Onion: Set up a alt-svc so that TBB can automatically redirect from clearweb to onions #18

New Issue

Closed

opened 2020-11-07 10:58:30 +01:00 by kreyren · 23 comments

kreyren commented 2020-11-07 10:58:30 +01:00

Copy Link

unofficial docs https://write.privacytools.io/jonah/securing-services-with-tor-and-alt-svc

unofficial docs https://write.privacytools.io/jonah/securing-services-with-tor-and-alt-svc

wanderer added this to the General project 2020-11-07 14:21:18 +01:00

wanderer commented 2020-11-07 14:21:26 +01:00

Owner

Copy Link

done for homepage and gitea, please check

done for homepage and gitea, please check

kreyren commented 2020-11-07 14:38:17 +01:00

Author

Copy Link

TBB ain't auto-redirecting with these set to always in settings and working on torproject.org

TBB ain't auto-redirecting with these set to `always` in settings and working on torproject.org

wanderer commented 2020-11-07 14:44:40 +01:00

Owner

Copy Link

using this for gitea
add_header Alt-Svc 'h2="2crftbzxbcoqolvzreaaeyrod5qwycayef55gxgzgfcpqlaxrnh3kkqd.onion:80"; ma=86400; persist=1';
this for homepage
add_header Alt-Svc 'h2="6426tqrh4y5uobmo5y2csaip3m3avmjegd2kpa24sadekpxglbm34aqd.onion:80"; ma=86400; persist=1';

using this for gitea `add_header Alt-Svc 'h2="2crftbzxbcoqolvzreaaeyrod5qwycayef55gxgzgfcpqlaxrnh3kkqd.onion:80"; ma=86400; persist=1';` this for homepage `add_header Alt-Svc 'h2="6426tqrh4y5uobmo5y2csaip3m3avmjegd2kpa24sadekpxglbm34aqd.onion:80"; ma=86400; persist=1'; `

wanderer commented 2020-11-07 14:50:03 +01:00

Owner

Copy Link

torproject.org is using Onion-Location from what I've seen

torproject.org is using `Onion-Location` from what I've seen 

image.png

14 KiB

wanderer commented 2020-11-07 15:02:31 +01:00

Owner

Copy Link

I now changed it to what torproject.org uses.

# homepage
add_header Onion-Location "http://6426tqrh4y5uobmo5y2csaip3m3avmjegd2kpa24sadekpxglbm34aqd.onion/$request_uri";
# gitea
add_header Onion-Location "http://2crftbzxbcoqolvzreaaeyrod5qwycayef55gxgzgfcpqlaxrnh3kkqd.onion/$request_uri";
# drone
add_header Onion-Location "http://c3vqfx2dqltvdbsqu3ndqwcxsp3uk3vcxo2jsigie5zfajub3j3y35id.onion/$request_uri";

please check @kreyren

I now changed it to what torproject.org uses. ```nginx # homepage add_header Onion-Location "http://6426tqrh4y5uobmo5y2csaip3m3avmjegd2kpa24sadekpxglbm34aqd.onion/$request_uri"; # gitea add_header Onion-Location "http://2crftbzxbcoqolvzreaaeyrod5qwycayef55gxgzgfcpqlaxrnh3kkqd.onion/$request_uri"; # drone add_header Onion-Location "http://c3vqfx2dqltvdbsqu3ndqwcxsp3uk3vcxo2jsigie5zfajub3j3y35id.onion/$request_uri"; ``` please check @kreyren

wanderer commented 2020-11-07 15:05:00 +01:00

Owner

Copy Link

do you know if there's any way to reasonably add something similar to this to cross-site links that we know have an onion version (such as links to dotya.ml)?

do you know if there's any way to reasonably add something similar to this to cross-site links that we know have an onion version (such as links to dotya.ml)?

kreyren commented 2020-11-09 11:38:54 +01:00

Author

Copy Link

It's redirecting me on http://2crftbzxbcoqolvzreaaeyrod5qwycayef55gxgzgfcpqlaxrnh3kkqd.onion//dotya.ml/community/issues/18 now

