Mercurial Mercurial > prosody > prosody-modules / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_onions/README.markdown
author Matthew Wild <mwild1@gmail.com>
Sat, 24 Sep 2022 09:26:26 +0100
changeset 5063 5f1120c284c5
parent 1807 4d73a1a6ba68
child 5136 36b5677b9648
permissions -rw-r--r--
mod_cloud_notify_extensions: Add note about dependency Noting here because people might not click through to see it on the mod_cloud_notify_encrypted page.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
1807
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1786
diff changeset 
     1
 
---
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1786
diff changeset 
     2
 
labels:
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1786
diff changeset 
     3
 
- 'Stage-Alpha'
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1786
diff changeset 
     4
 
summary: s2s to Tor hidden services
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1786
diff changeset 
     5
 
...
1786
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset 
     6
 







1807






4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




     7


Introduction












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




     8


============







1786






29f3d6b7ad16
Import wiki pages



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




     9









1807






4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    10


This plugin allows Prosody to connect to other servers that are running












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    11


as a Tor hidden service. Running Prosody on a hidden service works












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    12


without this module, this module is only necessary to allow Prosody to












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    13


federate to hidden XMPP servers.







1786






29f3d6b7ad16
Import wiki pages



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    14









1807






4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    15


For general info about creating a hidden service, see












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    16


https://www.torproject.org/docs/tor-hidden-service.html.en.







1786






29f3d6b7ad16
Import wiki pages



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    17









1807






4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    18


Usage












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    19


=====












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    20









1786






29f3d6b7ad16
Import wiki pages



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    21


This module depends on the bit32 Lua library.












29f3d6b7ad16
Import wiki pages



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    22









1807






4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    23


To create a hidden service that can federate with other hidden XMPP












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    24


servers, first add a hidden serivce to Tor. It should listen on port












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    25


5269 and optionally also on 5222 (if c2s connections to the hidden












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    26


service should be allowed).







1786






29f3d6b7ad16
Import wiki pages



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    27














29f3d6b7ad16
Import wiki pages



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    28


Use the hostname that Tor gives with a virtualhost:












29f3d6b7ad16
Import wiki pages



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    29









1807






4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    30


    VirtualHost "555abcdefhijklmn.onion"












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    31


        modules_enabled = { "onions" };












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    32














4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    33


Configuration












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    34


=============







1786






29f3d6b7ad16
Import wiki pages



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    35









1807






4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    36


  Name                   Description                                           Type      Default value












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    37


  ---------------------- ----------------------------------------------------- --------- ---------------












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    38


  onions\_socks5\_host   the host to connect to for Tor's SOCKS5 proxy         string    "127.0.0.1"












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    39


  onions\_socks5\_port   the port to connect to for Tor's SOCKS5 proxy         integer   9050












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    40


  onions\_only           forbid all connection attempts to non-onion servers   boolean   false












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    41


  onions\_tor\_all       pass all s2s connections through Tor                  boolean   false












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    42


  onions\_map            override the address for a host                       table     {}







1786






29f3d6b7ad16
Import wiki pages



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    43









1807






4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    44


By setting `onions_map`, it is possible to override the address used to












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    45


connect to a given host with the address of a hidden service. The












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    46


configuration of `onions_map` works as follows:







1786






29f3d6b7ad16
Import wiki pages



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    47









1807






4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    48


    onions_map = {












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    49


        ["jabber.calyxinstitute.org"] = "ijeeynrc6x2uy5ob.onion";












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    50


    }







1786






29f3d6b7ad16
Import wiki pages



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    51














29f3d6b7ad16
Import wiki pages



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    52


or, to also specify a port:












29f3d6b7ad16
Import wiki pages



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    53









1807






4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    54


    onions_map = {












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    55


        ["jabber.calyxinstitute.org"] = { host = "ijeeynrc6x2uy5ob.onion", port = 5269 };












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    56


    }












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    57














4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    58


Compatibility












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    59


=============












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    60














4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    61


  ----- --------------












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    62


  0.8   Doesn't work












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    63


  0.9   Works












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    64


  ----- --------------







1786






29f3d6b7ad16
Import wiki pages



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    65









1807






4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    66


Notes












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    67


=====







1786






29f3d6b7ad16
Import wiki pages



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    68









1807






4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    69


-   `onions_tor_all` does not look up SRV records first. Therefore it












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    70


    will fail for many servers.












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    71


-   mod\_onions currently does not support connecting to `.onion`












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    72


    entries in SRV records.







1786






29f3d6b7ad16
Import wiki pages



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    73









1807






4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    74


Security considerations












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    75


=======================







1786






29f3d6b7ad16
Import wiki pages



Kim Alvefur <zash@zash.se>


parents: 

diff
changeset




    76









1807






4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    77


-   Running a hidden service on a server together with a normal server












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    78


    might expose the hidden service.












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    79


-   A hidden service that wants to remain hidden should either disallow












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    80


    s2s to non-hidden servers or pass all s2s traffic through Tor












4d73a1a6ba68
Convert all wiki pages to Markdown



Kim Alvefur <zash@zash.se>


parents: 
1786

diff
changeset




    81


    (setting either `onions_only` or `onions_tor_all`).














prosody-modules