Expose the RPC Server as an onion service

[lontivero]

This PR exposes the RPC server as an onion service.

How to test

Run wasabi daemon with:

$ dotnet run -- \
  --usetor=true \
  --network=testnet \
  --jsonrpcserverenabled=true \
  --jsonrpcuser=myuser \
  --jsonrpcpassword=mypassword \
  --onionenabled=true

It is important to know that:

• UseTor is necessary because that switch controls whether the Tor process must be launched or not. We need the Tor process running in order to create the ephemeral onion service.
• JsonRpcServerEnabled must be true because otherwise the rpc server is not started.
• Anonymous access is not allowed when exposing the server as an onion service. This means that you have to specify both JsonRpcUser and JsonRpcPassword.
• RpcOnionEnabled indicates whether or not to create the ephemeral onion service. This switch is only available as a command line switch and environment variable. By default it is false.

Once the daemon is running take a look at the log output and find the onion address:

INFO       Global.StartTorProcessManagerAsync (284)        RPC server listening on http://rrdayxv2pngzl3jyal5dfjvl6s4bt4frvo5jj2rgnajz5gyevrm4fvyd.onion/

Run a Tor instance on the client machine

Here this example assumes you are running a Tor instance in the default port (9050). Use Tor as a socks proxy for your client (in this case we use curl)

$ curl -s \
  --socks5-hostname localhost:9050 \
  --user myuser:mypassword \
  --data-binary '{"jsonrpc":"2.0","id":"1","method":"listwallets"}'  \
  http://rrdayxv2pngzl3jyal5dfjvl6s4bt4frvo5jj2rgnajz5gyevrm4fvyd.onion/

{
   "jsonrpc":"2.0",
   "result":[{
     "walletName":"MyFirstWallet"
   }, {
     "walletName":"Wallet_5"
  }]
}

[lontivero]

This PR solves #9794

[turbolay]

tACK, ty for the detailed testing instructions.
Awesome PR.

[kristapsk]

• UseTor is necessary because that switch controls whether the Tor process must be launched or not. We need the Tor process running in order to create the ephemeral onion service.

Why? If I run in a Daemon mode, there is high possibility I will be already running Tor as a system service, so Wasabi could just reuse that one.

[lontivero]

Why? If I run in a Daemon mode, there is high possibility I will be already running Tor as a system service, so Wasabi could just reuse that one.

No, that's not possible. Things like this PR are only possible because Wasabi have access to the Tor control port, this is, the tor control port is opened and listening. The tor control port is closed by default however we make sure to have that available by starting a Tor instance with the correct parameters.

Wasabi worked many years with an already running Tor instance and it could still do it but features like this one wouldn't be available.

[kristapsk]

Why? If I run in a Daemon mode, there is high possibility I will be already running Tor as a system service, so Wasabi could just reuse that one.

No, that's not possible. Things like this PR are only possible because Wasabi have access to the Tor control port, this is, the tor control port is opened and listening. The tor control port is closed by default however we make sure to have that available by starting a Tor instance with the correct parameters.

I can have control port configured and open with local system Tor instance too. In fact, that's how I run JoinMarket, bundled Tor there is optional off by default option. It would be cool to not require running another Tor instance, but instead I could just specify SOCKS5 port and control port (or socket).

[MaxHillebrand]

tACK ded3d9d

it works like a charm! Latency seems totaly alright, but it's noticably slower than the local rpc calls.

[MaxHillebrand]

There is a new onion address after each restart.
I guess it would be a better UX to keep the a static onion address, otherwise the user has to reconfigure the remote control client frequently.

[kiminuo]

Partial review

[lontivero]

There is a new onion address after each restart.
I guess it would be a better UX to keep the a static onion address, otherwise the user has to reconfigure the remote control client frequently.

This first version should be ephemeral. A static one requires key management, I mean, to create a key with a library that we don't have, then save it somewhere (currently there is not place to save that except a config file?), keep it encrypted with some password, etc.

The technical complexity goes up very quickly and the UX goes down too because you would need to ask the user to introduce the password to decrypt the key for the onion service at start time for example.

[MaxHillebrand]

tACK 398437d