Add Tor Hidden Service for Strfry Nostr Relay
This assumes you already have nginx installed for your clearnet relay reverse proxy and have strfry running on port 7777.
Install Tor and Socat:
sudo apt update
sudo apt install tor socat
Add Tor config needed:
sudo nano /etc/tor/torrc
Config to add:
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:80
Now restart Tor service:
sudo systemctl restart tor
Grab the .onion address (alternartively can generate a custom one with mkp224o ):
cat /var/lib/tor/hidden_service/hostname
Save this address for future steps.
Now add config for socat:
mkdir -p /etc/http-to-socks-proxy/
nano /etc/http-to-socks-proxy/strfrysocat.conf
Add this config replacing .onion with yours:
PROXY_HOST=127.0.0.1
PROXY_PORT=9050
LOCAL_PORT=9081
REMOTE_HOST=yourtorhiddenserviceurl.onion
REMOTE_PORT=80
Enable strfry socat service:
ln -s /etc/systemd/system/http-to-socks-proxy\@.service /etc/systemd/system/multi-user.target.wants/http-to-socks-proxy\@strfrysocat.service
Start service:
sudo systemctl start http-to-socks-proxy@strfrysocat
Check status:
sudo systemctl status http-to-socks-proxy@strfrysocat
Verify tunnel is active:
netstat -tulpn | grep socat
Add nginx config for .onion site. This example of my config where website and relay websockets on same top-level domain. Edit yours to fit yours:
sudo nano /etc/nginx/sites-available/strfry-tor.conf
Add port 80 config for .onion site:
server {
listen 80;
server_name yourtorhiddenserviceurl.onion; #replace with the tor hostname
location / {
error_page 418 = @websocket;
if ($http_accept = "application/nostr+json") {
return 418;
}
try_files /nonexistent @$http_upgrade;
}
location @websocket {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:7777;
proxy_http_version 1.1;
send_timeout 300s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location @ {
root /var/www/html;
index index.html;
}
}
Enable conf and restart nginx:
cd ../sites-enabled
ln -s ../sites-available/strfry-tor.conf
sudo systemctl restart nginx
Now use Tor browser or can run Tails ISO as a VM with gossip installed to test working correctly.
Follow me on Twitter