jasima/majuna
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

docs(eotk): expand docs on how to deploy eotk

Browse source
This commit is contained in:
Iain Learmonth 2022-12-09 14:12:53 +00:00
parent 540fa12a3b
commit e0af68f431
3 changed files with 63 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

BIN
docs/_static/onion/new.png vendored Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 130 KiB

6
docs/user/bridges.rst
View file

@ -1,6 +1,12 @@
Tor Bridges Tor Bridges
=========== ===========
A Tor bridge is a special type of node on the Tor network that is not listed in the public directory of nodes.
This makes it harder for governments and other organizations to block access to the Tor network, because users can
still connect to the network through these unlisted bridges. Bridges are often used in countries where access to the
Tor network is heavily restricted, as they can provide a way for users to access the network and the anonymity and
privacy it offers.
As with other circumvention resources, the dashboard takes the approach of managing collections of resources that are As with other circumvention resources, the dashboard takes the approach of managing collections of resources that are
uniformly configured and expendable. For this reason the only configuration that can be performed is at a high level uniformly configured and expendable. For this reason the only configuration that can be performed is at a high level
with the management of individual resources taking place through the automation subsystem. with the management of individual resources taking place through the automation subsystem.

60
docs/user/eotk.rst
View file

@ -1,6 +1,21 @@
Enterprise Onion Toolkit Enterprise Onion Toolkit
======================== ========================
Tor onion services, also known as hidden services, are websites that can be accessed through the Tor network.
These services are useful for publishers because they allow them to host their content on the internet without
revealing their physical location or IP address. This can provide a greater level of privacy and security for both the
publisher and the users accessing the content.
Because Tor onion services are accessed through the Tor network, they are much more difficult to block or censor than
regular websites.
This is because the connection between the user and the website is encrypted and routed through multiple nodes on the
network, making it difficult for anyone to determine the source or destination of the traffic.
This means that even if one node on the network is blocked, the traffic can still be routed through other nodes to
reach the website.
To deploy an Onion service, you first need to deploy EOTK instances for the related origin group, and then configure
the individual Onion services that will be served by those EOTK instances.
Once your administrator has provided you access to the portal, you can begin to configure your onion service Once your administrator has provided you access to the portal, you can begin to configure your onion service
deployments. To get started, select "Groups" under "Configuration" from the menu on the left hand side. deployments. To get started, select "Groups" under "Configuration" from the menu on the left hand side.
If you are using a mobile device, you may need to click the hamburger icon at the top of the screen to open the menu. If you are using a mobile device, you may need to click the hamburger icon at the top of the screen to open the menu.
@ -53,8 +68,47 @@ Deploy EOTK instances
Tick this checkbox to deploy EOTK instances for this group. Tick this checkbox to deploy EOTK instances for this group.
Managing EOTK instances Managing Onion services
----------------------- -----------------------
It is not currently possible to manage the EOTK instances via the portal. Rather, you must use the AWS Systems Manager To create a new Onion service, click "Create new onion service" at the top of the list page. This will present
to manage the EOTK instances via the command line. See the :doc:`Administration Guide <../admin/eotk>` for more details. you with the new onion service form:
.. image:: /_static/onion/new.png
:width: 800
Domain Name
"""""""""""
The base origin domain name that the Onion service will be for. This should be the common domain name of all
the subdomains you want to serve on the Onion service, not including any subdomain (e.g. example.com not
www.example.com).
Description
"""""""""""
A free-form text description to help identify the Onion service.
Onion Private Key
"""""""""""""""""
The private key for the Onion service. This could be generated by ``tor`` or by a tool such as
`mkp224o <https://github.com/cathugger/mkp224o>`_.
Onion Public Key
""""""""""""""""
The corresponding public key. The Onion hostname will be derived from the public key, however no checks are made to
ensure that the public key is the correct key to correspond to the private key.
TLS Private Key (PEM format)
""""""""""""""""""""""""""""
The PEM formatted TLS private key. If not specified, the self-signed certificates generated by EOTK will be used.
Beware that in that case, each EOTK instance will have different TLS keys and certificates.
TLS Certificate (PEM format)
""""""""""""""""""""""""""""
The PEM formatted TLS certificate. Either a self-signed certificate, or a certificate issued by an authority that
will validate .onion hostnames. This should be a wildcard cert for the domain name given above (e.g. \*.example.com).