Tor, Part 2: EOTK

OK, so now, after having read Part 1 you know something about how Tor works, and you've downloaded the browser, and looked around. So let's say you've already got a great website going, but you want to mirror it on the Tor network. How might you do that? As I'll talk about in Part 3, it's not super hard to spin up what's called an "onion service." You could create a copy of your site, and serve your site over Tor too.

But an easy way to do this is to use the tool called "Enterprise Onion Toolkit" written by Alec Muffett (@AlecMuffett on Twitter). EOTK is a great tool, and relatively easy to use. Basically it's a proxy, but through the Tor network.

First, you'll need a server. Right now, EOTK works on Ubuntu 18.04LTS, MacOS Mojave, and Raspbian. You can install on other platforms, but EOTK has build scripts for those three, so that makes it easier. The install instructions are here.

Also, Tor works over ports 9150 and 9151 (although I've also seen Tor run over 9050 and 9051,) so those ports need to be open in your firewall.

EOTK has the concept of "projects." You can think of this as one "organization." For example, if you have a few sites, and media shared between sites, it's best to put all of that into one project. This also helps a lot later with certificates, which I'll talk about in the last part of this series.

The first step is to generate an onion. You do that using eotk gen. That command will generate an onion address, and a key. (I'll talk about generating vanity .onion addresses in Part 3.)That key is kept in the directory 'eotk/secrets.d/weirdlookingonionaddress.key'. Then, you'll create a configuration file, that looks a little like this:

set project nameofproject
hardmap weirdlookingonionaddress myorg.org media

If you have multiple domains, like 'myorg.org' and 'myorgspecialproject.org' you'd generate a second key for 'myorgspecialproject.org' and your configuration file would look like:

set project nameofproject
hardmap eirdlookingonionaddress myorg.org media
hardmap weirdsecondonionaddress myorgspecialproject.org

One thing you should definitely do is to look at the site you want to proxy through Tor with the network tab of devtools in your browser, to look at all of the domains your site uses, and make sure they are all covered via Tor. (For example, if you send a bunch of media traffic through a CDN, and have a domain like myorg.xycdn.com, you should also hardmap that domain to a new onion key.) But leave you external analytics (like google analytics) alone.

The EOTK GitHub repo has lots of useful instructions and docs I'm barely scratching the surface of what's there.

links

social