1e72b68ab3 Replace `hidden service` with `onion service` (Riccardo Masutti)
Pull request description:
For a couple of years, Tor has made the term `hidden service` obsolete, in favor of `onion service`: [Tor Project | Onion Services](https://community.torproject.org/onion-services/)
This PR updates all the references.
ACKs for top commit:
laanwj:
Code review ACK 1e72b68ab3
hebasto:
ACK 1e72b68ab3, tested on Linux Mint 20 (x86_64).
Tree-SHA512: 6a29e828e1c5e1ec934b5666f67326dbd84d77c8b2641f6740abac6d3d5923b7729763b9ff2230390b0bb23359a5f3731ccd9a30011ca69004f7c820aed17262
`./` | `fee_estimates.dat` | Stores statistics used to estimate minimum transaction fees and priorities required for confirmation
`./` | `guisettings.ini.bak` | Backup of former [GUI settings](#gui-settings) after `-resetguisettings` option is used
`./` | `mempool.dat` | Dump of the mempool's transactions
`./` | `onion_private_key` | Cached Tor hidden service private key for `-listenonion` option
`./` | `onion_private_key` | Cached Tor onion service private key for `-listenonion` option
`./` | `peers.dat` | Peer IP address database (custom format)
`./` | `settings.json` | Read-write settings set through GUI or RPC interfaces, augmenting manual settings from [bitcoin.conf](bitcoin-conf.md). File is created automatically if read-write settings storage is not disabled with `-nosettings` option. Path can be specified with `-settings` option
`./` | `.cookie` | Session RPC authentication cookie; if used, created at start and deleted on shutdown; can be specified by `-rpccookiefile` option
It is possible to run Bitcoin Core as a Tor hidden service, and connect to such services.
It is possible to run Bitcoin Core as a Tor onion service, and connect to such services.
The following directions assume you have a Tor proxy running on port 9050. Many distributions default to having a SOCKS proxy listening on port 9050, but others may not. In particular, the Tor Browser Bundle defaults to listening on port 9150. See [Tor Project FAQ:TBBSocksPort](https://www.torproject.org/docs/faq.html.en#TBBSocksPort) for how to properly
configure Tor.
@ -14,12 +14,12 @@ outgoing connections, but more is possible.
-proxy=ip:port Set the proxy server. If SOCKS5 is selected (default), this proxy
server will be used to try to reach .onion addresses as well.
-onion=ip:port Set the proxy server to use for Tor hidden services. You do not
-onion=ip:port Set the proxy server to use for Tor onion services. You do not
need to set this if it's the same as -proxy. You can use -noonion
to explicitly disable access to hidden services.
to explicitly disable access to onion services.
-listen When using -proxy, listening is disabled by default. If you want
to run a hidden service (see next section), you'll need to enable
to run an onion service (see next section), you'll need to enable
it explicitly.
-connect=X When behind a Tor proxy, you can specify .onion addresses instead
@ -94,11 +94,11 @@ for normal IPv4/IPv6 communication, use:
## 3. Automatically listen on Tor
Starting with Tor version 0.2.7.1 it is possible, through Tor's control socket
API, to create and destroy 'ephemeral' hidden services programmatically.
API, to create and destroy 'ephemeral' onion services programmatically.
Bitcoin Core has been updated to make use of this.
This means that if Tor is running (and proper authentication has been configured),
Bitcoin Core automatically creates a hidden service to listen on. This will positively
Bitcoin Core automatically creates an onion service to listen on. This will positively
affect the number of available .onion nodes.
This new feature is enabled by default if Bitcoin Core is listening (`-listen`), and
@ -110,7 +110,7 @@ Connecting to Tor's control socket API requires one of two authentication method
configured. It also requires the control socket to be enabled, e.g. put `ControlPort 9051`
in `torrc` config file. For cookie authentication the user running bitcoind must have read
access to the `CookieAuthFile` specified in Tor configuration. In some cases this is
preconfigured and the creation of a hidden service is automatic. If permission problems
preconfigured and the creation of an onion service is automatic. If permission problems
are seen with `-debug=tor` they can be resolved by adding both the user running Tor and
the user running bitcoind to the same group and setting permissions appropriately. On
Debian-based systems the user running bitcoind can be added to the debian-tor group,
@ -127,8 +127,8 @@ in the tor configuration file. The hashed password can be obtained with the comm
## 4. Privacy recommendations
- Do not add anything but Bitcoin Core ports to the hidden service created in section 2.
