Tor is free software and an open network that helps you defend against
traffic analysis, a form of network surveillance that threatens personal
freedom and privacy, confidential business activities and relationships, and
This charm publishes Juju services as Tor hidden services.
This instance of Tor does not operate as a relay, to avoid leaking
information that could reveal the location of the hidden service, see
For security reasons, this instance of Tor does not operate as a relay.
Deploying your own hidden website using the apache2 charm
Turn that website:
$ juju deploy apache2
into a hidden website:
$ juju deploy local:xenial/tor-hidden $ juju add-relation apache2:website tor-hidden:reverseproxy
The hidden service hostname will be visible via juju status
$ juju status | grep \.onion tor-hidden/0* active idle 1 192.168.2.60 tor service ready: service apache2 running on wl2f5pijubf33mjb.onio
This charm was built from tor-layers.
Use at your own risk and peril.
This charm makes it easy to deploy a hidden service and attempts to do it well,
but it is no substitute for the flawless execution of operational security
needed to host things anonymously.
Know your threat model. Know and understand your potential exposure. Any
activity in your private service that correlates with external activity
(network traffic, resource consumption) reveals the true network location of
your deployment over time.
Copyright 2015, 2016 Casey Marshall.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
- (string) Tor bridges to connect through, of the form "<addr> <fingerprint>", comma separated.
- (string) Space separated list of extra deb packages to install.
- (string) List of signing keys for install_sources package sources, per charmhelpers standard format (a yaml list of strings encoded as a string). The keys should be the full ASCII armoured GPG public keys. While GPG key ids are also supported and looked up on a keyserver, operators should be aware that this mechanism is insecure. null can be used if a standard package signing key is used that will already be installed on the machine, and for PPA sources where the package signing key is securely retrieved from Launchpad.
- (string) List of extra apt sources, per charm-helpers standard format (a yaml list of strings encoded as a string). Each source may be either a line that can be added directly to sources.list(5), or in the form ppa:<user>/<ppa-name> for adding Personal Package Archives, or a distribution component to enable.
- (string) The status of service-affecting packages will be set to this value in the dpkg database. Valid values are "install" and "hold".
- (int) SOCKS5 proxy port