1786
|
1 |
#summary s2s to Tor hidden services |
|
2 |
#labels Stage-Alpha |
|
3 |
|
|
4 |
= Introduction = |
|
5 |
|
|
6 |
This plugin allows Prosody to connect to other servers that are running as a Tor hidden service. Running Prosody on a hidden service works without this module, this module is only necessary to allow Prosody to federate to hidden XMPP servers. |
|
7 |
|
|
8 |
For general info about creating a hidden service, see https://www.torproject.org/docs/tor-hidden-service.html.en. |
|
9 |
|
|
10 |
= Usage = |
|
11 |
This module depends on the bit32 Lua library. |
|
12 |
|
|
13 |
To create a hidden service that can federate with other hidden XMPP servers, first add a hidden serivce to Tor. It should listen on port 5269 and optionally also on 5222 (if c2s connections to the hidden service should be allowed). |
|
14 |
|
|
15 |
Use the hostname that Tor gives with a virtualhost: |
|
16 |
|
|
17 |
{{{ |
|
18 |
VirtualHost "555abcdefhijklmn.onion" |
|
19 |
modules_enabled = { "onions" }; |
|
20 |
}}} |
|
21 |
|
|
22 |
= Configuration = |
|
23 |
|| *Name* || *Description* || *Type* || *Default value* || |
|
24 |
|| onions_socks5_host || the host to connect to for Tor's SOCKS5 proxy || string || "127.0.0.1" || |
|
25 |
|| onions_socks5_port || the port to connect to for Tor's SOCKS5 proxy || integer || 9050 || |
|
26 |
|| onions_only || forbid all connection attempts to non-onion servers || boolean || false || |
|
27 |
|| onions_tor_all || pass all s2s connections through Tor || boolean || false || |
|
28 |
|| onions_map || override the address for a host || table || {} || |
|
29 |
|
|
30 |
By setting {{{onions_map}}}, it is possible to override the address used to connect to a given host with the address of a hidden service. The configuration of {{{onions_map}}} works as follows: |
|
31 |
|
|
32 |
{{{ |
|
33 |
onions_map = { |
|
34 |
["jabber.calyxinstitute.org"] = "ijeeynrc6x2uy5ob.onion"; |
|
35 |
} |
|
36 |
}}} |
|
37 |
|
|
38 |
or, to also specify a port: |
|
39 |
|
|
40 |
{{{ |
|
41 |
onions_map = { |
|
42 |
["jabber.calyxinstitute.org"] = { host = "ijeeynrc6x2uy5ob.onion", port = 5269 }; |
|
43 |
} |
|
44 |
}}} |
|
45 |
|
|
46 |
= Compatibility = |
|
47 |
||0.8||Doesn't work|| |
|
48 |
||0.9||Works|| |
|
49 |
|
|
50 |
= Notes = |
|
51 |
|
|
52 |
* {{{onions_tor_all}}} does not look up SRV records first. Therefore it will fail for many servers. |
|
53 |
* mod_onions currently does not support connecting to {{{.onion}}} entries in SRV records. |
|
54 |
|
|
55 |
= Security considerations = |
|
56 |
* Running a hidden service on a server together with a normal server might expose the hidden service. |
|
57 |
* A hidden service that wants to remain hidden should either disallow s2s to non-hidden servers or pass all s2s traffic through Tor (setting either {{{onions_only}}} or {{{onions_tor_all}}}). |