From 442063993f320bf71adc6e61f9b2450de0d6c56c Mon Sep 17 00:00:00 2001 From: Matt Jankowski Date: Sun, 23 Nov 2025 12:51:03 -0500 Subject: [PATCH 1/3] Add section about `alt-svc` header to tor docs --- content/en/admin/optional/tor.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/content/en/admin/optional/tor.md b/content/en/admin/optional/tor.md index 9706abad0..7ff5b82b5 100644 --- a/content/en/admin/optional/tor.md +++ b/content/en/admin/optional/tor.md @@ -175,7 +175,19 @@ When this happens you may uncomment the following line in your nginx.conf: # server_names_hash_bucket_size 64; ``` -If you still have problems you may consider increasing the size up to 128. +If you still have problems you may consider increasing the size up to 128. + +### Alternative Service {#alt-svc} + +You can choose to advertise the existence of the onion service with an [Alt-Svc Header]. This informs clients that the service can be accessed via Tor, and some clients with support will choose to connect that way when they see this header. + +An example nginx configuration would look like (replace the onion name with your own): + +```nginx +add_header Alt-Svc 'h2="qKnF…sKq7.onion:443"; ma=86400; persist=1'; +``` + +[Alt-Svc Header]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Alt-Svc ## Gotchas {#gotchas} From 95138b758b1f4c2fb4f1b0270538359ea639f9e6 Mon Sep 17 00:00:00 2001 From: Matt Jankowski Date: Sun, 23 Nov 2025 13:21:00 -0500 Subject: [PATCH 2/3] Add note about ports/certs --- content/en/admin/optional/tor.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/content/en/admin/optional/tor.md b/content/en/admin/optional/tor.md index 7ff5b82b5..abd6eeac5 100644 --- a/content/en/admin/optional/tor.md +++ b/content/en/admin/optional/tor.md @@ -187,6 +187,8 @@ An example nginx configuration would look like (replace the onion name with your add_header Alt-Svc 'h2="qKnF…sKq7.onion:443"; ma=86400; persist=1'; ``` +This example uses port 443, but that is not required and could be configured differently. This configuration allows HTTPS to be used with a normal non-onion TLS certificate. + [Alt-Svc Header]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Alt-Svc ## Gotchas {#gotchas} From 67433067b450f041ca632f40d7190ef637885dab Mon Sep 17 00:00:00 2001 From: Matt Jankowski Date: Sun, 30 Nov 2025 12:56:37 -0500 Subject: [PATCH 3/3] Clarify wording about TLS cert and port 443 --- content/en/admin/optional/tor.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/content/en/admin/optional/tor.md b/content/en/admin/optional/tor.md index abd6eeac5..a280b9ca5 100644 --- a/content/en/admin/optional/tor.md +++ b/content/en/admin/optional/tor.md @@ -179,15 +179,17 @@ If you still have problems you may consider increasing the size up to 128. ### Alternative Service {#alt-svc} -You can choose to advertise the existence of the onion service with an [Alt-Svc Header]. This informs clients that the service can be accessed via Tor, and some clients with support will choose to connect that way when they see this header. - -An example nginx configuration would look like (replace the onion name with your own): +You can choose to advertise the existence of the onion service with an [Alt-Svc Header]. This informs clients that the service can be accessed via Tor, and some clients with support will choose to connect that way when they see this header. An example nginx configuration could look like: ```nginx add_header Alt-Svc 'h2="qKnF…sKq7.onion:443"; ma=86400; persist=1'; ``` -This example uses port 443, but that is not required and could be configured differently. This configuration allows HTTPS to be used with a normal non-onion TLS certificate. +Notes about configuring: + +- Replace the truncated onion name with your own +- The example uses port 443, but that is not required and could be configured differently +- Because the TLS connection does not terminate at the onion service, HTTPS can use a normal non-onion TLS certificate [Alt-Svc Header]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Alt-Svc