commit 456701b7e6dcb6b1a2a596eb1670e7de3566d748
Author: Pili Guerra <p...@torproject.org>
Date: Thu May 30 13:53:53 2019 +0000
Onion services
---
assets/static/images/home/png/onion-services.png | Bin 0 -> 164556 bytes
.../images/onion-services/onion-sites/Tor.svg | 68 +++++++++++++
.../images/onion-services/onion-sites/nyt.png | Bin 0 -> 34530 bytes
.../onion-services/onion-sites/propublica.svg | 1 +
.../overview/tor-onion-services-1.png | Bin 0 -> 17222 bytes
.../overview/tor-onion-services-2.png | Bin 0 -> 19207 bytes
.../overview/tor-onion-services-3.png | Bin 0 -> 22213 bytes
.../overview/tor-onion-services-4.png | Bin 0 -> 21419 bytes
.../overview/tor-onion-services-5.png | Bin 0 -> 22165 bytes
.../overview/tor-onion-services-6.png | Bin 0 -> 18018 bytes
content/onion-services/onion-sites/nyt/contents.lr | 13 +++
.../onion-sites/propublica/contents.lr | 13 +++
.../onion-sites/tor-project/contents.lr | 15 +++
content/onion-services/overview/contents.lr | 112 +++++++++++++++++++++
content/onion-services/setup/contents.lr | 55 ++++++++++
content/onion-services/ssl-tls/contents.lr | 4 +
models/onion-sites.ini | 22 ++++
templates/onion-services.html | 42 ++++++--
18 files changed, 338 insertions(+), 7 deletions(-)
diff --git a/assets/static/images/home/png/onion-services.png
b/assets/static/images/home/png/onion-services.png
new file mode 100644
index 0000000..a00ac04
Binary files /dev/null and b/assets/static/images/home/png/onion-services.png
differ
diff --git a/assets/static/images/onion-services/onion-sites/Tor.svg
b/assets/static/images/onion-services/onion-sites/Tor.svg
new file mode 100644
index 0000000..cff0903
--- /dev/null
+++ b/assets/static/images/onion-services/onion-sites/Tor.svg
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<svg
+ xmlns:dc="http://purl.org/dc/elements/1.1/";
+ xmlns:cc="http://creativecommons.org/ns#";
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#";
+ xmlns:svg="http://www.w3.org/2000/svg";
+ xmlns="http://www.w3.org/2000/svg";
+ version="1.1"
+ width="306"
+ height="185"
+ id="å¾å±_1">
+ <g
+ transform="translate(-92,-63.999774)"
+ id="layer3"
+ style="display:inline">
+ <g
+ id="layer5">
+ <path
+ d="m 264.513,77.977773 -4.917,19.529001 c 6.965,-13.793001
18.027,-24.172001 30.729,-33.323001 -9.287,10.789 -17.754,21.579001
-22.944,32.368001 8.741,-12.292001 20.486,-19.120001 33.733,-23.627001
-17.618,15.706001 -31.60228,32.559277 -42.25528,49.494277 l -8.467,-3.687 c
1.501,-13.521 6.60928,-27.369276 14.12128,-40.754277 z"
+ id="path2554"
+ style="fill:#abcd03" />
+ <path
+ d="m 241.90113,115.14152 16.116,6.68594 c 0,4.098 -0.33313,16.59703
2.22938,20.28403 26.80289,34.5191 22.29349,103.71329 -5.42951,105.48829
-42.21656,0 -58.317,-28.679 -58.317,-55.03801 0,-24.037 28.816,-40.016
46.025,-54.219 4.37,-3.824 3.61113,-12.27525 -0.62387,-23.20125 z"
+ id="path2534"
+ style="fill:#fffcdb" />
+ <path
+ d="m 258.02197,121.58695 5.80803,2.96282 c -0.546,3.823 0.273,12.292
4.096,14.476 16.936,10.516 32.914,21.988 39.197,33.46 22.398,40.42601
-15.706,77.84601 -48.62,74.29501 17.891,-13.248 23.081,-40.42501
16.389,-70.06201 -2.731,-11.609 -6.966,-22.125 -14.478,-34.007
-3.25421,-5.83246 -2.11803,-13.06582 -2.39203,-21.12482 z"
+ id="path2536"
+ style="fill:#7d4698" />
+ </g>
+ <g
+ id="layer4"
+ style="display:inline">
+ <path
+ d="m 255.226,120.58877 12.018,1.639 c -3.551,11.745 6.966,19.939
