Browse Source

Cleanup tor doc

pr-2587
andrewtoth 6 years ago
committed by Christian Decker
parent
commit
938addfba8
  1. 63
      doc/TOR.md

63
doc/TOR.md

@ -1,54 +1,54 @@
# Setting up TOR with c-lightning
to use tor you have to have tor installed an running.
To use any Tor features with c-lightning you must have Tor installed and running.
```bash
sudo apt install tor
```
then `/etc/init.d/tor start` or `sudo systemctl start tor` Depending
then `/etc/init.d/tor start` or `sudo systemctl start tor` depending
on your system configuration.
If new to tor you might not change the default setting.
Most default setting should be sufficient.
To keep The safe default with minimal harassment (See [Tor FAQ])
just check that this line is present in the file:
To keep a safe configuration for minimal harassment (See [Tor FAQ])
just check that this line is present in the Tor config file `/etc/tor/torrc`:
`ExitPolicy reject *:* # no exits allowed`
this does not affect c-lightning connect, listen, etc..
It will only prevent that you become a full exitpoint.
This does not affect c-lightning connect, listen, etc..
It will only prevent your node from becoming a Tor exit node.
Only enable this if you are sure about the implications.
If we don't want to create .onion addresses this should be enough.
If you don't want to create .onion addresses this should be enough.
There are several way by which a c-lightning node can accept or make connections over Tor.
There are several ways by which a c-lightning node can accept or make connections over Tor.
The node can be reached over Tor by connecting to its .onion address.
To provide the node with a .onion address is possible to:
To provide the node with a .onion address you can:
* create a **non-persistent** address with an auto service or
* create a **persistent** address with an hidden service.
* create a **persistent** address with a hidden service.
#### Creation of an auto service for non-persistent .onion addresses
To provide the node a non-persistent .onion address
To provide the node a non-persistent .onion address it
is necessary to access the Tor auto service. These types of addresses change
each time the Tor service is restarted.
*NOTE:If the node is required to be reachable only by **persistent** .onion addresses, this
part can be skipped and it is necessary to set up an hidden service with the steps
part can be skipped and it is necessary to set up a hidden service with the steps
outlined in the next section.*
To create and use the auto service follow this steps:
To create and use the auto service follow these steps:
Edit the Tor config file `/etc/tor/torrc`
You can configure the service authenticated by cookie or by password:
##### Service authenticated by cookie
We add the following lines in the `/etc/tor/torrc` file:
Add the following lines in the `/etc/tor/torrc` file:
````
ControlPort 9051
@ -58,13 +58,14 @@ CookieAuthFileGroupReadable 1
##### Service authenticated by password
In alternative to the CookieFile authentication. you can set the authentication
to the service with a password by following theses steps:
Alternatively, you can set the authentication
to the service with a password by following these steps:
1. Create an hash of your password with
1. Create a hash of your password with
```
tor --hash-password yourpassword
```
This returns a line like
`16:533E3963988E038560A8C4EE6BBEE8DB106B38F9C8A7F81FE38D2A3B1F`
@ -74,39 +75,39 @@ This returns a line like
ControlPort 9051
HashedControlPassword 16:533E3963988E038560A8C4EE6BBEE8DB106B38F9C8A7F81FE38D2A3B1F
````
Save the file.
To activate these changes:
Save the file and restart the Tor service. In linux:
`/etc/init.d/tor restart`
`/etc/init.d/tor restart` or `sudo systemctl start tor` depending
on the configuration of your system.
The auto service will be used by adding `--addr=autotor:127.0.0.1:9051` if we
want the address to be public or `--bind-addr=autotor:127.0.0.1:9051` if we
The auto service is used by adding `--addr=autotor:127.0.0.1:9051` if you
want the address to be public or `--bind-addr=autotor:127.0.0.1:9051` if you
don't want to publish it.
In the case the auto service is authenticated through the password, it will
In the case where the auto service is authenticated through a password, it will
be necessary to add the option `--tor-service-password=yourpassword` (not the hash).
The created non-persistent .onion address wil be shown by the `lightning-cli getinfo`command.
The others nodes will be able to `connect` to this .onion address through the
9735 port.
#### Creation of an hidden service for a persistent .onion address
#### Creation of a hidden service for a persistent .onion address
To have a persistent .onion address other nodes can connect to, it
is necessary to set up a [Tor Hidden Service].
*NOTE: In the case only non-persistent addresses are required,
*NOTE: In the case where only non-persistent addresses are required,
you don't have to create the hidden service and you can skip this part.*
To do that we will add these lines in the `/etc/tor/torrc`file:
Add these lines in the `/etc/tor/torrc` file:
````
HiddenServiceDir /var/lib/tor/lightningd-service_v2/
HiddenServicePort 1234 127.0.0.1:9735
````
If we want to create a version 3 address, we will add also `HiddenServiceVersion 3` so
If you want to create a version 3 address, you must also add `HiddenServiceVersion 3` so
the whole section will be:
````
@ -127,16 +128,16 @@ on the configuration of your system.
You will find the newly created address with:
```
sudo cat /var/lib/tor/var/lib/tor/lightningd-service_v2/hostname
sudo cat /var/lib/tor/lightningd-service_v2/hostname
```
or
```
sudo cat /var/lib/tor/var/lib/tor/lightningd-service_v3/hostname
sudo cat /var/lib/tor/lightningd-service_v3/hostname
```
in the
case of a version 3 Tor address.
Now we are able to create:
Now you are able to create:
* Non-persistent version 2 .onion address via auto service (temp-v2)

Loading…
Cancel
Save