We're missing documentation on how to run Mastodon as a hidden (e.g. ) service. If you know how to do it, please either submit it or tell me so I can write it down

@Gargron Requires ssl so it's like normal but you need to have a self signed cert

@Sir_Boops Imagine you're explaining it to someone who never used Tor (because you are)

@Gargron

> Setup mastodon following the usual steps except generate a self-signed cert ( Because you /can't/ get certs for .onion addresses )

> Install tor and add append these three lines to the end of the torrc file

HiddenServiceDir /var/lib/tor/<some name>/
HiddenServicePort 80 127.0.0.1:80
HiddenServicePort 443 127.0.0.1:443

And that's it it's now on tor

Now it won't fed because other instances won't take the broken ssl but that's a masto issue ;p

Follow

@Sir_Boops How install tor? apt install tor?

@Gargron @Sir_Boops additionally, if your instance is behind Cloudflare, you can enable onion routing via a single button in the dashboard (and while you're there, whitelist the country code T1)

@Sir_Boops @Gargron If you're using Debian Testing (or even Debian Sid), you can pull tor from Debian's repos

It is also recommended to use the new version of Onion Services by adding HiddenServiceVersion 3 right after what Sir_Boops said, as explained here: torproject.org/docs/tor-onion-

@mrtino @Gargron v3s are buggy af

I havn't used them in a while so they might be better now but when I was using them half the time they'd take a good 30 min to start working where-as v2 is near-instant

@Sir_Boops @mrtino Wait hold on so federation with Tor instances doesn't work? The person who submitted the changes that added Tor support didn't mention that

@Gargron @mrtino No federation with onion instances works just fine but those instances are modded to not use https at all

@Gargron @mrtino So when my instance talks to an onion instance ( Hi @notjeff ) their instance will only talk using http

Hopefully I'm making some sense x.x

@Sir_Boops @mrtino But he have those rules where https is required in ActivityPub URIs, and I don't believe there is a special case for Tor there.

@Gargron @mrtino afaik Masto will just send to whatever the server tells it You tell it http it'll use http

Also I can't connect to that instance over https so masto has to be using http

@Sir_Boops @Gargron @mrtino onion routing and https are doing basically the same job (ensuring that you're talking to who you think you are and hiding the data from MITM attacks) so there's no real reason to use both

@Sir_Boops @Gargron @mrtino the difference is that onion routing confirms the identity by making it really hard to claim a specific identity (you'd need to generate a key with the same hash) whereas HTTPS confirms the identity of something human-readable (a domain name) and therefore requires at least some level of trust in the certificate before you can send any data

@Gargron @Sir_Boops when did you tell masto's config to use WHAT onion domain?
i dont know anything about Tor so you can test with me 😈

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!