Problem to start tor2web

[spketoundi]

I am installing GlobaLeaks + Tor2web + Letsencrypt on Ubuntu Server 16.04 VPS following https://github.com/globaleaks/GlobaLeaks/wiki/Installing-GlobaLeaks-Tor2web-Letsencrypt . This is the way I did it :

1. Install GlobaLeaks – OK !
2. Install Tor2web I used tor2web_3.1.69_all.deb from https://deb.globaleaks.org/trusty/ since there is no package available for xenial. And then successfully run ./install-tor2web.sh.
3. Configure Tor2web – OK !
4. Install Letsencrypt – OK !
5. Start Tor2web /etc/init.d/tor2web start is ending with the following error : [....] Starting tor2web (via systemctl): tor2web.serviceJob for tor2web.service failed because the control process exited with error code. See "systemctl status tor2web.service" and "journalctl -xe" for details. failed! Then I run sudo systemctl status tor2web.service ● tor2web.service - LSB: Start the Tor2web proxy. Loaded: loaded (/etc/init.d/tor2web; bad; vendor preset: enabled) Active: failed (Result: exit-code) since Fri 2017-05-26 14:16:39 UTC; 24s ago Docs: man:systemd-sysv-generator(8) Process: 25452 ExecStart=/etc/init.d/tor2web start (code=exited, status=1/FAIL

Please help me. What am I missing ?

tor2web.txt

Please find below my tor2web.conf

[main]

TOR2WEB CONFIGURATION FOR GLOBALEAKS

This is a minimal configuration template for a Tor2web to be used with

globaleaks installed on the same server. !WARNING!: That setup is only

valid for mid/low-risks deployments, such as anticorruption compliance in

western countries

nodename = nodename

datadir = /home/tor2web

debug and logging

logreqs = False debugmode = False debugtostdout = False

Hostname of the public website

basehost = secure.domain.org

Multiprocessing

processes = 3 requests_per_process = 10000

Listening IPs and Ports

transport = HTTP

the above transport setting allow you to

- enable only http: HTTP

- enable only https: HTTPS

- enable both http and https with forced redirect over https: BOTH

Local IP address Tor2web must be listening

listen_ipv4 = 45.77.54.230 listen_port_http = 80

listen_port_https = 443

Tor Configuration

Sockshost = 127.0.0.1 socksport = 9050 socksoptimisticdata = True sockmaxpersistentperhost = 5 sockcachedconnectiontimeout = 240 sockretryautomatically = True

Tor Hidden Service

To find the hostname issue the following command

cat /var/globaleaks/torhs/hostname

mode = TRANSLATION onion = name.onion blockcrawl = True overriderobotstxt = True blockhotlinking = False

blockhotlinking_exts = [jpg, png, gif]

This allows Tor2web to work as a proxy for a local GlobaLeaks platform

This allows Tor2web to make use a simple TCP proxies

exposed on http://127.0.0.1:8082

dummyproxy = http://127.0.0.1:8082

CERTIFICATE CONFIGURATION

For the commands needed for generating the files below specified refer to the

wiki page at: https://github.com/globaleaks/Tor2web/wiki/Installation-Guide

ssl_key = /home/tor2web/certs/tor2web-key.pem #

LOAD THE .CRT FILE THAT HAS BEEN GIVEN YOU BY YOUR CA

ssl_cert = /home/tor2web/certs/tor2web-cert.pem #

LOAD THE INTERMEDIATE CERTIFICATE CHAIN OF YOUR CA HERE

PLEASE BE CAREFUL TO PUT THE CERT CHAIN IN THE RIGHT ORDER!

ssl_intermediate = /home/tor2web/certs/tor2web-intermediate.pem

SSL configuration

ssl_dh = /home/tor2web/certs/tor2web-dh.pem cipher_list = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES128-SHA:DES-CBC3-SHA ssl_tofu_cache_size = 100

If globaleaks is used in embedded mode uncomment the settings below

and read https://github.com/globaleaks/GlobaLeaks/wiki/Integration-Guide

disable_tor_redirection = True blockhotlinking = False

If you want to serve torbrowser files from this server

uncomment this and read https://github.com/globaleaks/Tor2web/wiki/GetTor

disable_gettor = True

If set to True will disable the tor2web disclaimer

disable_disclaimer = True

If set to True will disable the tor2web banner

disable_banner = True

If set to True will avoid rewriting visible data (experimental; will result in less functional proxy)

Could be useful in relation to DMCA for US law only

avoid_rewriting_visible_content = True

Mail configuration for automatic exceptions notification and user abuse notice

smtpuser = [USERNAME]

smtppass = [PASSWORD]

smtpmail = [EMAIL]

smtpmailto_exceptions = [EMAIL_FOR_ABUSES_EXCEPTIONS]

smtpmailto_notifications = [EMAIL_FOR_ABUSES_NOTIFICATION]

smtpdomain = [DOMAIN]

smtpport = [PORT]

Exit nodes list refresh period (in seconds)

exit_node_list_refresh = 600

The following configuration parameters permits to enable automatic fetching of the hashed blocklist

automatic_blocklist_updates_source = https://ahmia.fi/bannedMD5.txt

automatic_blocklist_updates_refresh = 600

automatic_blocklist_updates_mode = MERGE

The following configuration parameter permit to publish blocklist

lists will be available at /antanistaticmap/lists/blocklist

publish_blocklist = False

List of mirrors shown in Tor2web disclaimer and banner

An updated list of know mirrors can be found at: https://github.com/globaleaks/tor2web/wiki

mirror = [tor2web.org, mirror2.tld, mirror3.tld, ...]

