English
tor-hidden-service.html.en
上传用户:awang829
上传日期:2019-07-14
资源大小:2356k
文件大小:14k
源码类别:
网络
开发平台:
Unix_Linux
- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/1998/REC-html40-19980424/loose.dtd">
- <html>
- <head>
- <title>Tor: Hidden Service Configuration Instructions</title>
- <meta name="Author" content="Roger Dingledine">
- <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
- <link rel="stylesheet" type="text/css" href="../stylesheet-ltr.css">
- <link rel="shortcut icon" type="image/x-icon" href="../favicon.ico">
- </head>
- <body>
- <div class="center">
- <table class="banner" border="0" cellpadding="0" cellspacing="0" summary="">
- <tr>
- <td class="banner-left"><a href="https://www.torproject.org/"><img src="../images/top-left.png" alt="Click to go to home page" width="193" height="79"></a></td>
- <td class="banner-middle">
- <a href="../index.html.en">Home</a>
- <a href="../overview.html.en">Overview</a>
- <a href="../easy-download.html.en">Download</a>
- <a href="../documentation.html.en">Docs</a>
- <a href="../volunteer.html.en">Volunteer</a>
- <a href="../people.html.en">People</a>
- <a href="https://blog.torproject.org/">Blog</a>
- <a href="../donate.html.en">Donate!</a>
- </td>
- <td class="banner-right">
- <a href="tor-hidden-service.html.de"><acronym title="Deutsch"><img src="../images/de.png" alt="Deutsch" width="24" height="16"></acronym></a> <acronym title="English"><img src="../images/en.png" alt="English" width="24" height="16"></acronym> <a href="tor-hidden-service.html.es"><acronym title="español"><img src="../images/es.png" alt="español" width="24" height="16"></acronym></a> <img src="../images/green-flagspace.png" alt="" width="24" height="16"> <img src="../images/green-flagspace.png" alt="" width="24" height="16"> <a href="tor-hidden-service.html.fr"><acronym title="français"><img src="../images/fr.png" alt="français" width="24" height="16"></acronym></a> <a href="tor-hidden-service.html.it"><acronym title="Italiano"><img src="../images/it.png" alt="Italiano" width="24" height="16"></acronym></a> <img src="../images/green-flagspace.png" alt="" width="24" height="16"> <img src="../images/green-flagspace.png" alt="" width="24" height="16"> <img src="../images/green-flagspace.png" alt="" width="24" height="16"> <img src="../images/green-flagspace.png" alt="" width="24" height="16"> <a href="tor-hidden-service.html.pl"><acronym title="polski"><img src="../images/pl.png" alt="polski" width="24" height="16"></acronym></a> <img src="../images/green-flagspace.png" alt="" width="24" height="16"> <a href="tor-hidden-service.html.ru"><acronym title="Русский (Russkij)"><img src="../images/ru.png" alt="Русский (Russkij)" width="24" height="16"></acronym></a> <img src="../images/green-flagspace.png" alt="" width="24" height="16"> <img src="../images/green-flagspace.png" alt="" width="24" height="16"> <a href="tor-hidden-service.html.zh-cn"><acronym title="中文(简) (Simplified Chinese)"><img src="../images/zh-cn.png" alt="中文(简) (Simplified Chinese)" width="24" height="16"></acronym></a>
- </td>
- </tr>
- </table>
- <div class="center">
- <div class="main-column">
- <h1>Configuring Hidden Services for <a href="../index.html.en">Tor</a></h1>
- <hr>
- <p>Tor allows clients and relays to offer hidden services. That is,
- you can offer a web server, SSH server, etc., without revealing your
- IP address to its users. In fact, because you don't use any public address,
- you can run a hidden service from behind your firewall.
- </p>
- <p>If you have Tor and Privoxy installed, you can see hidden services
- in action by visiting <a href="http://duskgytldkxiuqc6.onion/">our
- example hidden service</a> or the <a
- href="http://gaddbiwdftapglkq.onion/">Wikileaks hidden service</a>.
- </p>
- <p>This howto describes the steps for setting up your own hidden service
- website. For the technical details of how the hidden service protocol
- works, see our <a href="../hidden-services.html.en">hidden service protocol</a> page.
- </p>
- <hr>
- <a id="zero"></a>
- <h2><a class="anchor" href="#zero">Step Zero: Get Tor and Privoxy working</a></h2>
- <br>
- <p>Before you start, you need to make sure:</p>
- <ol>
- <li>Tor is up and running,</li>
- <li>Privoxy is up and running,</li>
- <li>Privoxy is configured to point to Tor and</li>
- <li>You actually set it up correctly.</li>
- </ol>
- <p>Windows users should follow the <a
- href="../docs/tor-doc-windows.html.en">Windows
- howto</a>, OS X users should follow the <a
- href="../docs/tor-doc-osx.html.en">OS
- X howto</a>, and Linux/BSD/Unix users should follow the <a
- href="../docs/tor-doc-unix.html.en">Unix howto</a>.