10.38,21.852 7.64801,4.234 15.02301,8.604 20.89601,13.93 11.063,10.106
17.345,24.31 17.345,39.333 0,14.886 -6.829,29.226 -18.301,38.786 -10.789,9.014
-25.67501,12.838 -40.15201,12.838 -9.014,0 -17.072,-0.409 -25.812,-3.278
-19.939,-6.692 -34.826,-23.763 -36.055,-44.25 -1.093,-15.979 2.458,-28.134
14.887,-40.835 6.418,-6.692 19.393,-14.34 28.271,-20.486 4.371,-3.005
9.014,-11.473 0.136,-27.451 l 1.776,-1.366 13.15659,8.81203 -11.10759,-4.57803
c 0.956,1.366 3.551,7.512 4.098,9.287 1.229,5.053 0.683,9.971 -0.41,12.155
-5.599,10.107 -15.159,12.838 -22.124,18.574 -12.292,10.106 -25.676,18.164
-24.174,45.888 0.683,13.657 11.336,30.319 27.314,38.104 9.014,4.371
19.394,6.146 29.91,6.692 9.423,0.41 27.45101,-5.19 37.28401,-13.384
10.516,-8.74 16.389,-21.988 16.389,-35.508 0,-13.658 -5.463,-26.632
-15.706,-35.783 -5.873,-5.326 -15.56901,-11.745 -21.57801,-15.16 -6.009,-3.414
-13.521,-12.974 -11.063,-22.124 z"
+ id="path2538" />
+ <path
+ d="m 251.539,140.80177 c -1.229,6.283 -2.595,17.618 -8.058,21.852
-2.322,1.638 -4.644,3.278 -7.102,4.916 -9.833,6.693 -19.667,12.974
-24.173,29.09 -0.956,3.415 -0.136,7.102 0.684,10.516 2.458,9.833 9.423,20.486
14.886,26.769 0,0.273 1.093,0.956 1.093,1.229 4.507,5.327 5.873,6.829
22.944,10.652 l -0.41,1.913 c -10.243,-2.731 -18.71,-5.189 -24.037,-11.336
0,-0.136 -0.956,-1.093 -0.956,-1.093 -5.736,-6.556 -12.702,-17.481
-15.296,-27.724 -0.956,-4.098 -1.775,-7.238 -0.683,-11.473 4.643,-16.661
14.75,-23.217 24.993,-30.182 2.322,-1.502 5.053,-2.869 7.238,-4.644 4.233,-3.14
6.554,-12.701 8.877,-20.485 z"
+ id="path2540" />
+ <path
+ d="m 255.90625,166.74951 c 0.137,7.102 -0.55625,10.66475
1.21875,15.71875 1.092,3.004 4.782,7.1015 5.875,11.0625 1.502,5.327
3.138,11.19901 3,14.75001 0,4.09799 -0.25625,11.74249 -2.03125,19.93749
-1.35362,6.77108 -4.47323,12.58153 -9.71875,15.875 -5.37327,-1.10644
-11.68224,-2.99521 -15.40625,-6.1875 -7.238,-6.282 -13.64875,-16.7865
-14.46875,-25.9375 -0.682,-7.51099 6.27275,-18.5885 15.96875,-24.1875
8.194,-4.78 10.1,-10.22775 11.875,-18.96875 -2.458,7.648 -4.7665,14.05925
-12.6875,18.15625 -11.472,6.009 -17.3585,16.09626 -16.8125,25.65625
0.819,12.291 5.7415,20.6195 15.4375,27.3125 4.097,2.868 11.75125,5.89875
16.53125,6.71875 l 0,-0.625 c 3.62493,-0.67888 8.31818,-6.63267
10.65625,-14.6875 2.049,-7.238 2.85675,-16.502 2.71875,-22.37499 -0.137,-3.414
-1.643,-10.80801 -4.375,-17.50001 -1.502,-3.687 -3.8095,-7.37375
-5.3125,-9.96875 -1.637,-2.597 -1.64875,-8.195 -2.46875,-14.75 z"
+ id="path2542" />
+ <path
+ d="m 255.09375,193.53076 c 0.136,4.78 2.056,10.90451 2.875,17.18751
0.684,4.64399 0.387,9.30824 0.25,13.40624 -0.13495,4.74323 -1.7152,13.24218
-3.875,17.375 -2.03673,-0.93403 -2.83294,-1.99922 -4.15625,-3.71875
-1.638,-2.322 -2.75075,-4.644 -3.84375,-7.375 -0.819,-2.049 -1.7765,-4.394
-2.1875,-7.125 -0.546,-4.097 -0.393,-10.5065 4.25,-17.06249 3.551,-5.19001
4.36475,-5.58476 5.59375,-11.59376 -1.64,5.326 -2.8625,5.869 -6.6875,10.37501
-4.233,4.917 -4.9375,12.15924 -4.9375,18.03124 0,2.459 0.9805,5.18725
1.9375,7.78125 1.092,2.732 2.02925,5.452 3.53125,7.5 2.25796,3.32082
5.14798,5.20922 6.5625,5.5625 0.009,0.002 0.022,-0.002 0.0312,0 0.0303,0.007
0.0649,0.0255 0.0937,0.0312 l 0,-0.15625 c 2.64982,-2.95437 4.24444,-5.88934
4.78125,-8.84375 0.683,-3.551 0.84,-7.10975 1.25,-11.34375 0.409,-3.551
0.11225,-8.334 -0.84375,-13.24999 -1.365,-6.146 -3.669,-12.41226
-4.625,-16.78126 z"
+ id="path2544" />
+ <path
