Hi All,
Yesterday I pushed this out to the world:
https://github.com/alecmuffett/eotk - The Enterprise Onion Toolkit
- currently EOTK works on OSX and could probably be coerced to run on various Linux but I have not documented nor tested that yet.
The aim is that a site administrator can edit a very simple config file:
# default project hardmap secrets.d/s2kpvtwjbawr3mx3.key aclu.org hardmap secrets.d/77bytc6x3bqdf7s6.key liberty-human-rights.org.uk
# topical project set project digital-rights hardmap secrets.d/oh7b6dpvd3kgchfb.key openrightsgroup.org hardmap secrets.d/zbboaoeo6ruhqnu2.key eff.org hardmap secrets.d/m4x6zoaflrjez7dh.key accessnow.org hardmap secrets.d/wn74m5ts4r5xe4r4.key digitalrights.ie
...and run a couple of simple commands, and immediate get onion sites which do bidirectional rewriting of requests and responses between the given onion address and the given DNS domain.
SSL support is afforded by automatically-generated self-signed certificates - an ugly hack, but it means that site owners can prototype an onion offering, and (eventually) put it into production with an equivalent EV cert.
I am working on amendments to make EOTK very onionbalance-friendly; the eventual goal is to provide a filetree of NGINX + Tor configurations which can be rsync'd to a cloud of machines, and the onion-addresses thereby created get scraped for Onionbalance to publish.
This will offer linear scalability for Enterprise Tor Onions. More users? Add more machines! And less "heavy" deployments can just use a single config without Onionbalance.
There's a lot of work still to be done, but I thought I would mention it here in case folk would like to experiment and provide feedback so far.
-a
This is really cool , in gonna try it on debian
Alec Muffett alec.muffett@gmail.com skrev: (2 februari 2017 23:39:17 CET)
Hi All,
Yesterday I pushed this out to the world:
https://github.com/alecmuffett/eotk - The Enterprise Onion Toolkit
- currently EOTK works on OSX and could probably be coerced to run on
various Linux but I have not documented nor tested that yet.
The aim is that a site administrator can edit a very simple config file:
# default project hardmap secrets.d/s2kpvtwjbawr3mx3.key aclu.org hardmap secrets.d/77bytc6x3bqdf7s6.key liberty-human-rights.org.uk
# topical project set project digital-rights hardmap secrets.d/oh7b6dpvd3kgchfb.key openrightsgroup.org hardmap secrets.d/zbboaoeo6ruhqnu2.key eff.org hardmap secrets.d/m4x6zoaflrjez7dh.key accessnow.org hardmap secrets.d/wn74m5ts4r5xe4r4.key digitalrights.ie
...and run a couple of simple commands, and immediate get onion sites which do bidirectional rewriting of requests and responses between the given onion address and the given DNS domain.
SSL support is afforded by automatically-generated self-signed certificates
- an ugly hack, but it means that site owners can prototype an onion
offering, and (eventually) put it into production with an equivalent EV cert.
I am working on amendments to make EOTK very onionbalance-friendly; the eventual goal is to provide a filetree of NGINX + Tor configurations which can be rsync'd to a cloud of machines, and the onion-addresses thereby created get scraped for Onionbalance to publish.
This will offer linear scalability for Enterprise Tor Onions. More users? Add more machines! And less "heavy" deployments can just use a single config without Onionbalance.
There's a lot of work still to be done, but I thought I would mention it here in case folk would like to experiment and provide feedback so far.
-a
On 2/2/17 11:39 PM, Alec Muffett wrote:
Hi All,
Yesterday I pushed this out to the world:
https://github.com/alecmuffett/eotk - The Enterprise Onion Toolkit
Coooool!
