Self-hosting the Tor Project users forum

system · June 8, 2023, 9:20pm

by lavamind | June 8, 2023

A year and a half ago, we launched the Tor Project users forum, a new discussion platform based on Discourse, allowing us to continue to grow the Tor community and experiment new ways to gather feedback and provide support.

Today, we're happy to announce the forum will soon migrate from the free cloud hosting graciously provided by the team behind Discourse to the Tor Project's own server infrastructure.

This will offer us more control over the forum's configuration and allow us to provide an experimental onion service for our users accessing the platform via the Tor network.

The migration will happen on June 20th, 12 days from now.

Once migrated, the forum will have a new address: forum.torproject.org. The old address will automatically redirect visitors to the new one.

Important note for two-factor authentication

If you're using a U2F key for two-factor authentication (2FA) on the forum, you’ll have to use a backup code in order to login after the migration. Alternatively, you can disable two-factor authentication on your account before the migration and re-enable it afterward. Please make sure you have either saved a copy of your backup codes or disabled 2FA before 2023-06-20, or you will be locked out of your forum account!

Issues with the forum following the migration may be reported through the usual support channels.

This is a companion discussion topic for the original entry at https://blog.torproject.org/tor-project-forum-migration

atari · June 10, 2023, 11:14am

never understood why it was not self-hosted from the beginning, so thank you for finally having a private solution soon

donuts · June 10, 2023, 2:33pm

The truth is that we’re a non-profit with a relatively small team and limited resources, self-hosting the forum isn’t a trivial task, and Discourse very generously offered to host it for free. However this was always the plan if the forum’s launch was received positively by the community, and we’re pleased to have seen it go so well <3

lavamind · June 20, 2023, 5:26pm

We’ve completed the migration.

The forum is also (experimentally) now available at https://v236xhqtyullodhf26szyjepvkbv6iitrhjgrqj4avaoukebkk6n6syd.onion/

Let us know if you encounter any issues!

Vort · June 20, 2023, 7:44pm

Looks like this part does not work correctly yet:

I tested it two times: first attempt resulted in failed connection, second attempt shows old (non-migrated) version.

lavamind · June 21, 2023, 2:16pm

It’s normal for the DNS changes to take a bit of time to propagate across the Internet. As a rule of thumb, it can take up to 72 hours. So, if after a few days, forum.torproject.net still points to the Discourse-hosted forum, it may indicate a misconfigured DNS server, or some other problem.

Vort · June 21, 2023, 4:39pm

@lavamind look like DNS is fine, but certificates are not fine:

d:\curl>curl -v https://forum.torproject.net
*   Trying [2620:7:6002:0:466:39ff:feb6:d569]:443...
* Connected to forum.torproject.net (2620:7:6002:0:466:39ff:feb6:d569) port 443
(#0)
* ALPN: offers h2
* ALPN: offers http/1.1
*  CAfile: d:\curl\curl-ca-bundle.crt
*  CApath: none
* [CONN-0-0][CF-SSL] TLSv1.0 (OUT), TLS header, Certificate Status (22):
* [CONN-0-0][CF-SSL] TLSv1.3 (OUT), TLS handshake, Client hello (1):
* [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS header, Certificate Status (22):
* [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, Server hello (2):
* [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS header, Finished (20):
* [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS header, Supplemental data (23):
* [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS header, Supplemental data (23):
* [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, Certificate (11):
* [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS header, Supplemental data (23):
* [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, CERT verify (15):
* [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS header, Supplemental data (23):
* [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, Finished (20):
* [CONN-0-0][CF-SSL] TLSv1.2 (OUT), TLS header, Finished (20):
* [CONN-0-0][CF-SSL] TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* [CONN-0-0][CF-SSL] TLSv1.2 (OUT), TLS header, Supplemental data (23):
* [CONN-0-0][CF-SSL] TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=forum.torproject.org
*  start date: Jun 15 20:41:40 2023 GMT
*  expire date: Sep 13 20:41:39 2023 GMT
*  subjectAltName does not match forum.torproject.net
* SSL: no alternative certificate subject name matches target host name 'forum.t
orproject.net'
* Closing connection 0
* [CONN-0-0][CF-SSL] TLSv1.2 (OUT), TLS header, Supplemental data (23):
* [CONN-0-0][CF-SSL] TLSv1.3 (OUT), TLS alert, close notify (256):
curl: (60) SSL: no alternative certificate subject name matches target host name
 'forum.torproject.net'
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

lavamind · June 21, 2023, 5:22pm

Ah ha, that was caused by our redirection vhost not listening on the
IPv6 socket. I’ve fixed it so the redirection should work now. Thanks
for looking into it!

anarcat · June 26, 2023, 5:20pm

Congratulations on the successful migration! I have been able to switch my 2FA by using a backup recovery code and things seem to be working fine.

Good job!

atari · July 11, 2023, 5:37am

using the .onion-address of the forum for quoting does not work properly (copy & paste the link of the thread as .onion)

(probably because the forum software can’t resolve the links - and presumably users who do not use .onion can’t access it either)

[sorry for being lazy to report on GitLab]

anarcat · July 19, 2023, 8:15pm

A post was split to a new topic: Outgoing email outage on Forum