meek-server

command
v0.38.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 28, 2022 License: CC0-1.0 Imports: 20 Imported by: 0

README

# How to run a meek-server (meek bridge):

You need a server with a DNS name pointing to it.
You need to be able to run a service on ports 443 and 80.
Port 443 is for receiving meek-tunneled HTTPS from the CDN;
port 80 is for automatic certificates from Let's Encrypt.

Let's say the server's DNS name is meek.example.com.

- Compile the program using 'go build'.

	cd meek-server
	go build

- Install meek-server under /usr/local/bin and give it permission to bind to ports 443 and 80.

	cp meek-server /usr/local/bin
	setcap 'cap_net_bind_service=+ep' /usr/local/bin/meek-server

- Add a line to your torrc file. Replace "meek.example.com" with your server's DNS name and "admin@meek.example.com" with your email address.

	ServerTransportPlugin meek exec /usr/local/bin/meek-server --acme-hostnames meek.example.com --acme-email admin@meek.example.com --log /var/log/tor/meek-server.log

- To test your bridge on the client side, you can add a line like this to your torrc:

	Bridge meek 0.0.2.0:1 url=https://meek.example.com/

# Important Note:

	If you're running more than one transport, you need a separate tor process for each, to avoid user counting confusion.
	For more information, see https://lists.torproject.org/pipermail/tor-dev/2014-September/007480.html and https://trac.torproject.org/projects/tor/wiki/doc/meek#Users

Documentation

Overview

meek-server is the server transport plugin for the meek pluggable transport. It acts as an HTTP server, keeps track of session ids, and forwards received data to a local OR port.

Sample usage in torrc:

ServerTransportListenAddr meek 0.0.0.0:443
ServerTransportPlugin meek exec ./meek-server --acme-hostnames meek-server.example --acme-email admin@meek-server.example --log meek-server.log

Using your own TLS certificate:

ServerTransportListenAddr meek 0.0.0.0:8443
ServerTransportPlugin meek exec ./meek-server --cert cert.pem --key key.pem --log meek-server.log

Plain HTTP usage:

ServerTransportListenAddr meek 0.0.0.0:8080
ServerTransportPlugin meek exec ./meek-server --disable-tls --log meek-server.log

The server runs in HTTPS mode by default, getting certificates from Let's Encrypt automatically. The server opens an auxiliary ACME listener on port 80 in order for the automatic certificates to work. If you have your own certificate, use the --cert and --key options. Use --disable-tls option to run with plain HTTP.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL