Merge branch 'post-proxy-clearnet-2-onion'
This commit is contained in:
commit
c204dd0e5e
85
content/post/proxy-clearnet-2-onion.md
Normal file
85
content/post/proxy-clearnet-2-onion.md
Normal file
@ -0,0 +1,85 @@
|
|||||||
|
+++
|
||||||
|
title = "Clearnet -> Onion Website"
|
||||||
|
date = 2019-07-08T12:00:00+02:00
|
||||||
|
author = "MH"
|
||||||
|
cover = ""
|
||||||
|
tags = ["Tor", "Setup", "Concept", "Proxy", "socat", "nginx"]
|
||||||
|
description = "Why not have a hidden service on a normal Site?"
|
||||||
|
showFullContent = false
|
||||||
|
draft = false
|
||||||
|
+++
|
||||||
|
|
||||||
|
Say we like to share an onion site on the clearnet.
|
||||||
|
It's address is ```a1b2c3d4e5f6.onion``` and you are on a linux server.
|
||||||
|
|
||||||
|
First install nginx and tor.
|
||||||
|
```
|
||||||
|
apt install -y nginx tor
|
||||||
|
systemctl start tor
|
||||||
|
```
|
||||||
|
lets change the nginx config:
|
||||||
|
|
||||||
|
```
|
||||||
|
echo 'server {
|
||||||
|
listen 80 default_server;
|
||||||
|
listen [::]:80 default_server;
|
||||||
|
root /var/www/html;
|
||||||
|
server_name _;
|
||||||
|
location / {
|
||||||
|
proxy_pass http://127.0.0.1:8283;
|
||||||
|
proxy_set_header Host "a1b2c3d4e5f6.onion";
|
||||||
|
proxy_set_header Accept-Encoding "";
|
||||||
|
proxy_set_header Via "$host";
|
||||||
|
subs_filter 'a1b2c3d4e5f6.onion' '10.40.8.206';
|
||||||
|
}
|
||||||
|
}' > /etc/nginx/sites-enabled/default
|
||||||
|
```
|
||||||
|
|
||||||
|
and extend the tor config ...
|
||||||
|
```
|
||||||
|
echo 'DNSPort 53
|
||||||
|
AutomapHostsOnResolve 1' >> /etc/torrc
|
||||||
|
```
|
||||||
|
change the dns servert to localhost:
|
||||||
|
```
|
||||||
|
echo 'nameserver 127.0.0.1' > /etc/resolv.conf
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
Then create a script caled ```/opt/http2socks.sh```:
|
||||||
|
```
|
||||||
|
#!/bin/bash
|
||||||
|
onion="a1b2c3d4e5f6.onion:80"
|
||||||
|
proxy_http_2_socks5.sh:socat tcp4-LISTEN:8283,reuseaddr,fork,keepalive,bind=127.0.0.1 SOCKS4A:127.0.0.1:"$onion",socksport=9050 &
|
||||||
|
```
|
||||||
|
add this script to the startup by add an line with ```crontab -e```:
|
||||||
|
```
|
||||||
|
@reboot /opt/http2socks.sh
|
||||||
|
```
|
||||||
|
|
||||||
|
now start it all:
|
||||||
|
```
|
||||||
|
systemctl restart tor
|
||||||
|
/opt/http2socks.sh
|
||||||
|
systemctl restart nginx
|
||||||
|
```
|
||||||
|
|
||||||
|
now you shoud have the hidden service on your 80 port visible for everyone.
|
||||||
|
of course you can extend the nginx config to ask for a login before:
|
||||||
|
|
||||||
|
add
|
||||||
|
```
|
||||||
|
auth_basic "Restricted Content";
|
||||||
|
auth_basic_user_file /etc/nginx/.htpasswd;
|
||||||
|
```
|
||||||
|
to the ```location / {...}``` block
|
||||||
|
|
||||||
|
```
|
||||||
|
and enerate the password file:
|
||||||
|
echo -n 'user:' >> /etc/nginx/.htpasswd
|
||||||
|
openssl passwd -apr1 >> /etc/nginx/.htpasswd
|
||||||
|
|
||||||
|
systemctl restart ngin
|
||||||
|
```
|
||||||
|
|
||||||
|
These are just ideas why I'm not responsible if someone has questionable content now available on the net. :D
|
Loading…
Reference in New Issue
Block a user