Closed trinami closed 3 months ago
Hi @trinami, sorry I'm replying to late,
My recommendation is that you configure your OnionService to use the Ingress Controller's SVC as explained in this example.
Can you double check your IC svc name is in fact ingress-nginx-controller
?
Nodeport is not relevant here, don't worry about it.
When using Tor, you don't need to access the onion site over HTTPS since the connection is also encrypted end to end; not sure if the tls
piece is necessary there. You need to have a certificate for your .onion
address if you want that to work proerly (more info: https://community.torproject.org/onion-services/advanced/https/). The secret that Tor-controller creates cannot be used for TLS.
You can reach me in matrix chat @bugfest:matrix.org
Regards, BF
So finally, @bugfest helped me to fix this issue today.
1. I don't need a NodePort pointing to the OnionService. It just has another way to expose itself to the outside world.
2. Let's Encrypt doesn't work with .onion, and I don't want to pay, so I just used Port 80 / HTTP (I made another ingress controller without the HSTS part for the .onion)
Everything else was okay in the setup above. Incoming clearnet traffic is NodePort->ingress-nginx, tor traffic is OnionService->ingress-nginx, from ingress everything is like without, except the .onion domain name.
Thank you very much @bugfest :))
Thanks @trinami, enjoy!
Hello,
i try to set up a hidden service. I already have ingress-nginx setup. Currently i have a NodePort on 30080 and 30443. I made a kind: OnionService on Port 80, and set backend port 80, ingress-nginx-controller. The secret is loaded correctly, the OnionService has the right Status.Hostname. (trinamiggfqxmyuyipkol3svqfzecuriywhiqlzcawknhtgivj3wkxad.onion)
But i can't reach the onion address. What i am doing wrong? It just loads in Tor Browser and then says "Unable to connect" And is there a better way then 30080->tor-controller->ingress-nginx-controller->ingress->webserver ? like 30080->ingress-nginx-controller->tor-controller->ingress->webserver ? and what is with https? Would be nice if you could help. Maybe i can message you anywhere else?
Many thanks :)