tor hidden #1

Supports: xenial trusty
Add to new model

Description

Tor is free software and an open network that helps you defend against
traffic analysis, a form of network surveillance that threatens personal
freedom and privacy, confidential business activities and relationships, and
state security.

This charm publishes Juju services as Tor hidden services.

This instance of Tor does not operate as a relay, to avoid leaking
information that could reveal the location of the hidden service, see
https://www.torproject.org/docs/tor-hidden-service.html.en#three.


tor-hidden

tor-hidden implements the http interface with a reverseproxy endpoint. Relating
to a website endpoint will publish that website as a
Tor hidden service.

For security reasons, this instance of Tor does not operate as a relay.

Example

Deploying your own hidden website using the apache2 charm

Turn that website:

$ juju deploy apache2

into a hidden website:

$ juju deploy local:xenial/tor-hidden
$ juju add-relation apache2:website tor-hidden:reverseproxy

The hidden service hostname will be visible via juju status

$ juju status | grep \.onion
tor-hidden/0*  active    idle   1        192.168.2.60           tor service ready: service apache2 running on wl2f5pijubf33mjb.onio

Source

This charm was built from tor-layers.

Disclaimer

Use at your own risk and peril.

This charm makes it easy to deploy a hidden service and attempts to do it well,
but it is no substitute for the flawless execution of operational security
needed to host things anonymously.

Know your threat model. Know and understand your potential exposure. Any
activity in your private service that correlates with external activity
(network traffic, resource consumption) reveals the true network location of
your deployment over time.

License

Copyright 2015, 2016 Casey Marshall.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.


Configuration

bridges
(string) Tor bridges to connect through, of the form "<addr> <fingerprint>", comma separated.
extra_packages
(string) Space separated list of extra deb packages to install.
install_keys
(string) List of signing keys for install_sources package sources, per charmhelpers standard format (a yaml list of strings encoded as a string). The keys should be the full ASCII armoured GPG public keys. While GPG key ids are also supported and looked up on a keyserver, operators should be aware that this mechanism is insecure. null can be used if a standard package signing key is used that will already be installed on the machine, and for PPA sources where the package signing key is securely retrieved from Launchpad.
install_sources
(string) List of extra apt sources, per charm-helpers standard format (a yaml list of strings encoded as a string). Each source may be either a line that can be added directly to sources.list(5), or in the form ppa:<user>/<ppa-name> for adding Personal Package Archives, or a distribution component to enable.
package_status
(string) The status of service-affecting packages will be set to this value in the dpkg database. Valid values are "install" and "hold".
install
socks5_port
(int) SOCKS5 proxy port
9050