Onion-Location is an easy way to advertise an onion site to the users. You can either configure a web server to show an Onion-Location Header or add an HTML meta attribute in the website.
For the header to be valid the following conditions need to be fulfilled:
- The Onion-Location value must be a valid URL with http: or https: protocol and a .onion hostname.
- The webpage defining the Onion-Location header must be served over HTTPS.
- The webpage defining the Onion-Location header must not be an onion site.
In this page, the commands to manage the web server are based Debian-like operating systems and may differ from other systems. Check your web server and operating system documentation.
Apache
To configure this header in Apache 2.2 or above, you will need to enable a headers and rewrite modules and edit the website Virtual Host file.
Step 1. Enable headers and rewrite modules and reload Apache2
$ sudo a2enmod headers rewrite
$ sudo systemctl reload apache2
Εάν λάβατε μήνυμα σφάλματος, κάτι πήγε στραβά και δεν μπορείτε να συνεχίσετε έως ότου διαπιστώσετε το σφάλμα.
Step 2. Add the Onion-Location header to your Virtual Host configuration file
Header set Onion-Location "http://your-onion-address.onion%{REQUEST_URI}s"
Where your-onion-address.onion is the onion service address you want to redirect and {REQUEST_URI} is the path component of the requested URI, such as "/index.html".
Παράδειγμα εικονικού συστήματος:
<VirtualHost *:443>
ServerName <your-website.tld>
DocumentRoot /path/to/htdocs
Header set Onion-Location "http://your-onion-address.onion%{REQUEST_URI}s"
SSLEngine on
SSLCertificateFile "/path/to/www.example.com.cert"
SSLCertificateKeyFile "/path/to/www.example.com.key"
</VirtualHost>
Βήμα 3. Επαναφόρτωση Apache
Reload the apache2 service, so your configuration changes take effect:
$ sudo systemctl reload apache2
Εάν λάβατε μήνυμα σφάλματος, κάτι πήγε στραβά και δεν μπορείτε να συνεχίσετε έως ότου διαπιστώσετε το σφάλμα.
Step 4. Testing your Onion-Location
To test if Onion-Location is working, fetch the website HTTP headers, for example:
$ wget --server-response --spider your-website.tld
Look for onion-location entry and the onion service address.
Or open the website in Tor Browser and a purple pill will appear in the address bar.
Nginx
To configure an Onion-Location header, the service operator should first configure an Onion service.
Step 1. Create an Onion service by setting the following in torrc:
HiddenServiceDir /var/lib/tor/hs-my-website/
HiddenServiceVersion 3
HiddenServicePort 80 unix:/var/run/tor-hs-my-website.sock
Βήμα 2. Επεξεργασία του αρχείου ρυθμίσεων της ιστοσελίδας.
In /etc/nginx/conf.d/<your-website>.conf add the Onion-Location header and the onion service address.
Για παράδειγμα:
add_header Onion-Location http://<your-onion-address>.onion$request_uri;
The configuration file with the Onion-Location should look like this:
διακομιστής {
listen 80;
listen [::]:80;
server_name <your-website.tld>;
τοποθεσία / {
return 301 https://$host$request_uri;
}
}
διακομιστής {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name <your-website.tld>;
# διαχειρίζεται από Certbot - https://certbot.eff.org/
ssl_certificate /etc/letsencrypt/live/<hostname>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<hostname>/privkey.pem;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header Onion-Location http://<your-onion-address>.onion$request_uri;
# διαχειρίζεται από Certbot
συμπερίληψη του /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
access_log /var/log/nginx/<hostname>-access.log;
index index.html;
root /path/to/htdocs;
τοποθεσία / {
try_files $uri $uri/ =404;
}
}
διακομιστής {
listen unix:/var/run/tor-hs-my-website.sock;
server_name <your-onion-address>.onion;
access_log /var/log/nginx/hs-my-website.log;
index index.html;
root /path/to/htdocs;
}
Step 3. Test website configuration
$ sudo nginx -t
The web server should confirm that the new syntax is working:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Βήμα 4. Επανεκκίνηση nginx
$ sudo nginx -s reload
Εάν λάβατε μήνυμα σφάλματος, κάτι πήγε στραβά και δεν μπορείτε να συνεχίσετε έως ότου διαπιστώσετε το σφάλμα.
Step 5. Testing your Onion-Location
To test if the Onion-Location is working, fetch the web site HTTP headers, for example:
$ wget --server-response --spider your-website.tld
Look for onion-location entry and the onion service address.
Or, open the web site in Tor Browser and a purple pill will appear in the address bar.
Caddy
Caddy features automatic HTTPS by default, so it provisions your TLS certificate and takes care of HTTP-to-HTTPS redirection for you. If you're using Caddy 2, to include an Onion-Location header, add the following declaration in your Caddyfile:
header Onion-Location http://<your-onion-address>.onion{path}
If you're running a static site and have the onion address in a $TOR_HOSTNAME environment variable, your Caddyfile will look like this:
your-website.tld
header Onion-Location http://{$TOR_HOSTNAME}{path}
root * /var/www
file_server
Testing it out: Test it out with:
$ wget --server-response --spider your-website.tld
Look for onion-location entry and the onion service address.
Or, open the web site in Tor Browser and a purple pill will appear in the address bar.
Using an HTML <meta> attribute
The identical behaviour of Onion-Location includes the option of defining it as a HTML <meta> http-equiv attribute.
This may be used by websites that prefer (or need) to define an Onion-Location by modifying the served HTML content instead of adding a new HTTP header.
The Onion-Location header would be equivalent to a <meta http-equiv="onion-location" content="http://<your-onion-service-address>.onion" /> added in the HTML head element of the webpage. Replace <your-onion-service-address.onion> with the onion service that you want to redirect.
Περισσότερες πληροφορίες
Read the Onion-Location spec.