Onion et yunohost - Some questions

Tor is installed and I’ve a .onion adress.

Actually, if i go on https://azerty.onion, I’ve a Nginx page. I need to go on https://azerty.onion/myapps/ to have my apps page.
I want to have my apps on https://azerty.onion

My apps is already a default page for another domain name (foo.org)

Other problem https://azerty.onion/yunohost is ok. Ok can I prohibit this adress.

https://azerty.onion has a selfsigned certificate, auto generated. In this certificate, there’s the foo.org mention adress. So the true adress is leaked. How can I correct this?


Hey, I was going to write a post with exactly the same problems.

Did you find any solution for any of them?

A certificate does not make much sense when using onion services, I would like to remove the certificate for the onion domain but don’t know how.

did you try this?

  • add a subdomain like maronion.azerty.onion
  • tell YunoHost this is now the main domain (navigate the web interface to DNS config, or play with yunohost domain --help)
  • install your app on azerty.onion

Yes. That does not solve the problem.

I go to http://maronion.azerty.onion/installedapp and it automatically changes to https://maronion.azerty.onion/installedapp with the warning about the certificate.
It should stay with http, https does not make much sense for onion connections.

Normally https does not add any value to an onion connection, only confusing warnings to average users.

I think yunohost should not do https on .onion domains, only in a very complex onion setup a certificate could make some sense.

How can I configure it so that it stays on http when connecting to my .onion domain?

Here is what we do in most of our scripts:

It means we redirect our apps to make sure it will use https.
I assume you have to find your nginx configuration file for your app, and inverse this test.

Here is the helper we use to install a nginx file:

You should be able to guess where is the file
enjoy :slight_smile:

Hey libecfed!

Your trick on the subdomain works! I mean it does solve the issue of seeing unwanted data in the certificate.

I have not tried your suggestions to avoid redirection.