Merge branch 'pr/630' into Release-0.13.0

pull/1063/head
ShahanaFarooqui 2 years ago
parent 05aa2d883f
commit 76cd5f3359

@ -1,23 +1,25 @@
### Setup https access for RTL
Forward the ports 80 and 3002 on the router to the device running RTL.
Forward the ports 80 and 3002 on the router to the device running RTL.
Allow the ports through the firewall of the device.
Install Nginx:
https://www.nginx.com/resources/wiki/start/topics/tutorials/install/
On Debian based distros:
$> sudo apt install nginx
Install certbot to acquire the ssl certificate:
https://certbot.eff.org
nginx default config file is at /etc/nginx/nginx.conf. You will need it.
Install, if needed, openssl
On Debian based distros:
$> sudo apt install openssl
Add the following line at the very top of nginx.conf:
load_module /usr/lib/nginx/modules/ngx_stream_module.so;
Create a self certificate with openssl
$> openssl req -newkey rsa:4096 -x509 -sha512 -days 365 -nodes -out /path/to/some/folder/rtl-cert.crt -keyout /path/to/some/folder/rtl-cert.key
Sample configuration to be inserted in the nginx.conf (adjust the path and filename of your certificate and key):
stream {
upstream RTL {
server 127.0.0.1:3000;
@ -27,13 +29,15 @@ Sample configuration to be inserted in the nginx.conf (adjust the path and filen
listen 3002 ssl;
proxy_pass RTL;
ssl_certificate /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem;
ssl_certificate /path/to/some/folder/rtl-cert.crt;
ssl_certificate_key /path/to/some/folder/rtl-cert.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 4h;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # this line works for me with only TLSv1.2
ssl_prefer_server_ciphers on;
}
}
Restart Nginx with the new configuration and connect to RTL over https on the port 3002.
On Debian based distros:
$> sudo systemctl restart nginx

@ -4,39 +4,34 @@ This guide will allow you to remotely connect to RTL over Tor. This can work on
#### Server Setup
Install Tor on the same local machine as RTL. see the tor project wiki [here](https://trac.torproject.org/projects/tor/wiki)
On Debian based distros:
$> sudo apt install tor
Edit the `torrc` configuration file, and add the following lines:
Edit `/etc/tor/torrc` (Debian based distro) configuration file, and add the following lines:
```
HiddenServiceDir /var/db/tor/rtl/
HiddenServiceVersion 2
HiddenServiceAuthorizeClient stealth mydevice
HiddenServiceDir /var/lib/tor/rtl-service-v3/
HiddenServiceVersion 3
HiddenServicePort 3000 127.0.0.1:3000
```
Change `/var/db/tor/rtl/` to any directory you want to store the hidden service credentials.
Change `mydevice` to anything you want.
Change `/var/lib/tor/rtl-service-v3/` to any directory you want to store the hidden service credentials.
Save the changes to the `torrc` file and restart tor.
View the contents of the file `/var/db/tor/rtl/hostname`. It will show an onion address, an authentication password(cookie), and the associated `mydevice` label.
$> sudo systemctl restart tor
or sometimes:
$> sudo systemctl daemon-reload
View the contents of the file `/var/lib/tor/rtl-service-v3/hostname`. You need to be root. It will show an onion address. This is your address.
On Debian based distro:
$> su -c "cat /var/lib/tor/rtl-service-v3/hostname"
#### Client setup: Android
Download Orbot for android (add their repos to F-Droid here: https://guardianproject.info/fdroid/
Open orbot. Click the `⋮`, select `hidden services ˃`, select `Client cookies`.
Press the + button on the lower right. Type in the the onion address and secret cookie you revealed in file `/var/lnd/tor/rtl/hostname`.
Install Tor browser (or any other compatible browser) for Android from the app store
Go back to orbot's main screen, and select the gear icon under `tor enabled apps`.
Add your favorite tor compatible browser (I use brave) `Brave`, then press back.
Click `stop` on the big onion logo. Exit orbot and reopen it.
Turn on `VPN Mode`. Start your connection to the tor network by clicking on the big onion (if it has not automatically connected already)
Open the tor enabled browser and type in the onion address (example `z1234567890abc.onion:3000`)
Only you have access to this website! All traffic in the tor enabled browser will go over Tor (which is slower than clearnet).
Now open the tor enabled browser and type in the onion address (example `z1234567890abc.onion:3000`)
Only you have access to this website! All traffic in the brave browser will go over Tor (which is slower than clearnet).
To go back to clearnet browsing, turn off VPN mode in Orbot.
#### Client setup: Windows Tor Browser
#### Client setup: Windows Tor Browser (not updated)
Download and install Tor Browser for windows: https://www.torproject.org/download/
@ -50,5 +45,3 @@ HidServAuth 1234567890abcdefg.onion abcdef01234567890+/K mydevice
Save and exit.
Now open Tor Browser, type in the `1234567890abcdefg.onion:3000` address!

Loading…
Cancel
Save