SYS265 Entry for: Team APO: Onionshare - Oliver-Mustoe/Oliver-Mustoe-Tech-Journal GitHub Wiki

Parker, Oliver, Abijah

Relevant Assigned IPs, Hostnames, and Operating Systems:

ceph01-parker: 10.0.5.16 - CentOS7

ceph02-parker: 10.0.5.17 - CentOS7

wks01-parker: 10.0.5.150 - Windows 10 workstation

High Level Architecture of OnionShare:

Onionshare

Installation of OnionShare on Server

On Ceph01-parker:

Create a sudo user named deployer:
sudo -mk /etc/skel -s /bin/bash -d /home/deployer -G wheel deployer
passwd deployer

Run the following commands as deployer sudo user, NOT ROOT

Install dependencies for OnionShare:
sudo yum install python3-pip gcc python3-devel -y

Install OnionShare:
pip3 install –user onionshare-cli

Install the needed repository for Tor, then Tor:
yum install epel-release -y
yum install tor -y

With it working you should be able to run the following commands and receive a list of possible commands and options:
onionshare-cli –-help

Client configuration for OnionShare

On Wks01-parker

Browse to torproject.org and download tor for Windows

Follow the setup wizard, using default options, then select “Finish”

On the Ceph01, run the following command to receive a web address for a file (in this example, a folder named "foo" with another nested inside it named "bar"): onionshare-cli --public --website foo/

The output should look like this:
onionshare

In the browser pop-up, enter the URL provided in the CentOS box on the Tor browser in the Windows box.

If the URL is entered correctly, you should be able to see the files specified from the CentOS box:
wonion

Test Case: Apache

Onionshare - Copy

Use above steps to install OnionShare on ceph02, password can be the same or different

Install sshfs for remote file mounting (on both systems):
sudo yum install sshfs

Install Apache on ceph02:
sudo yum instal httpd -y

In /etc/fuse.conf, edit the “# user_allow_other” to no longer have a # next to it, this is needed so that other users than root can run sshfs. Do this for both systems:
user_allow_other

Allow deployer user on ceph02 the ability to edit the web root with the following commands:
sudo usermod -a -G apache deployer sudo chgrp -R apache /var/www/html sudo chmod -R g+w /var/www/html

Relog as deployer

Mount ceph02’s webroot to a folder on ceph01 (in this case “apache_web_root”, run on ceph01), options make it so the folder does not need to be empty:
sudo sshfs deployer@ceph02-parker: /var/ww/html apache_web_root/ -o nonempty

On ceph02, run the following onionshare command to access the set filesystem from Tor browser:
onionshare-cli –public –receive –data-dir /var/www/html

On ceph01, run the following OnionShare command to see the set filesystem from Tor browser (any changes made to the filesystem needs command to be re-run):
onionshare-cli –public –website apache_web_root/

Whenever you unmount, run the following command on the mounted system:
sudo fusermount -u apache_web_root/

Will need to set uploaded data as accessible, for example (will be nested from within directory with date on it):
sudo chmod 755 2022-03-17/135323751591

An example HTML file used for accessing uploaded data:

<html>
<head>
</head>
<body>
<center>
Example link to file: <a href=2022-03-17/135323751591/test.html> Link</a>
</body>
</center>
</html>

Issues we had:

Needed to install dependencies (tor, pip) before installing and using OnionShare

Needed to research how to "keep" files long term (make accessible on startup, and not lose access when closing browser tab)

Setting up with a service

Pros:

  • Lightning Fast Setup
  • Secured using Tor proxies
  • Minimal overhead
  • Easy install steps
  • Cross-platform, scalable

Con’s:

  • URL for use is long and tedious
  • If you have the URL you have access
  • By default does not save your data for use
  • Designed as a temporary storage solution

Personal Reflection

This project was very challenging for my group and I, but I think that we learned a lot about how to do this type of project. Our setup of a Ceph cluster was very time consuming and challenging, but we did almost complete everything except for client application. We spent a lot of time troubleshooting the issue and came to the conclusion that to complete the project fully in the time given that we would need to refer to our backup OnionShare. I still appreciate using Ceph as I learned more about distributed file systems and Ansible. Onionshare was set up by my colleagues and I in a short period of time, and I continued testing for a live demo while they worked on the presentation and documentation. I devised a test scenario with them giving good ideas, possible solutions, and taking roles in the live demo. The process overall went much smoother than Ceph and I am glad that we changed instead of sinking more time into Ceph. In the future, I would have our team research our options more and perhaps pivot our plan earlier on to prevent major changes.

Sources:

https://docs.onionshare.org/2.5/en/advanced.html#cli

https://stackoverflow.com/questions/41337082/install-tor-on-a-centos-7-server

https://support.torproject.org/rpm/

https://fedingo.com/how-to-mount-remote-directory-or-filesystem-in-linux/

https://unix.stackexchange.com/questions/222944/mount-with-sshfs-and-write-file-permissions

https://docs.rackspace.com/support/how-to/add-a-linux-user-with-document-root-permissions/

⚠️ **GitHub.com Fallback** ⚠️