If you run a web service too, create a new hidden service for that.
- Do not add anything but Bitcoin Core ports to the onion service created in section 2.
If you run a web service too, create a new onion service for that.
Otherwise it is trivial to link them, which may reduce privacy. Hidden
services created automatically (as in section 3) always have only one port
argsman.AddArg("-externalip=<ip>","Specify your own public address",ArgsManager::ALLOW_ANY,OptionsCategory::CONNECTION);
argsman.AddArg("-forcednsseed",strprintf("Always query for peer addresses via DNS lookup (default: %u)",DEFAULT_FORCEDNSSEED),ArgsManager::ALLOW_ANY,OptionsCategory::CONNECTION);
argsman.AddArg("-listen","Accept connections from outside (default: 1 if no -proxy or -connect)",ArgsManager::ALLOW_ANY,OptionsCategory::CONNECTION);
argsman.AddArg("-listenonion",strprintf("Automatically create Tor hidden service (default: %d)",DEFAULT_LISTEN_ONION),ArgsManager::ALLOW_ANY,OptionsCategory::CONNECTION);
argsman.AddArg("-listenonion",strprintf("Automatically create Tor onion service (default: %d)",DEFAULT_LISTEN_ONION),ArgsManager::ALLOW_ANY,OptionsCategory::CONNECTION);
argsman.AddArg("-maxconnections=<n>",strprintf("Maintain at most <n> connections to peers (default: %u)",DEFAULT_MAX_PEER_CONNECTIONS),ArgsManager::ALLOW_ANY,OptionsCategory::CONNECTION);
argsman.AddArg("-maxtimeadjustment",strprintf("Maximum allowed median peer time offset adjustment. Local perspective of time may be influenced by peers forward or backward by this amount. (default: %u seconds)",DEFAULT_MAX_TIME_ADJUSTMENT),ArgsManager::ALLOW_ANY,OptionsCategory::CONNECTION);
argsman.AddArg("-maxuploadtarget=<n>",strprintf("Tries to keep outbound traffic under the given target (in MiB per 24h). Limit does not apply to peers with 'download' permission. 0 = no limit (default: %d)",DEFAULT_MAX_UPLOAD_TARGET),ArgsManager::ALLOW_ANY,OptionsCategory::CONNECTION);
argsman.AddArg("-onion=<ip:port>","Use separate SOCKS5 proxy to reach peers via Tor hidden services, set -noonion to disable (default: -proxy)",ArgsManager::ALLOW_ANY,OptionsCategory::CONNECTION);
argsman.AddArg("-onion=<ip:port>","Use separate SOCKS5 proxy to reach peers via Tor onion services, set -noonion to disable (default: -proxy)",ArgsManager::ALLOW_ANY,OptionsCategory::CONNECTION);
argsman.AddArg("-onlynet=<net>","Make outgoing connections only through network <net> (ipv4, ipv6 or onion). Incoming connections are not affected by this option. This option can be specified multiple times to allow multiple networks.",ArgsManager::ALLOW_ANY,OptionsCategory::CONNECTION);
argsman.AddArg("-peerbloomfilters",strprintf("Support filtering of blocks and transaction with bloom filters (default: %u)",DEFAULT_PEERBLOOMFILTERS),ArgsManager::ALLOW_ANY,OptionsCategory::CONNECTION);
argsman.AddArg("-peerblockfilters",strprintf("Serve compact block filters to peers per BIP 157 (default: %u)",DEFAULT_PEERBLOCKFILTERS),ArgsManager::ALLOW_ANY,OptionsCategory::CONNECTION);
Wladimir J. van der Laan
4 years ago