💾 Archived View for tilde.pink › ~shardiame › 2021 › hidden_gemini.gmi captured on 2021-12-17 at 13:26:06. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2021-12-03)
-=-=-=-=-=-=-
I made this post on my web-based Blog about my new love of Gemini.
https://www.residualbits.org/posts/2021/02/why-gemini-hidden-capsules/
I won't repeat all the content here since, if you are reading this, you are already using Gemini and I assume already in the "believer" camp.
I do, however, want to repost my thoughts on using Gemini as a Tor hidden service because I think the idea is pretty exciting!
Using the modern web over Tor is scary for several reasons:
Gemini, on the other hand...
Setting up a Gemini-based Tor hidden service is fairly easy. These instructions are for Linux (Debian).
Start by ensuring you have a modern version of Tor running on your machine.
Instructions for installing Tor on Debian
Next, get your Gemini server of choice. I selected gmnisrv.
I'm going to gloss over setting up some of the Gemini server. Obviously, make sure it's running as an unprivileged user and chrooted / sandboxed as appropriate.
The first step is to configure Tor to expose your Gemini server as a new hidden service. To do this, add the following lines to `/etc/tor/torrc`:
HiddenServiceDir /var/lib/tor/hidden_gemini/ HiddenServicePort 1965 127.0.0.1:1965
And restart Tor.
$ sudo service tor restart
This will create a new set of keys for the hidden service in `/var/lib/tor/hidden_gemini`.
We need to get the hostname for our new hidden service.
$ cat /var/lib/tor/hidden_gemini/hostname 4cesl34prayq4n2tiw3bhnfe6gckjuhjt3nllt5uexmv6mq4lxwcoiyd.onion
Now, we can setup our gmnisrv configuration file like so.
You'll need to make sure the user running `gmnisrv` has r/w to the configured certificate store and root.
Make sure to configure `gmnisrv` to listen only to 127.0.0.1 so you don't inadvertently expose your Gemini capsule to the clearnet.
listen=127.0.0.1:1965 [:tls] # Path to store certificates on disk store=/etc/ssl/gemini # Optional details for new certificates organization=Hidden Gemini [4cesl34prayq4n2tiw3bhnfe6gckjuhjt3nllt5uexmv6mq4lxwcoiyd.onion] root=/var/gemini
Create some content:
echo "# Hello World" > /var/gemini/index.gmi
Start the server:
$ torify gmnisrv -C gmnisrv.config [gmnisrv] generating certificate for 4cesl34prayq4n2tiw3bhnfe6gckjuhjt3nllt5uexmv6mq4lxwcoiyd.onion [gmnisrv] listening on 127.0.0.1:1965 [gmnisrv] gmnisrv started
And test it out with your client of choice (making sure that it's also going through Tor or the .onion won't resolve properly):
$ torify lagrange 4cesl34prayq4n2tiw3bhnfe6gckjuhjt3nllt5uexmv6mq4lxwcoiyd.onion
You should now be serving content via. Gemini as a Tor Hidden Service.