Support #613
Updated by Daniel Curtis almost 9 years ago
{{>toc}} This is a guide for setting up a hidden web server with TOR Hidden Service. Services. h2. Prepare the Environment * Make sure the system is up to date: <pre> portsnap fetch extract && portmaster -a </pre> h3. Install OpenNTPD * Install OpenNTPD: <pre> portmaster net/openntpd </pre> * Edit the OpenNTPD config file: <pre> vi /usr/local/etc/ntpd.conf </pre> #* And add a couple more ntp sources for good measure: <pre> servers pool.ntp.org servers clock.via.net servers clock.isc.org </pre> * Start and enable OpenNTPD at boot: <pre> echo 'openntpd_enable="YES"' >> /etc/rc.conf service openntpd start </pre> *NOTE*: An NTP server in a jail will fail to start. Jails get their time from the host system, make to install the NTP server on the host. h2. Install TOR * Install TOR: <pre> portmaster security/tor </pre> * Setup the TOR environment: <pre> rm -r /var/db/tor /var/run/tor mkdir -p /var/db/tor/data /var/run/tor touch /var/log/tor chown -R _tor:_tor /var/db/tor /var/log/tor /var/run/tor chmod -R 700 /var/db/tor </pre> * Tor users are strongly advised to prevent traffic analysis that exploits sequential IP IDs by setting: <pre> sysctl net.inet.ip.random_id=1 </pre> * Create a folder for the hidden service owned by the _tor user: <pre> mkdir -p /var/tor/hidden_service chown -R _tor:_tor /var/tor chmod -R 700 /var/tor </pre> * Edit the TOR config file: <pre> vi /usr/local/etc/tor/torrc </pre> #* And uncomment the following lines: <pre> HiddenServiceDir /var/tor/hidden_service/ HiddenServicePort 80 127.0.0.1:80 </pre> *NOTE*: The above configuration will forward requests coming into the TOR address on port 80 to 127.0.0.1:80 * Start and enable TOR at boot: <pre> echo 'tor_enable="YES"' >> /etc/rc.conf service tor start </pre> * Monitor the status of the TOR connection: <pre> tail -f /var/log/tor </pre> #* _Truncated output_: <pre> ... May 03 16:12:44.000 [notice] Bootstrapped 50%: Loading relay descriptors May 03 16:12:53.000 [notice] Bootstrapped 57%: Loading relay descriptors May 03 16:12:56.000 [notice] Bootstrapped 64%: Loading relay descriptors May 03 16:12:57.000 [notice] Bootstrapped 69%: Loading relay descriptors May 03 16:12:58.000 [notice] Bootstrapped 78%: Loading relay descriptors May 03 16:12:59.000 [notice] Bootstrapped 80%: Connecting to the Tor network May 03 16:12:59.000 [notice] Bootstrapped 90%: Establishing a Tor circuit May 03 16:13:00.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working. May 03 16:13:00.000 [notice] Bootstrapped 100%: Done </pre> * Once the TOR service is up and running, a new hostname and key file will appear in the /var/tor/hidden_service directory: <pre> cat /var/tor/hidden_service/hostname </pre> h2. Resources * http://www.bsdnow.tv/tutorials/tor