Hello @peer,
Note that installing some programs that are not supported by Yunohost can break your server (I know what I’m talking about). I highly recommend to create a backup and to try it in a virtual machine first (even if it does not guarantee that it will be durable).
Also, I’m not an expert in computer science and beware that what I say might not be accurate.
I tried to follow my post into configuring TTRSS to make it connecting through TOR. This method is still working on Yunohost 3.3.1 but my post might need to be more detailed.
I configured it in a brand new virtual machine that I installed on purpose. Here I describe what I did step by step. Just try to reproduce it and tell me if you face any problem.
I hope this post helps more than the previous one. Feel free to tell me if I missed anything.
@alb1
BEFORE WE START
First, install the virtual machine and configure its network as a bridged adapter (https://yunohost.org/#/install_on_virtualbox).
On the host: call “sudo arp-scan -local
” to have the list of devices that are connected to your network.
Boot the virtual machine.
On the host: call “sudo arp-scan -local
” again to see the IP of the virtual machine.
On the host, edit file /etc/hosts and add a line with the IP and our test domain so that this domain can be accessed by the host. Note, I chose “test.nohost.me”. No registration is performed so any domain will do.
Then, access the virtual machine through ssh:
ssh root@test.nohost.me
FIRST STEP: INSTALLATION AND CONFIGURATION OF TTRSS
yunohost tools postinstall --ignore-dyndns
# note: the --ignore-dyndns option avoids the domain registration
# domain: test.nohost.me
# enter a password and confirm it
yunohost user create alb1
# first name: alb
# last name: one
# e-mail: alb1@test.nohost.me
yunohost app install ttrss
# everything set to its default value
/usr/bin/php /var/www/ttrss/update.php --force-update --feeds
# this command cannot be run as root.
adduser yolo
# password: yolo
/usr/bin/php /var/www/ttrss/update.php --force-update --feeds
# you get some errors because ttrss directories are not writable. You must add
# writing rights:
(as root:) chmod -R 777 /var/www/ttrss/
(as yolo:) /usr/bin/php /var/www/ttrss/update.php --force-update --feeds
# this now forces ttrss to update the feeds
Using your web browser from the host, connect to test.nohost.me, login as alb1 and open Tiny Tiny RSS. Then add a RSS feed so that we can see that it is fetched by the previous command.
# Back in the terminal, as yolo:
/usr/bin/php /var/www/ttrss/update.php --force-update --feeds
# the previously added feed is fetched
SECOND STEP: SEE THE CONNECTION OF TTRSS USING NETSTAT
# Open a second terminal (without closing the first one) and ssh in the virtual
# machine again:
ssh root@test.nohost.me
# Run the following commands:
apt-get install net-tools
netstat --tcp --numeric-ports --programs --continuous 2>&1 | grep php
# Now, back in the first terminal, as yolo, fetch the feeds again:
/usr/bin/php /var/www/ttrss/update.php --force-update --feeds
# In the terminal running netstat, a line appears showing the destination for
# the RSS feed. Something like:
tcp 0 0 test.nohost.me:44430 <the_destination>:443 ESTABLISHED 4531/php
# This destination is an IP or domain, this means that the RSS agregator does
# not connect through tor, its connects directly to its target.
THIRD STEP: INSTALLATION AND CONFIGURATION OF TOR
# Now, as root:
apt-get install tor
tor --hash-password "passwordhere"
# copy the password hash
vim /etc/tor/torrc
# uncomment the '#' at the beginning of line: "ControlPort 9051"
# uncomment the '#' at the beginning of line: "HashedControlPassword (a hash)"
# and replace the hash by the one you just copied
# restart tor:
/etc/init.d/tor restart
FOURTH STEP: TESTING TOR USING PHP
Now write a file named /tmp/test.php
with the following content:
<?php
// connect to the TOR daemon to restart it :
$client = stream_socket_client( "localhost:9051", $errno, $errorMessage );
if ( $client === false ) {
throw new UnexpectedValueException( "Failed to connect: $errorMessage" );
} else {
fwrite( $client,
"AUTHENTICATE \"passwordhere\"\r\nsignal NEWNYM\r\nQUIT\n" );
fclose($client);
}
$ch = curl_init('http://ipecho.net/plain');
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);
// SOCKS5
curl_setopt($ch, CURLOPT_PROXY, 'localhost:9050');
curl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);
curl_exec($ch);
curl_close($ch);
echo "\n";
?>
Execute this script with the following command:
/usr/bin/php /tmp/test.php
The last line represents your IP address. Execute this script several times to see it change (note: TOR does not change your exit node at each path modification, you might have to execute it 4 or 5 times to see it change).
FIFTH STEP: MODIFYING TTRSS TO MAKE IT CONNECT THROUGH TOR
Edit function fetch_file_contents
in file /var/www/ttrss/include/functions.php
to add the following content at its beginning:
// connect to the TOR daemon to restart it :
$client = stream_socket_client( "localhost:9051", $errno, $errorMessage );
if ( $client === false ) {
throw new UnexpectedValueException( "Failed to connect: $errorMessage" );
} else {
fwrite( $client,
"AUTHENTICATE \"passwordhere\"\r\nsignal NEWNYM\r\nQUIT\n" );
fclose($client);
}
and add the following content:
// connect through TOR :
curl_setopt($ch, CURLOPT_PROXY, 'localhost:9050');
curl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);
after the lines:
if (defined('_CURL_HTTP_PROXY')) {
curl_setopt($ch, CURLOPT_PROXY, _CURL_HTTP_PROXY);
}
Now, back in the first terminal, as yolo, fetch the feeds again:
/usr/bin/php /var/www/ttrss/update.php --force-update --feeds
In the terminal running netstat, a line appears showing the destination for the RSS feed. Something like:
tcp 0 0 test.nohost.me:44430 localhost:9050 ESTABLISHED 7511/php
This destination is now localhost on port 9050, this means that the RSS aggregator now connects through tor.
NOT WORKING WITH IPv6
Note, in my case, this does not work because I have native IPv6 and TOR is only
compatible with IPv4. So, to make it work I had to totally deactivate IPv6. I’m
sure a better solution exists and it’s worth looking into it. I just have not
the time right now.
# Here is a quick fix (totally disabling IPv6):
echo "# IPv6 disabled" >> /etc/sysctl.conf
echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf
echo "net.ipv6.conf.default.disable_ipv6 = 1" >> /etc/sysctl.conf
echo "net.ipv6.conf.lo.disable_ipv6 = 1" >> /etc/sysctl.conf
sysctl -p