TOR onion domain for Discourse

kefir · April 18, 2019, 4:25pm

Hello,

we are having some issues for users to connect to our discourse instance through TOR. Many times, a “Unable to connect” message appears and you have to change several times your identity to connect. We have checked with our upstream hosting provider and they say they dont block tor traffic so we are trying to figure out what it could be. We have generated an onion domain for the platform but, at the same time, we want users to be able to access through a reserved domain with a non-tor browser.

Any suggestions?

Thanks in advance

habeycole · April 18, 2019, 6:41pm

This means your instance is launched as an onion site, and as such, cannot be viewed or accessed with a non-tor browser.

Onion sites can only be accessed through tor-browsers, but if you want your discourse instance to be accessed outside its onion domain, then you will need to get a premium domain for the ‘surface web’ like a .com,.org, .ly, etc. When you do this, then you can map the domain you bought with your discourse instance through its IP address.

I hope this is clear enough, huh?

kefir · April 18, 2019, 8:28pm

Hello,

yes, we have a premium domain configured already. What we want to achieve is that you can access to the platform both through the premium domain (this is what is working) and an onion domain (we have created the onion domain; configured tor on the servers; configured nginx) at the same time. We included in the server_name paramater the onion domain but this doesnt seem to be enough.

Thanks.

habeycole · April 18, 2019, 8:40pm

Oh,never knew this was what you requested. I had thought in the reverse.

For your present condition, please see this.I hope it explains what you need to do better.

BryanHR · September 29, 2019, 9:45pm

I know this thread is old as hell, but i was having the same problem and had to do some tweaks to make it work.

The thing is that i checked with ./launcher logs app and turns out the onion template copies a bunch of stuff from the default site, the problem is that some of these settings are duplicated.

I had to log into the container with ./launcher enter app and then edit the /etc/nginx/conf.d/onion.conf to delete the line proxy_buffer_size 8k;

Additionally, I had to add the server_names_hash_bucket_size 64; to the file nginx.conf

This made the server work again, I found this by looking at the logs

hellekin · July 16, 2020, 12:58pm

Since the Tor project now has documentation about the Onion-Location header, I’d be interested to see how it is possible to configure Discourse to serve both a “surface domain” and an onion.

https://community.torproject.org/onion-services/advanced/onion-location/

It seems to me that @BryanHR’s tweaks can be done in the container’s YAML configuration. I suppose the Onion-Location header could be added the same way.

But I seem to remember that Discourse is wired to its original host, so I’m worried that access to an .onion site would serve resources over normal HTTP or HTTPS without going through the Tor network. (E.g., the original request is made through Tor, but the JavaScript uses the original domain to get additional assets).