Hidden Services
Remark: Support for hidden services is new in Vidalia. You should expect it
to have bugs, some of which possibly corrupting your hidden service
configuration. So, don't rely on it, or rather, don't blame us if something
goes wrong. If you find bugs or have comments on this new feature, please
let us know! We need your feedback.
What is a hidden service?
Hidden services allow you to provide any kind of TCP-based service, e.g. an
HTTP service, to others without revealing your IP address. The protocol
to provide a hidden service is built on top of the same circuits that Tor
uses for anonymous browsing and roughly has similar anonymity properties.
For more information on hidden service you may want to read section 5 of
Tor's design paper (doc/design-paper/tor-design.pdf) or the Rendezvous
Specification (doc/spec/rend-spec.txt).
How do I provide a hidden service?
Providing a hidden service consists of at least two steps:
- Install a web server locally (or a server for whatever service you
want to provide, e.g. IRC) to listen for local requests.
- Configure your hidden service, so that Tor relays requests coming
from Tor users to your local server.
There is a fine tutorial on the Tor website
(https://www.torproject.org/docs/tor-hidden-service.html) that describes
these steps in more detail.
What data do I need to provide?
The services table contains five columns containing data about configured
hidden services:
- Onion Address (generated): The service (or onion) address is
generated by Tor to uniquely identify your service. Give this onion
address to the people who shall be able to access your service. You
may use the "Copy to clipboard" button for that to avoid typos. If
you have just created a hidden service, the field says "[Created by
Tor]"; in order to make it display the real onion address, you need
to save your configuration and re-open the settings window.
- Virtual Port (required): This is the TCP port that clients will need
to know in order to access your service. Typically, you will want to
use the service-specific port here, e.g. port 80 for HTTP. Note that
the virtual port usually has nothing to do with firewall settings,
because it is only used Tor-internally.
- Target (optional): Usually you want Tor to relay connection requests
to localhost on a different port than the one you specified in
"Virtual Port". Therefore, you can specify a target consisting of
physical address and port to which requests to your hidden service
are redirected, e.g. to localhost:5222 (or on whatever port your
server is listening). If you don't specify any target, Tor will
redirect requests to the port specified in "Virtual Port" on
localhost.
- Service Directory (required): Tor needs to store some hidden-service
specific files in a separate directory, e.g. a private key and a
hostname file containing the onion address. This directory should be
distinct from a directory containing content that the service
provides. A good place for a service directory might be a sub
directory in Tor's data directory. -- Note that you cannot change the
directory of a running service (it wouldn't make much sense to allow
it, because Vidalia is not supposed to move directories on your hard
disk!). If you want to move a hidden service to another directory,
please proceed as follows: Start by disabling the service in Vidalia
and save the configuration. Then move the directory on your hard disk
to the new place. Finally, change the directory in Vidalia to the new
location, enable the service again, and save the new
configuration.
- Enabled: If this checkbox is disabled, Vidalia will not configure the
given hidden service in Tor. This can be useful for keeping the
configuration of a currently unused service for later use. All
non-enabled services are stored in the Vidalia-specific configuration
file vidalia.conf.
What are the five buttons used for?
- Add service: Creates a new empty service configuration.
- Remove service: Permanently removes a hidden service configuration.
(If you want to temporarily remove a service, uncheck its Enabled
checkbox.)
- Copy to clipboard: Copies the onion address to the clipboard, so
that you can tell it to whoever shall be able to use your
service.
- Browse: Lets you browse to find a local hidden service
directory.
How can I configure advanced hidden service settings?
Tor allows configuration of more specific settings for hidden services,
e.g. forcing to use (or avoiding) certain nodes as introduction points, or
providing multiple virtual ports for the same service.
However, we decided to simplify things in Vidalia and provide only the most
common settings. If you want to configure advanced settings, you need to do
so in Tor's torrc file. Vidalia will not remove those settings even when
you are editing your hidden services. If you specify more than one virtual
port, only the first will be displayed and be editable.
How does Vidalia help me to access other hidden services?
Not at all. There is no need to do so. If you want to access another hidden
service, type the service's onion address in your browser (or appropriate
client application if it's not a web service), and Tor does the rest for
you. There is no need to specifically configure Tor for that.