Re: [Tails-dev] [review] Run a HTTP server as an Hidden Serv…

Delete this message

Reply to this message
Author: Alexandros
Date:  
To: tails-dev
Subject: Re: [Tails-dev] [review] Run a HTTP server as an Hidden Service insideTails.
On 01/20/2015 08:45 PM, matsa wrote:
>
> Hi,
>
> Tails can be used to run a HTTP server, nginx, as an Hidden Service.
>
> The documentation is available here:
> http://repo.or.cz/w/tails/matsa.git/blob/refs/heads/7879-http-server-with-nginx:/wiki/src/doc/advanced_topics/http_server_with_nginx.mdwn
>


Hello,

thanks for writing this.

Two thoughts:

a) I think 'server_tokens off;' option could be set in the suggested
nginx configuration:

    server {
            listen 127.0.0.1:8080 default_server;
            server_name localhost;
            server_tokens off;
            root /var/www;
            index index.html index.htm;


            location / {
                    allow 127.0.0.1;
                    deny all;
                }
           }


This disables emitting nginx version in error messages and in the
“Server” response header field. [1]

In terms of anonymity, this differentiates nginx behavior from the
default one, so one could argue it minimizes the anonymity set. On the
other hand, hiding nginx's version may prevent someone from trivially
guessing the operating system the hidden service runs on. I would add
it's a pretty common choice even in non-onion web services.

b) I observe commands in initial setup and configuration sections repeat
in the "setup after restart" section. I'm wondering if apart from the
explicit citation of the commands in this guide, it would be worth
bundling them in a bash script.

One could argue that advanced users would script the commands one way or
another, but this guide is an advanced topic already, right?

Cheers


[1] http://nginx.org/en/docs/http/ngx_http_core_module.html#server_tokens