Nginx configuration for Discourse forum over Tor

prostasia · December 21, 2019, 1:18am

Hello all,

I would like to configure Discourse to be a Tor hidden service using nginx. Here is the configuration that I am trying in nginx (it doesn’t work, “server not found”):

server {
    listen unix:/var/run/nginx-onion.sock;
    server_name prostadqmwc6no3n.onion;
    location / {
        proxy_pass http://unix:/var/discourse/shared/standalone/nginx.http.sock:;
        proxy_set_header Host $http_host;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

In my tor.conf file I have this:

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 unix:/var/run/nginx-onion.sock

And in /var/lib/tor/hidden_service I have the hostname and private key files. Tor is running.

Discourse is installed and working on the clearweb, and /var/discourse/shared/standalone/nginx.http.sock exists.

If needed I’m happy to pay someone for an hour or so of work to get this running (I doubt it will take more than that, because I’m probably just being stupid).

pfaffman · December 21, 2019, 10:45am

Did you look at Template for serving through an .onion address with Docker?

prostasia · December 21, 2019, 5:08pm

Yes but honestly I can’t make head or tail of it and it seems an over-complicated approach for what I need, which is just a working nginx configuration.

jughead · April 21, 2020, 12:43pm

Did you find a solution?

Also how’d you get Discourse it self up and running in tocker for a .onion address? (I want a forum available through tor only)

prostasia · April 21, 2020, 6:14pm

Yes, here is the working configuration. The problem was pretty simple, it was that originally I tried to use a socket to serve the site, but this didn’t work, so I had to use a port.

server {
    listen 801;
    server_name 127.0.0.1;
   location / {
        proxy_pass http://unix:/var/discourse/shared/standalone/nginx.http.sock:;
        proxy_set_header Host $http_host;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

jughead · April 22, 2020, 8:44pm

Thanks for your quick reply!

Another question; what are your server specs(and for what userbase?) / have you made any changes for preformance over tor?

Thanks in advance!

prostasia · April 22, 2020, 9:23pm

It’s a 2Gb Digital Ocean VM with 105 users. We didn’t make any modifications (except a plugin to allow us to serve it over tor and clearweb simultaneously).

jughead · May 30, 2020, 1:02pm

Another question, do you have any issues with user images (like background card, profile banner, etc) taking a really long time to load (I suppose this is because of tor). After it’s cached though it shows it just fine.

jughead · June 12, 2020, 9:40pm

I’m not exactly sure how tor user addresses work. But for me all the user logged ip’s show as 127.0.0.1 which I’d expect but I have set the x-forwarded-for header in nginx.

I’m not sure whether tor users have something similar to an ip over the tor network itself, and how I get this to show.

rollerbob · June 12, 2020, 10:09pm

Might need to use set_real_ip_from

Topic		Replies	Views
How to create mirror in Tor with .onion domain? installation	6	1117	October 5, 2023
How would one go about setting up discourse for tor? installation	4	796	April 22, 2020
Template for serving through an .onion address with Docker dev	7	3418	April 20, 2020
TOR onion domain for Discourse support	5	1131	July 16, 2020
Nginx + discourse installation	9	7873	February 8, 2016

Nginx configuration for Discourse forum over Tor

Related Topics