From 76cd5f335936821bdab7e8a84ec89bca5f2b978b Mon Sep 17 00:00:00 2001 From: ShahanaFarooqui Date: Sat, 13 Aug 2022 19:26:32 -0700 Subject: [PATCH] Merge branch 'pr/630' into Release-0.13.0 --- .github/docs/RTL_SSL_setup.md | 24 +++++++++++-------- .github/docs/RTL_TOR_setup.md | 43 +++++++++++++++-------------------- 2 files changed, 32 insertions(+), 35 deletions(-) diff --git a/.github/docs/RTL_SSL_setup.md b/.github/docs/RTL_SSL_setup.md index 3abf92d4c..893c7365b 100644 --- a/.github/docs/RTL_SSL_setup.md +++ b/.github/docs/RTL_SSL_setup.md @@ -1,23 +1,25 @@ ### Setup https access for RTL -Forward the ports 80 and 3002 on the router to the device running RTL. +Forward the ports 80 and 3002 on the router to the device running RTL. Allow the ports through the firewall of the device. Install Nginx: https://www.nginx.com/resources/wiki/start/topics/tutorials/install/ +On Debian based distros: + $> sudo apt install nginx -Install certbot to acquire the ssl certificate: -https://certbot.eff.org +nginx default config file is at /etc/nginx/nginx.conf. You will need it. +Install, if needed, openssl +On Debian based distros: + $> sudo apt install openssl -Add the following line at the very top of nginx.conf: -load_module /usr/lib/nginx/modules/ngx_stream_module.so; +Create a self certificate with openssl + $> openssl req -newkey rsa:4096 -x509 -sha512 -days 365 -nodes -out /path/to/some/folder/rtl-cert.crt -keyout /path/to/some/folder/rtl-cert.key Sample configuration to be inserted in the nginx.conf (adjust the path and filename of your certificate and key): - - stream { upstream RTL { server 127.0.0.1:3000; @@ -27,13 +29,15 @@ Sample configuration to be inserted in the nginx.conf (adjust the path and filen listen 3002 ssl; proxy_pass RTL; - ssl_certificate /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem; + ssl_certificate /path/to/some/folder/rtl-cert.crt; + ssl_certificate_key /path/to/some/folder/rtl-cert.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 4h; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # this line works for me with only TLSv1.2 ssl_prefer_server_ciphers on; } } Restart Nginx with the new configuration and connect to RTL over https on the port 3002. +On Debian based distros: + $> sudo systemctl restart nginx diff --git a/.github/docs/RTL_TOR_setup.md b/.github/docs/RTL_TOR_setup.md index 67510e7d2..570974e5c 100644 --- a/.github/docs/RTL_TOR_setup.md +++ b/.github/docs/RTL_TOR_setup.md @@ -4,39 +4,34 @@ This guide will allow you to remotely connect to RTL over Tor. This can work on #### Server Setup Install Tor on the same local machine as RTL. see the tor project wiki [here](https://trac.torproject.org/projects/tor/wiki) +On Debian based distros: + $> sudo apt install tor -Edit the `torrc` configuration file, and add the following lines: +Edit `/etc/tor/torrc` (Debian based distro) configuration file, and add the following lines: ``` -HiddenServiceDir /var/db/tor/rtl/ -HiddenServiceVersion 2 -HiddenServiceAuthorizeClient stealth mydevice +HiddenServiceDir /var/lib/tor/rtl-service-v3/ +HiddenServiceVersion 3 HiddenServicePort 3000 127.0.0.1:3000 ``` -Change `/var/db/tor/rtl/` to any directory you want to store the hidden service credentials. -Change `mydevice` to anything you want. +Change `/var/lib/tor/rtl-service-v3/` to any directory you want to store the hidden service credentials. Save the changes to the `torrc` file and restart tor. - -View the contents of the file `/var/db/tor/rtl/hostname`. It will show an onion address, an authentication password(cookie), and the associated `mydevice` label. - + $> sudo systemctl restart tor + or sometimes: + $> sudo systemctl daemon-reload + +View the contents of the file `/var/lib/tor/rtl-service-v3/hostname`. You need to be root. It will show an onion address. This is your address. +On Debian based distro: + $> su -c "cat /var/lib/tor/rtl-service-v3/hostname" + #### Client setup: Android -Download Orbot for android (add their repos to F-Droid here: https://guardianproject.info/fdroid/ - -Open orbot. Click the `⋮`, select `hidden services ˃`, select `Client cookies`. - -Press the + button on the lower right. Type in the the onion address and secret cookie you revealed in file `/var/lnd/tor/rtl/hostname`. +Install Tor browser (or any other compatible browser) for Android from the app store -Go back to orbot's main screen, and select the gear icon under `tor enabled apps`. -Add your favorite tor compatible browser (I use brave) `Brave`, then press back. -Click `stop` on the big onion logo. Exit orbot and reopen it. -Turn on `VPN Mode`. Start your connection to the tor network by clicking on the big onion (if it has not automatically connected already) +Open the tor enabled browser and type in the onion address (example `z1234567890abc.onion:3000`) +Only you have access to this website! All traffic in the tor enabled browser will go over Tor (which is slower than clearnet). -Now open the tor enabled browser and type in the onion address (example `z1234567890abc.onion:3000`) -Only you have access to this website! All traffic in the brave browser will go over Tor (which is slower than clearnet). -To go back to clearnet browsing, turn off VPN mode in Orbot. - -#### Client setup: Windows Tor Browser +#### Client setup: Windows Tor Browser (not updated) Download and install Tor Browser for windows: https://www.torproject.org/download/ @@ -50,5 +45,3 @@ HidServAuth 1234567890abcdefg.onion abcdef01234567890+/K mydevice Save and exit. Now open Tor Browser, type in the `1234567890abcdefg.onion:3000` address! - -