It's redirecting me on `http://2crftbzxbcoqolvzreaaeyrod5qwycayef55gxgzgfcpqlaxrnh3kkqd.onion//dotya.ml/community/issues/18` now

kreyren commented 2020-11-09 11:43:47 +01:00

Author

Copy Link

and doesn't seem to trigger for https://git.dotya.ml. but works for https://git.dotya.ml/.*

and doesn't seem to trigger for `https://git.dotya.ml`. but works for `https://git.dotya.ml/.*`

wanderer commented 2020-11-09 11:47:27 +01:00

Owner

Copy Link

@kreyren

It's redirecting me on http://2crftbzxbcoqolvzreaaeyrod5qwycayef55gxgzgfcpqlaxrnh3kkqd.onion//dotya.ml/community/issues/18 now

Please, elaborate..

@kreyren >It's redirecting me on `http://2crftbzxbcoqolvzreaaeyrod5qwycayef55gxgzgfcpqlaxrnh3kkqd.onion//dotya.ml/community/issues/18` now Please, elaborate..

kreyren commented 2020-11-09 13:03:58 +01:00

Author

Copy Link

Please, elaborate.. @wanderer

When i open #18 it redirected me on http://2crftbzxbcoqolvzreaaeyrod5qwycayef55gxgzgfcpqlaxrnh3kkqd.onion//dotya.ml/community/issues/18 which is 404

> Please, elaborate.. @wanderer When i open https://git.dotya.ml/dotya.ml/community/issues/18 it redirected me on http://2crftbzxbcoqolvzreaaeyrod5qwycayef55gxgzgfcpqlaxrnh3kkqd.onion//dotya.ml/community/issues/18 which is 404

kreyren commented 2020-11-09 17:06:03 +01:00

Author

Copy Link

torproject.org is using Onion-Location from what I've seen

kreyren@leonid:~$ curl -I https://torproject.org
HTTP/1.1 302 Found
Date: Mon, 09 Nov 2020 16:05:04 GMT
Server: Apache
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
X-Xss-Protection: 1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15768000; preload
Location: https://www.torproject.org/
Content-Type: text/html; charset=iso-8859-1

Who told you that torproject.org is using Onion-Location?

> torproject.org is using `Onion-Location` from what I've seen >  ```console kreyren@leonid:~$ curl -I https://torproject.org HTTP/1.1 302 Found Date: Mon, 09 Nov 2020 16:05:04 GMT Server: Apache X-Content-Type-Options: nosniff X-Frame-Options: sameorigin X-Xss-Protection: 1 Referrer-Policy: no-referrer Strict-Transport-Security: max-age=15768000; preload Location: https://www.torproject.org/ Content-Type: text/html; charset=iso-8859-1 ``` Who told you that torproject.org is using Onion-Location?

kreyren commented 2020-11-09 17:13:06 +01:00

Author

Copy Link

Seems that in HTTP headers:

alt-svc: h2="2crftbzxbcoqolvzreaaeyrod5qwycayef55gxgzgfcpqlaxrnh3kkqd.onion:80"; ma=86400; persist=1
onion-location: http://2crftbzxbcoqolvzreaaeyrod5qwycayef55gxgzgfcpqlaxrnh3kkqd.onion//

You have unwanted / so i guess try:

# homepage
add_header Onion-Location "http://6426tqrh4y5uobmo5y2csaip3m3avmjegd2kpa24sadekpxglbm34aqd.onion$request_uri";
# gitea
add_header Onion-Location "http://2crftbzxbcoqolvzreaaeyrod5qwycayef55gxgzgfcpqlaxrnh3kkqd.onion$request_uri";
# drone
add_header Onion-Location "http://c3vqfx2dqltvdbsqu3ndqwcxsp3uk3vcxo2jsigie5zfajub3j3y35id.onion$request_uri";

