Add Tor Hidden Service for Strfry Nostr Relay

April 13, 2023

strfry hearts tor

This assumes you already have nginx installed for your clearnet relay reverse proxy and have strfry running on port 7777.

Install Tor and Socat:

sudo apt update
sudo apt install tor socat

Add Tor config needed:

sudo nano /etc/tor/torrc

Config to add:

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:80

Now restart Tor service:

sudo systemctl restart tor

Grab the .onion address (alternartively can generate a custom one with mkp224o ):

cat /var/lib/tor/hidden_service/hostname

Save this address for future steps.

Now add config for socat:

mkdir -p /etc/http-to-socks-proxy/
nano /etc/http-to-socks-proxy/strfrysocat.conf

Add this config replacing .onion with yours:

PROXY_HOST=127.0.0.1
PROXY_PORT=9050
LOCAL_PORT=9081
REMOTE_HOST=yourtorhiddenserviceurl.onion
REMOTE_PORT=80

Enable strfry socat service:

ln -s /etc/systemd/system/http-to-socks-proxy\@.service /etc/systemd/system/multi-user.target.wants/http-to-socks-proxy\@strfrysocat.service

Start service:

sudo systemctl start http-to-socks-proxy@strfrysocat

Check status:

sudo systemctl status http-to-socks-proxy@strfrysocat

Verify tunnel is active:

netstat -tulpn | grep socat

Add nginx config for .onion site. This example of my config where website and relay websockets on same top-level domain. Edit yours to fit yours:

sudo nano /etc/nginx/sites-available/strfry-tor.conf

Add port 80 config for .onion site:

server {
        listen 80;
        server_name yourtorhiddenserviceurl.onion; #replace with the tor hostname

  location / {
    error_page 418 = @websocket;

        if ($http_accept = "application/nostr+json") {
        return 418;
    }
    try_files /nonexistent @$http_upgrade;
  }

  location @websocket {
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $host;
            proxy_pass http://127.0.0.1:7777;
            proxy_http_version 1.1;
            send_timeout 300s;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
  }

  location @ {
        root /var/www/html;
        index index.html;
  }
}

Enable conf and restart nginx:

cd ../sites-enabled
ln -s ../sites-available/strfry-tor.conf 

sudo systemctl restart nginx

Now use Tor browser or can run Tails ISO as a VM with gossip installed to test working correctly.

Follow me on Twitter