Enterprise Onion Toolkit¶
Tor onion services, also known as hidden services, are websites that can be accessed through the Tor network. These services are useful for publishers because they allow them to host their content on the internet without revealing their physical location or IP address. This can provide a greater level of privacy and security for both the publisher and the users accessing the content.
Because Tor onion services are accessed through the Tor network, they are much more difficult to block or censor than regular websites. This is because the connection between the user and the website is encrypted and routed through multiple nodes on the network, making it difficult for anyone to determine the source or destination of the traffic. This means that even if one node on the network is blocked, the traffic can still be routed through other nodes to reach the website.
To deploy an Onion service, you first need to deploy EOTK instances for the related origin group, and then configure the individual Onion services that will be served by those EOTK instances.
Once your administrator has provided you access to the portal, you can begin to configure your onion service deployments. To get started, select “Groups” under “Configuration” from the menu on the left hand side. If you are using a mobile device, you may need to click the hamburger icon at the top of the screen to open the menu.
You will see a ✅ or ❌ in the “EOTK” column for the group to show whether or not EOTK instances are enabled for that group.
Creating a new group¶
If the group you would like to use EOTK for does not yet exist, create a new group by clicking the “Create new group” button.
Short Name¶
This must be a unique short name for the group. It needs to be short. No more than 4-5 characters.
Description¶
A free-form description for the group.
Deploy EOTK instances¶
Tick this checkbox to deploy EOTK instances for this group.
Adding EOTK to an existing group¶
Click “View/Edit” next to the group that you’d like to edit.
Description¶
A free-form description for the group.
Deploy EOTK instances¶
Tick this checkbox to deploy EOTK instances for this group.
Managing Onion services¶
To create a new Onion service, click “Create new onion service” at the top of the list page. This will present you with the new onion service form:
Domain Name¶
The base origin domain name that the Onion service will be for. This should be the common domain name of all the subdomains you want to serve on the Onion service, not including any subdomain (e.g. example.com not www.example.com).
Description¶
A free-form text description to help identify the Onion service.
Onion Private Key¶
The private key for the Onion service. This could be generated by tor or by a tool such as
mkp224o.
Onion Public Key¶
The corresponding public key. The Onion hostname will be derived from the public key, however no checks are made to ensure that the public key is the correct key to correspond to the private key.
TLS Private Key (PEM format)¶
The PEM formatted TLS private key. If not specified, the self-signed certificates generated by EOTK will be used. Beware that in that case, each EOTK instance will have different TLS keys and certificates.
TLS Certificate (PEM format)¶
The PEM formatted TLS certificate. Either a self-signed certificate, or a certificate issued by an authority that will validate .onion hostnames. This should be a wildcard cert for the domain name given above (e.g. *.example.com).