OnionService (project) can be easily misunderstood with onion services (hidden services), because of this, the name must change and must differentiate. Also, it has to be related to the utilitites. If you are reading this, you can provide good names also.
For now, I thought of this names:

• OnionManager - managing onions
• OnionOps - operations with onion services
• OnionChef - analogy to cooking onions and being the onion service chef.

Is your feature request related to a problem? Please describe.

currently you can only paste the address.onion, but it is possible to sed the http from the front and remove it.

Is your feature request related to a problem? Please describe.

I want to inform first, lets see if it is easy to do so, it is an error check at the beginning of the scripts with variable expansion.
the bug is that if folder contains trailing / at the end, the path to the file inside that folder will have two consecutive // which will fail.
Another option is auto correcting that.... but on the variable on the script itself, not altering the config file, this would be the optimal solution.

Describe the solution you'd like

Describe alternatives you've considered

Additional context

fedora
arch

Debian calls it apache2

Describe the bug

currently ONIONJUGGLER_PWD is added to the path by using a shell rc, example is ~/.bashrc, but that only works if it is the same user running onionjuggler-cli.
The .onionrc is a dot file, which fits a user mode to save on the home folder ~/, but would be better to be system wide if it used a configuration inside the /etc folder, for example, /etc/onionjuggler.conf.

It is a bug for systems with multiple users requiring the command.

The ONIONJUGGLER_PWD was being saved inside the files on the old days, but it leaked the user custom path, so that is not a solution. My proposed solution is copying the files to a directory in path, for example /usr/local/bin/onionjuggler-cli and /usr/local/bin/oninjuggler-tui and /etc/onionjuggler.conf. Every time install/setup.sh --setup is ran, it will cp the repository files to the path to test with the new changes.

It would be good to copy from more reviewed projects to be understandable and clear on the printed messages to stdout, because of this:

• Whonix HS Guide. Important: This is not whonix and whonix is more secure as it has different access control over workstation and gateway, use that for maximum security and anonymity. This is just to get the best I can and implement it. Also, Whonix-anon is no Tails, check it out too.
• check wording on Whonix/anon-gw-anonymizer

My doubt is / How can I:

Keep an eye on stem git and changelog, because the next version will drop python2.x support as it is being drepecated by python.org

see https://github.com/perusio/nginx_ensite/blob/master/Makefile
for signing a release, commiting manual pages etc

Is your feature request related to a problem? Please describe.

The one hosted on https://github.com/nyxnor/scripts/blob/master/getopts.sh was enhanced based from what I learn on onionjuggler, now onionjuggler should update from that template.

Describe the solution you'd like

Describe alternatives you've considered

Additional context

Is your feature request related to a problem? Please describe.

I am using 4 lines for XMPP, but could not use onionjuggler because the current limit is two. I want to make it unlimited.

Describe the solution you'd like

the solution is change the format to assign ports.

• virtport if empty, assign it to 80
• target if empty assign it to 127.0.0.1:virtport
• target address if empty complete with 127.0.0.1:TARGETPORT
  accept the following formats:

VIRTPORT
VIRTPORT-TARGET
VIRTPORT-TARGETPORT
VIRTPORT-TARGETADDRESS:TARGETPORT

different HiddenServicePort can be separated by commas , or spaces .

So use:

--port "VIRTPORT[-[ADDR:]PORT] VIRTPORT[-[ADDR:]PORT] VIRTPORT[-[ADDR:]PORT]"

Describe alternatives you've considered

Additional context

Is your feature request related to a problem? Please describe.

As seen the OnionJuggler implementation on TorBox, enphasizing some parts are crucial. This has to be done to all the options on the cli.

Describe alternatives you've considered

Some colors I already have established their usage:
green is when everything is alright
yellow is information that may need some action, like pressing enter to return to the tui, but it can serve as an warning, not and error per se
red is only for error msgs and deleting important things
rest of colors must be defined:
magenta - it is kinda purple and remind me of onions, will use that when referring for onions
cyan just looks cool, idk
blue success on commands, but between the commands, not at end like green
bold - emphasize but when?
underline - emphasize but when?

Is your feature request related to a problem? Please describe.

Not every web server config fits every usage, maintain the default one and optionally let the user specify the path to his own config file and use that instead.

https://github.com/nyxnor/onionservice/blob/5a4f4991fdc6fa8f74e7120a9c4d9cf51cbe7940/.onionrc#L185

Issue
Restart or reload-or-restart tor in the background and giving a "Reloaded tor successfully!" after 2 seconds could be misleading because if the restart or to reload-or-restart process gets stuck in the background, the success message is shown anyway after 2 seconds.

Describe the solution you'd like
In my opinion, it would be better to inform the user that tor is restarting or doing the reload-or-restart that it would take a moment with a solution to what he/she has to do if a restart or reload-or-restart process gets stuck.

Additional remarks
Pull request may follow

Is your feature request related to a problem? Please describe.

Looking at nasez and many other projects written in C, there is a configure shell script file (standard). It can decide where the manual goes, where the binary (in our case, shell script, no bin) goes, where the docs goes.

