Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Onion Service Support #1

Open
maltfield opened this issue Jul 15, 2023 · 2 comments
Open

Onion Service Support #1

maltfield opened this issue Jul 15, 2023 · 2 comments

Comments

@maltfield
Copy link

This issue is a feature request to add an Onion Service for *.proxysto.re, *.dys2p.com, and other relevant websites.

Why?

It's particularly important to provide an Onion Service to customers that are making financial transactions on order.proxysto.re because it provides better security than clearnet transactions

There are numerous security benefits for why millions of people use tor every day. Besides the obvious privacy benefits (which are not at all relevant in the scope of a customer authenticating with their bank ) -- Tor has a fundamentally different approach to encryption (read: it's more secure).

Instead of using the untrustworthy X.509 PKI model, all connections to a v3 .onion address is made to a single pinned certificate that is directly correlated to the domain itself (the domain is just a hash of the public key + some metadata).

Moreover, some of the most secure operating systems send all the user's Internet traffic through the Tor network -- for the ultimate data security & privacy of its users.

All of this means that users who connect to a website (eg online banking) have much greater confidentiality and integrity because the authentication of Onion Services is magnitudes stronger than https with X.509.

Solution

Making a website at a .onion address is fairly simple. You need to run the tor daemon, set it to run an Onion Service in torrc, and point it to the port of your web server.

If you'd like to use the same .onion domain and multiple subdomains, you can point it to a frontend proxy (eg nginx) that selects the correct backend based on the Host header -- same as a clearnet website.

If you have any issues setting this up, please let me know; I'd be happy to help.

@maltfield
Copy link
Author

maltfield commented Jul 17, 2023

Update: I see that you currently have some of your websites behind Onion Services

digitalgoods.proxysto.re digitazyyxyihwwzudp5syxxyn3qhcd63wqcha2dxpfqiyydmrgdiaad.onion
       druck.proxysto.re print5cxveagitd3cbl3pakcjupk5jwgtpwa35uowhtzlmcqbibmsnyd.onion
       order.proxysto.re proxyoxiemywllckvpix543gqcmvvltrnb7inbwtk2knkehqt72tyfyd.onion
         pay.proxysto.re ak4jf6rqm3inp3o6ide4zfjgxukpmzzlawpltt5s4iy6tys6qjp6atqd.onion

Source: https://dys2p.com/en/contact.html

I'm not sure if the "contact" page is the best place to provide your Onion Service domains; I certainly didn't find it. Anyway, once this is implemented the Onion-Location header should handle upgrades to the Onion Service for Tor Browser users. And I see you're already using this on the domains supported above.

@maltfield
Copy link
Author

Durr, the onions are also linked-to on the frontpage -- anchor links are on "onion" inside parenthesis (onion)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant