How to fix WebTunnel bridge with Apache as reverse proxy

I have these apache addons enabled, am I missing one? Ive enabled all the ones my server will handle but do I have the right proxy addon enabled or do I need to gofetch

excurso
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so keep off
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_express_module modules/mod_proxy_express.so
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
#LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so keep off
LoadModule proxy_html_module modules/mod_proxy_html.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_http2_module modules/mod_proxy_http2.so
LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so

Thank you

For the WebTunnel bridge you need mod_proxy.so and mod_ssl.so.

Do you get an error?

You can run

apache2ctl configtest

to check whether the configuration is OK.

You ask how to fix, but do not describe what the problem is.

Thank you btw

It runs fine but WebTunnel is not liking it proctol error, I had some vhosts writing logs so I Iā€™ve now commented out vhosts in httpd, Iā€™m researching how to turn logs off full stop, got a couple of things to try from google. The only thing I can think the error is the logs. Iā€™m on to it

I assume you are not on Debian/Ubuntu.
If so, the apache2ctl command might not be available unfortunately.

If you want to disable logging, try the following command:

grep -r -n 'CustomLog' /etc/httpd

where /etc/httpd is where your Apacheā€™s configuration resides.

This will list you all the files containing ā€œCustomLogā€.
To disable comment out the CustomLog lines.
To disable error logs repeat the same with ā€œErrorLogā€.
Then reload/restart Apache.

Yes Windows of all! XAMP believe or not but it works very well everything I need thus far. Used it for years. Would mod_security interfere? Off the cuff though if it doesnā€™t work after logs, but I really would try to keep that. Will disable the log for this too.

Iā€™ll shall use the command httpd ā€œyour suggestion ā€œ - output from command. I can go through by hand but I shall double check if I can use this command

Thanks for input

Oh, Windows, OK.

For configuration purpose you should enable the error log temporarily for the WebTunnel virtual host:

Replace ErrorLog Off with ErrorLog <Path-To-Log-File>.
Restart Apache and take a look into the log file.

If mod_security interferes, you will see it there.
But it shouldnā€™t.

If you canā€™t solve it yourself, post the errors you get in the error log here.

Donā€™t forget to disable the error log again after you get the bridge to run properly.

DataDirectory C:\WebTunnel
GeoIPFile C:\WebTunnel\geoip
GeoIPv6File C:\WebTunnel\geoip6
Log notice file C:\WebTunnel\notices.log

BridgeRelay 1

ExtORPort auto
ORPort 0.0.0.0:auto
AssumeReachable 1
SocksPort 0

ServerTransportPlugin webtunnel exec C:\WebTunnel\Pluggable_Transports\webtunnel-client.exe

ServerTransportListenAddr webtunnel 127.0.0.1:15000
ServerTransportOptions webtunnel url=https://*
MaxAdvertisedBandwidth 1 MBytes

ContactInfo *
Nickname *

Does this all look good for torrc, Iā€™ll be running it as a service using allwaysUp

Iā€™'l report back Monaday Tuesday

You need the webtunnel server executable here, not the client executable!:

ServerTransportPlugin webtunnel exec C:\WebTunnel\Pluggable_Transports\webtunnel-client.exe

Iā€™m having trouble finding the server version of WebTunnel, Iā€™ve tried the usual expert packacke of tor and itā€™s not in there. In desperation Iā€™ve dowloaded all the other windows packages and itā€™s not there.
Iā€™ve tried to compile from source using Go on Ubuntu as I have a Vm and thereā€™s not a windows version there, seems to be focused on Debian but this is not really viable to keep a Vm running all the time. Iā€™d rather the slimline route you could say.
Index of /torbrowser is where Iā€™ve tried
Is there another repository I donā€™t know about or is there instruction to build a version for windows

Sorrry to be a bind but I think this will be the last hurdle with the apche mix

Have you tried to build using the native golang compiler for windows?

You can download it here.
WebTunnel server source is here.

Thanks for reply,

Ive installed Go on windows used the download link and ā€œgo build main.goā€
C:\Program Files\Go\bin\webtunnel-main-main-server\main\server>go build main.go
main.go:18:2: no required module provides package Sign in Ā· GitLab go.mod file not found in current directory or any parent directory; see ā€˜go help modulesā€™
main.go:16:2: no required module provides package Sign in Ā· GitLab go.mod file not found in current directory or any parent directory; see ā€˜go help modulesā€™
main.go:6:2: no required module provides package Sign in Ā· GitLab go.mod file not found in current directory or any parent directory; see ā€˜go help modulesā€™

Whats the problem or am i getting something wrong. Ive tried to dowload the modules manually and the links work fine in a browser, command line issue with gitlab?

Theres one called staticIP which is a locked page on gitlab

Do the same as described here in section 2 (Clone and compile).

You must clone the whole repository, then cd to the webtunnel server directory and start the build from there.

Ok built on windows. incidentally Window picked it up as a virus
Added an exception
I will now try the full effort and report back

Final result ok?

Sep 09 16:49:01.000 [notice] Your Tor server's identity key fingerprint is 'WebTunnelBR *'
Sep 09 16:49:01.000 [notice] Your Tor bridge's hashed identity key fingerprint is 'WebTunnelBR *'
Sep 09 16:49:01.000 [notice] Your Tor server's identity key ed25519 fingerprint is 'WebTunnelBR *'
Sep 09 16:49:01.000 [notice] You can check the status of your bridge relay at https://bridges.torproject.org/status?id=*
Sep 09 16:49:01.000 [notice] Bootstrapped 0% (starting): Starting
Sep 09 16:49:13.000 [notice] Starting with guard context "default"
Sep 09 16:49:13.000 [warn] Managed proxy "C:\WebTunnel\Pluggable_Transports\server.exe" wrote a STATUS line without TRANSPORT: "TYPE=version IMPLEMENTATION=\"webtunnel\" VERSION=\"0.0.1\""
Sep 09 16:49:13.000 [notice] Registered server transport 'webtunnel' at '*.*.*.*:443'
Sep 09 16:49:14.000 [notice] Bootstrapped 5% (conn): Connecting to a relay
Sep 09 16:49:14.000 [notice] Bootstrapped 10% (conn_done): Connected to a relay
Sep 09 16:49:14.000 [notice] Bootstrapped 14% (handshake): Handshaking with a relay
Sep 09 16:49:14.000 [notice] Bootstrapped 15% (handshake_done): Handshake with a relay done
Sep 09 16:49:14.000 [notice] Bootstrapped 20% (onehop_create): Establishing an encrypted directory connection
Sep 09 16:49:15.000 [notice] Bootstrapped 25% (requesting_status): Asking for networkstatus consensus
Sep 09 16:49:15.000 [notice] Bootstrapped 30% (loading_status): Loading networkstatus consensus
Sep 09 16:49:16.000 [notice] I learned some more directory information, but not enough to build a circuit: We have no recent usable consensus.
Sep 09 16:49:16.000 [notice] Bootstrapped 45% (requesting_descriptors): Asking for relay descriptors
Sep 09 16:49:16.000 [notice] I learned some more directory information, but not enough to build a circuit: We need more microdescriptors: we have 6482/7787, and can only build 59% of likely paths. (We have 84% of guards bw, 82% of midpoint bw, and 85% of exit bw = 59% of path bw.)
Sep 09 16:49:16.000 [notice] Bootstrapped 73% (loading_descriptors): Loading relay descriptors
Sep 09 16:49:20.000 [notice] Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
Sep 09 16:49:21.000 [warn] Requested exit point '$BA44A*' is not known. Closing.
Sep 09 16:49:21.000 [notice] Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
Sep 09 16:49:21.000 [notice] Bootstrapped 95% (circuit_create): Establishing a Tor circuit
Sep 09 16:49:22.000 [notice] Bootstrapped 100% (done): Done
Sep 09 16:49:23.000 [notice] Self-testing indicates your ORPort *.*.*.*:62222 is reachable from the outside. Excellent. Publishing server descriptor.
Sep 09 16:49:31.000 [notice] Performing bandwidth self-test...done.

Looks good.

I forgot to mention mod_proxy_http.so . It is also required for the webtunnel bridge.
But you already have it in your LoadModule list.

Now try to connect Tor Browser to your bridge.

Theres no pt_state or bridge_line as of yet

It was funticional earler but now dysfunctional as I restarted to take a backup of the setup and keys

Sep 10 05:22:35.000 [notice] Heartbeat: Tor's uptime is 6:00 hours, with 7 circuits open. I've sent 11.18 MB and received 20.27 MB. I've received 25 connections on IPv4 and 23 on IPv6. I've made 6 connections with IPv4 and 0 with IPv6.
Sep 10 05:22:35.000 [notice] While not bootstrapping, fetched this many bytes: 11776885 (server descriptor fetch); 479 (server descriptor upload); 335714 (consensus network-status fetch); 163095 (microdescriptor fetch)
Sep 10 05:22:35.000 [notice] Heartbeat: Since last heartbeat message, I have seen 13 unique clients.

ServerTransportOptions webtunnel url=https://

The url is the public facing true domain or the randoly generated text in the proxy script?

webtunnel: dysfunctional

This is OK. It takes some time, then it will be shown as functional again.

Theres no pt_state or bridge_line as of yet

The bridge line is:

webtunnel 1.2.3.4:1234 url=https://yourdomain/<SECRET_PATH>

The IP address/port combo is not used in webtunnel bridge. You can use any.