+ d="m 255.499,135.06577 c 0.137,7.101 0.683,20.35 2.595,25.539
0.546,1.775 5.599,9.56 9.149,18.983 2.459,6.556 3.005,12.565 3.415,14.34
1.639,7.785 -0.41,20.896 -3.142,33.324 -1.365,6.692 -6.009,15.023
-11.335,18.301 l -1.092,1.912 c 3.005,-0.137 10.379,-7.375 12.974,-16.389
4.371,-15.296 6.146,-22.398 4.098,-39.333 -0.273,-1.64 -0.956,-7.238
-3.551,-13.248 -3.824,-9.151 -9.287,-17.891 -9.969,-19.667 -1.23,-2.867
-2.869,-15.295 -3.142,-23.762 z"
+ id="path2550" />
+ <path
+ d="m 258.06151,125.35303 c -0.40515,7.29812 -0.51351,9.98574
0.85149,15.31174 1.502,5.873 9.151,14.34 12.292,24.037 6.009,18.574
4.507,42.884 0.136,61.867 -1.638,6.691 -9.424,16.389 -17.208,19.529 l
5.736,1.366 c 3.141,-0.137 11.198,-7.648 14.34,-16.252 5.052,-13.521
6.009,-29.636 3.96,-46.571 -0.137,-1.639 -2.869,-16.252 -5.463,-22.398
-3.688,-9.15 -10.244,-17.345 -10.926,-19.119 -1.228,-3.005 -3.92651,-9.24362
-3.71849,-17.77074 z"
+ id="path2552" />
+ <rect
+ width="0.550412"
+ height="126.01891"
+ x="253.71959"
+ y="120.21686"
+ id="rect2556" />
+ </g>
+ </g>
+ <path
+ d="M 7.9430002,18.074997 H 117.611 c 4.096,0 7.647,3.414 7.647,7.648 v
32.367 c 0,4.234 -3.551,7.649 -7.647,7.649 H 95.077 c -5.054,0 -7.239,2.867
-7.239,6.145 V 177.86401 c 0,3.551 -2.868,6.282 -6.282,6.282 H 44.272 c
-3.415,0 -6.146,-2.731 -6.146,-6.282 V 70.928997 c 0,-3.278 -3.005,-5.189
-5.326,-5.189 H 7.9430002 c -4.234,0 -7.64799997,-3.415 -7.64799997,-7.649 v
-32.368 c -0.001,-4.234 3.41299997,-7.648 7.64799997,-7.648 z"
+ id="path2528"
+ style="fill:#7d4698" />
+ <path
+ d="m 289.30687,60.958997 9.696,0 c 3.551,0 6.419,2.868 6.419,6.282 l
0,34.690003 c 0,4.507 0.273,6.282 -5.19,6.282 -10.789,0 -15.705,5.736
-15.705,12.018 l 0,58.58901 c 0,2.732 -2.595,5.053 -5.736,5.053 l -34.827,0 c
-3.141,0 -5.736,-2.321 -5.736,-5.053 l 0,-66.78401 c -0.0378,-1.17441
-0.0148,-2.9081 0.137,-3.823 1.912,-24.720003 21.30753,-44.497863
45.888,-46.981003 0.82399,-0.0832 3.73943,-0.273 5.054,-0.273 z"
+ id="path2532"
+ style="fill:#7d4698" />
+</svg>
\ No newline at end of file
diff --git a/assets/static/images/onion-services/onion-sites/nyt.png
b/assets/static/images/onion-services/onion-sites/nyt.png
new file mode 100644
index 0000000..e2d36cd
Binary files /dev/null and
b/assets/static/images/onion-services/onion-sites/nyt.png differ
diff --git a/assets/static/images/onion-services/onion-sites/propublica.svg
b/assets/static/images/onion-services/onion-sites/propublica.svg
new file mode 100644
index 0000000..96d0cdc
--- /dev/null
+++ b/assets/static/images/onion-services/onion-sites/propublica.svg
@@ -0,0 +1 @@
+<svg id="ProPublica-wordmark" data-name="ProPublica-wordmark"
xmlns="http://www.w3.org/2000/svg"; viewBox="0 0 574.24
75"><defs><style>.cls-1{fill:#304154;}</style></defs><title>ProPublica
wordmark</title><path class="cls-1"
d="M66.4,13.48,66,14.91l6.23,11.45,1.15.47L75,26.29V75H50.95A41.2,41.2,0,0,0,62.13,46.88a40.61,40.61,0,0,0-3.39-16.26,45.17,45.17,0,0,1,7.79-4.95l1.69-.2.14-.41L65,18.83H64.5l-.88,1.29c-2.91,1.9-4.67,2.3-8.54,3.79A41.35,41.35,0,0,0,20.46,5.42,39.87,39.87,0,0,0,0,10.91V0H75V8.81ZM57.32,47A37.54,37.54,0,0,1,44.65,75H0V16A37,37,0,0,1,57.32,47ZM43.7,37.06c0-8.13-6-12-17.75-12H7.18v3.66l4.2.95V62.2l-4.2.95v3.73H27.85V63.14l-7.18-.95V50.14h5.15C37.26,50.14,43.7,45.53,43.7,37.06Zm-9.76.27c0,5.15-2.78,8.33-7.25,8.33h-6V29.47H27C31.37,29.47,33.94,32.32,33.94,37.33Z"/><path
class="cls-1"
