Browse Source

Cleanup tor doc

pr-2587
andrewtoth 6 years ago
committed by Christian Decker
parent
commit
938addfba8
  1. 63
      doc/TOR.md

63
doc/TOR.md

@ -1,54 +1,54 @@
# Setting up TOR with c-lightning # Setting up TOR with c-lightning
to use tor you have to have tor installed an running. To use any Tor features with c-lightning you must have Tor installed and running.
```bash ```bash
sudo apt install tor sudo apt install tor
``` ```
then `/etc/init.d/tor start` or `sudo systemctl start tor` Depending then `/etc/init.d/tor start` or `sudo systemctl start tor` depending
on your system configuration. on your system configuration.
If new to tor you might not change the default setting. Most default setting should be sufficient.
To keep The safe default with minimal harassment (See [Tor FAQ]) To keep a safe configuration for minimal harassment (See [Tor FAQ])
just check that this line is present in the file: just check that this line is present in the Tor config file `/etc/tor/torrc`:
`ExitPolicy reject *:* # no exits allowed` `ExitPolicy reject *:* # no exits allowed`
this does not affect c-lightning connect, listen, etc.. This does not affect c-lightning connect, listen, etc..
It will only prevent that you become a full exitpoint. It will only prevent your node from becoming a Tor exit node.
Only enable this if you are sure about the implications. Only enable this if you are sure about the implications.
If we don't want to create .onion addresses this should be enough. If you don't want to create .onion addresses this should be enough.
There are several way by which a c-lightning node can accept or make connections over Tor. There are several ways by which a c-lightning node can accept or make connections over Tor.
The node can be reached over Tor by connecting to its .onion address. The node can be reached over Tor by connecting to its .onion address.
To provide the node with a .onion address is possible to: To provide the node with a .onion address you can:
* create a **non-persistent** address with an auto service or * create a **non-persistent** address with an auto service or
* create a **persistent** address with an hidden service. * create a **persistent** address with a hidden service.
#### Creation of an auto service for non-persistent .onion addresses #### Creation of an auto service for non-persistent .onion addresses
To provide the node a non-persistent .onion address To provide the node a non-persistent .onion address it
is necessary to access the Tor auto service. These types of addresses change is necessary to access the Tor auto service. These types of addresses change
each time the Tor service is restarted. each time the Tor service is restarted.
*NOTE:If the node is required to be reachable only by **persistent** .onion addresses, this *NOTE:If the node is required to be reachable only by **persistent** .onion addresses, this
part can be skipped and it is necessary to set up an hidden service with the steps part can be skipped and it is necessary to set up a hidden service with the steps
outlined in the next section.* outlined in the next section.*
To create and use the auto service follow this steps: To create and use the auto service follow these steps:
Edit the Tor config file `/etc/tor/torrc` Edit the Tor config file `/etc/tor/torrc`
You can configure the service authenticated by cookie or by password: You can configure the service authenticated by cookie or by password:
##### Service authenticated by cookie ##### Service authenticated by cookie
We add the following lines in the `/etc/tor/torrc` file: Add the following lines in the `/etc/tor/torrc` file:
```` ````
ControlPort 9051 ControlPort 9051
@ -58,13 +58,14 @@ CookieAuthFileGroupReadable 1
##### Service authenticated by password ##### Service authenticated by password
In alternative to the CookieFile authentication. you can set the authentication Alternatively, you can set the authentication
to the service with a password by following theses steps: to the service with a password by following these steps:
1. Create an hash of your password with 1. Create a hash of your password with
``` ```
tor --hash-password yourpassword tor --hash-password yourpassword
``` ```
This returns a line like This returns a line like
`16:533E3963988E038560A8C4EE6BBEE8DB106B38F9C8A7F81FE38D2A3B1F` `16:533E3963988E038560A8C4EE6BBEE8DB106B38F9C8A7F81FE38D2A3B1F`
@ -74,39 +75,39 @@ This returns a line like
ControlPort 9051 ControlPort 9051
HashedControlPassword 16:533E3963988E038560A8C4EE6BBEE8DB106B38F9C8A7F81FE38D2A3B1F HashedControlPassword 16:533E3963988E038560A8C4EE6BBEE8DB106B38F9C8A7F81FE38D2A3B1F
```` ````
Save the file.
To activate these changes: Save the file and restart the Tor service. In linux:
`/etc/init.d/tor restart` `/etc/init.d/tor restart` or `sudo systemctl start tor` depending
on the configuration of your system.
The auto service will be used by adding `--addr=autotor:127.0.0.1:9051` if we The auto service is used by adding `--addr=autotor:127.0.0.1:9051` if you
want the address to be public or `--bind-addr=autotor:127.0.0.1:9051` if we want the address to be public or `--bind-addr=autotor:127.0.0.1:9051` if you
don't want to publish it. don't want to publish it.
In the case the auto service is authenticated through the password, it will In the case where the auto service is authenticated through a password, it will
be necessary to add the option `--tor-service-password=yourpassword` (not the hash). be necessary to add the option `--tor-service-password=yourpassword` (not the hash).
The created non-persistent .onion address wil be shown by the `lightning-cli getinfo`command. The created non-persistent .onion address wil be shown by the `lightning-cli getinfo`command.
The others nodes will be able to `connect` to this .onion address through the The others nodes will be able to `connect` to this .onion address through the
9735 port. 9735 port.
#### Creation of an hidden service for a persistent .onion address #### Creation of a hidden service for a persistent .onion address
To have a persistent .onion address other nodes can connect to, it To have a persistent .onion address other nodes can connect to, it
is necessary to set up a [Tor Hidden Service]. is necessary to set up a [Tor Hidden Service].
*NOTE: In the case only non-persistent addresses are required, *NOTE: In the case where only non-persistent addresses are required,
you don't have to create the hidden service and you can skip this part.* you don't have to create the hidden service and you can skip this part.*
To do that we will add these lines in the `/etc/tor/torrc`file: Add these lines in the `/etc/tor/torrc` file:
```` ````
HiddenServiceDir /var/lib/tor/lightningd-service_v2/ HiddenServiceDir /var/lib/tor/lightningd-service_v2/
HiddenServicePort 1234 127.0.0.1:9735 HiddenServicePort 1234 127.0.0.1:9735
```` ````
If we want to create a version 3 address, we will add also `HiddenServiceVersion 3` so If you want to create a version 3 address, you must also add `HiddenServiceVersion 3` so
the whole section will be: the whole section will be:
```` ````
@ -127,16 +128,16 @@ on the configuration of your system.
You will find the newly created address with: You will find the newly created address with:
``` ```
sudo cat /var/lib/tor/var/lib/tor/lightningd-service_v2/hostname sudo cat /var/lib/tor/lightningd-service_v2/hostname
``` ```
or or
``` ```
sudo cat /var/lib/tor/var/lib/tor/lightningd-service_v3/hostname sudo cat /var/lib/tor/lightningd-service_v3/hostname
``` ```
in the in the
case of a version 3 Tor address. case of a version 3 Tor address.
Now we are able to create: Now you are able to create:
* Non-persistent version 2 .onion address via auto service (temp-v2) * Non-persistent version 2 .onion address via auto service (temp-v2)

Loading…
Cancel
Save