Блог

Главная - Вопросы по программированию - Настройка скрытых сервисов для Tor в AWS

Настройка скрытых сервисов для Tor в AWS

#amazon-web-services #ubuntu #nginx #amazon-ec2 #tor

#amazon-веб-сервисы #ubuntu #nginx #amazon-ec2 #tor

Вопрос:

Может кто-нибудь проверить, что не так с этой конфигурацией?

Информация об AWS:

EC2: Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-45-generic x86_64)

Группа безопасности:

HTTP TCP 80 0.0.0.0/0

SSH TCP 22 0.0.0.0/0

ubuntu@ip-172-31-58-168:~$ tor -версия

 Tor version 0.2.8.9 (git-cabd4ef300c6b3d6).

ubuntu@ip-172-31-58-168:~$ nginx -v

 nginx version: nginx/1.10.2

ubuntu@ip-172-31-58-168:~$ статус tor службы sudo

 ● tor.service - Anonymizing overlay network for TCP (multi-instance-master)
   Loaded: loaded (/lib/systemd/system/tor.service; enabled; vendor preset: enabled)
   Active: active (exited) since Thu 2016-10-20 10:03:51 ART; 1h 2min ago
  Process: 667 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
 Main PID: 667 (code=exited, status=0/SUCCESS)
    Tasks: 0
   Memory: 0B
      CPU: 0
   CGroup: /system.slice/tor.service

Oct 20 10:03:50 ip-172-31-58-168 systemd[1]: Starting Anonymizing overlay network for TCP (multi-instance-master)...
Oct 20 10:03:51 ip-172-31-58-168 systemd[1]: Started Anonymizing overlay network for TCP (multi-instance-master).

ubuntu@ip-172-31-58-168:~$ состояние nginx службы sudo

 ● nginx.service - LSB: Stop/start nginx
   Loaded: loaded (/etc/init.d/nginx; bad; vendor preset: enabled)
   Active: active (running) since Thu 2016-10-20 10:04:23 ART; 1h 2min ago
     Docs: man:systemd-sysv-generator(8)
  Process: 1284 ExecStart=/etc/init.d/nginx start (code=exited, status=0/SUCCESS)
    Tasks: 2
   Memory: 2.6M
      CPU: 14ms
   CGroup: /system.slice/nginx.service
           ├─1332 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.con
           └─1333 nginx: worker process                   

Oct 20 10:04:23 ip-172-31-58-168 systemd[1]: Starting LSB: Stop/start nginx...
Oct 20 10:04:23 ip-172-31-58-168 systemd[1]: Started LSB: Stop/start nginx.

torrc (файл конфигурации Tor)

 ubuntu@ip-172-31-58-168:~$ cat /etc/tor/torrc
HiddenServiceDir /var/lib/tor/sitio1
HiddenServicePort 80 127.0.0.1:81

файлы hostname и private_key:

 root@ip-172-31-58-168:/home/ubuntu# cat /var/lib/tor/sitio1/hostname 
zptym3k5xi2dyngl.onion

root@ip-172-31-58-168:/home/ubuntu# cat /var/lib/tor/sitio1/private_key 
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQDPVfcNF7uaBTqgLZqfr9zOQKCXF4g5FsMFa u8I46d4/UAgODD
w DxpUf/wPM7ibSLPuuVU/WTq2 fMu8QXTX AuMboca0REeSuxb NUOQxpEBxKHy
vqKB6emRA3D6X1e2X1i2f/dC2kqa/8nkuTOw nUJthGYHHlN5xlAyVl72QIDAQAB
AoGARIzDlcyW9iFsdLEfQlS yGKNtebN3zIrYIuB8T5AVOudgYEazx7gLITc/S4q
PlalalallalalalalalalalalalalalalalalalalaxTsb3lKt1EAyF049lX9MKj
qPDLOyAFFW9SQq/HCe5stnQl1zLfRIbbhTX6esArvLnv7VECQQD9PsT8AnVvh9J4
ybzJr5M2KZxy90rGmeWCZLB0l3UHxX2AKOIWC9qekeAURqHRN9Ys9iWY4TgEQunN
vRK 4YM3AkEA0ZdZKsx/s1DDaaieSn4h7zez7bpXYCTnSGzYTelPaiRMrpo9Lmyu
3GFsW9zOWzJmHNxsSczxQWDeLx3t/FShbwJARtppApktgibeHC1VRJh694xs2T2X
DjnAnNrPA8/cTnBSzKijmMd4QyVNLF8Wpxputoelqueleeat84IS3JT7wQJAEICC
HMSNKWkqeZ81F1hnA5a3K/iH KHvM9yeC0RbZFgHUZgDSSx1eBSTm4f/F18Yex0/
yW/BbwxZcgxBOKTRholaZHM2UZ3TG6DfdYxY/Pur9/rlbXMGhx1RJnbdWFkC1CnW
9D9i6oto0iWHS9c46o3phYDceWC9/tuh04NboXBsKg==
-----END RSA PRIVATE KEY-----

