The thread “Join us testing AppArmor…” has vanished from “Whonix Support”. I can open it in the onion site http://kkkkkkkkkk63ava6.onion/forum/index.php/topic,97.0.html from the Apparmor wiki page, but when I log in, I am redirected to the clearnet page.
Forget the previous post. I found it back in Whonix development. Makes sense.
Sorry… Jason, may be you can delete this topic.
No worries.
I don’t usually use the “MOVED:” thing because I believe it’s messy. Anyone who bookmarks the topic or follows the topic link is taken to right place.
However, your problem with the login redirection shows that there’s something wrong with this process in the onion site. It should keep you inside onion land.
Question: Did you redirect you to the clearnet version of the correct topic? Or simply the clearnet support forum?
Question: Did you redirect you to the clearnet version of the correct topic? Or simply the clearnet support forum?
When I could not find the thread in “Support”, I opened it from the AppArmor wiki page. There is a link to te thread in each profile page I have created. It was opened in the onion site at http://kkkkkkkkkk63ava6.onion/forum/index.php/. When I logged in, I noticed I was redirected to https://www.whonix.org/, in the correct topic.
I have just double-checked. Anything you click in the forum onion site redirects you in the clearnet.
Another one, in the clearnet. When I log in from the AppArmor page in the wiki (AppArmor), I am redirected to wiki main page.
I have not tested in the onion site, I do not use it, generally.
Our best solution is this one:
@fortasse can answer this better.
Looks like a limitation in any web app. None of them seems to be made with having multiple domains in mind.
Most web applications expect to be at one location (domain.tld/folder) or (sudomain.domain.tld). I’m not sure if this is for performance reasons or most devs are lazy, but that’s simply the way it is. Our HTTPS Everywhere hack is the best solution we have at the moment.
has anyone else been having issues with the forum on the onion? i get nothing but the menu bar once javascript is enabled.
Accessing the forums from the onion link shows the category tabs at the top but nothing else loads. The same happens at all TBB security levels.
2 Likes
Won’t fix.
(Lack of resources / time.)
1 Like
Fixed. Works for me now. Posting this over onion.
There are still various glitches which I cannot fix. For example Whonix logo is not shown in left corner.
These are the same issues as explained here: Uploaded Images doesnt show up after creating topic - #3 by mig5
Content Security Policy: The page’s settings blocked the loading of a resource at http://forums.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqp…vjwsyd.onion/t/onion-forum-site-redirects-to-clearnet/197/12 (“base-uri”).
Content Security Policy: The page’s settings blocked the loading of a resource at https://forums.whonix.org/uploads/default/optimized/2X/f/f75358a50c52ba88d6c2e29e16841d4e8c0bc01d_2_32x32.ico (“img-src”).
Content Security Policy: The page’s settings blocked the loading of a resource at https://forums.whonix.org/uploads/default/optimized/2X/1/1fe0587524112f37ca32e0541d281d3d0a4eedf9_2_180x180.png (“img-src”).
Content Security Policy: The page’s settings blocked the loading of a resource at http://forums.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqp…vjwsyd.onion/t/onion-forum-site-redirects-to-clearnet/197/12 (“base-uri”).
Actually I found a way to hack around these issues. Should now be fixed. Let me know if there are still any Whonix onion forums issues.
1 Like
Great - works.
This begs the question:
- Is it time to link back to the v3 onion Whonix forum by default here: file:///usr/share/homepage/whonix-welcome-page/whonix.html
- If no to point 1, how about using the HTTP header option so users are notified of the onion option when they come to the clearnet version of the forum? Better protection for users.
Onion Location
Website publishers now can advertise their onion service to Tor users by adding an HTTP header. When visiting a website that has both an .onion address and Onion Location enabled via Tor Browser, users will be prompted about the onion service version of the site and will be asked to opt-in to upgrade to the onion service on their first use.
- All this reminds me, is it also time to revisit v3 onion Whonix repositories by default now that OnionBalance supports v3?
https://onionbalance.readthedocs.io/en/latest/v3/tutorial-v3.html
[1]
Not sure onion v3 can handle the load.
Related, just now asked:
[tor-dev] onionbalance useful on same server / for high-spec non-location hidden servers?
Whonix isn’t a web server / web service project. It’s a means to an end. Not an end in itself. More elaboration on that:
Trusting the Whonix ™ Website
Then also due to other issues mentioned on Trusting the Whonix ™ Website the impact might be low compared to other TODO.
