The apache and nginx webservers have a predefined folders for sites configuration e.g. sites-available and sites-enabled. So you know where to put your custom configuration.
In the Tor current approach is to edit the torrc file but during and update you may lost your changes because they will be overwritten.
This becomes a bigger problem for OpenWrt firmware for routers where during a firmware sysupgrade all files from the /etc/ are cleared unless they clearly specified to be kept. The ClearLinux also use immutable configs design.
Likely the torrc file has a %include directive that can be somehow give the same behavior:
%include /etc/torrc.d/*.conf
So we can add hidden service configurations as a separate files into the directory /etc/torrc.d/ e.g. /etc/torrc.d/sshd.conf or /etc/torrc.d/nextcloud.conf.
Here I found few problems:
- The directive is commented out. But it should work out of the box so user don’t need to change the torrc file.
- On Ubuntu/Debian the line is not present at all. And the
/etc/torrc.d/is not created on the tor package install. Maintainers should fix this.
Each service also needs for it’s own folder to keep keys. To make a layout simpler we can put keys in the same folder where the conf file is located. But it may be parsed as a config so instead create a subfolder keys. I tried and made the following structure:
File with the onion service config /etc/torrc.d/sshd/sshd.conf with content:
HiddenServiceDir /etc/torrc.d/sshd/keys/
HiddenServicePort 22 192.168.1.1:22
And it has a /etc/torrc.d/sshd/keys/ folders with all files: authorized_clients, hostname, hs_ed25519_public_key, hs_ed25519_secret_key.
Now I included it with:
%include /etc/torrc.d/*
And it works according to manual e.g. folders are scanned for configs but not their subfolders.
This files layout is probably a simplest that is possible. And it’s easy to backup and understand. Or maybe I missing something?
Can we make this or some other default config layout for hidden onion services to simplify tutorials and to have a common understanding.
I found a related topic