d="M116.53,60.07l9.15,1.08v4.2H99.39v-4.2l5.28-1.36v-44l-5.28-1.36V10.41H123c15.31,0,22.9,5.28,22.9,16.13,0,11.18-8.33,17.41-23.1,17.41h-6.3Zm0-21.14h6.84c6.44,0,10.5-4.61,10.5-12.06,0-7.1
8-3.73-11.45-10.09-11.45h-7.25Z"/><path class="cls-1"
d="M200.74,61.15v4.2H185.9l-16-20.6h-2.51v15l5.28,1.36v4.2H150.27v-4.2l5.28-1.36V23.35l-5-1.36V17.93H175.2c10.5,0,17.55,5.08,17.55,12.67,0,8.4-5.76,12.2-11,13.55l13.48,15.79ZM167.41,39.74h4.47c5.76,0,8.81-3.18,8.81-8.88,0-5.35-2.85-7.93-8.81-7.93h-4.47Z"/><path
class="cls-1"
d="M199.59,41.64c0-14.77,9.82-24.73,25.68-24.73s25.68,10,25.68,24.73-9.82,24.73-25.68,24.73S199.59,56.48,199.59,41.64Zm38.89,0c0-9.69-3.25-19.17-13.21-19.17S212.05,32,212.05,41.64s3.25,19.17,13.21,19.17S238.48,51.33,238.48,41.64Z"/><path
class="cls-1"
d="M270.79,60.07l9.15,1.08v4.2H253.31v-4.2l5.62-1.36v-44l-5.62-1.36V10.41h24c15.31,0,22.9,5.28,22.9,16.13,0,11.18-8.33,17.41-23.1,17.41h-6.3Zm0-21.14h6.84c6.44,0,10.5-4.61,10.5-12.06,0-7.18-3.73-11.45-10.1-11.45h-7.25Z"/><path
class="cls-1"
d="M354.26,22l-4.95,1.36V47c0,12.87-7.79,19.38-20.05,19.38-13.62,0-20.73-7.86-20.73-20v-23L303.58,22V17.93h22V22l-5.08,1.36V47.74c0,7.25,4.34,12.06,11.45,12.06,6.84,0,11.25-4
.47,11.25-11.31V23.35L338.14,22V17.93h16.12Z"/><path class="cls-1"
d="M403.85,52.21c0,8.88-7.11,13.14-22,13.14H357.58v-4.2l5.56-1.36V23.35L358.26,22V17.93h23.92c12.6,0,19.51,3.79,19.51,11.72,0,6.17-4.06,9.08-10.91,9.89v.27C399.31,40.76,403.85,45.1,403.85,52.21ZM375,38.32h5.76c6.1,0,9-2.78,9-7.79,0-5.22-3.12-7.59-9-7.59H375Zm16.8,13.41c0-5.62-3.79-8.67-11.25-8.67H375V60.34h6.64C388.07,60.34,391.79,57.29,391.79,51.74Z"/><path
class="cls-1"
d="M451.07,48.62l-4.4,16.73H408v-4.2l5.28-1.36V23.35L407.65,22V17.93h22.76V22l-5.28,1.36v37l14.16-.81L447,47.26Z"/><path
class="cls-1"
d="M475.4,61.15v4.2H453v-4.2l5.28-1.36V23.35L453,22V17.93H475.4V22l-5.28,1.36V59.8Z"/><path
class="cls-1"
d="M478,41.78c0-15.85,12.13-24.86,27-24.86a35.6,35.6,0,0,1,18.29,5.15l-2,13.21h-4.2l-1.69-9.08a13.23,13.23,0,0,0-10.09-4.13c-9.15,0-14.7,6.57-14.7,18.22,0,13.21,6.84,19.31,15.24,19.31,6.17,0,10.23-3.39,13.41-9.55l4.27,2c-4.27,10-11.65,14.36-21.07,14.36C488.4,66.37,478,56.48,478,41.78Z"/><path
class="cls-1" d="M57
4.24,61.15v4.2H551.48v-4.2L557,60l-2.85-8.13h-16.6l-3.12,8.2,5.42,1.15-.07,4.2-16.53-.07v-4.2l4.27-1.08,14.9-37.33-4-1.29V17.93h13.69L569.3,60Zm-27.57-31-.47-1.56-.47,1.56-6.23,16.73h12.94Z"/></svg>
\ No newline at end of file
diff --git
a/assets/static/images/onion-services/overview/tor-onion-services-1.png
b/assets/static/images/onion-services/overview/tor-onion-services-1.png
new file mode 100644
index 0000000..75de366
Binary files /dev/null and
b/assets/static/images/onion-services/overview/tor-onion-services-1.png differ
diff --git
a/assets/static/images/onion-services/overview/tor-onion-services-2.png
b/assets/static/images/onion-services/overview/tor-onion-services-2.png
new file mode 100644
index 0000000..4081cdb
Binary files /dev/null and
b/assets/static/images/onion-services/overview/tor-onion-services-2.png differ
diff --git
a/assets/static/images/onion-services/overview/tor-onion-services-3.png
b/assets/static/images/onion-services/overview/tor-onion-services-3.png
new file mode 100644
index 0000000..3a948ac
Binary files /dev/null and
b/assets/static/images/onion-services/overview/tor-onion-services-3.png differ
diff --git
a/assets/static/images/onion-services/overview/tor-onion-services-4.png
