mastodon tor config

1. Ok how to serve your mastodon instance over a .onion address as well as clear text.
2.  
3.  
4. First install tor via your distros package manager.
5.  
6. For debian based use
7.  
8. apt-get install tor -y
9.  
10. for RHEL based
11.  
12. yum -y install tor
13.  
14.  
15. Next this step is optional and you can skip it if you do not wish to have a custom .onion address.
16.  
17.  
18. git clone
19.  
20. https://github.com/katmagic/Shallot.git
21.  
22. cd Shallot
23.  
24. ./configure && make
25.  
26. ./shallot ^foo
27.  
28. where foo is the word you want a custom address for, the more letters it is the longer it will take and i dont recommend anything over 6 letters as 7 letters will take a whole day. But if you need 7 and you have the time dont let me stop you.
29.  
30. When its done it will spit out a private key. Save this in a text file for now.
31.  
32. Next edit your tor config file.
33.  
34. nano /etc/tor/torrc
35.  
36. and add these lines to the bottom
37.  
38. HiddenServiceDir /var/lib/tor/domain.com/
39. HiddenServicePort 80 xxx.xxx.xxx.xxx:80
40. HiddenServicePort 443 xxx.xxx.xxx.xxx:443
41.  
42. replace the x'es with your servers IP address and domain.com with your instance domain name.
43.  
44. then save and close the file.
45.  
46. run the following command
47.  
48. service tor restart
49.  
50. or whatever command your distro used to restart a running service.
51.  
52. next
53. cd /var/lib/tor/domain.com/ replacing domain.com with your instance domain name you selected in the tor config
54.  
55. If you created a private key for a custom .onion address you will want to
56.  
57. nano private_key
58.  
59. and replace the one there with the one you created and saved then run
60.  
61. service tor restart
62.  
63. otherwise if you did not want a custom .onion run
64.  
65. cat hostname
66.  
67. to get your .onion address
68.  
69. Next go to your mastodon instance config for nginx, on my vps its located in /etc/nginx/conf.d but other distros may be different.
70.  
71. Find the area that says
72.  
73. server {
74. # redirect from http to https
75. listen 80;
76. listen [::]:80;
77. server_name mastodon.starrevolution.org www.mastodon.starrevolution.org;
78. return 301 https://$server_name$request_uri;
79. }
80. server {
81. listen 443 ssl;
82. listen [::]:443 ssl;
83. server_name mastodon.starrevolution.org www.mastodon.starrevolution.org;
84.  
85.  
86. and change it to
87.  
88. server {
89. # redirect from http to https
90. listen 80;
91. listen [::]:80;
92. server_name mastodon.starrevolution.org www.mastodon.starrevolution.org xxxxxxxxx.onion www.xxxxxxxxx.onion;
93. return 301 https://$server_name$request_uri;
94. }
95. server {
96. listen 443 ssl;
97. listen [::]:443 ssl;
98. server_name mastodon.starrevolution.org www.mastodon.starrevolution.org xxxxxxxxx.onion www.xxxxxxxxx.onion;
99.  
100.  
101. Replacing the x;es of course with the .onion address you either created before or the one you discovered via cat hostname and please dont edit your config to match my domain names, leave the ones you have there already im just using mine as an example.
102.  
103. Finally run.
104.  
105. nginx -t
106.  
107. service nginx reload
108.  
109. now open torbrowser and navigate to your new .onion address.
110.  
111. Mine is https://www.starrev3tah2dnhj.onion
112.  
113. You may get a certificate warning, add an exception.