I would like to be able to run Nextcloud as a Tor hidden service, but even when you list the .onion address as a ātrusted domainā, nextcloud responds with a redirect to the serverās public domain name, defeating the purpose. Is there some way to prevent this from happening?
mee too / ditto. I donāt know how to use the help.nextcloud.com environment to say āDear forum bot, whenever anything about this post changes, please notify me (via email or something).ā, so I am hoping that this āreplyā post will have similar effect. I tried āLikeā and ābookmarkā, but there seems to be no indication that that will cause a notification when someone will actually reply to the question being asked.
Thereāre a few things to look at, depending how youāre set up. In this case, the Tor hidden services program is acting as a reverse proxy, so youāll probably need to tell Nextcloud how to deal with that. Iād try setting the overwritehost option in your config.php to whatever your .onion address is, as the first step.
Thereās an example configuration here, though Iām not sure how relevant the given settings are to Tor. Hope this helps!
Thanks @mactrent, but unfortunately that solution is insufficient for me because I would like to be able to access Nextcloud via Tor OR the public internet. Sorry for not being more clear.
I believe thatās what the conditional rewrite condition in that example configuration was for, but itās admittedly pretty tough to parse.
I think this line is what tells it to only apply the overwritehost option to queries that come through the proxy:
āoverwritecondaddrā => ā^10.0.0.1$ā,
If thatās not an option, then Iād set up an additional reverse proxy host, and have it translate all those redirections with Apacheās ProxyPass and ProxyPassReverse options. Here is an old guide for doing that with ownCloud. a.lan would be your internet accessible address, and b.lan would be your .onion-accessible proxy server, rather than lan-only and internet.
I managed to make it work in a different way.
At first, I discovered this link https://www.torproject.org/docs/tor-onion-service, which tells how to create a tor onion. In a nutshell, create a directory where tor will generate its files, then make a chmod 700 in order to limit the access to the directory. Go to your torrc file which is either at /etc/tor/torrc if you run tor as root (which is not recommended and will raise a warning) or ~/.torrc if you run it as a normal user, in it, add two lines, āHiddenServiceDir /path/to/the/previous/directoryā and āHiddenServicePort 80 127.0.0.1:80ā. Those lines tell tor that we want it to launch a service. The port is where tor will redirect the inputs. The last configuration step is to tell apache we want it to listen to tor. To make it, add āListen 127.0.0.1:80ā to /etc/apache2/sites-available/nextcloud.conf. Which should exist if you correctly set up Nextcloud.
Then launch tor and restart apache. Once you launched tor, you can check the file āhostnameā in your directory, inside you will find your onion name.
I used to have a problem with Nextcloud telling me that the onion wasnāt trusted. Yet I managed to solve it, by copying the link shown in the error message and pasting it into a regular browser. By logging into the admin account, you can add the onion to the trusted domains list.
I hope this will help someone.
modify the file docker/.examples/docker-compose/with-nginx-proxy/postgres/apache/docker-compose.yml and add it two lines in the app section
ports :
- 8080:80
restart the docker container sudo docker-compose restart app
install tor : sudo apt-get install tor
verify tor runs correctly : sudo apt-get install torsocks curl and run torify curl http://expyuzz4wqqyqhjn.onion/ (Note : the onion link used is the torprojet home). It will show the html source.
Note : Here we set the directory /var/lib/tor as the place where tor will put its file, you can chose another place.
Warning : the chosen place has to be owned by the user running tor (on default the user is debian-tor which owns /var/lib/tor if you want to change it run chown 700 name/of/the/directory/).
restart tor : sudo systemctl restart tor
copy paste the content of /var/lib/tor/hostname in your Tor Browser.
you should see an error message showing the following