There was also this idea to improve Tor2web making it to work with a "OnionFlare" concept to "Onionize" existing sites automatically:
https://github.com/globaleaks/Tor2web/issues/228
To do it the was 3 Tor's ticket to be fixed, 2has been fixed, but this remain open:
Make tor support starting with 10.000 Tor Hidden Service https://trac.torproject.org/projects/tor/ticket/15251
Alec Muffett alec.muffett@gmail.com writes:
Hi All,
Yesterday I pushed this out to the world:
https://github.com/alecmuffett/eotk - The Enterprise Onion Toolkit
- currently EOTK works on OSX and could probably be coerced to run on
various Linux but I have not documented nor tested that yet.
Cool stuff Alec :) I have no OSX boxes around here so I can't get past 000-setup-osx.sh unfortunately.
BTW, is this tool designed to be useful mainly for "enterprise" installations, or is it also useful to casual cases like "I just want a quick HTTP HS, no DNS names or SSL or anything".
Cheers!
The aim is that a site administrator can edit a very simple config file:
# default project hardmap secrets.d/s2kpvtwjbawr3mx3.key aclu.org hardmap secrets.d/77bytc6x3bqdf7s6.key liberty-human-rights.org.uk
# topical project set project digital-rights hardmap secrets.d/oh7b6dpvd3kgchfb.key openrightsgroup.org hardmap secrets.d/zbboaoeo6ruhqnu2.key eff.org hardmap secrets.d/m4x6zoaflrjez7dh.key accessnow.org hardmap secrets.d/wn74m5ts4r5xe4r4.key digitalrights.ie
...and run a couple of simple commands, and immediate get onion sites which do bidirectional rewriting of requests and responses between the given onion address and the given DNS domain.
SSL support is afforded by automatically-generated self-signed certificates
- an ugly hack, but it means that site owners can prototype an onion
offering, and (eventually) put it into production with an equivalent EV cert.
I am working on amendments to make EOTK very onionbalance-friendly; the eventual goal is to provide a filetree of NGINX + Tor configurations which can be rsync'd to a cloud of machines, and the onion-addresses thereby created get scraped for Onionbalance to publish.
This will offer linear scalability for Enterprise Tor Onions. More users? Add more machines! And less "heavy" deployments can just use a single config without Onionbalance.
There's a lot of work still to be done, but I thought I would mention it here in case folk would like to experiment and provide feedback so far.
-a-- http://dropsafe.crypticide.com/aboutalecm _______________________________________________ tor-onions mailing list tor-onions@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-onions
On 3 February 2017 at 15:49, George Kadianakis desnacked@riseup.net wrote:
Cool stuff Alec :) I have no OSX boxes around here so I can't get past 000-setup-osx.sh unfortunately.
I hope to have a Ubuntu equivalent in a few days, and you can then riff on that.
BTW, is this tool designed to be useful mainly for "enterprise"
installations, or is it also useful to casual cases like "I just want a quick HTTP HS, no DNS names or SSL or anything".
This is designed as a "I have a HTTP/S website and I would like it to be in Onionspace, too" tool, and I intend it to enable people to achieve that goal to a reasonable extent in less than 5 minutes.
If you're looking for a "How to set up a HS website with good security on Ubuntu/ish systems", I would direct your attention to another publication:
https://github.com/alecmuffett/the-onion-diaries/blob/master/basic-productio...
...which is a manual process for building one such.
Why manual? Because if it was a docker container or an apt-package, people would not learn that this is actually pretty easy to do.
I have no objection to docker/apt, but I would dearly like more people to (swapping metaphors) learn how to cook onions rather than merely how to reheat microwavable onion-rings.
-a
For anyone else who likes Raspberry Pi, I have added Raspbian (Debian-derived) support.
Only lightly tested so far, and it requires a few minutes to compile nginx & tor.
Do a "git pull" for updates, and check the manual / documentation updates at https://github.com/alecmuffett/eotk/
-a
tor-onions@lists.torproject.org
-
Alec Muffett -
Fabio Pietrosanti (naif) - lists -
Flipchan -
George Kadianakis