prosody-modules
4d73a1a6ba68
mod_onions/README.markdown
Software / code / prosody-modules
Comparison
mod_onions/README.markdown @ 1803:4d73a1a6ba68
Convert all wiki pages to Markdown
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 28 Aug 2015 18:03:58 +0200 |
| parent | 1782:mod_onions/README.wiki@29f3d6b7ad16 |
| child | 5132:36b5677b9648 |
comparison
equal
deleted
inserted
replaced
| 1802:0ab737feada6 | 1803:4d73a1a6ba68 |
|---|---|
| 1 --- | |
| 2 labels: | |
| 3 - 'Stage-Alpha' | |
| 4 summary: s2s to Tor hidden services | |
| 5 ... | |
| 6 | |
| 7 Introduction | |
| 8 ============ | |
| 9 | |
| 10 This plugin allows Prosody to connect to other servers that are running | |
| 11 as a Tor hidden service. Running Prosody on a hidden service works | |
| 12 without this module, this module is only necessary to allow Prosody to | |
| 13 federate to hidden XMPP servers. | |
| 14 | |
| 15 For general info about creating a hidden service, see | |
| 16 https://www.torproject.org/docs/tor-hidden-service.html.en. | |
| 17 | |
| 18 Usage | |
| 19 ===== | |
| 20 | |
| 21 This module depends on the bit32 Lua library. | |
| 22 | |
| 23 To create a hidden service that can federate with other hidden XMPP | |
| 24 servers, first add a hidden serivce to Tor. It should listen on port | |
| 25 5269 and optionally also on 5222 (if c2s connections to the hidden | |
| 26 service should be allowed). | |
| 27 | |
| 28 Use the hostname that Tor gives with a virtualhost: | |
| 29 | |
| 30 VirtualHost "555abcdefhijklmn.onion" | |
| 31 modules_enabled = { "onions" }; | |
| 32 | |
| 33 Configuration | |
| 34 ============= | |
| 35 | |
| 36 Name Description Type Default value | |
| 37 ---------------------- ----------------------------------------------------- --------- --------------- | |
| 38 onions\_socks5\_host the host to connect to for Tor's SOCKS5 proxy string "127.0.0.1" | |
| 39 onions\_socks5\_port the port to connect to for Tor's SOCKS5 proxy integer 9050 | |
| 40 onions\_only forbid all connection attempts to non-onion servers boolean false | |
| 41 onions\_tor\_all pass all s2s connections through Tor boolean false | |
| 42 onions\_map override the address for a host table {} | |
| 43 | |
| 44 By setting `onions_map`, it is possible to override the address used to | |
| 45 connect to a given host with the address of a hidden service. The | |
| 46 configuration of `onions_map` works as follows: | |
| 47 | |
| 48 onions_map = { | |
| 49 ["jabber.calyxinstitute.org"] = "ijeeynrc6x2uy5ob.onion"; | |
| 50 } | |
| 51 | |
| 52 or, to also specify a port: | |
| 53 | |
| 54 onions_map = { | |
| 55 ["jabber.calyxinstitute.org"] = { host = "ijeeynrc6x2uy5ob.onion", port = 5269 }; | |
| 56 } | |
| 57 | |
| 58 Compatibility | |
| 59 ============= | |
| 60 | |
| 61 ----- -------------- | |
| 62 0.8 Doesn't work | |
| 63 0.9 Works | |
| 64 ----- -------------- | |
| 65 | |
| 66 Notes | |
| 67 ===== | |
| 68 | |
| 69 - `onions_tor_all` does not look up SRV records first. Therefore it | |
| 70 will fail for many servers. | |
| 71 - mod\_onions currently does not support connecting to `.onion` | |
| 72 entries in SRV records. | |
| 73 | |
| 74 Security considerations | |
| 75 ======================= | |
| 76 | |
| 77 - Running a hidden service on a server together with a normal server | |
| 78 might expose the hidden service. | |
| 79 - A hidden service that wants to remain hidden should either disallow | |
| 80 s2s to non-hidden servers or pass all s2s traffic through Tor | |
| 81 (setting either `onions_only` or `onions_tor_all`). |
