Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add External Tor Usage Documentation #1262

Open
wants to merge 7 commits into
base: master
Choose a base branch
from

Conversation

preland
Copy link
Contributor

@preland preland commented Sep 8, 2024

This PR addresses #1253.

@preland preland requested a review from a team as a code owner September 8, 2024 23:25
@boldsuck
Copy link
Contributor

boldsuck commented Sep 9, 2024

Hi @preland,
external Tor for Haveno Client can be used in 2 ways.

  1. Your way with ControlPort: Haveno Client creates a hidden service with jtorctl. (You can not use HiddenServices options.)
    Important: Haveno user must be in tor group to use ControlPort.
    Add user to tor group on Debian/Ubuntu sudo usermod -aG debian-tor <user>.

  2. Or how the seednodes, use the SocksPort. (Haveno user must not in tor group)
    The HiddenService must be created in /etc/tor/torrc. (You can use all HiddenServices options.)
    e.g.:

# Haveno incoming anonymity connections
HiddenServiceDir /var/lib/tor/haveno_service/
HiddenServicePort 9999 127.0.0.1:9999
HiddenServicePort 9999 [::1]:9999

With Haveno flags --hiddenServiceAddress=some.onion --nodePort=9999 or in haveno.properties.
#1170 (comment)

Maybe you can link to the seednode documentation ### Install Tor
https://github.com/haveno-dex/haveno/blob/master/docs/deployment-guide.md#install-tor
Install Tor from deb.torproject.org is preferred, Debian backports are also OK. Usually only a few days later. Both are from the same maintainer.

Prove if PoW is enabled: tor --list-modules
Tor config e.g. CookieAuthFile is preconfigured on Debian derivatives by /usr/share/tor/tor-service-defaults-torrc

docs/external-tor-usage.md Outdated Show resolved Hide resolved
docs/external-tor-usage.md Outdated Show resolved Hide resolved
docs/external-tor-usage.md Outdated Show resolved Hide resolved
docs/external-tor-usage.md Outdated Show resolved Hide resolved
docs/external-tor-usage.md Outdated Show resolved Hide resolved
docs/external-tor-usage.md Outdated Show resolved Hide resolved
docs/external-tor-usage.md Outdated Show resolved Hide resolved
docs/external-tor-usage.md Outdated Show resolved Hide resolved
@woodser
Copy link
Contributor

woodser commented Sep 18, 2024

I can't get tor to create my cookie authentication file for some reason. Not sure what I'm doing wrong, but it's not created when tor is started. I've configured my torrc file (installed through homebrew):

ControlPort 9051
CookieAuthentication 1
CookieAuthFile /opt/homebrew/etc/tor/control_auth_cookie

Tor has permission to write to that directory.

@preland
Copy link
Contributor Author

preland commented Oct 29, 2024

I have made a few changes to the instructions which should address some issues with the original writing:

-Removed mentioning of using package managers for downloading Tor. This added extra complexity and confusion to the document, as well as went against the recommendations of the Tor Project.
-replaced the vagueness of the CookieAuthFile name. While the file name is technically arbitrary, I doubt many will lose sleep over naming the file “control_auth_cookie”.
-Added some extra context for killing tor (most likely unnecessary, but should be mentioned just in case)
-Added running tor with the -f flag in step 4.

@boldsuck
Copy link
Contributor

Hi @preland
I just saw this by chance bisq-network/bisq#1935
I think Haveno | Bisq supports Tor ControlPassword or SafeCookieAuth and not CookieAuth.
Tor Authentication via Control Port

I have only used Tor ControlPassword with Netlayer / jtorctl as described by Whonix Dev Patrick.
This eliminates all problems with read/write permissions of the control_auth_cookie file. (Cookie is created anew every time tor restarts.)

With every restart Haveno writes a new:
~/.local/share/Haveno/xmr_stagenet/tor/torrc
A permanent Tor configuration, in addition to Haveno standard torrc-entries, can be easily created using the tor %include config option, e.g.: ./torrc.local:
--torrcOptions=%include ~/.local/share/Haveno/xmr_stagenet/tor/torrc.local cmdline or in haveno.properties

@preland
Copy link
Contributor Author

preland commented Oct 30, 2024

Do you think that ControlPassword would be a better fit than SafeCookieAuth for our use case?

@boldsuck
Copy link
Contributor

boldsuck commented Nov 3, 2024

It's not better, I just wanted to point out the alternative. There seem to be problems with SafeCookieAuth on some systems bc. read/write permissions of the control_auth_cookie file. If your steps work so far, @woodser should merge them.¹ I don't have Whonix. Is it possible that Whonix has notrequied as the default torControlPassword?

¹I will then add to the docu how to configure Haveno Client with externalTor without using jtorctl. @woodser had @fa2a5qj3 change the code for the client as well. Unfortunately, this option is rarely used and all instructions refer to use system tor the old jtorctl/Netlayer bisq1 way.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants