2022-04-13 15:38:38 +01:00
|
|
|
Enterprise Onion Toolkit
|
|
|
|
|
========================
|
|
|
|
|
|
2022-12-09 14:12:53 +00:00
|
|
|
Tor onion services, also known as hidden services, are websites that can be accessed through the Tor network.
|
|
|
|
|
These services are useful for publishers because they allow them to host their content on the internet without
|
|
|
|
|
revealing their physical location or IP address. This can provide a greater level of privacy and security for both the
|
|
|
|
|
publisher and the users accessing the content.
|
|
|
|
|
|
|
|
|
|
Because Tor onion services are accessed through the Tor network, they are much more difficult to block or censor than
|
|
|
|
|
regular websites.
|
|
|
|
|
This is because the connection between the user and the website is encrypted and routed through multiple nodes on the
|
|
|
|
|
network, making it difficult for anyone to determine the source or destination of the traffic.
|
|
|
|
|
This means that even if one node on the network is blocked, the traffic can still be routed through other nodes to
|
|
|
|
|
reach the website.
|
|
|
|
|
|
|
|
|
|
To deploy an Onion service, you first need to deploy EOTK instances for the related origin group, and then configure
|
|
|
|
|
the individual Onion services that will be served by those EOTK instances.
|
|
|
|
|
|
2022-04-13 15:38:38 +01:00
|
|
|
Once your administrator has provided you access to the portal, you can begin to configure your onion service
|
|
|
|
|
deployments. To get started, select "Groups" under "Configuration" from the menu on the left hand side.
|
|
|
|
|
If you are using a mobile device, you may need to click the hamburger icon at the top of the screen to open the menu.
|
|
|
|
|
|
|
|
|
|
.. image:: /_static/groups/list.png
|
|
|
|
|
:width: 800
|
|
|
|
|
|
|
|
|
|
You will see a ✅ or ❌ in the "EOTK" column for the group to show whether or not EOTK instances are enabled for that
|
|
|
|
|
group.
|
|
|
|
|
|
|
|
|
|
Creating a new group
|
|
|
|
|
--------------------
|
|
|
|
|
|
|
|
|
|
If the group you would like to use EOTK for does not yet exist, create a new group by clicking the "Create new group"
|
|
|
|
|
button.
|
|
|
|
|
|
|
|
|
|
.. image:: /_static/groups/new.png
|
|
|
|
|
:width: 800
|
|
|
|
|
|
|
|
|
|
Short Name
|
|
|
|
|
""""""""""
|
|
|
|
|
|
|
|
|
|
This must be a unique short name for the group. It needs to be short. No more than 4-5 characters.
|
|
|
|
|
|
|
|
|
|
Description
|
|
|
|
|
"""""""""""
|
|
|
|
|
|
|
|
|
|
A free-form description for the group.
|
|
|
|
|
|
|
|
|
|
Deploy EOTK instances
|
|
|
|
|
"""""""""""""""""""""
|
|
|
|
|
|
|
|
|
|
Tick this checkbox to deploy EOTK instances for this group.
|
|
|
|
|
|
|
|
|
|
Adding EOTK to an existing group
|
|
|
|
|
--------------------------------
|
|
|
|
|
|
|
|
|
|
Click "View/Edit" next to the group that you'd like to edit.
|
|
|
|
|
|
|
|
|
|
.. image:: /_static/groups/edit.png
|
|
|
|
|
:width: 800
|
|
|
|
|
|
|
|
|
|
Description
|
|
|
|
|
"""""""""""
|
|
|
|
|
|
|
|
|
|
A free-form description for the group.
|
|
|
|
|
|
|
|
|
|
Deploy EOTK instances
|
|
|
|
|
"""""""""""""""""""""
|
|
|
|
|
|
|
|
|
|
Tick this checkbox to deploy EOTK instances for this group.
|
|
|
|
|
|
2022-12-09 14:12:53 +00:00
|
|
|
Managing Onion services
|
2022-04-13 15:38:38 +01:00
|
|
|
-----------------------
|
|
|
|
|
|
2022-12-09 14:12:53 +00:00
|
|
|
To create a new Onion service, click "Create new onion service" at the top of the list page. This will present
|
|
|
|
|
you with the new onion service form:
|
|
|
|
|
|
|
|
|
|
.. image:: /_static/onion/new.png
|
|
|
|
|
:width: 800
|
|
|
|
|
|
|
|
|
|
Domain Name
|
|
|
|
|
"""""""""""
|
|
|
|
|
|
|
|
|
|
The base origin domain name that the Onion service will be for. This should be the common domain name of all
|
|
|
|
|
the subdomains you want to serve on the Onion service, not including any subdomain (e.g. example.com not
|
|
|
|
|
www.example.com).
|
|
|
|
|
|
|
|
|
|
Description
|
|
|
|
|
"""""""""""
|
|
|
|
|
|
|
|
|
|
A free-form text description to help identify the Onion service.
|
|
|
|
|
|
|
|
|
|
Onion Private Key
|
|
|
|
|
"""""""""""""""""
|
|
|
|
|
|
|
|
|
|
The private key for the Onion service. This could be generated by ``tor`` or by a tool such as
|
|
|
|
|
`mkp224o <https://github.com/cathugger/mkp224o>`_.
|
|
|
|
|
|
|
|
|
|
Onion Public Key
|
|
|
|
|
""""""""""""""""
|
|
|
|
|
|
|
|
|
|
The corresponding public key. The Onion hostname will be derived from the public key, however no checks are made to
|
|
|
|
|
ensure that the public key is the correct key to correspond to the private key.
|
|
|
|
|
|
|
|
|
|
TLS Private Key (PEM format)
|
|
|
|
|
""""""""""""""""""""""""""""
|
|
|
|
|
|
|
|
|
|
The PEM formatted TLS private key. If not specified, the self-signed certificates generated by EOTK will be used.
|
|
|
|
|
Beware that in that case, each EOTK instance will have different TLS keys and certificates.
|
|
|
|
|
|
|
|
|
|
TLS Certificate (PEM format)
|
|
|
|
|
""""""""""""""""""""""""""""
|
|
|
|
|
|
|
|
|
|
The PEM formatted TLS certificate. Either a self-signed certificate, or a certificate issued by an authority that
|
|
|
|
|
will validate .onion hostnames. This should be a wildcard cert for the domain name given above (e.g. \*.example.com).
|
