# Radicle x Tor: SOCKS5 Proxy Quick Start Guide [TOC] ## Summary This guide aims to simplify the process of setting up a secure and private environment for Radicle users, ensuring that their repositories and communication remain protected behind the Tor network. ## Prerequisites - Ensure Tor is installed on your system - Ensure you have Radicle installed on your system and an identity created (see Chapter 1 of [User Guide](https://radicle.xyz/guides/user)) ## Steps 1. Configure Tor as a hidden service (see [Tor Configuration Details](#Edit-Your-Configuration-File) for your operating system) and start Tor (see [Tor Commands](#Common-Tor-Commands) for your operating system) 2. Stop your node if it's running: `rad node stop` 3. Build heartwood from source: https://app.radicle.xyz/nodes/seed.radicle.xyz/rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5 rad clone rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5 cd heartwood cargo install --path radicle-cli --force --locked --root ~/.radicle cargo install --path radicle-node --force --locked --root ~/.radicle cargo install --path radicle-remote-helper --force --locked --root ~/.radicle *(This step here will be removed in future when this code is added to an official release candidate)* 4. Verify the correct version using `radicle-node --version`. It should be `radicle-node pre-release (930f9b0a)`. 5. Get your .onion address (see [How to Get Your .onion Address](##How-to-Get-Your-onion-Address)) 6. Edit your configuration using `rad config edit`: a. Set your `externalAddresses` to your .onion address with port 8776, e.g.: ```json "externalAddresses": [ "nryicotfm746kfvkoqjgrdffsohhv437m5aqpyv3rq546iddbsit3cid.onion:8776" ], ``` b. Set `listen` to: ```json "listen": [ "0.0.0.0:8776" ], ``` c. Add the following lines after the `externalAddresses` field: ```json "tor": { "mode": "proxy", "address": "127.0.0.1:9050" }, ``` 7. Start your node: `rad node start` and verify that your node is connected to other seed nodes using `rad node status`. 8. Run `rad node config --addresses` to output your full external address. This is your `{nid}@{externalAddress}` and can be shared with other peers who want to connect to you, via `rad node connect {nid}@{externalAddress}`, such as: rad node connect z6Mkw1Yy5VUpn4eBKzWN12hdTsznuxUrNVqKgDwa3jXpqkRm@nryiwryfm746kfvkoqjgrdffsohhv437m5aqpyv3rq546iddbsit3cid.onion:8776 Note: This sample command above will not work, try it with a real node. ## Tor Quick Start ### Edit Your Configuration File #### Mac 1. In `~/.tor`, create a directory called `radicle` (or a name of your choice), and ensure the permissions are `700` mkdir -m 700 ~/.tor/radicle This will be the path for the hidden service. 2. Navigate into the folder, run `pwd`, and copy the output of `pwd`. This should be something like `Users/your-user-name/.tor/radicle` 2. Edit your Tor configuration file: ```shell vim /usr/local/etc/tor/torrc ``` The file should include these parameters, with `HiddenServiceDir` set to the path you copied in step 1: ``` HiddenServiceDir /Users/your-user-name/.tor/radicle HiddenServicePort 8776 ``` 1) /var/lib/tor/radicle is not owned by this user (debian-tor, 122) but by root (0). Perhaps you are running Tor as the wrong user? chown -R debian-tor:debian-tor /var/lib/tor/radicle (for ubuntu users getting tor from debian repo) 2) Permissions on directory /var/lib/tor/radicle are too permissive. chmod 700 /var/lib/tor/radicle #### Linux 1. In `/var/lib/tor`, create a directory called 'radicle' (or a name of your choice). This will be the path for the hidden service (`/var/lib/tor/radicle`). Make sure the permissions of the directory are 700: sudo mkdir -m 700 /var/lib/tor/radicle Note: if you are a Debian user who got Tor from a Debian repo, you may need to change the ownership of the 'radicle' directory to the `debian-tor` user and group first: sudo chown -R debian-tor:debian-tor /var/lib/tor/radicle 2. Edit your Tor configuration file: ```shell sudo vim /etc/tor/torrc ``` The file should look like this, with `HiddenServiceDir` set to the path above: ``` HiddenServiceDir /var/lib/tor/radicle HiddenServicePort 8776 ``` ### How to Get Your .onion Address 1. Ensure you have restarted Tor, in case you just made the configuration updates described above (see [Tor Commands](#Common-Tor-Commands) for your operating system) 2. Run the following command (this is reading the `hostname` file in the `HiddenServiceDir` you defined in `torrc`): - Mac: `cat ~/.tor/radicle/hostname` - Linux: `sudo cat /var/lib/tor/radicle/hostname` ### Common Tor Commands **Mac** - `brew services restart tor` - `brew services start tor` - `brew services stop tor` **Linux** - `sudo systemctl restart tor` - `sudo systemctl start tor` - `sudo systemctl stop tor` - `sudo systemctl status tor` (to check the status of the Tor service)