From 938addfba8c7822d461986f15b3599676fbf1100 Mon Sep 17 00:00:00 2001 From: andrewtoth Date: Sat, 23 Mar 2019 16:23:10 -0400 Subject: [PATCH] Cleanup tor doc --- doc/TOR.md | 63 +++++++++++++++++++++++++++--------------------------- 1 file changed, 32 insertions(+), 31 deletions(-) diff --git a/doc/TOR.md b/doc/TOR.md index 4dc4a5bf3..a8567e65e 100644 --- a/doc/TOR.md +++ b/doc/TOR.md @@ -1,54 +1,54 @@ # Setting up TOR with c-lightning -to use tor you have to have tor installed an running. +To use any Tor features with c-lightning you must have Tor installed and running. ```bash sudo apt install tor ``` -then `/etc/init.d/tor start` or `sudo systemctl start tor` Depending +then `/etc/init.d/tor start` or `sudo systemctl start tor` depending on your system configuration. -If new to tor you might not change the default setting. +Most default setting should be sufficient. -To keep The safe default with minimal harassment (See [Tor FAQ]) -just check that this line is present in the file: +To keep a safe configuration for minimal harassment (See [Tor FAQ]) +just check that this line is present in the Tor config file `/etc/tor/torrc`: `ExitPolicy reject *:* # no exits allowed` -this does not affect c-lightning connect, listen, etc.. -It will only prevent that you become a full exitpoint. +This does not affect c-lightning connect, listen, etc.. +It will only prevent your node from becoming a Tor exit node. Only enable this if you are sure about the implications. -If we don't want to create .onion addresses this should be enough. +If you don't want to create .onion addresses this should be enough. -There are several way by which a c-lightning node can accept or make connections over Tor. +There are several ways by which a c-lightning node can accept or make connections over Tor. The node can be reached over Tor by connecting to its .onion address. -To provide the node with a .onion address is possible to: +To provide the node with a .onion address you can: * create a **non-persistent** address with an auto service or -* create a **persistent** address with an hidden service. +* create a **persistent** address with a hidden service. #### Creation of an auto service for non-persistent .onion addresses -To provide the node a non-persistent .onion address +To provide the node a non-persistent .onion address it is necessary to access the Tor auto service. These types of addresses change each time the Tor service is restarted. *NOTE:If the node is required to be reachable only by **persistent** .onion addresses, this -part can be skipped and it is necessary to set up an hidden service with the steps +part can be skipped and it is necessary to set up a hidden service with the steps outlined in the next section.* -To create and use the auto service follow this steps: +To create and use the auto service follow these steps: Edit the Tor config file `/etc/tor/torrc` You can configure the service authenticated by cookie or by password: ##### Service authenticated by cookie -We add the following lines in the `/etc/tor/torrc` file: +Add the following lines in the `/etc/tor/torrc` file: ```` ControlPort 9051 @@ -58,13 +58,14 @@ CookieAuthFileGroupReadable 1 ##### Service authenticated by password -In alternative to the CookieFile authentication. you can set the authentication -to the service with a password by following theses steps: +Alternatively, you can set the authentication +to the service with a password by following these steps: -1. Create an hash of your password with +1. Create a hash of your password with ``` tor --hash-password yourpassword ``` + This returns a line like `16:533E3963988E038560A8C4EE6BBEE8DB106B38F9C8A7F81FE38D2A3B1F` @@ -74,39 +75,39 @@ This returns a line like ControlPort 9051 HashedControlPassword 16:533E3963988E038560A8C4EE6BBEE8DB106B38F9C8A7F81FE38D2A3B1F ```` -Save the file. -To activate these changes: +Save the file and restart the Tor service. In linux: -`/etc/init.d/tor restart` +`/etc/init.d/tor restart` or `sudo systemctl start tor` depending +on the configuration of your system. -The auto service will be used by adding `--addr=autotor:127.0.0.1:9051` if we -want the address to be public or `--bind-addr=autotor:127.0.0.1:9051` if we +The auto service is used by adding `--addr=autotor:127.0.0.1:9051` if you +want the address to be public or `--bind-addr=autotor:127.0.0.1:9051` if you don't want to publish it. -In the case the auto service is authenticated through the password, it will +In the case where the auto service is authenticated through a password, it will be necessary to add the option `--tor-service-password=yourpassword` (not the hash). The created non-persistent .onion address wil be shown by the `lightning-cli getinfo`command. The others nodes will be able to `connect` to this .onion address through the 9735 port. -#### Creation of an hidden service for a persistent .onion address +#### Creation of a hidden service for a persistent .onion address To have a persistent .onion address other nodes can connect to, it is necessary to set up a [Tor Hidden Service]. -*NOTE: In the case only non-persistent addresses are required, +*NOTE: In the case where only non-persistent addresses are required, you don't have to create the hidden service and you can skip this part.* -To do that we will add these lines in the `/etc/tor/torrc`file: +Add these lines in the `/etc/tor/torrc` file: ```` HiddenServiceDir /var/lib/tor/lightningd-service_v2/ HiddenServicePort 1234 127.0.0.1:9735 ```` -If we want to create a version 3 address, we will add also `HiddenServiceVersion 3` so +If you want to create a version 3 address, you must also add `HiddenServiceVersion 3` so the whole section will be: ```` @@ -127,16 +128,16 @@ on the configuration of your system. You will find the newly created address with: ``` -sudo cat /var/lib/tor/var/lib/tor/lightningd-service_v2/hostname +sudo cat /var/lib/tor/lightningd-service_v2/hostname ``` or ``` -sudo cat /var/lib/tor/var/lib/tor/lightningd-service_v3/hostname +sudo cat /var/lib/tor/lightningd-service_v3/hostname ``` in the case of a version 3 Tor address. -Now we are able to create: +Now you are able to create: * Non-persistent version 2 .onion address via auto service (temp-v2)