-
-
Notifications
You must be signed in to change notification settings - Fork 175
Installation Guide
This guide will provide you the basic procedure to setup Tor2web
The requirements to setup a Tor2web node are as follow:
- A Domain Name (you can use your own)
- DNS Servers
- Wildcard digital certificate
- Debian/Debian Linux Server
- Public IP address with available free TCP port 80 and 443
Describe different way to implement Tor2web architectures.
This is the simpler situation and it was the very early model of Tor2web 1.0 based on Apache+Privoxy hack.
It is not used anymore, but in future (with implementation of https://github.com/globaleaks/Tor2web/issues/33 and https://github.com/globaleaks/Tor2web/issues/24) it may have a revival due to the reduced constraint in running it even without a wildcard certificate.
The first and early Tor2web architecture is distributed on the basis of DNS. It means that there is one domain, one wildcard digital certificates shared among trusted people.
This architecture is the one used today, but it cannot have scalability for several reasons:
- One DNS takedown would takedown the overall network
- There is only one person managing the DNS
- There is only one digital certificate with all the issues related to sharing private key only with trusted persons
However it's the early model of Tor2web and the most simple.
This architectural model it's still not implemented within Tor2web software but it represent the future evolution of the system.
With this architecture there are many Tor2web administrators using multiple domains, multiple servers and multiple digital certificates. All the cluster of servers around a domain/certificate couple, are aware of the other clusters and distribute the load across various networks. This is the future of Tor2web, now in research, described on https://github.com/globaleaks/Tor2web/issues/24
wget https://deb.globaleaks.org/install-tor2web.sh
chmod +x install-tor2web.sh
./install-tor2web.sh
Now that Tor2web is installed you need to configure it by creating a conf file at path /etc/tor2web.conf.
A skeleton for the configuration file can be found at /usr/share/tor2web/data/conf/tor2web-default.conf
To understand how to edit the configuration file please take care of the comments inside of the example file and of the indication on the reference guide available here https://github.com/globaleaks/Tor2web/wiki/Configuring-tor2web
In addition you will need to install and configure tor2web ssl certificates, intermediate certificates and keys inside /home/tor2web/certs directory.
As a quick example to create self-signed ones, you can use the following commands:
cd /home/tor2web/certs/
openssl genrsa -out tor2web-key.pem 4096
openssl req -new -key tor2web-key.pem -out tor2web-csr.pem
openssl x509 -req -days 365 -in tor2web-csr.pem -signkey tor2web-key.pem -out tor2web-cert.pem
The configuration directive to setup the TLS/SSL certificates are the following:
ssl_key = /home/tor2web/certs/tor2web-key.pem
ssl_cert = /home/tor2web/certs/tor2web-cert.pem
ssl_intermediate = /home/tor2web/certs/tor2web-intermediate.pem
Please, be sure to load the SSL/TLS intermediate certificate given by your CA, or many browser will gives our bad security warning when connecting.
/etc/init.d/tor2web start
/etc/init.d/tor2web status
netstat -natp | grep -e LISTEN | grep -e ':80' -e ':443'
When all the previous steps are fine and you are confident with the configuration, Tor2web can be configured to start automatically on boot
update-rc.d tor2web defaults # Set Tor2web to automatically start on-boot
2011-2019, Hermes Center for Transparency and Digital Human Rights. All rights reserved.