Mercurial > prosody-modules
comparison mod_onions/README.wiki @ 1782:29f3d6b7ad16
Import wiki pages
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 24 Aug 2015 16:43:56 +0200 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| 1781:12ac88940fe3 | 1782:29f3d6b7ad16 |
|---|---|
| 1 #summary s2s to Tor hidden services | |
| 2 #labels Stage-Alpha | |
| 3 | |
| 4 = Introduction = | |
| 5 | |
| 6 This plugin allows Prosody to connect to other servers that are running as a Tor hidden service. Running Prosody on a hidden service works without this module, this module is only necessary to allow Prosody to federate to hidden XMPP servers. | |
| 7 | |
| 8 For general info about creating a hidden service, see https://www.torproject.org/docs/tor-hidden-service.html.en. | |
| 9 | |
| 10 = Usage = | |
| 11 This module depends on the bit32 Lua library. | |
| 12 | |
| 13 To create a hidden service that can federate with other hidden XMPP servers, first add a hidden serivce to Tor. It should listen on port 5269 and optionally also on 5222 (if c2s connections to the hidden service should be allowed). | |
| 14 | |
| 15 Use the hostname that Tor gives with a virtualhost: | |
| 16 | |
| 17 {{{ | |
| 18 VirtualHost "555abcdefhijklmn.onion" | |
| 19 modules_enabled = { "onions" }; | |
| 20 }}} | |
| 21 | |
| 22 = Configuration = | |
| 23 || *Name* || *Description* || *Type* || *Default value* || | |
| 24 || onions_socks5_host || the host to connect to for Tor's SOCKS5 proxy || string || "127.0.0.1" || | |
| 25 || onions_socks5_port || the port to connect to for Tor's SOCKS5 proxy || integer || 9050 || | |
| 26 || onions_only || forbid all connection attempts to non-onion servers || boolean || false || | |
| 27 || onions_tor_all || pass all s2s connections through Tor || boolean || false || | |
| 28 || onions_map || override the address for a host || table || {} || | |
| 29 | |
| 30 By setting {{{onions_map}}}, it is possible to override the address used to connect to a given host with the address of a hidden service. The configuration of {{{onions_map}}} works as follows: | |
| 31 | |
| 32 {{{ | |
| 33 onions_map = { | |
| 34 ["jabber.calyxinstitute.org"] = "ijeeynrc6x2uy5ob.onion"; | |
| 35 } | |
| 36 }}} | |
| 37 | |
| 38 or, to also specify a port: | |
| 39 | |
| 40 {{{ | |
| 41 onions_map = { | |
| 42 ["jabber.calyxinstitute.org"] = { host = "ijeeynrc6x2uy5ob.onion", port = 5269 }; | |
| 43 } | |
| 44 }}} | |
| 45 | |
| 46 = Compatibility = | |
| 47 ||0.8||Doesn't work|| | |
| 48 ||0.9||Works|| | |
| 49 | |
| 50 = Notes = | |
| 51 | |
| 52 * {{{onions_tor_all}}} does not look up SRV records first. Therefore it will fail for many servers. | |
| 53 * mod_onions currently does not support connecting to {{{.onion}}} entries in SRV records. | |
| 54 | |
| 55 = Security considerations = | |
| 56 * Running a hidden service on a server together with a normal server might expose the hidden service. | |
| 57 * A hidden service that wants to remain hidden should either disallow s2s to non-hidden servers or pass all s2s traffic through Tor (setting either {{{onions_only}}} or {{{onions_tor_all}}}). |