search

alecmuffett / real-world-onion-sites

This is a list of substantial, commercial-or-social-good mainstream websites which provide onion services.
1.6k stars 145 forks source link

HBSD: Provide new Tor Onion Service v3 Nodes for HardenedBSD #57

Closed lattera closed 3 years ago

lattera commented 4 years ago

HardenedBSD has revamped its infrastructure. The old nodes were retired prior to the migration to the new nodes. This commit removes the new-defunct old nodes in favor of thew new ones.

Signed-off-by: Shawn Webb shawn.webb@hardenedbsd.org Reference: https://hardenedbsd.org/article/shawn-webb/2020-01-30/hardenedbsd-tor-onion-service-v3-nodes

alecmuffett commented 4 years ago

Hi Shawn!

1/ I don't accept PRs, because the page is auto-generated, per the README

2/ As a test...

https://lkiw4tmbudbr43hbyhm636sarn73vuow77czzohdbqdpjuq3vdzvenyd.onion/article/shawn-webb/2020-01-30/hardenedbsd-tor-onion-service-v3-nodes

...fails with an invalid TLS certificate.

3/ I recommend addressing the redirect OR getting a certificate (regrettably, $$$, at the moment. Hopefully this will be fixed soon) and then submit an Issue.

alecmuffett commented 4 years ago
Screenshot 2020-02-03 at 23 26 14
lattera commented 4 years ago

Yeah, the reason for that is due to LetsEncrypt. I force all HTTP to HTTPS on that server. Since LetsEncrypt doesn't support .onion, yet, the cert is for the actual domain (git-01.md.hardenedbsd.org and hardenedbsd.org). Right now, I can't prioritize spending Foundation money on an HTTPS cert we get for free.

So, with HardenedBSD being the only OS to cover the entire ecosystem with Tor Onion Service nodes, what's the best way to keep HardenedBSD listed in this repo without having to spend the financial resources we don't have?

alecmuffett commented 4 years ago

What webserver are you running? Can you disable the coercion from HTTP to HTTPS when the Host: header is one of your Onions?

alecmuffett commented 4 years ago

(aside: there are ongoing efforts to obtain LetsEncrypt certs for V3 Onions which could use support: https://cabforum.org/pipermail/validation/2019-December/001385.html)

lattera commented 4 years ago

What webserver are you running? Can you disable the coercion from HTTP to HTTPS when the Host: header is one of your Onions?

Good idea. I'll give that a try and report back. Shouldn't be difficult. Thanks for the suggestion!

chels3 commented 4 years ago

Any web links? Been looking for a good three days now still no luck

alecmuffett commented 3 years ago

closed, integrated.