Scripts to configure Nginx hidden service
This repository makes use of Git Submodules to track dependencies, to avoid incomplete downloads clone with the --recurse-submodules option...
git clone --recurse-submodules [email protected]:paranoid-linux/torrific-nginx.gitTo update tracked Git Submodules issue the following commands...
git pull
git submodule update --init --merge --recursiveTo force upgrade of Git Submodules...
git submodule update --init --merge --recursive --remoteNote, forcing and update of Git Submodule tracked dependencies may cause instabilities and/or merge conflicts; if however everything operates as expected after an update please consider submitting a Pull Request.
Clone this project and the submodules that it depends upon...
git clone --recurse-submodules [email protected]:paranoid-linux/torrific-nginx.gitChange current working directory...
cd torrific-nginxUse -h or --help option to list available command-line parameters...
sudo ./torrific-nginx-server.sh --helpOn the server configure Tor hidden service for Nginx via torrific-nginx-server.sh script...
sudo ./torrific-nginx-server --torrc='/etc/tor/torrc'\
--tor-lib-dir='/var/lib/tor'\
--tor-port='80'\
--service-port='8080'\
hidden_service_nameAlternatively, setting up the server within a Docker container is possible via...
docker run --name torrific-nginx\
--tor-port='80'\
--service-port='8080'\
hidden_service_nameAccess to web-server can be restricted further via --client command-line parameter...
## Server command
sudo ./torrific-nginx-server --torrc='/etc/tor/torrc'\
--tor-lib-dir='/var/lib/tor'\
--tor-port='80'\
--service-port='8080'\
--client='first-client,second-client,third-client'\
hidden_service_name... however, each client will then need to add HidServAuth to their torrc configuration and restart their Tor service, eg...
## Client(s) command
sudo tee -a /etc/tor/torrc 1>/dev/null <<EOF
HidServAuth thegeneratedaddress.onion S0meLet7er5AndNumbers
EOF
sudo systemctl restart tor.service... hint, when --client list is defined the service hostname file will contain authorizations for each listed client name...
## Server commands
_tor_lib_dir='/var/lib/tor'
_service_name='hidden_service_name'
awk -v _client_names="first-client,second-client,third-client" '{
split(_client_names, _names, ",")
for (_key in _names) {
if ($5 == _names[_key]) {
print "HidServAuth", $1, $2, "#", $5
} else {
print "Cannot find", _names[_key], "within hidden service hostname file"
exit 1
}
}
}' "${_tor_lib_dir}/${_service_name}/hostname"Pull Requests are certainly welcomed if bugs are found or new features are wanted.
Scripts to configure Nginx hidden service
Copyright (C) 2020 S0AndS0
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, version 3 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
For further details review full length version of AGPL-3.0 License.
