----------------------------------------
gopher.black on tor, part 1
April 27th, 2018
----------------------------------------
I'm working on adding a tor hidden service to gopher.black so you
can enjoy all my steamy content anonymously, you sneaky vixen.
Honestly, the idea seemed a bit daunting but it's turned out to be
pretty straight forward. While I'm not at 100% yet, I thought
I learned enough to share while it's fresh in my mind.
Here's the main steps going from a normal gopher server to
a torified one:
- Install tor
- Configure tor to point to your server
- Start tor
- Find your hostname
Step 1: Install tor
Check out the install instructions on the tor website. In most
cases it's as simple as:
sudo apt install tor
Step 2: Configure tor to point to your server
Everything you need to configure in tor is located at
/etc/tor/torrc. Open that bad-boy up and jump down a bit until you
find the section on Hidden Services. Mine is around line 72.
Uncomment them and make it look like so:
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 71 127.0.0.1:70
The first line is where your hidden service will store all its
secret shenanigans, like the private key it's going to
auto-generate for you. We'll look there in a minute to find the
hostname.
The second line describes Tor's mapping of fake port to real port.
Since we have our gopher hole running on port 70 that's what we
reference on the right. For now, we're going to tell Tor to
pretend port 71 is what we want to use publicly.
Step 3: Start tor
sudo service tor start # or whatever your machine uses
Step 4: Find your hostname
If you have your hidden service directory like mine above, then
you just need to cat out the hostname hidden in that folder. It'll
be set up to use root permissions, so sudo like so:
sudo cat /var/lib/tor/hidden_service/hostname
It'll spit out your ugly hostname. Mine is: fhsujakrrdvwq2gk.onion
I'll be changing it soon (see below).
Okay, now you're all set and ready to fire it up. To test you'll
need a gopher client running on tor. I installed Overbite on my
Tor Browser on my PC for easy testing, but you can also use torify
on lynx and a bunch of other things. Once you found a way to run
a tor browser that can see gopher, navigate to your gopher hole
using the onion address and port 71.
For instance:
gopher://fhsujakrrdvwq2gk.onion:71
It should work and you'll be moderately pleased. But now we have
problems. 99 of them (not quite).
1) Your onion address sux
2) All the links in your gopher hole on tor probably kick you back
to your unencrypted, plaintext gopher hole
3) Port 71? What is this, NETRJS?
How can we deal with all these horrors? Let's take a look.
Problem 1: Onion addresses
It's possible to generate sexy onion addresses. You might be
familiar with protonmail's relatively readable one:
protonirockerxow.onion
That's almost words!
So how can you get that level of not-quite-suck? Why, brute force,
of course! Check out Eschalot [0].
(HTM) [0] Eschalot
You can use this and wait... and wait... and wait... and
eventually you'll have a cool onion address. There's some issues
with it, as you can read on the README, but it's probably good
enough for gopher work.
Problem 2: Links
I don't know what gopher server you're running. I'm on motsognir,
which I love and cherish with a little too much gusto. Chances are
that your server is smart enough that if you have no gophermaps or
if you leave off the server & port info in your gophermaps they
are autogenerated based on your host name. That's awesome.
Motsognir does that too. Why aren't you using it again?
Regardless, that will break your shit on tor cause we have
a totally different host name we want to use there.
What's the solution? Well, unless someone has a better idea,
I think the best thing to do is install a second gopher server,
use a different configuration with your tor address as the host
name, and change the port to something other than 70 (more on this
next). If you are on geomyidae, it's already set up so you can run
multiple instances of the server at the same time and override the
host name and port via command line switches. I haven't figured
out how to do that with motsognir yet. I'll probably just install
gophernicus next to motsognir and serve tor over that instead.
They're fairly compatible in gophermap structures.
Problem 3: Port 71!@#$!@#$!$
If you install a second server and run it on another port, oh
let's say... 1138, then you can update your torrc file and point
tor at that new port. In fact, you can point tor at the new point
and let tor pretend it is serving it from 70. Like so:
HiddenServicePort 70 127.0.0.1:1138
Sexy.
Restart tor and you should be good to go!
I'm still working through these 3 problems with my own solution,
but once it's all done I'll be sure to share part 2 of my journey
and give you all the new tor address.