ok heres a guide on how to run your mastodon instance over cleartext and over TOR.

@Laurelai Eww that leaves you having to accept a broken ssl cert though :p

@Sir_Boops its the same cert as the cleartext site, all its for is encrypting the connection.

@Laurelai The .onion itself is the encryption for the .onion site :p

@Sir_Boops not without https everywhere. TOR is not encryption, its anonymity

@Laurelai When talking with clearnet sites yes you are correct .onions are e2e encrypted on there own making a .onion with ssl pointless ->

@Sir_Boops if you want you can always make a seperate mastodon-tor.conf without the certificate links, but im sure you already know that :p

@Laurelai Masto won't play nice with that :p Your guide as it is now is as good as masto can handle tor without starting to compile custom versions of nginx/edit masto itself even then it still dosn't like to play nice with tor XD

@Sir_Boops @Laurelai Yeah there's no need to involve certificate authorities at all in .onion addresses. It's unnecessary... dns + SSL CAs separate the name from the key, but that's not the case for .onion names, where the name *is* the key.

Now if you want to trust that the site is an entity you know in particular, that's where petnames + edge names should come in:

@Sir_Boops @Laurelai So yeah connection to a .onion address should already be a secure connection... it should be encrypted between you and that entity, afaiu

@Laurelai thanks for the guide!

because of using a onionv3 hidden service i also had to add to nginx.conf, in the http section:

server_names_hash_bucket_size 128;

otherwise it wouldn't start with the longer server name

Sign in to participate in the conversation

tl;dr= no fascists, no bullying, no doing fucked up shit. You know what that means. Otherwise a lot of us are socialists, leftists etc. Dont bully people either. Or start witch hunts. You can have bots as long as administration clears them first The site is available on TOR! https://www.starrev3tah2dnhj.onion Note: letsencrypt won't sign a .onion domain cert so you will have to make a security exception as it uses the same cert for the main domain