search

alecmuffett / eotk

Enterprise Onion Toolkit
GNU General Public License v3.0
766 stars 103 forks source link

Installing SSL certificate with eotk for an existing onion address and server with Caddy docker #109

Closed nicfab closed 1 year ago

nicfab commented 1 year ago

I just installed oetk on my server (Ubuntu 20.04). I already installed tor before, and I have an onion address for my website. I had to install the service (SearXNG) via docker with Caddy, and I have access only to Caddyfile. I bought an SSL certificate from HARICA, and I want to install it to make HTTPS the protocol of the onion address.

Is it possible to install the SSL certificate by eotk without generating a new onion address (using the onion address I already have)? If possible, I kindly ask you to let me know the steps I will follow. I appreciate any help you can provide.

alecmuffett commented 1 year ago

Hi! I am not sure that I understand your question, but if you are using Docker and are asking this question then it strikes me that you are at high risk of losing access to the keys and secrets in the docker instance that hosts EOTK.

Can you first of all make sure that you can take a secure copy of the "eotk" working directory, and keep it / all of that data in a safe place where only you have access to it? Or, alternatively, make sure that you keep saved copies of the working version of the instance?

nicfab commented 1 year ago

Hi! I am not sure that I understand your question, but if you are using Docker and are asking this question, then it strikes me that you are at high risk of losing access to the keys and secrets in the docker instance that hosts EOTK. Can you first of all make sure that you can take a secure copy of the "eotk" working directory, and keep it / all of that data in a safe place where only you have access to it? Or, alternatively, make sure that you keep saved copies of the working version of the instance?

First of all, thank you for your quick reply. My situation is the following:

SearXNG is in /usr/local/searxng-docker Starting the SearXNG docker, Caddy automatically creates the SSL certificate and redirects the HTTP to HTTPS.

I installed tor following the official instructions, and I have set the onion domain which is in /var/lib/tor/searxng

Now all works:

In the Caddyfile, I set the row: header Onion-Location http://zpqi3eorbszyks36k6jsicg64wm6el7fom4o2ds3hqqcqcapfin3qfid.onion{path}, and that allows Tor browser to recognize the onion address if I point to https://searxng.nicfab.it

I want to redirect the HTTP onion address to HTTP. So, I bought an SSL certificate for the onion address from HARICA. Considering that SearXNG is dockerized, I don't know how to install the SS certificate for the onion site and where to save the certificates.

My question is, "How can I install the SSL certificate for the onion address?".

I saw eotk and thought it was the possible solution to my doubt. Am I wrong?

alecmuffett commented 1 year ago

Sorry, I don't know anything about SearXNG.

nicfab commented 1 year ago

Sorry, I don't know anything about SearXNG.

Ok. How can I remove eotk?

alecmuffett commented 1 year ago

generally eotk shutdown -a and then rm

On Sun, 4 Sept 2022 at 21:38, nicfab @.***> wrote:

Sorry, I don't know anything about SearXNG.

Ok. How can I remove eotk?

— Reply to this email directly, view it on GitHub https://github.com/alecmuffett/eotk/issues/109#issuecomment-1236411408, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAGC4EDBPIULHMOG2PDHNC3V4UCF5ANCNFSM6AAAAAAQENJDOE . You are receiving this because you commented.Message ID: @.***>

-- https://alecmuffett.com/about