- </p>
- <p>Once you've got Tor and Privoxy installed and configured,
- you can see hidden services in action by following this link to <a
- href="http://duskgytldkxiuqc6.onion/">our example hidden service</a>
- or the <a
- href="http://gaddbiwdftapglkq.onion/">Wikileaks hidden service</a>.
- It will typically take 10-60 seconds to load
- (or to decide that it is currently unreachable). If it fails
- immediately and your browser pops up an alert saying that
- "www.duskgytldkxiuqc6.onion could not be found, please check the name and
- try again" then you haven't configured Tor and Privoxy correctly; see <a
- href="https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#ItDoesntWork">the
- it-doesn't-work FAQ entry</a> for some help.
- </p>
- <hr>
- <a id="one"></a>
- <h2><a class="anchor" href="#one">Step One: Install a web server locally</a></h2>
- <br>
- <p>First, you need to set up a web server locally. Setting up a web
- server can be tricky,
- so we're just going to go over a few basics here. If you get stuck
- or want to do more, find a friend who can help you. We recommend you
- install a new separate web server for your hidden service, since even
- if you already have one installed, you may be using it (or want to use
- it later) for an actual website.
- </p>
- <p>If you're on Unix or OS X and you're comfortable with
- the command-line, by far the best way to go is to install <a
- href="http://www.acme.com/software/thttpd/">thttpd</a>. Just grab the
- latest tarball, untar it (it will create its own directory), and run
- <kbd>./configure && make</kbd>. Then <kbd>mkdir hidserv; cd
- hidserv</kbd>, and run
- <kbd>../thttpd -p 5222 -h localhost</kbd>. It will give you back your prompt,
- and now you're running a webserver on port 5222. You can put files to
- serve in the hidserv directory.
- </p>
- <p>If you're on Windows, you might pick <a
- href="http://savant.sourceforge.net/">Savant</a> or <a
- href="http://httpd.apache.org/">Apache</a>, and be sure to configure it
- to bind only to localhost. You should also figure out what port you're
- listening on, because you'll use it below.
- </p>
- <p>(The reason we bind the web server only to localhost is to make
- sure it isn't publically accessible. If people could get to it directly,
- they could confirm that your computer is the one offering the hidden
- service.)
- </p>
- <p>Once you've got your web server set up, make sure it works: open your
- browser and go to <a
- href="http://localhost:5222/">http://localhost:5222/</a>, where 5222 is
- the port that you picked above. Then try putting a file in the main html
- directory, and make sure it shows up when you access the site.
- </p>
- <hr>
- <a id="two"></a>
- <h2><a class="anchor" href="#two">Step Two: Configure your hidden service</a></h2>
- <br>
- <p>Next, you need to configure your hidden service to point to your
- local web server.
- </p>
- <p>First, open your torrc file in your favorite text editor. (See <a
- href="https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#torrc">the
- torrc FAQ entry</a> to learn what this means.) Go to the middle section and
- look for the line</p>
- <pre>
- ############### This section is just for location-hidden services ###
- </pre>
- <p>
- This section of the file consists of groups of lines, each representing
- one hidden service. Right now they are all commented out (the lines
- start with #), so hidden services are disabled. Each group of lines
- consists of one <var>HiddenServiceDir</var> line, and one or more
- <var>HiddenServicePort</var> lines:</p>
- <ul>
- <li><var>HiddenServiceDir</var> is a directory where Tor will store information
- about that hidden service. In particular, Tor will create a file here named
- <var>hostname</var> which will tell you the onion URL. You don't need to add any
- files to this directory.</li>
- <li><var>HiddenServicePort</var> lets you specify a virtual port (that is, what
- port people accessing the hidden service will think they're using) and an
- IP address and port for redirecting connections to this virtual port.</li>
- </ul>
- <p>Add the following lines to your torrc:
- </p>
- <pre>
- HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/
- HiddenServicePort 80 127.0.0.1:5222
- </pre>
- <p>You're going to want to change the <var>HiddenServiceDir</var> line, so it points
- to an actual directory that is readable/writeable by the user that will
- be running Tor. The above line should work if you're using the OS X Tor
- package. On Unix, try "/home/username/hidserv/" and fill in your own
- username in place of "username". On Windows you might pick:</p>
- <pre>
- HiddenServiceDir C:Documents and SettingsusernameApplication Datahidden_service
- HiddenServicePort 80 127.0.0.1:5222
- </pre>
- <p>Now save the torrc, shut down
- your Tor, and then start it again.
- </p>
- <p>If Tor starts up again, great. Otherwise, something is wrong. First look at
- your logfiles for hints. It will print some warnings or error messages. That
- should give you an idea what went wrong. Typically there are typos in the torrc
- or wrong directory permissions (See <a
- href="https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#Logs">the
- logging FAQ entry</a> if you don't know how to enable or find your
- log file.)
