Merge branch 'pr/630' into Release-0.13.0

2 years ago · 76cd5f3359
parent 05aa2d883f
commit 76cd5f3359
2 changed files with 32 additions and 35 deletions
--- a/.github/docs/RTL_SSL_setup.md
+++ b/.github/docs/RTL_SSL_setup.md
@ -1,23 +1,25 @@
 ### Setup https access for RTL
-Forward the ports 80 and 3002 on the router to the device running RTL.  
+Forward the ports 80 and 3002 on the router to the device running RTL.
 Allow the ports through the firewall of the device.
 Install Nginx:
 https://www.nginx.com/resources/wiki/start/topics/tutorials/install/
 On Debian based distros:
    $> sudo apt install nginx
-Install certbot to acquire the ssl certificate:
+nginx default config file is at /etc/nginx/nginx.conf. You will need it.
 https://certbot.eff.org
 Install, if needed, openssl
 On Debian based distros:
    $> sudo apt install openssl
-Add the following line at the very top of nginx.conf: 
+Create a self certificate with openssl
-load_module /usr/lib/nginx/modules/ngx_stream_module.so;
+    $> openssl req -newkey rsa:4096 -x509 -sha512 -days 365 -nodes -out /path/to/some/folder/rtl-cert.crt -keyout /path/to/some/folder/rtl-cert.key 
 Sample configuration to be inserted in the nginx.conf (adjust the path and filename of your certificate and key):
    stream {
            upstream RTL {
                    server 127.0.0.1:3000;
@ -27,13 +29,15 @@ Sample configuration to be inserted in the nginx.conf (adjust the path and filen
                    listen 3002 ssl;
                    proxy_pass RTL;
-                    ssl_certificate /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem;
+                    ssl_certificate /path/to/some/folder/rtl-cert.crt;
-                    ssl_certificate_key /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem;
+                    ssl_certificate_key /path/to/some/folder/rtl-cert.key;
                    ssl_session_cache shared:SSL:1m;
                    ssl_session_timeout 4h;
-                    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+                    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # this line works for me with only TLSv1.2
                    ssl_prefer_server_ciphers on;
            }
    }
 Restart Nginx with the new configuration and connect to RTL over https on the port 3002.
 On Debian based distros:
    $> sudo systemctl restart nginx
--- a/.github/docs/RTL_TOR_setup.md
+++ b/.github/docs/RTL_TOR_setup.md
@ -4,39 +4,34 @@ This guide will allow you to remotely connect to RTL over Tor. This can work on
 #### Server Setup 
 Install Tor on the same local machine as RTL. see the tor project wiki [here](https://trac.torproject.org/projects/tor/wiki)
 On Debian based distros:
    $> sudo apt install tor
-Edit the `torrc` configuration file, and add the following lines:
+Edit `/etc/tor/torrc` (Debian based distro) configuration file, and add the following lines:
 ```
-HiddenServiceDir /var/db/tor/rtl/
+HiddenServiceDir /var/lib/tor/rtl-service-v3/
-HiddenServiceVersion 2
+HiddenServiceVersion 3
 HiddenServiceAuthorizeClient stealth mydevice
 HiddenServicePort 3000 127.0.0.1:3000
 ```
-Change `/var/db/tor/rtl/` to any directory you want to store the hidden service credentials. 
+Change `/var/lib/tor/rtl-service-v3/` to any directory you want to store the hidden service credentials. 
 Change `mydevice` to anything you want. 
 Save the changes to the `torrc` file and restart tor.
-
+    $> sudo systemctl restart tor
-View the contents of the file `/var/db/tor/rtl/hostname`. It will show an onion address, an authentication password(cookie), and the associated `mydevice` label.
+    or sometimes:
-
+    $> sudo systemctl daemon-reload    
 View the contents of the file `/var/lib/tor/rtl-service-v3/hostname`. You need to be root. It will show an onion address. This is your address.
 On Debian based distro:
    $> su -c "cat /var/lib/tor/rtl-service-v3/hostname"
 #### Client setup: Android
-Download Orbot for android (add their repos to F-Droid here: https://guardianproject.info/fdroid/
+Install Tor browser (or any other compatible browser) for Android from the app store
 Open orbot. Click the `⋮`, select `hidden services ˃`, select `Client cookies`.
 Press the + button on the lower right. Type in the the onion address and secret cookie you revealed in file `/var/lnd/tor/rtl/hostname`.
-Go back to orbot's main screen, and select the gear icon under `tor enabled apps`. 
+Open the tor enabled browser and type in the onion address (example `z1234567890abc.onion:3000`) 
-Add your favorite tor compatible browser (I use brave) `Brave`, then press back. 
+Only you have access to this website! All traffic in the tor enabled browser will go over Tor (which is slower than clearnet). 
 Click `stop` on the big onion logo. Exit orbot and reopen it. 
 Turn on `VPN Mode`. Start your connection to the tor network by clicking on the big onion (if it has not automatically connected already)
-Now open the tor enabled browser and type in the onion address (example `z1234567890abc.onion:3000`) 
+#### Client setup: Windows Tor Browser (not updated)
 Only you have access to this website! All traffic in the brave browser will go over Tor (which is slower than clearnet). 
 To go back to clearnet browsing, turn off VPN mode in Orbot.
 #### Client setup: Windows Tor Browser
 Download and install Tor Browser for windows: https://www.torproject.org/download/
@ -50,5 +45,3 @@ HidServAuth 1234567890abcdefg.onion abcdef01234567890+/K mydevice
 Save and exit. 
 Now open Tor Browser, type in the `1234567890abcdefg.onion:3000` address!