b/assets/static/images/onion-services/overview/tor-onion-services-4.png
new file mode 100644
index 0000000..88db970
Binary files /dev/null and
b/assets/static/images/onion-services/overview/tor-onion-services-4.png differ
diff --git
a/assets/static/images/onion-services/overview/tor-onion-services-5.png
b/assets/static/images/onion-services/overview/tor-onion-services-5.png
new file mode 100644
index 0000000..c171d71
Binary files /dev/null and
b/assets/static/images/onion-services/overview/tor-onion-services-5.png differ
diff --git
a/assets/static/images/onion-services/overview/tor-onion-services-6.png
b/assets/static/images/onion-services/overview/tor-onion-services-6.png
new file mode 100644
index 0000000..23f9f71
Binary files /dev/null and
b/assets/static/images/onion-services/overview/tor-onion-services-6.png differ
diff --git a/content/onion-services/onion-sites/nyt/contents.lr
b/content/onion-services/onion-sites/nyt/contents.lr
new file mode 100644
index 0000000..3d7bba7
--- /dev/null
+++ b/content/onion-services/onion-sites/nyt/contents.lr
@@ -0,0 +1,13 @@
+_model: onion-site
+---
+_hidden: yes
+---
+org: The New York Times
+---
+onion_site: https://www.nytimes3xbfgragh.onion
+---
+logo: nyt.png
+---
+description:
+
+The New York Times is an American newspaper based in New York City with
worldwide influence and readership.
diff --git a/content/onion-services/onion-sites/propublica/contents.lr
b/content/onion-services/onion-sites/propublica/contents.lr
new file mode 100644
index 0000000..d97e8eb
--- /dev/null
+++ b/content/onion-services/onion-sites/propublica/contents.lr
@@ -0,0 +1,13 @@
+_model: onion-site
+---
+_hidden: yes
+---
+org: ProPublica
+---
+onion_site:
https://p53lf57qovyuvwsc6xnrppyply3vtqm7l6pcobkmyqsiofyeznfu5uqd.onion
+---
+logo: propublica.svg
+---
+description:
+
+ProPublica is an American nonprofit organization based in New York City.
diff --git a/content/onion-services/onion-sites/tor-project/contents.lr
b/content/onion-services/onion-sites/tor-project/contents.lr
new file mode 100644
index 0000000..ffd325a
--- /dev/null
+++ b/content/onion-services/onion-sites/tor-project/contents.lr
@@ -0,0 +1,15 @@
+_model: onion-site
+---
+_hidden: yes
+---
+org: Tor Project
+---
+onion_site: http://expyuzz4wqqyqhjn.onion/
+---
+logo: tor-project.svg
+---
+description:
+
+We advance human rights and defend your privacy online.
+
+
diff --git a/content/onion-services/overview/contents.lr
b/content/onion-services/overview/contents.lr
new file mode 100644
index 0000000..9daf496
--- /dev/null
+++ b/content/onion-services/overview/contents.lr
@@ -0,0 +1,112 @@
+section: onion services
+---
+section_id: onion-services
+---
+color: primary
+---
+_template: layout.html
+---
+title: How do .onion Services work?
+---
+subtitle: Learn how .onion services work.
+---
+key: 0
+---
+html: onion-services.html
+---
+body:
+
+Onion services are services that can only be accessed over Tor. Running an
onion service gives your users all the security of HTTPS with the added privacy
benefits of Tor Browser.
+
+##Â Why onion services?
+
+Onion services offer various security benefits to their users, that are not
usually given on the normal web. In particular:
+
+###Â Location hiding
+
+An onion service's IP is hidden. Onion services are an overlay network on top
of TCP/IP/, so in some sense IP addresses are not even meaningful to onion
services: they are not even used in the protocol.
