Originally published at: https://www.whonix.org/blog/listen-port-convention
Server applications using Tor ephemeral onion services such as ricochet-im, onionshare, ZeroNet and unMessage usually listen on localhost only, as Tor usually runs on the same system and is able to map them. However, due to Whonix's split design, Tor runs on the Whonix-Gateway and the application runs on the Whonix-Workstation. This requires the application to listen on the Whonix-Workstation's external network interface in order to allow the mapping from the Whonix-Gateway's internal network interface.
At the moment, it looks like there is no convention to configure where these applications listen by default (localhost vs. all interfaces). The decision seems to be up to the upstream author of the software, as well as the packager. Then it's up to the system administrator to decide on where the server application should listen, and currently there is not a great place for derivatives to globally modify this setting.
We believe that a solution to this problem is having a convention where listen config files for server applications are added to
listen.d folders. Applications would then use a parser to read these configs in order to find, for example, which interface to listen on. This approach would prevent redundancy of application configs, support multiple systems, simplify applications development/packaging, as well as the system administration.
A specification for this convention has been devised, and we would like to present it after incorporating feedback from users of debian-devel.
What do you think of this proposal? Would you use it? Do you believe it can be improved? Please share your views in the Whonix forums.