Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Connecting Remotely - Tor

Contents

  1. Use Case
  2. Important Background
  3. Adding and Removing Domains
  4. Connecting over Tor

Use Case

This connection method permits hosting services on the private Internet (aka the "Darknet") as anonymous (.onion) domains.

There are three reasons you might want this:

  1. Unless you share/leak a Tor address, it is totally private and anonymous. Nobody knows it exists, and nobody knows it belongs to you. It is your secure, secret tunnel to the underlying website/API.

  2. If you share/leak a Tor address without associating it to your identity (not easy to do), it is anonymous but not private. People know it exists, but nobody knows it belongs to you. By this method, you can anonymously host a censorship-resistant website/API on the private web.

  3. If you share/leak a Tor address and also associate it with your identity, it is neither private nor anonymous. People know it exists, and they know it belongs to you. This is useful for hosting an identified yet still censorship-resistant website/API on the private web, or for sharing access to the websites/API with select friends and family.

Warning

It is normal for Tor connections to be slow or unreliable at times.

Important Background

By default, each service interface on StartOS receives a unique and randomly-generated Tor domain. Each domain produces two addresses: HTTP and HTTPS. Because Tor is a secure protocol, it is perfectly safe to use the HTTP address. It is also preferable to use the HTTP address, because it does not require you or anyone else to trust you server's Root CA to access it.

Warning

Some applications that are unfamiliar with or unfriendly towards Tor may require HTTPS. ACME providers will not sign certificates for Tor addresses. Therefore, your HTTPS Tor address is signed by your server's Root CA. This means only devices that have downloaded and trusted your server's Root CA will be able to access the HTTPS address without issue.

Adding and Removing Domains

To add a Tor domain to a service interface, find the "Tor Domains" section and click "Add".

Vanity Addresses

When adding a Tor address to a service interface, can upload a private key to create a vanity address. For instructions generating a vanity address, see here.

To delete a Tor domain, simply click the trashcan beside the Domain. If you delete all your Tor domains, the service interface will not be accessible over Tor.

Connecting over Tor

Using a Tor Browser

You can connect to your server and installed services from anywhere in the world, privately and anonymously, by visiting its unique http://....onion URL from any Tor-enabled browser.

Running Tor in the Background on your Phone/Laptop

By running Tor in the background on your phone or laptop, certain apps can connect over Tor, even if the apps themselves do not natively support connecting over Tor. Select the guide specific to your phone/laptop: