haven icon indicating copy to clipboard operation
haven copied to clipboard

Published 20 hours ago verified publisher icon guardianproject

Onion service should listen on port 80 instead of 8888

Open micahflee opened this issue 6 years ago • 6 comments

I'm having trouble connecting to the PhoneyPot onion service from OnionBrowser in iOS. When I load http://[myaddress].onion:8888/ I get the error message:

Cannot Open Page An error occured: The requested URL was not found on this server. (Error "NSURLErrorDomain: -1100")

I think that this is due to an OnionBrowser bug where it's parsing the URL incorrectly, and isn't actually trying to connect to port 8888. I should open an OnionBrowser bug to address this.

However, there's no need to listen on a port other than 80 anyway. PhoneyPot can still listen on 127.0.0.1:8888 on the device, and the onion service can just forward port 80 to port 8888. (This is how OnionShare works as well, the actual web service is on some high port, but the onion service forwards port 80.) It's just a matter of configuring the hidden service.

micahflee avatar Jul 07 '17 19:07 micahflee

This does seem like a big in OB that needs to be fixed. @Mtigas can we get Micah on the latest testflight beta and see how it fairs?

Otherwise, agreed and understand how to do it as you say. The issue is that Orbot doesn't currently support the two separate port values in its HS configuration. We will need to update Orbot and the HS API to make this possible.

n8fr8 avatar Jul 07 '17 21:07 n8fr8

@micahflee info on the OB2 preview here: https://www.patreon.com/posts/quick-onion-2-0-12054247

n8fr8 avatar Jul 07 '17 21:07 n8fr8

Oh nice, it seems likely that the new OB will solve this issue so that it's at least usable in iOS. Still though, it would be nice to use port 80 for the onion service at some point (and it would be cool to have better HS support in Orbot), but it's obviously not very critical.

micahflee avatar Jul 10 '17 02:07 micahflee

Have absolutely no idea why a URI with explicit port seems to fail in OB1; just tested and can confirm that it happens. But Onion Browser 2 works just fine.

mtigas avatar Jul 10 '17 22:07 mtigas

Won't you require CAP_NET_ADMIN or root to listen on ports 80? Isn't that why it's listening on a high port because some people won't have root access on their devices, etc?

gripedthumbtacks avatar Dec 22 '17 20:12 gripedthumbtacks

@DtpEJsaYXDU4GDH8dE4MyI9VrieF0UZpPZ0K76K Tor allows low-level ports in the tor network to be forwarded to high-level ports on the device, so there would be no special privileges needed. The number '80' is only a value inside the Tor service.

xloem avatar Jan 06 '18 22:01 xloem