Seems that in HTTP headers: ``` alt-svc: h2="2crftbzxbcoqolvzreaaeyrod5qwycayef55gxgzgfcpqlaxrnh3kkqd.onion:80"; ma=86400; persist=1 onion-location: http://2crftbzxbcoqolvzreaaeyrod5qwycayef55gxgzgfcpqlaxrnh3kkqd.onion// ``` You have unwanted `/` so i guess try: ``` # homepage add_header Onion-Location "http://6426tqrh4y5uobmo5y2csaip3m3avmjegd2kpa24sadekpxglbm34aqd.onion$request_uri"; # gitea add_header Onion-Location "http://2crftbzxbcoqolvzreaaeyrod5qwycayef55gxgzgfcpqlaxrnh3kkqd.onion$request_uri"; # drone add_header Onion-Location "http://c3vqfx2dqltvdbsqu3ndqwcxsp3uk3vcxo2jsigie5zfajub3j3y35id.onion$request_uri"; ```

wanderer commented 2020-11-09 17:16:59 +01:00

Owner

Copy Link

@kreyren

torproject.org is using Onion-Location from what I've seen

kreyren@leonid:~$ curl -I https://torproject.org
HTTP/1.1 302 Found
Date: Mon, 09 Nov 2020 16:05:04 GMT
Server: Apache
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
X-Xss-Protection: 1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15768000; preload
Location: https://www.torproject.org/
Content-Type: text/html; charset=iso-8859-1

Who told you that torproject.org is using Onion-Location?

They may not have it on the whole site but they are using the header for instance for media - that is where I got it from.

@kreyren >> torproject.org is using `Onion-Location` from what I've seen >>  > >```console >kreyren@leonid:~$ curl -I https://torproject.org >HTTP/1.1 302 Found >Date: Mon, 09 Nov 2020 16:05:04 GMT >Server: Apache >X-Content-Type-Options: nosniff >X-Frame-Options: sameorigin >X-Xss-Protection: 1 >Referrer-Policy: no-referrer >Strict-Transport-Security: max-age=15768000; preload >Location: https://www.torproject.org/ >Content-Type: text/html; charset=iso-8859-1 >``` > >Who told you that torproject.org is using Onion-Location? They may not have it on the whole site but they are using the header for instance for media - that is where I got it from.

wanderer commented 2020-11-09 17:17:53 +01:00

Owner

Copy Link

@kreyren

Seems that in HTTP headers:

alt-svc: h2="2crftbzxbcoqolvzreaaeyrod5qwycayef55gxgzgfcpqlaxrnh3kkqd.onion:80"; ma=86400; persist=1
onion-location: http://2crftbzxbcoqolvzreaaeyrod5qwycayef55gxgzgfcpqlaxrnh3kkqd.onion//

You have unwanted / so i guess try:

# homepage
add_header Onion-Location "http://6426tqrh4y5uobmo5y2csaip3m3avmjegd2kpa24sadekpxglbm34aqd.onion$request_uri";
# gitea
add_header Onion-Location "http://2crftbzxbcoqolvzreaaeyrod5qwycayef55gxgzgfcpqlaxrnh3kkqd.onion$request_uri";
# drone
add_header Onion-Location "http://c3vqfx2dqltvdbsqu3ndqwcxsp3uk3vcxo2jsigie5zfajub3j3y35id.onion$request_uri";

This is correct, though.. Fixed, see now.

@kreyren >Seems that in HTTP headers: > >``` >alt-svc: h2="2crftbzxbcoqolvzreaaeyrod5qwycayef55gxgzgfcpqlaxrnh3kkqd.onion:80"; ma=86400; persist=1 >onion-location: http://2crftbzxbcoqolvzreaaeyrod5qwycayef55gxgzgfcpqlaxrnh3kkqd.onion// >``` > >You have unwanted `/` so i guess try: > >``` ># homepage >add_header Onion-Location "http://6426tqrh4y5uobmo5y2csaip3m3avmjegd2kpa24sadekpxglbm34aqd.onion$request_uri"; ># gitea >add_header Onion-Location "http://2crftbzxbcoqolvzreaaeyrod5qwycayef55gxgzgfcpqlaxrnh3kkqd.onion$request_uri"; ># drone >add_header Onion-Location "http://c3vqfx2dqltvdbsqu3ndqwcxsp3uk3vcxo2jsigie5zfajub3j3y35id.onion$request_uri"; >``` This is correct, though.. Fixed, see now.

kreyren commented 2020-11-09 17:24:44 +01:00

Author

Copy Link

relevant: present the same tls cert for aaaa.onion:443 as example.com:443 -- irc.oftc.net/#tor

relevant: present the same tls cert for aaaa.onion:443 as example.com:443 -- irc.oftc.net/#tor

kreyren commented 2020-11-09 17:25:18 +01:00

Author

Copy Link

The new configuration redirects on http://2crftbzxbcoqolvzreaaeyrod5qwycayef55gxgzgfcpqlaxrnh3kkqd.onion/dotya.ml/community/issues/18 which is 404 -> Assuming onions down? URL lgtm