- </p>
- <p>When Tor starts, it will automatically create the <var>HiddenServiceDir</var>
- that you specified (if necessary), and it will create two files there.</p>
- <dl>
- <dt><var>private_key</var></dt>
- <dd>First, Tor will generate a new public/private keypair for your hidden
- service. It is written into a file called "private_key". Don't share this key
- with others -- if you do they will be able to impersonate your hidden
- service.</dd>
- <dt><var>hostname</var></dt>
- <dd>The other file Tor will create is called "hostname". This contains
- a short summary of your public key -- it will look something like
- <tt>duskgytldkxiuqc6.onion</tt>. This is the public name for your service,
- and you can tell it to people, publish it on websites, put it on business
- cards, etc.</dd>
- </dl>
- <p>If Tor runs as a different user than you, for example on
- OS X, Debian, or Red Hat, then you may need to become root to be able
- to view these files.</p>
- <p>Now that you've restarted Tor, it is busy picking introduction points
- in the Tor network, and generating a <em>hidden service
- descriptor</em>. This is a signed list of introduction points along with
- the service's full public key. It anonymously publishes this descriptor
- to the directory servers, and other people anonymously fetch it from the
- directory servers when they're trying to access your service.
- </p>
- <p>Try it now: paste the contents of the hostname file into your web
- browser. If it works, you'll get the html page you set up in step one.
- If it doesn't work, look in your logs for some hints, and keep playing
- with it until it works.
- </p>
- <hr>
- <a id="three"></a>
- <h2><a class="anchor" href="#three">Step Three: More advanced tips</a></h2>
- <br>
- <p>If you plan to keep your service available for a long time, you might
- want to make a backup copy of the <var>private_key</var> file somewhere.
- </p>
- <p>We avoided recommending Apache above, a) because many people might
- already be running it for a public web server on their computer, and b)
- because it's big
- and has lots of places where it might reveal your IP address or other
- identifying information, for example in 404 pages. For people who need
- more functionality, though, Apache may be the right answer. Can
- somebody make us a checklist of ways to lock down your Apache when you're
- using it as a hidden service? Savant probably has these problems too.
- </p>
- <p>If you want to forward multiple virtual ports for a single hidden
- service, just add more <var>HiddenServicePort</var> lines.
- If you want to run multiple hidden services from the same Tor
- client, just add another <var>HiddenServiceDir</var> line. All the following
- <var>HiddenServicePort</var> lines refer to this <var>HiddenServiceDir</var> line, until
- you add another <var>HiddenServiceDir</var> line:
- </p>
- <pre>
- HiddenServiceDir /usr/local/etc/tor/hidden_service/
- HiddenServicePort 80 127.0.0.1:8080
- HiddenServiceDir /usr/local/etc/tor/other_hidden_service/
- HiddenServicePort 6667 127.0.0.1:6667
- HiddenServicePort 22 127.0.0.1:22
- </pre>
- <p>There are some anonymity issues you should keep in mind too:
- </p>
- <ul>
- <li>As mentioned above, be careful of letting your web server reveal
- identifying information about you, your computer, or your location.
- For example, readers can probably determine whether it's thttpd or
- Apache, and learn something about your operating system.</li>
- <li>If your computer isn't online all the time, your hidden service
- won't be either. This leaks information to an observant adversary.</li>
- <!-- increased risks over time -->
- </ul>
- <hr>
- <p>If you have suggestions for improving this document, please <a
- href="../contact.html.en">send them to us</a>. Thanks!</p>
- </div><!-- #main -->
- </div>
- <hr>
- </div>
- <div class="bottom" id="bottom">
- <p>"Tor" and the "Onion Logo" are <a href="../trademark-faq.html.en">registered trademarks</a> of The Tor Project, Inc.
- <br>
- Content on this site is licensed under a <a href="http://creativecommons.org/licenses/by/3.0/us/">Creative Commons Attribution 3.0 United States License</a>, unless otherwise noted.
- </p>
- <p>
- This page is also available in the following languages:
- <a href="tor-hidden-service.html.de">Deutsch</a>, <a href="tor-hidden-service.html.es">español</a>, <a href="tor-hidden-service.html.fr">français</a>, <a href="tor-hidden-service.html.it">Italiano</a>, <a href="tor-hidden-service.html.pl">polski</a>, <a href="tor-hidden-service.html.ru">Русский (Russkij)</a>, <a href="tor-hidden-service.html.zh-cn">中文(简) (Simplified Chinese)</a>.<br>
- How to set <a href="http://www.debian.org/intro/cn#howtoset">the default document language</a>.
- </p>
- <p>
- <i><a href="../contact.html.en" class="smalllink">Webmaster</a></i> -
- Last modified: Thu Jul 16 19:44:34 2009
- -
- Last compiled: Sun Oct 18 00:33:30 2009
- </p>
- </div>
- </body>
- </html>
