127.0.0.1:8283; + proxy_set_header Host "a1b2c3d4e5f6.onion"; + proxy_set_header Accept-Encoding ""; + proxy_set_header Via "$host"; + subs_filter 'a1b2c3d4e5f6.onion' '10.40.8.206'; + } +}' > /etc/nginx/sites-enabled/default +``` + +and extend the tor config ... +``` +echo 'DNSPort 53 +AutomapHostsOnResolve 1' >> /etc/torrc +``` +change the dns servert to localhost: +``` +echo 'nameserver 127.0.0.1' > /etc/resolv.conf +``` + + +Then create a script caled ```/opt/http2socks.sh```: +``` +#!/bin/bash +onion="a1b2c3d4e5f6.onion:80" +proxy_http_2_socks5.sh:socat tcp4-LISTEN:8283,reuseaddr,fork,keepalive,bind=127.0.0.1 SOCKS4A:127.0.0.1:"$onion",socksport=9050 & +``` +add this script to the startup by add an line with ```crontab -e```: +``` +@reboot /opt/http2socks.sh +``` + +now start it all: +``` +systemctl restart tor +/opt/http2socks.sh +systemctl restart nginx +``` + +now you shoud have the hidden service on your 80 port visible for everyone. +of course you can extend the nginx config to ask for a login before: + +add +``` +auth_basic "Restricted Content"; +auth_basic_user_file /etc/nginx/.htpasswd; +``` +to the ```location / {...}``` block + +``` +and enerate the password file: +echo -n 'user:' >> /etc/nginx/.htpasswd +openssl passwd -apr1 >> /etc/nginx/.htpasswd + +systemctl restart ngin ```