Nginx configuration for Discourse forum over Tor

Hello all,

I would like to configure Discourse to be a Tor hidden service using nginx. Here is the configuration that I am trying in nginx (it doesn’t work, “server not found”):

server {
    listen unix:/var/run/nginx-onion.sock;
    server_name prostadqmwc6no3n.onion;
    location / {
        proxy_pass http://unix:/var/discourse/shared/standalone/nginx.http.sock:;
        proxy_set_header Host $http_host;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

In my tor.conf file I have this:

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 unix:/var/run/nginx-onion.sock

And in /var/lib/tor/hidden_service I have the hostname and private key files. Tor is running.

Discourse is installed and working on the clearweb, and /var/discourse/shared/standalone/nginx.http.sock exists.

If needed I’m happy to pay someone for an hour or so of work to get this running (I doubt it will take more than that, because I’m probably just being stupid).

2 Likes

Did you look at Template for serving through an .onion address with Docker?

1 Like

Yes but honestly I can’t make head or tail of it and it seems an over-complicated approach for what I need, which is just a working nginx configuration.

2 Likes

Did you find a solution?

Also how’d you get Discourse it self up and running in tocker for a .onion address? (I want a forum available through tor only)

Yes, here is the working configuration. The problem was pretty simple, it was that originally I tried to use a socket to serve the site, but this didn’t work, so I had to use a port.

server {
    listen 801;
    server_name 127.0.0.1;
   location / {
        proxy_pass http://unix:/var/discourse/shared/standalone/nginx.http.sock:;
        proxy_set_header Host $http_host;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
    }
}
2 Likes

Thanks for your quick reply!

Another question; what are your server specs(and for what userbase?) / have you made any changes for preformance over tor?

Thanks in advance!

It’s a 2Gb Digital Ocean VM with 105 users. We didn’t make any modifications (except a plugin to allow us to serve it over tor and clearweb simultaneously).

1 Like

Another question, do you have any issues with user images (like background card, profile banner, etc) taking a really long time to load (I suppose this is because of tor). After it’s cached though it shows it just fine.

I’m not exactly sure how tor user addresses work. But for me all the user logged ip’s show as 127.0.0.1 which I’d expect but I have set the x-forwarded-for header in nginx.

I’m not sure whether tor users have something similar to an ip over the tor network itself, and how I get this to show.

Might need to use set_real_ip_from

1 Like