+
+### End-to-end authentication
+
+When a user visits a particular onion, they know that the content they are
seeing can only come from that particular onion and that no impersonation is
possible. This is not the case with the normal web, where reaching a website
does not mean that a man-in-the-middle did not reroute to some other location
(e.g. DNS attacks).
+
+###Â End-to-end encryption
+
+Onion service traffic is encrypted from the client to the onion host. This is
like getting strong SSL/HTTPS for free.
+
+### NAT punching
+
+Is your network filtered and you can't open ports on your firewall? This could
happen if you are in a university campus, an office, an airport or pretty much
anywhere. Onion services don't need open ports because they punch through NAT,
since they only establish outgoing connections.
+
+
+## The Onion Service Protocol: Overview
+
+Now the question becomes **what kind of protocol do we need to achieve all
these properties?** In particular, on the normal web, we connect to an IP
address and we are done, but in this case how do we connect to something that
does not have an IP address?
+
+In particular, an onion service's address looks like this:
`vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd.onion`
+
+This looks weird and random because in reality it's the _identity public key_
of the onion service and that's one of the reasons we can achieve the security
properties from above.
+
+The general concept behind the onion service protocol is that we use the Tor
network so that the client (Alice) can introduce itself to the service (Bob),
and then sets up a rendezvous with the service. Here is a detailed breakdown of
how this happens:
+
+###Â Act 1: Where the onion service sets up its introduction points
+
+
+
+As the first step in the protocol, Bob (the onion service) contacts a bunch of
Tor relays and asks them to act as his _introduction points_, by establishing
long-term circuits to them. These circuits are anonymized circuits, so Bob does
not reveal his locations to his introduction points.
+
+As part of this step, Bob gives its introduction point a special
"authentication key", so that if any clients come for introductions later the
introduction point can use that key to match them to Bob.
+
+###Â Act 2: Where the onion service publishes its descriptors
+
+
+
+Now that the introduction points are setup, we need to create a way for
clients to be able to find them.
+
+For this reason, Bob assembles an _onion service descriptor_, containing a
list of his introduction points (and their "authentication keys"), and signs
this descriptor with his _identity private key_. The _identity private key_
used here is the private part of the **public key that is encoded in the onion
service address**.
+
+Now, Bob uploads that signed descriptor to a _distributed hash table_ which is
part of the Tor network, so that clients can also get it. Bob uses an
anonymized Tor circuit to do this upload, so that he does not reveal his
location.
+
+###Â Act 3: Where a client wants to visit the onion service
+
+All the previous steps were just setup for the onion service so that it's
reachable by clients. Now let's fast-forward to the point where an actual
client wants to visit the service:
+
+
+
+In this case, Alice (the client) has the onion address of Bob and she wants to
visit it, so she connects to it with her Tor Browser. Now the next thing that
needs to happen is that Alice goes to the _distributed hash table_ from the
step above, and ask for the signed descriptor of Bob.
+
+When Alice receives the signed descriptor she verifies the signature of the
descriptor using the public key that is encoded in the onion address. This
provides the _end-to-end authentication_ security property, since we are now
sure that this descriptor could only be produced by Bob and no one else. And
inside the descriptor there are the introduction points which allow Alice to
introduce herself to Bob.
+
+###Â Act 4: Where the client establishes a rendezvous point
+
+Now before the introduction takes place, Alice picks a Tor relay and
establishes a circuit to it. Alice asks the relay to become her _rendezvous
point_ and gives it an "one-time secret" that will be used as part of the
rendezvous procedure.
+
+###Â Act 5: Where the client introduces itself to the onion service
+
+
+
+Now, Alice goes ahead and connects to one of Bob's introduction points and
introduces herself to Bob. Through this introduction Bob learns Alice's choice
of rendezvous point and the "one-time secret".
+
+### Act 6: Where the onion service rendezvous with the client
+
+
+
+In this last act, the onion service is now aware of Alice's rendezvous point.
The onion service connects to the rendezvous point (through an anonymized
circuit) and sends the "one-time secret" to it.
+
+Upon the rendezvous point receiving the "one-time secret" from Bob, it informs
Alice that the connection has been **successfuly completed**, and now Alice and
Bob can use this circuit to communicate with each other. The rendezvous point
simply relays (end-to-end encrypted) messages from client to service and vice
versa.
+
+In general, the complete connection between client and onion service consists
of 6 relays: 3 of them were picked by the client with the third being the
rendezvous point and the other 3 were picked by the onion service. This
provides _location hiding_ to this connection:
+
+
+
+##Â Further resources
+
+This was just a high-level overview of the Tor onion services protocol. Here
are some more resources for the curious who want to learn more:
+
+- The original Tor design paper describing the original design:
+https://svn.torproject.org/svn/projects/design-paper/tor-design.pdf
+- The Tor v3 onion services protocol specification.