[spketoundi]

This is the output from sudo systemctl status tor2web.service

● tor2web.service - LSB: Start the Tor2web proxy. Loaded: loaded (/etc/init.d/tor2web; bad; vendor preset: enabled) Active: failed (Result: exit-code) since Sat 2017-05-27 13:18:37 UTC; 26min ago Docs: man:systemd-sysv-generator(8) Process: 10191 ExecStart=/etc/init.d/tor2web start (code=exited, status=1/FAILURE)

May 27 13:18:35 hostname tor2web[10191]: Starting Tor2web tor2web... May 27 13:18:35 hostname tor2web[10191]: Starting tor daemon... May 27 13:18:35 hostname tor2web[10191]: ...done. May 27 13:18:36 hostname tor2web[10191]: Tor2web Startup Failure: TRANSLATION config.mode require config.onion configuration May 27 13:18:37 hostname tor2web[10191]: Tor2web Startup Failure: TRANSLATION config.mode require config.onion configuration May 27 13:18:37 hostname tor2web[10191]: ...fail! May 27 13:18:37 hostname systemd[1]: tor2web.service: Control process exited, code=exited status=1 May 27 13:18:37 hostname systemd[1]: Failed to start LSB: Start the Tor2web proxy.. May 27 13:18:37 hostname systemd[1]: tor2web.service: Unit entered failed state. May 27 13:18:37 hostname systemd[1]: tor2web.service: Failed with result 'exit-code'.

Thanks in advance for your help

[spketoundi]

I am doing a quick deployment of GlobaLeaks + Tor2web + Letsencrypt on _Ubuntu Server 16.04.2 LTS (GNU/Linux 4.4.0-78-generic x8664)

[spketoundi]

PLEASE I NEED YOUR HELP, I HAVE DONE ALL I COULD FOR THE PAST 2 DAYS. PLEASE HELP.

[fpietrosanti]

By that line it seems that you are missing the "onion" configuration: May 27 13:18:37 hostname tor2web[10191]: Tor2web Startup Failure: TRANSLATION config.mode require config.onion configuration

Btw the released GlobaLeaks now support HTTPS directly into the software, but unfortunately it still not support LetsEncrypt (but will do in few weeks time), so you would be able to skip entirely Tor2web.

Are you in a rush?

[spketoundi]

Thanks so much for the quick reply. This is the onion I use that I got from GlobaLeaks install : _To access and configure your GlobaLeaks node use the following Tor HS URL: p3hgqaa7wfqhmqs.onion Use the Tor Browser to connect, You can download it from https://www.torprojectorg/download If you need to access the node directly on your public IP address, edit /etc/default/globaleaks and restart globaleaks_ Thanks so much once again

[spketoundi]

Yes I am in a rush to get the Proof Of Concept (POC) up and running for next monday. Then I can make adjustments later (the next 2 weeks) if possible while the project still on alpha. I am so happy that you can help. So many thanks.

[fpietrosanti]

Feel free to drop us an email to projects@logioshermes.org if you need further help or hang on chat

[spketoundi]

Thanks so much, Please how to correct the missing "onion" configuration ? I just put in the Tor HS URL: p3hgqaa7wfqhmqs.onion I got from the Globaleaks install. Thanks so much to help me get the tor2web start.

[spketoundi]

I dont understand what 's the problem with the tor2web service. When I issue a reload command I got the following error: sudo /etc/init.d/tor2web reload [....] Reloading tor2web configuration (via systemctl): tor2web.servicetor2web.service is not active, cannot reload. failed!

[evilaliv3]

Dear Etoundi,

i'm sorry for this late reply.

Right now it is not anymore necessary to use tor2web to adopt HTTPS with GlobaLeaks.

You can simply invite the latest version of GlobaLeaks and in the "Network Configuration" panel you will find the possibility to configure an SSL certificate.

In few weeks we will complete this semplification by allowing even to adopt Let'encrypt directly inside GlobaLeaks automating the process.

Let me know if this could help and if you are in possibility to what for you project. In case of more urgent needs let me know and we could accomodate a skype call in order eventually to plan to support you directly via our social enterprise.

All the best,

Giovanni Pellerano

[spketoundi]

Thanks so much Giovanni,

This is what fpietrosanti started telling me.

This is the best news you can give me, you are great people. I wondered why this HTTPS access was not directly implemented inside Globaleaks to avoid to use Tor2web, given that we see many complains about Tor2web.

Please can you just send me a screen shot on how to set it up in GlobaLeaks "Network Configuration" panel ? I will just go ahead and use it right away with GlobaLeaks install I did 2 days ago. Is that version OK ?

I need to get the POC working for next Monday as our non-profit organizations are planning for an intensive use of GlobaLeaks. We cannot go for SecureDrop for the next two years. Then we are so happy with the possibility to use GlobaLeaks.

Thanks so much again for your great heart and for the work you do.

Simon.

[evilaliv3]

Thank you also @spketoundi

Closing the ticket as addressed for the moment.

Feel free to reach out to us in case of any issue.