|
|
- # Tor Hidden service configurator
- **tor-hs** packages tries to simplify creating of hidden services on OpenWrt routers.
-
- ## Requirements
- To run **tor-hs**, you need Tor package with uci config support (it was added
- with [this commit](https://github.com/openwrt/packages/commit/ca6528f002d74445e3d0a336aeb9074fc337307a) ).
-
- ## Instalation
- To install package simple run
- ```
- opkg update
- opkg install tor-hs
- ```
-
- ## Configuration
- Uci configuration is located in **/etc/config/tor-hs**
-
- ### Required section of configuration
- There is one required section **common**
-
- Example of this section
- ```
- config tor-hs common
- option GenConf "/etc/tor/torrc_hs"
- option HSDir "/etc/tor/hidden_service"
- option RestartTor "true"
- option UpdateTorConf "true"
- ```
-
- #### Table with options description
- | Type | Name | Default | Description |
- | ------ | ------ | ------ | ------ |
- | option |GenConf | /etc/tor/torrc_generated|Generated config by tor-hs.|
- | option | HSDir |/etc/tor/hidden_service|Directory with meta-data for hidden services (hostname,keys,etc).|
- | option | RestartTor | true| It will restart tor after running **/etc/init.d/tor-hs start**.|
- | option | UpdateTorConf | true|Update /etc/config/tor with config from **GenConf** option.|
-
- ### Hidden service configuration
- If you want to create a new hidden service, you have to add a hidden-service section. For every hidden service, there should be a new **hidden-service** section.
-
- Example of hidden service section for ssh server:
-
- ```
- config hidden-service
- option Name 'sshd'
- option Description "Hidden service for ssh"
- option Enabled 'false'
- option IPv4 '127.0.0.1'
- #public port=2222, local port=22
- list PublicLocalPort '2222;22'
- ```
-
- #### Table with options description
-
- | Type | Name | Example value | Description |
- | ------ | ------ | ------ | ------ |
- | option | Name | sshd| Name of hidden service. It is used as directory name in **HSDir**|
- | option | Description| Hidden service for ssh| Description used in **rpcd** service|
- | option | Enabled |false| Enable hidden service after running **tor-hs** init script|
- | option |IPv4 |127.0.0.1|Local IPv4 address of service. Service could run on another device, in that case OpenWrt will redirect comunication. |
- | list | PublicLocalPort| 2222;22| Public port is port accesible via Tor network. Local port is normal port of service.|
- |option| HookScript |'/etc/tor/nextcloud-update.php'| Path to script which is executed after starting tor-hs. Script is executed with paramters **--update-onion** **hostname** . Hostname is replaced with Onion v3 address for given hidden service.
-
- ## Running service
-
- To enable tor-hs service run
- ```
- /etc/init.d/tor-hs enable
- /etc/init.d/tor-hs start
-
- ```
- In case you enabled option *RestartTor* and *UpdateTorConf* hidden service should be running.
- Otherwise, you should also restart tor daemon.
-
- ```
- /etc/init.d/tor restart
- ```
-
- After that you should also restart rpcd daemon, so you can use tor-hs RPCD service.
- ```
- /etc/init.d/rpcd restart
- ```
-
- ### RPCD
-
- RPCD servis helps users to access basic informations about hidden services on router. After running HS it contains onion url for given hidden service in hostname value.
- ```
- root@turris:/# ubus call tor_rpcd.sh list-hs '{}'
- {
- "hs-list": [
- {
- "name": "sshd",
- "description": "Hidden service for ssh",
- "enabled": "1",
- "ipv4": "127.0.0.1",
- "hostname": "****hidden-service-hostname****.onion",
- "ports": [
- "22;22"
- ]
- }
- ]
- }
- ```
-
|