The new configuration redirects on http://2crftbzxbcoqolvzreaaeyrod5qwycayef55gxgzgfcpqlaxrnh3kkqd.onion/dotya.ml/community/issues/18 which is 404 -> Assuming onions down? URL lgtm

kreyren commented 2020-11-09 17:28:03 +01:00

Author

Copy Link

also alt-svc should be on port 443 see example configuration provided by irc.oftc.net/#tor

https://p.pastly.xyz/volatile/torrc.txt

https://p.pastly.xyz/volatile/example-nginx-config.txt

also alt-svc should be on port 443 see example configuration provided by irc.oftc.net/#tor https://p.pastly.xyz/volatile/torrc.txt https://p.pastly.xyz/volatile/example-nginx-config.txt

kreyren commented 2020-11-09 17:32:35 +01:00

Author

Copy Link

FWIW dotya.ml works perfectly

FWIW dotya.ml works perfectly

wanderer commented 2020-11-09 18:45:29 +01:00

Owner

Copy Link

onion was not listening on 443, it is now.
redirects now also work correctly, please confirm.
404s could be attributed to the nature of the tor network maybe

onion was not listening on 443, it is now. redirects now also work correctly, please confirm. 404s could be attributed to the nature of the tor network maybe

kreyren commented 2020-11-09 20:35:45 +01:00

Author

Copy Link

ain't working on me end, but i think that this is caused by onion for git.dotya.ml being down..

404s could be attributed to the nature of the tor network maybe

no

ain't working on me end, but i think that this is caused by onion for git.dotya.ml being down.. > 404s could be attributed to the nature of the tor network maybe no

wanderer commented 2020-11-09 21:43:46 +01:00

Owner

Copy Link

ain't working on me end, but i think that this is caused by onion for git.dotya.ml being down..

404s could be attributed to the nature of the tor network maybe

no

it's either the network or cosmic rays as the only time you could have legitimately got 404s were the ~three tor reloads today.

works for me here

> ain't working on me end, but i think that this is caused by onion for git.dotya.ml being down.. > > > 404s could be attributed to the nature of the tor network maybe > > no it's either the network or cosmic rays as the only time you could have legitimately got 404s were the ~three `tor` reloads today. works for me here 

image.png

191 KiB

wanderer commented 2020-11-10 15:41:40 +01:00

Owner

Copy Link

closing, as it's working.

closing, as it's working.

wanderer closed this issue 2020-11-10 15:41:40 +01:00

wanderer added this to the Grow our .onionz milestone 2020-11-10 15:41:54 +01:00

kreyren commented 2020-11-12 10:12:53 +01:00

Author

Copy Link

thanku senpai~

thanku senpai~

🐙 1

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

No results found.

Labels

Clear labels   

FCKPTN

Fuck you, Putin!

  

WIP

Work in progess.

  

bug

Something is not working

  

docs done

Documented

  

docs needed

Missing documentation

  

duplicate

This issue or pull request already exists

  

enhancement

Brings improvements

  

feature

Adding a feature

  

gemini

Pertaining gemini

  

invalid

Something is wrong

  

legal-ish

Concerning a legal issue

  

needs help

Help is welcome

  

onionz

Related to an onion service 🧅

  

proposal

Proposes a change

  

question

More information is needed

  

resolved

The issue has been resolved

  

security

This issue impacts security

  

spam

Spam

  

todo

Waits to be done

  

upstream-related

This issue is related to an upstream project's issue

  

wontfix

This won't be fixed

No Label

FCKPTN

WIP

bug

docs done

docs needed

duplicate

enhancement

feature

gemini

invalid

legal-ish

needs help

onionz

proposal

question

resolved

security

spam

todo

upstream-related

wontfix

Milestone

Clear milestone

No items

No Milestone

Grow our .onionz

Projects

Clear projects

No project

General

Assignees

Clear assignees

No Assignees

2 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: dotya.ml/community#18

No description provided.