This guide will provide you the basic procedure to setup Tor2web
The requirements to setup a Tor2web node are as follow:
- A Domain Name (you can use your own)
- DNS Servers
- Wildcard digital certificate
- Debian/Debian Linux Server
- Public IP address with available free TCP port 80 and 443
Describe different way to implement Tor2web architectures.
One domain/certificate, one node
This is the simpler situation and it was the very early model of Tor2web 1.0 based on Apache+Privoxy hack.
It is not used anymore, but in future (with implementation of https://github.com/globaleaks/Tor2web/issues/33 and https://github.com/globaleaks/Tor2web/issues/24) it may have a revival due to the reduced constraint in running it even without a wildcard certificate.
One domain/certificate, many nodes
The first and early Tor2web architecture is distributed on the basis of DNS. It means that there is one domain, one wildcard digital certificates shared among trusted people.
This architecture is the one used today, but it cannot have scalability for several reasons:
- One DNS takedown would takedown the overall network
- There is only one person managing the DNS
- There is only one digital certificate with all the issues related to sharing private key only with trusted persons
However it's the early model of Tor2web and the most simple.
Many domain, one/many nodes
This architectural model it's still not implemented within Tor2web software but it represent the future evolution of the system.
With this architecture there are many Tor2web administrators using multiple domains, multiple servers and multiple digital certificates. All the cluster of servers around a domain/certificate couple, are aware of the other clusters and distribute the load across various networks. This is the future of Tor2web, now in research, described on https://github.com/globaleaks/Tor2web/issues/24
Setup and Configuration
wget https://deb.globaleaks.org/install-tor2web.sh chmod +x install-tor2web.sh ./install-tor2web.sh
Now that Tor2web is installed you need to configure it by creating a conf file at path /etc/tor2web.conf.
A skeleton for the configuration file can be found at /usr/share/tor2web/data/conf/tor2web-default.conf
To understand how to edit the configuration file please take care of the comments inside of the example file and of the indication on the reference guide available here https://github.com/globaleaks/Tor2web/wiki/Configuring-tor2web
In addition you will need to install and configure tor2web ssl certificates, intermediate certificates and keys inside /home/tor2web/certs directory.
As a quick example to create self-signed ones, you can use the following commands:
cd /home/tor2web/certs/ openssl genrsa -out tor2web-key.pem 4096 openssl req -new -key tor2web-key.pem -out tor2web-csr.pem openssl x509 -req -days 365 -in tor2web-csr.pem -signkey tor2web-key.pem -out tor2web-cert.pem
The configuration directive to setup the TLS/SSL certificates are the following:
ssl_key = /home/tor2web/certs/tor2web-key.pem ssl_cert = /home/tor2web/certs/tor2web-cert.pem ssl_intermediate = /home/tor2web/certs/tor2web-intermediate.pem
Please, be sure to load the SSL/TLS intermediate certificate given by your CA, or many browser will gives our bad security warning when connecting.
Check Tor2web Status
/etc/init.d/tor2web status netstat -natp | grep -e LISTEN | grep -e ':80' -e ':443'
Setup Tor2web to run automatically
When all the previous steps are fine and you are confident with the configuration, Tor2web can be configured to start automatically on boot
update-rc.d tor2web defaults # Set Tor2web to automatically start on-boot