6543/homepage
6543/homepage
2
1
Fork 1
Code Issues 13 Pull Requests Projects Releases Activity

finisch idear

Browse Source
This commit is contained in:
6543 2019-07-08 14:09:36 +02:00
parent 5ca83fa9b8
commit 03e0a274d6
1 changed files with 73 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
content/post/proxy-clearnet-2-onion.md
View File

@ -1,35 +1,83 @@
+++ +++
title = "Clearnet -> Onion Website" title = "Clearnet -> Onion Website"
date = 2019-07-07T02:23:49+02:00 date = 2019-07-08T12:00:00+02:00
author = "MH" author = "MH"
cover = "" cover = ""
tags = ["Tor", "Setup", "Concept", "Proxy"] tags = ["Tor", "Setup", "Concept", "Proxy", "socat", "nginx"]
description = "Why not have a hidden service on a normal Site?" description = "Why not have a hidden service on a normal Site?"
showFullContent = false showFullContent = false
draft = true draft = false
+++ +++


Say we like to share an onion site on the clearnet.
It's address is ```a1b2c3d4e5f6.onion``` and you are on a linux server.

First install nginx and tor.
``` ```
root@wwwtest2tor2:/opt# grep '' * apt install -y nginx tor
nginx_site.conf:server { systemctl start tor
nginx_site.conf: listen 80 default_server; ```
nginx_site.conf: listen [::]:80 default_server; lets change the nginx config:
nginx_site.conf: root /var/www/html;
nginx_site.conf: server_name _; ```
nginx_site.conf: location / { echo 'server {
nginx_site.conf: listen 80 default_server;
nginx_site.conf: proxy_pass http://127.0.0.1:81; listen [::]:80 default_server;
nginx_site.conf: proxy_set_header Host "mxoal6ts2kwnxkpbxuc6ls5c43jnaefpdjx27tnjncgmobnec2untnad.onion"; root /var/www/html;
nginx_site.conf: proxy_set_header Accept-Encoding ""; server_name _;
nginx_site.conf: proxy_set_header Via "$host"; location / {
nginx_site.conf: subs_filter 'mxoal6ts2kwnxkpbxuc6ls5c43jnaefpdjx27tnjncgmobnec2untnad.onion' '10.40.8.206'; proxy_pass http://127.0.0.1:8283;
nginx_site.conf: proxy_set_header Host "a1b2c3d4e5f6.onion";
nginx_site.conf: } proxy_set_header Accept-Encoding "";
nginx_site.conf:} proxy_set_header Via "$host";
proxy_http_2_socks5.sh:#!/bin/bash subs_filter 'a1b2c3d4e5f6.onion' '10.40.8.206';
proxy_http_2_socks5.sh:export hiddenservice="mxoal6ts2kwnxkpbxuc6ls5c43jnaefpdjx27tnjncgmobnec2untnad.onion:80" }
proxy_http_2_socks5.sh:socat tcp4-LISTEN:81,reuseaddr,fork,keepalive,bind=127.0.0.1 SOCKS4A:127.0.0.1:"$hiddenservice",socksport=9050 & }' > /etc/nginx/sites-enabled/default
resolv.conf:nameserver 127.0.0.1 ```
torrc:DNSPort 53
torrc:AutomapHostsOnResolve 1 and extend the tor config ...
```
echo 'DNSPort 53
AutomapHostsOnResolve 1' >> /etc/torrc
```
change the dns servert to localhost:
```
echo 'nameserver 127.0.0.1' > /etc/resolv.conf
```


Then create a script caled ```/opt/http2socks.sh```:
```
#!/bin/bash
onion="a1b2c3d4e5f6.onion:80"
proxy_http_2_socks5.sh:socat tcp4-LISTEN:8283,reuseaddr,fork,keepalive,bind=127.0.0.1 SOCKS4A:127.0.0.1:"$onion",socksport=9050 &
```
add this script to the startup by add an line with ```crontab -e```:
```
@reboot /opt/http2socks.sh
```

now start it all:
```
systemctl restart tor
/opt/http2socks.sh
systemctl restart nginx
```

now you shoud have the hidden service on your 80 port visible for everyone.
of course you can extend the nginx config to ask for a login before:

add
```
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
```
to the ```location / {...}``` block

```
and enerate the password file:
echo -n 'user:' >> /etc/nginx/.htpasswd
openssl passwd -apr1 >> /etc/nginx/.htpasswd

systemctl restart ngin
``` ```