файл конфигурации сайта nginx

 root@ip-172-31-58-168:/home/ubuntu# cat /etc/nginx/conf.d/sitio1.onion 

    server {
        listen       81;
        server_name  zptym3k5xi2dyngl.onion;

        root   /directorio/carpeta/sitio1;
        index  index.php index.html index.htm;

        access_log  /directorio/de/los/logs/hidden-access.log;
        error_log   /directorio/de/los/logs/hidden-error.log;

        error_page 404 /404.html;
        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
            root /usr/share/nginx/html;
        }

        location ~ .php$ {
            try_files $uri =404;
            fastcgi_split_path_info ^(. .php)(/. )$;
            fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
        }
    }

Наконец, системный журнал и журнал tor

 root@ip-172-31-58-168:/home/ubuntu# cat /var/log/syslog
Oct 20 10:04:21 ip-172-31-58-168 systemd[1]: Starting Anonymizing overlay network for TCP...
Oct 20 10:04:22 ip-172-31-58-168 tor[1162]: Oct 20 10:04:22.078 [notice] Tor v0.2.8.9 (git-cabd4ef300c6b3d6) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2g and Zlib 1.2.8.
Oct 20 10:04:22 ip-172-31-58-168 tor[1162]: Oct 20 10:04:22.079 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Oct 20 10:04:22 ip-172-31-58-168 tor[1162]: Oct 20 10:04:22.080 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Oct 20 10:04:22 ip-172-31-58-168 tor[1162]: Oct 20 10:04:22.080 [notice] Read configuration file "/etc/tor/torrc".
Oct 20 10:04:22 ip-172-31-58-168 tor[1162]: Configuration was valid
Oct 20 10:04:22 ip-172-31-58-168 tor[1168]: Oct 20 10:04:22.215 [notice] Tor v0.2.8.9 (git-cabd4ef300c6b3d6) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2g and Zlib 1.2.8.
Oct 20 10:04:22 ip-172-31-58-168 tor[1168]: Oct 20 10:04:22.229 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Oct 20 10:04:22 ip-172-31-58-168 tor[1168]: Oct 20 10:04:22.229 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Oct 20 10:04:22 ip-172-31-58-168 tor[1168]: Oct 20 10:04:22.229 [notice] Read configuration file "/etc/tor/torrc".
Oct 20 10:04:22 ip-172-31-58-168 tor[1168]: Oct 20 10:04:22.241 [notice] Opening Socks listener on 127.0.0.1:9050
Oct 20 10:04:22 ip-172-31-58-168 systemd[1]: Started Anonymizing overlay network for TCP.


root@ip-172-31-58-168:/home/ubuntu# cat /var/log/tor/log 
Oct 20 10:04:22.000 [notice] Tor 0.2.8.9 (git-cabd4ef300c6b3d6) opening log file.
Oct 20 10:04:22.215 [notice] Tor v0.2.8.9 (git-cabd4ef300c6b3d6) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2g and Zlib 1.2.8.
Oct 20 10:04:22.229 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Oct 20 10:04:22.229 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Oct 20 10:04:22.229 [notice] Read configuration file "/etc/tor/torrc".
Oct 20 10:04:22.241 [notice] Opening Socks listener on 127.0.0.1:9050
Oct 20 10:04:22.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Oct 20 10:04:22.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Oct 20 10:04:22.000 [notice] Bootstrapped 0%: Starting
Oct 20 10:04:22.000 [notice] Bootstrapped 80%: Connecting to the Tor network
Oct 20 10:04:22.000 [notice] Signaled readiness to systemd
Oct 20 10:04:23.000 [notice] Opening Socks listener on /var/run/tor/socks
Oct 20 10:04:23.000 [notice] Opening Control listener on /var/run/tor/control
Oct 20 10:04:24.000 [notice] Bootstrapped 85%: Finishing handshake with first hop
Oct 20 10:04:24.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Oct 20 10:04:24.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Oct 20 10:04:24.000 [notice] Bootstrapped 100%: Done

Трафик поступает на мой скрытый сервис, но «Не удается подключиться»

arm — скриншот

Эта точная конфигурация работает на сервере у меня дома.

Комментарии:

1. -----BEGIN RSA PRIVATE KEY----- Похоже, вы немного запутали этот закрытый ключ lalalala (или он был сгенерирован с помощью неисправного источника энтропии), но я бы все равно считал его скомпрометированным, поскольку большая его часть выглядит неповрежденной.

2. Все в порядке … просто тестирую.