Therefore perhaps too low priority to spend time on that. Not sure yet.
It’s a really cool feature. I’ll try to get that. But before, other broken aspects of Whonix onion need to be fixed. Most importantly, wiki editing over onion.
Found a promising approach for that now finally.
Two domain for one installation on Project:Support desk
Not sure we have a dedicated forum thread for Whonix onion wiki but will search and update once I know more.
Similar as [1]. Onionbalance v3 seems non-trivial to setup. A high traffic onion server sadly isn’t a side project. I haven’t seen any comparable (such as Debian or Tor Project onion v3) repository yet or how they’d set that up. Sadly isn’t a side project to have load balanced onion v3 backed by multiple servers / multiple Tor instances.
1 Like
Got a very informative reply:
https://lists.torproject.org/pipermail/tor-dev/2020-June/014347.html
1 Like
This has been implemented on whole whonix.org (homepage, wiki, forums, phabricator, deb). 
Most website components should work quite well except minor imperfections such as a missing onion forums (onebox) image here and there. Please test.
It got better. But not yet perfect. Login over onion is now possible. Server side, invented this:
<?php
if (preg_match("/dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/i", $_SERVER['SERVER_NAME'])) {
$wgServer = '//www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion';
$wgCanonicalServer = 'http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion';
$wgAllowExternalImagesFrom = array( 'http://127.0.0.1/', 'http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/' );
$wgRenderHashAppend = "www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion";
$wgCachePrefix = "www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion";
$wgFileCacheDirectory = "$IP/cache/www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion";
$wgLocalisationUpdateDirectory = "$IP/cache/www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion";
$wgCacheDirectory = "$IP/cache/www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion";
} else {
$wgServer = '//www.whonix.org';
$wgCanonicalServer = 'https://www.whonix.org';
$wgAllowExternalImagesFrom = array( 'http://127.0.0.1/', 'https://www.whonix.org/' );
$wgRenderHashAppend = "www.whonix.org";
$wgCachePrefix = "www.whonix.org";
$wgFileCacheDirectory = "$IP/cache/www.whonix.org";
$wgLocalisationUpdateDirectory = "$IP/cache/www.whonix.org";
$wgCacheDirectory = "$IP/cache/www.whonix.org";
}
But parts are still broken. Editing over onion still briefly redirects to non-onion when saving. Will try to fix.
EDIT:
Improved version:
<?php
## avoid error:
## PHP Notice: Undefined index: SERVER_NAME in /etc/apache2/server.php on line 5
## when using:
## php /var/www/w/maintenance/dumpUploads.php --base "/"
if (!isset($_SERVER['SERVER_NAME'])) {
$_SERVER['SERVER_NAME'] = $_SERVER['SERVER_NAME'] ?? 'www.whonix.org';
}
if (preg_match("/dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/i", $_SERVER['SERVER_NAME'])) {
$wgServer = '//www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion';
$wgCanonicalServer = 'https://www.whonix.org';
$wgAllowExternalImagesFrom = array( 'http://127.0.0.1/', 'http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/' );
$wgRenderHashAppend = "www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion";
$wgCachePrefix = "www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion";
$wgFileCacheDirectory = "$IP/cache/www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion";
$wgLocalisationUpdateDirectory = "$IP/cache/www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion";
$wgCacheDirectory = "$IP/cache/www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion";
} else {
$wgServer = '//www.whonix.org';
$wgCanonicalServer = 'https://www.whonix.org';
$wgAllowExternalImagesFrom = array( 'http://127.0.0.1/', 'https://www.whonix.org/' );
$wgRenderHashAppend = "www.whonix.org";
$wgCachePrefix = "www.whonix.org";
$wgFileCacheDirectory = "$IP/cache/www.whonix.org";
$wgLocalisationUpdateDirectory = "$IP/cache/www.whonix.org";
$wgCacheDirectory = "$IP/cache/www.whonix.org";
}
EDIT 2:
1 Like
Very nice! Well done 
Seems to work well on phabricator, forum etc.
1 Like
Fixed. All components of Whonix website should now have full onion support as far as functionality goes. Usual onion issues (slow speed, overload) might still happen.
This is now fully implemented.
1 Like