Short statement on the Ovarit situation
This commit is contained in:
parent
2639aba46c
commit
7728287dcd
GPG key ID:
21A3DA3DE29CB63C
24 changed files with 529 additions and 69 deletions
73
garden/darknet/tor.gmi
Executable file
73
garden/darknet/tor.gmi
Executable file
|
|
@ -0,0 +1,73 @@
|
|||
# Creating a Tor hidden service using Caddy and Debian 11
|
||||
|
||||
1. Install Tor.
|
||||
|
||||
```
|
||||
sudo apt install tor
|
||||
```
|
||||
|
||||
2. Install the Caddy web server.
|
||||
|
||||
```
|
||||
echo "deb [trusted=yes] https://apt.fury.io/caddy/ /" | sudo tee -a /etc/apt/sources.list.d/caddy-fury.list
|
||||
sudo apt update; sudo apt install caddy -y
|
||||
```
|
||||
|
||||
3. Edit "/etc/tor/torrc" to create the hidden service.
|
||||
|
||||
Open "/etc/tor/torrc" in your favorite text editor. (Please note that this usually requires root privileges.)
|
||||
|
||||
Go to the lines that say:
|
||||
|
||||
```
|
||||
#HiddenServiceDir /var/lib/tor/hidden_service/
|
||||
#HiddenServicePort 80 127.0.0.1:80
|
||||
```
|
||||
|
||||
Uncomment them by deleting the # mark in front of each line.
|
||||
|
||||
If you want, you can change the HiddenServiceDir directory, but you will need to remember it for later. For security purposes, keep the new directory inside of "/var/lib/tor/".
|
||||
|
||||
4. Restart the Tor daemon.
|
||||
|
||||
```
|
||||
sudo systemctl restart tor@default
|
||||
```
|
||||
|
||||
5. As root, go to the hidden service directory and get the new hidden service's domain.
|
||||
|
||||
```
|
||||
sudo -i
|
||||
cd /var/lib/tor/directory/
|
||||
```
|
||||
|
||||
Replace "directory" with the actual directory you chose in step 3.
|
||||
|
||||
```
|
||||
cat hostname
|
||||
```
|
||||
|
||||
If all is well, you should now see a long string of letters and numbers that ends in ".onion". Copy this somewhere safe. You'll need it next step.
|
||||
|
||||
6. Configure Caddy to serve the hidden service.
|
||||
|
||||
Open "/etc/caddy/Caddyfile" with your favorite text editor. You should already be root, but if you did "exit" after getting the Tor hostname, just "sudo -i" again.
|
||||
|
||||
Type the following in:
|
||||
|
||||
```
|
||||
http://YourTorHostnameHere.onion {
|
||||
root * /your/website/file/path/here
|
||||
file_server
|
||||
encode gzip
|
||||
bind 127.0.0.1
|
||||
}
|
||||
```
|
||||
|
||||
The "http://" in front of the address is important as that tells Caddy to not try to enable HTTPS on that domain. HTTPS is unnecessary for Tor hidden services as all traffic to and from the server is already encrypted in transit. And since Tor hidden services aren't accessible on the normal clearnet, the request for Let's Encrypt to give Caddy a certificate would fail as they wouldn't be able to access the domain.
|
||||
|
||||
7. Restart Caddy to apply your changes.
|
||||
|
||||
```
|
||||
sudo systemctl restart caddy
|
||||
```
|
||||
81
garden/darknet/yggdrasil.gmi
Executable file
81
garden/darknet/yggdrasil.gmi
Executable file
|
|
@ -0,0 +1,81 @@
|
|||
# Creating a Yggdrasil website using Caddy and Debian 11
|
||||
|
||||
1. Install Yggdrasil.
|
||||
|
||||
```
|
||||
sudo apt install dirmngr
|
||||
gpg --fetch-keys https://neilalexander.s3.dualstack.eu-west-2.amazonaws.com/deb/key.txt
|
||||
gpg --export 569130E8CA20FBC4CB3FDE555898470A764B32C9 | sudo apt-key add -
|
||||
echo 'deb http://neilalexander.s3.dualstack.eu-west-2.amazonaws.com/deb/ debian yggdrasil' | sudo tee /etc/apt/sources.list.d/yggdrasil.list
|
||||
sudo apt update; sudo apt install yggdrasil
|
||||
```
|
||||
|
||||
2. Install Caddy.
|
||||
|
||||
```
|
||||
echo "deb [trusted=yes] https://apt.fury.io/caddy/ /" | sudo tee -a /etc/apt/sources.list.d/caddy-fury.list
|
||||
sudo apt update; sudo apt install caddy -y
|
||||
```
|
||||
|
||||
3. Get the IP Yggdrasil generates for you.
|
||||
|
||||
```
|
||||
sudo systemctl start yggdrasil; sudo systemctl enable yggdrasil
|
||||
sudo journalctl -xfe -u yggdrasil
|
||||
```
|
||||
|
||||
There will be a line that says "Your IPv6 address is". Copy the rest of that line somewhere safe.
|
||||
|
||||
Press the Control and C buttons on your keyboard at the same time to exit "journalctl".
|
||||
|
||||
4. Configure Caddy to serve the hidden service.
|
||||
|
||||
Open "/etc/caddy/Caddyfile" as root with your favorite text editor.
|
||||
|
||||
Type the following in:
|
||||
|
||||
```
|
||||
http://[YGGDRASIL_IP_ADDRESS_HERE] {
|
||||
root * /your/website/file/path/here
|
||||
file_server
|
||||
encode gzip
|
||||
}
|
||||
```
|
||||
|
||||
The "http://" in front of the address is important as that tells Caddy to not try to enable HTTPS for that website. HTTPS is unnecessary for Yggdrasil hidden services as all traffic to and from the server is already encrypted in transit. Besides, Let's Encrypt wouldn't be able to issue a certificate for an IP address anyway.
|
||||
|
||||
5. Restart Caddy to apply your changes.
|
||||
|
||||
```
|
||||
sudo systemctl restart caddy
|
||||
```
|
||||
|
||||
6. Get some peers for Yggdrasil.
|
||||
|
||||
=> https://github.com/yggdrasil-network/public-peers Copy some peers from this page. Try to select ones closest to your geographical location.
|
||||
|
||||
On your server, open "/etc/yggdrasil.conf" as root with your favorite text editor. At the top of the configuration file will be a section that looks like this:
|
||||
|
||||
```
|
||||
Peers: []
|
||||
```
|
||||
|
||||
Pick some peers from the list and add them to that section of the file (one per line) so it now looks something like this:
|
||||
|
||||
```
|
||||
Peers:
|
||||
[
|
||||
tls://01.scv.usa.ygg.yt:443
|
||||
tls://lax.yuetau.net:6643
|
||||
tls://tasty.chowder.land:9001
|
||||
tls://supergay.network:9001
|
||||
tls://lancis.iscute.moe:49274
|
||||
tls://mayvaneday.org:1414
|
||||
]
|
||||
```
|
||||
|
||||
Save the file and close it, then run:
|
||||
|
||||
```
|
||||
sudo systemctl restart yggdrasil
|
||||
```
|
||||
Loading…
Add table
Add a link
Reference in a new issue