+https://gitweb.torproject.org/torspec.git/tree/rend-spec-v3.txt
+- Presentations about onion services
+https://www.youtube.com/watch?v=VmsFxBEN3fc
+https://www.youtube.com/watch?v=Di7qAVidy1Y
\ No newline at end of file
diff --git a/content/onion-services/setup/contents.lr
b/content/onion-services/setup/contents.lr
index 571feca..08be1b7 100644
--- a/content/onion-services/setup/contents.lr
+++ b/content/onion-services/setup/contents.lr
@@ -14,6 +14,61 @@ subtitle: Learn how to set up a .onion of your very own.
---
key: 1
---
+cta: Get Started
+---
html: onion-services.html
---
body:
+
+This guide will go over setting up an onion service for your website:
+
+## Step 0: Get a working Tor
+
+As part of this guide we will assume you have a functional Tor in your
machine. Tor should be up and running correctly for this guide to work. You
should also know where Tor's configuration files are.
+
+To setup Tor, Windows users can follow the [Windows
howto](https://2019.www.torproject.org/docs/tor-doc-windows.html.en), OS X
users should follow the [OS X
howto](https://2019.www.torproject.org/docs/tor-doc-osx.html.en), and
Linux/BSD/Unix users should follow the [Unix
howto](https://2019.www.torproject.org/docs/tor-doc-unix.html.en).
+
+## Step 1: Get a web server working
+
+As a first step you should setup a web server locally, like nginx or lighttpd.
Setting up a web server can be complex. We're not going to cover how to set up
a web server here. If you get stuck or want to do more, find a friend who can
help you. We recommend you install a new separate web server for your onion
service.
+
+You need to configure your web server so it doesn't give away any information
about you, your computer, or your location. This is not an easy task and in the
end of this document we will offer more resources on how to make this possible.
+
+Once your web server is set up, make sure it works: open your browser and go
to http://localhost:8080/, where 8080 is the webserver port you chose during
setup (you can choose any port, 8080 is just an example). Then try putting a
file in the main html directory, and make sure it shows up when you access the
site.
+
+##Â Step 2: Configure your Tor onion service
+
+The next step is opening the config file of Tor (torrc) and doing the
appropriate configurations to setup an onion service. Depending on your
operating system and setup, your Tor configuration file can be at a different
location or look different. You will need to put the following two lines in
your torrc:
+
+ HiddenServiceDir /var/lib/tor/hidden_service/
+ HiddenServicePort 80 127.0.0.1:8080
+
+
+The `HiddenServiceDir` line specifies the directory which should contain
information and cryptographic keys for your onion service. You will want to
change the `HiddenServiceDir` line, so that it points to an actual directory
that is readable/writeable by the user that will be running Tor.
+
+The `HiddenServicePort` line specifies a _virtual port_ (that is, the port
that people visiting your onion service will be using), and in the above case
it says that any traffic incoming to port 80 of your onion service should be
redirected to `127.0.0.1:8080` (which is where the web server from step 1 is
listening).
+
+##Â Step 3: Restart Tor and check that it worked
+
+Now save your `torrc` and restart Tor.
+
+If Tor starts up again, great. Otherwise, something is wrong. First look at
your logfiles for hints. It will print some warnings or error messages. That
should give you an idea what went wrong. Typically there are typos in the torrc
or wrong directory permissions (See the logging FAQ entry if you don't know how
to enable or find your log file.)
+
+When Tor starts, it will automatically create the `HiddenServiceDir` that you
specified (if necessary). Make sure this is the case.
+
+##Â Step 4: Test that your onion service works
+
+Now to get your onion service address, go to your `HiddenServiceDir`
directory, and find a file named `hostname`. The `hostname` file in your hidden
service configuration directory contains the hostname for your new Onion v3
hidden service. The other files are your hidden service keys, so it is
imperative that these are kept private. If your keys leak, other people can
impersonate your hidden service, deeming it compromised, useless and dangerous
to visit.
+
+Now you can connect to your onion service using the Tor Browser and you should
get the html page you setup back in step 1. If it doesn't work, look in your
logs for some hints, and keep playing with it until it works.
+
+## Step 5: More advanced tips
+
+The above guide is just a baseline to setup an onion service. In this section
we will offer more resources to better configure and protect your onion service:
+
+- Best practices for onion services
+https://riseup.net/el/security/network-security/tor/onionservices-best-practices
+- More advanced tips for onion services
+https://2019.www.torproject.org/docs/tor-onion-service.html.en#three
+- Advanced onion service security
+https://blog.torproject.org/announcing-vanguards-add-onion-services
\ No newline at end of file
diff --git a/content/onion-services/ssl-tls/contents.lr
b/content/onion-services/ssl-tls/contents.lr
index 5d9233e..a699036 100644
--- a/content/onion-services/ssl-tls/contents.lr
+++ b/content/onion-services/ssl-tls/contents.lr
@@ -14,6 +14,10 @@ subtitle: Add more security and authenticity for your .onion.
