Tails Server: Self-hosted services behind Tails-powered onion services
|Feature #11313: Design the GUI of Tails Server||Resolved||segfault||
|Feature #11314: Implement a Tails Server prototype||Resolved||segfault||
|Feature #11551: Install the mumble VoIP client||Confirmed||segfault||
|Feature #12230: Release Tails Server Beta||In Progress||anonym||
|Feature #12231: Write Tails Server Design Documentation||Confirmed||segfault||
|Bug #12253: Use persistence.conf in Tails Server||Confirmed||segfault||
|Feature #12255: Use polkit with Tails Server||Confirmed||segfault||
|Bug #12297: Make Tails Server compatible with Wayland||Confirmed||segfault||
|Feature #14456: Finish documenting Tails Server||Confirmed||spriver||
|Feature #15034: Create apparmor rules for Tails Server services||Confirmed||segfault||
|Feature #15299: Restrict access to onionkit via D-Bus||Confirmed||segfault||
|Feature #15300: Redesign Tails Server GUI||Confirmed||
|Feature #15301: Run Tails Server services in containers||In Progress||segfault||
|Feature #15343: Add schleuder list to Tails Server||Confirmed||segfault||
|Feature #15348: Have an icon for the Tais Server GUI||Confirmed||
|Feature #15899: Rethink goals of Tails Server||Confirmed||segfault||
Related to Tails -
|Related to Tails - Feature #12236: Add more services to Tails Server||Confirmed||2018-01-16|
|Related to Tails - Feature #15035: Use systemd security features for Tails Server services||Confirmed||2017-12-10|
|Related to Tails - Feature #15181: Help create Debian packages for Tails Server||Confirmed||2018-01-17|
|Related to Tails - Feature #6333: firewall exceptions for user-run local services||Confirmed||2013-10-04|
Related to Tails -
#2 Updated by segfault 2015-03-19 17:48:59
I wrote a script to start a hidden web server on Tails. This is a very simple solution without any of the many features planned in the blueprint. It just installs apache (could be any other web server), binds the persistent hidden_service directory to /var/lib/tor, configures Tor to use the hidden service and adds a rule to iptables allowing Tor to access the webserver.
I can try to figure out how to integrate this into Tails if you think this is useful in any way.
#3 Updated by segfault 2015-03-19 17:52:39
Attaching the files doesn’t work, progress bar just states ‘error’, so I’ll just paste them here:
#!/bin/bash echo "Installing apache." apt-get install apache2 echo "Configuring tor hidden service." ./configure_hidden_service.sh echo "Adding iptables rules." ./add_iptables_rules.sh
#!/bin/bash # bind hidden service dir sudo mount --bind ./hidden_service /var/lib/tor/hidden_service # add hidden service to torrc TORRC=/usr/share/tor/tor-service-defaults-torrc echo HiddenServiceDir /var/lib/tor/hidden_service >> $TORRC echo HiddenServicePort 80 127.0.0.1:80 >> $TORRC # reload tor sudo service tor restart
#!/bin/bash ### Allow access to web server on lo ### # allow user tor (hidden service) iptables -I OUTPUT -d 127.0.0.1/32 -o lo -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -m owner --uid-owner debian-tor -j ACCEPT # allow user root #iptables -I OUTPUT -d 127.0.0.1/32 -o lo -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -m owner --uid-owner root -j ACCEPT # allow unsafe browser #iptables -I OUTPUT -d 127.0.0.1/32 -o lo -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -m owner --uid-owner clearnet -j ACCEPT
#16 Updated by segfault 2017-02-14 17:49:31
- Target version changed from 2017 to Tails_3.2
- Feature Branch set to feature/5688-tails-server
We plan to release Tails Server with the first point release after the release of the next-generation onion services (scheduled for August 2017). This will be Tails 3.2, scheduled for 10/03/2017.
#33 Updated by Anonymous 2018-01-15 15:22:45
What’s the current release plan? You said that you are waiting for next-generation onion services, and Torproject said they released a beta in November 2017: https://blog.torproject.org/tors-fall-harvest-next-generation-onion-services. Do we know more about their release schedule (just so that we can track this on this ticket / on our side)?
#34 Updated by segfault 2018-01-15 17:06:01
- Target version changed from Tails_3.5 to Tails_3.8
> What’s the current release plan?
Ok, a little overdue update: I worked a lot on this in the last months. I redesigned and rewrote a lot of code, and plan to make Debian packages with the names onionkit for the backend and onionservices (if I don’t find something better) for the GUI. It’s not finished yet, I still have quite some work to do, and I would also like to redesign the GUI to fit the new GNOME Settings design. But I have to focus on other projects with hard deadlines in the next weeks, so this will have to wait some more. I will set the target version 3.8 for now, as I don’t think 3.6 is realistic.
> You said that you are waiting for next-generation onion services, and Torproject said they released a beta in November 2017: https://blog.torproject.org/tors-fall-harvest-next-generation-onion-services. Do we know more about their release schedule (just so that we can track this on this ticket / on our side)?
The next-gen onions were the main blocker before the redesign, but they actually already got released in the latest stable release, so they are not a blocker anymore. And I hope that they will also be supported in Stem by the time I finished everything else.
#36 Updated by Anonymous 2018-01-17 13:53:00
> > What’s the current release plan?
> Ok, a little overdue update: I worked a lot on this in the last months. I redesigned and rewrote a lot of code, and plan to make Debian packages with the names onionkit for the backend and onionservices (if I don’t find something better) for the GUI.
Wow, that’s really awesome!
I’d like to help with debianizing these two pieces of code: Will add a ticket for this.
Concerning the names, I think you might want to send an email to tails-dev (?) and ask for comments. I’m unsure if these names correctly reflect what the software does.
Maybe: onionservices & onionservices-gui would be more appropriate? or onionservices-client or something.