Project

General

Profile

Feature #5688

Tails Server: Self-hosted services behind Tails-powered onion services

Added by Tails over 4 years ago. Updated about 1 month ago.

Status:
Confirmed
Priority:
Normal
Assignee:
Category:
-
Target version:
Start date:
04/03/2016
Due date:
% Done:

67%

QA Check:
Feature Branch:
feature/5688-tails-server
Type of work:
Code
Easy:
Affected tool:
Server

Description

team: segfault, anonym


Subtasks

Feature #11313: Design the GUI of Tails ServerResolvedsegfault

Feature #11314: Implement a Tails Server prototypeResolvedsegfault

Feature #14456: Finish documenting Tails ServerConfirmedspriver


Related issues

Related to Tails - Feature #7879: Document how to serve files over HTTP behind a Tor Hidden Service Rejected 09/07/2014
Related to Tails - Feature #12237: Reduce apt update time during first start of Tails Server Resolved 02/14/2017
Related to Tails - Feature #12236: Add more services to Tails Server Confirmed 02/14/2017
Blocks Tails - Feature #11551: Install the mumble VoIP client Confirmed 06/29/2016
Blocked by Tails - Feature #12230: Release Tails Server Beta In Progress 02/13/2017

History

#1 Updated by intrigeri over 4 years ago

  • Type of work set to Code

Type of work: Code

#2 Updated by segfault over 2 years ago

I wrote a script to start a hidden web server on Tails. This is a very simple solution without any of the many features planned in the blueprint. It just installs apache (could be any other web server), binds the persistent hidden_service directory to /var/lib/tor, configures Tor to use the hidden service and adds a rule to iptables allowing Tor to access the webserver.

I can try to figure out how to integrate this into Tails if you think this is useful in any way.

#3 Updated by segfault over 2 years ago

Attaching the files doesn't work, progress bar just states 'error', so I'll just paste them here:

setup.sh:

#!/bin/bash

echo "Installing apache." 
apt-get install apache2

echo "Configuring tor hidden service." 
./configure_hidden_service.sh

echo "Adding iptables rules." 
./add_iptables_rules.sh

configure_hidden_service.sh::

#!/bin/bash

# bind hidden service dir
sudo mount --bind ./hidden_service /var/lib/tor/hidden_service

# add hidden service to torrc
TORRC=/usr/share/tor/tor-service-defaults-torrc
echo HiddenServiceDir /var/lib/tor/hidden_service >> $TORRC
echo HiddenServicePort 80 127.0.0.1:80 >> $TORRC

# reload tor
sudo service tor restart

add_iptables_rules.sh:

#!/bin/bash

### Allow access to web server on lo ###

# allow user tor (hidden service)
iptables -I OUTPUT -d 127.0.0.1/32 -o lo -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -m owner --uid-owner debian-tor -j ACCEPT

# allow user root
#iptables -I OUTPUT -d 127.0.0.1/32 -o lo -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -m owner --uid-owner root -j ACCEPT

# allow unsafe browser
#iptables -I OUTPUT -d 127.0.0.1/32 -o lo -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -m owner --uid-owner clearnet -j ACCEPT

#4 Updated by intrigeri over 2 years ago

  • Related to Feature #7879: Document how to serve files over HTTP behind a Tor Hidden Service added

#5 Updated by intrigeri over 2 years ago

I wrote a script to start a hidden web server on Tails.

Great! It's work in progress on #7879 => please report about your own version there.

#6 Updated by anonym over 1 year ago

#7 Updated by anonym over 1 year ago

#8 Updated by anonym over 1 year ago

#9 Updated by Dr_Whax about 1 year ago

  • Description updated (diff)
  • Assignee set to segfault
  • Target version set to 2017

#10 Updated by segfault 8 months ago

  • Blueprint changed from https://tails.boum.org/blueprint/server_edition to https://tails.boum.org/blueprint/tails_server

#11 Updated by segfault 8 months ago

  • Related to Feature #12237: Reduce apt update time during first start of Tails Server added

#12 Updated by segfault 8 months ago

#13 Updated by segfault 8 months ago

  • Related to Bug #12232: Base feature/5688-tails-server on feature/stretch added

#14 Updated by segfault 8 months ago

#15 Updated by segfault 8 months ago

#17 Updated by segfault 8 months ago

  • Target version changed from 2017 to Tails_3.2
  • Feature Branch set to feature/5688-tails-server

We plan to release Tails Server with the first point release after the release of the next-generation onion services (scheduled for August 2017). This will be Tails 3.2, scheduled for 10/03/2017.

#18 Updated by segfault 8 months ago

  • Related to deleted (Bug #12232: Base feature/5688-tails-server on feature/stretch)

#19 Updated by segfault 8 months ago

  • Blocked by Bug #12232: Base feature/5688-tails-server on feature/stretch added

#20 Updated by segfault 8 months ago

  • Related to deleted (Feature #12231: Write Tails Server Documentation)

#21 Updated by segfault 8 months ago

#22 Updated by segfault 8 months ago

#23 Updated by segfault 8 months ago

#24 Updated by segfault 8 months ago

  • Affected tool set to Server

#25 Updated by segfault 8 months ago

  • Subject changed from Tails server: Self-hosted services behind Tails-powered Tor hidden services to Tails Server: Self-hosted services behind Tails-powered onion services

#26 Updated by segfault 6 months ago

#27 Updated by segfault 6 months ago

  • Blocked by deleted (Bug #12232: Base feature/5688-tails-server on feature/stretch)

#28 Updated by segfault 6 months ago

  • Blocked by deleted (Feature #12231: Write Tails Server Documentation)

#29 Updated by segfault 6 months ago

#30 Updated by BitingBird about 2 months ago

  • Description updated (diff)

#31 Updated by intrigeri about 1 month ago

  • Target version changed from Tails_3.2 to Tails_3.4

It didn't make it into 3.2 so best case it'll be for 3.4, if your new job (VeraCrypt! :) leaves you enough spare time.

Also available in: Atom PDF