---
key: 2
---
+cta: Coming soon
+---
html: onion-services.html
---
body:
+
+Coming Soon
\ No newline at end of file
diff --git a/models/onion-sites.ini b/models/onion-sites.ini
new file mode 100644
index 0000000..2d0a667
--- /dev/null
+++ b/models/onion-sites.ini
@@ -0,0 +1,22 @@
+[model]
+name = Onion Sites
+label = {{ this.org }}
+hidden = yes
+
+[fields.org]
+label = Organization
+type = string
+translate = False
+
+[fields.onion_site]
+label = .Onion Site
+type = string
+
+[fields.description]
+label = Description
+type = markdown
+translate = True
+
+[fields.logo]
+label = logo
+type = string
diff --git a/templates/onion-services.html b/templates/onion-services.html
index c9bc3b5..fe9f3da 100644
--- a/templates/onion-services.html
+++ b/templates/onion-services.html
@@ -5,24 +5,28 @@
{{ this.body }}
</div>
<div class="col-4 bg-light">
- <p>Illustration area</p>
+ <div class="illo-container">
+ <img src="/static/images/home/png/{{ this.section_id }}.png"
class="img-fluid" alt="{{ this.section }}" />
+ </div>
</div>
</div>
- <h2 class="text-primary"><u>{{ _('Learn more about onion services here') }}
+ <a href="{{ this.path|url }}overview/"><h2 class="text-primary"><u>{{
_('Learn more about onion services here') }}
<i class="fas fa-arrow-right"></i></u>
- </h2>
+ </h2></a>
<div class="row py-5">
{% for child in this.children|sort(attribute='key') %}
+ {% if child.key != '0' %}
<div class="col-sm-6 col-md-6 col-sm-12 col-xl-6 py-4">
<div class="card h-100 border-0">
<div class="card-body">
<h2 class="text-primary display-2"><i class="fas fa-{{ child.image
}}"></i></h2>
<h4 class="card-title text-primary">{{ child.title }}</h4>
<p class="card-text">{{ child.subtitle }}</p>
- <a href="{{ this.path }}">Call to action <i class="fas
fa-arrow-right"></i></a>
+ <a href="{{ child.path|url }}">{{ child.cta }} <i class="fas
fa-arrow-right"></i></a>
</div>
</div>
</div>
+ {% endif %}
{% endfor %}
</div>
<div class="row py-5 text-center mx-auto">
@@ -33,14 +37,38 @@
</div>
<div class="row mx-auto">
<div class="col-6">
+ <a
href="https://github.com/alecmuffett/eotk#i-want-to-create-my-own-project";>
<h3 class="text-primary text-center mx-auto"><u>{{ _('Learn more') }}
<i class="fas fa-arrow-right"></i></u>
- </h3>
+ </h3></a>
</div>
<div class="col-6">
- <h3 class="text-primary text-center mx-auto"><u>{{ _('Check out the
code') }}
+ <a href="https://github.com/alecmuffett/eotk";><h3 class="text-primary
text-center mx-auto"><u>{{ _('Check out the code') }}
<i class="fas fa-arrow-right"></i></u>
- </h3>
+ </h3></a>
+ </div>
+ </div>
+ <div class="row py-5 text-center mx-auto">
+ <h2 class="display-4 text-primary text-center mx-auto">{{ _('Featured
.onion sites') }}</h2>
+ </div>
+ <div class="row mx-auto">
+ <div class="col-4">
+ <div class="illo-container">
+ <img src="/static/images/{{ this.section_id }}/onion-sites/Tor.svg"
class="img-fluid" alt="{{ _('Tor Project') }}" />
+ </div>
+ <a href="http://expyuzz4wqqyqhjn.onion/";><u>{{
_('http://expyuzz4wqqyqhjn.onion/') }}</u></a>
+ </div>
+ <div class="col-4">
+ <div class="illo-container">
+ <img src="/static/images/{{ this.section_id
}}/onion-sites/propublica.svg" class="img-fluid" alt="{{ _('ProPublica') }}" />
+ </div>
+ <a
href="https://p53lf57qovyuvwsc6xnrppyply3vtqm7l6pcobkmyqsiofyeznfu5uqd.onion/";><u>{{
_('https://p53lf57qovyuvwsc6xnrppyply3vtqm7l6pcobkmyqsiofyeznfu5uqd.onion/')
}}</u></a>
+ </div>
+ <div class="col-4">
+ <div class="illo-container">
+ <img src="/static/images/{{ this.section_id }}/onion-sites/nyt.png"
class="img-fluid" alt="{{ _('The New York Times') }}" />
+ </div>
+ <a href="https://www.nytimes3xbfgragh.onion/";><u>{{
_('https://www.nytimes3xbfgragh.onion/') }}</u></a>
</div>
</div>
</div>
_______________________________________________
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