Describe the solution you'd like

I want option parser to be more elaborate on this configure script, so user can decide where the manual goes (if it goes to /usr/local/man/man1 or any other location), and if script goes to /usr/local/bin by default or any other location.

This helps a lot because instead of just making the tor paths custom, I can make the project onionjuggler path custom.

Describe the bug

Introduced on cli parsing arguments:

• #9

Problem with current web servers

• Problems:

  • Nginx does not have /etc/nginx/sites-{enabled,available}, would need to include them by modifying /etc/nginx/nginx.conf
  • Apache2 is named apache-httpd on openbsd, does not have /etc/apache2/sites-{enabled,available}, would need to include them by modifying /etc/nginx/httpd2.conf, which is named /etc/nginx/apache2.conf on debian. Also, apache{2} is not a command on openbsd, it is a file on /etc/rc.d/apache2, meaning it has to be controlled with the service manager, in this case, rcctl. To add more, the command is called httpd2 for apache (/usr/local/sbin/httpd2), see /etc/rc.d/apache2.

• Solution?

  • Nginx is fixable but need to modify the user default configuration file, which I don't like and I am sure OpenBSD users will prefer a native program such as their httpd.
  • Apache is unfixable on OpenBSD, no amount of time will be spent on that, service has a different name than the commands, that has a different configuration file. And if time is dedicated to fix this, would be a huge blob just to be compatible with apache on openbsd, discosidering other platforms, because of this, it is unfixable.

Describe the solution you'd like

Default on openbsd is httpd (/usr/sbin/httpd), so it is to be done.

• paper
• httpd manual
• httpd.conf manual
• basic usage
• medium usage
• httpd with onion example

Describe the bug

Ctrl+C does not quit on whiptail, only on dialog.

Additional context
I need that to be menu options:

• keep keys - default
• delete dir
• cancel disabling service

https://github.com/nyxnor/onionservice/blob/799bea90175f0883323bb57ebed80f4d31ba26f0/etc/nginx/sites-available/sample-onion.conf#L3

My doubt is / How can I:
Shouldn't there be a placeholder (like TRAGTE) in the link above which will be replaced by the onion domain?

Currently, with that configuration, I cannot successfully share a folder. However, the cause may be another problem. I'm checking that right now.

Is your feature request related to a problem? Please describe.

By default, as the tools provided are for persistent services because
https://gitweb.torproject.org/torspec.git/tree/control-spec.txt#n1849

Once created the new Onion Service will remain active until either the
Onion Service is removed via "DEL_ONION", the server terminates, or the
control connection that originated the "ADD_ONION" command is closed.
It is possible to override disabling the Onion Service on control
connection close by specifying the "Detach" flag.

Also because I don't mess with tor control except for the Vanguards addon.

Describe the solution you'd like

Use the control port at its finest.

Describe alternatives you've considered

tor-ctrl by Adrelanos
Tested and it works, it requires socat and xxd, socat I can maybe change to netcat but xxd is linux only? bad for portability but can I do the same with only hexdump?

Also, this has not high priority because if this is done one day, would be a script just for it.

Additional context

• https://gitweb.torproject.org/torspec.git/tree/control-spec.txt
• https://github.com/adrelanos/tor-ctrl/blob/master/usr/bin/tor-ctrl

Describe the bug

m4 is not installed by default and Vi is not a command there, so better check that

https://github.com/nyxnor/onionservice/blob/717de24f14403248a69800d244bc8dc3c2bb2972/onionservice-cli#L131

Issue
CLIENT_COUNT is always set to 1. This means that if [ -n "${CLIENT_COUNT}" ]; then (for example here) will never executed.

Describe the solution you'd like
To remove the specific line of code If there is no other reason for CLIENT_COUNT=$((CLIENT_COUNT+1))

Is your feature request related to a problem? Please describe.

There is the option to gen key pair, use priv key for client or use pub key for server.
But there is no option to just place existing file directly to folder.

Describe the solution you'd like

I want to specify file as an option to be included

Describe alternatives you've considered

• https://github.com/Whonix/anon-gw-anonymizer-config/blob/master/usr/bin/anon-server-to-client-install
• https://www.whonix.org/wiki/Onion_Services#Onion_Service_Authentication_Client_Setup

Additional context

This can be done on auth-server and auth-client.

when editing in the TUI

Is your feature request related to a problem? Please describe.

Sudo works but it is not hardened, I want the best. BSDs prefer doas, so should I.

Describe the solution you'd like

• doas openbsd man
• wiki debian

Additional context

At the moment, there are many occurrences.

grep -c sudo onionservice-cli 
122
$ grep -c sudo onionservice-tui 
19

Is your feature request related to a problem? Please describe.

Systemd dominates Linux world and all BSDs I've seen don't use it, and I don't want a single point of failure. See alternatives.

Describe the solution you'd like

Currently affects restart/reloading tor and creating the vanguard service.

Describe alternatives you've considered

• systemd
• sysvinit
• upstart
• runit
• openrc

Additional context

See this guide to manage multiple service managers

Is your feature request related to a problem? Please describe.

See SC2045 and shell pitfalls

Describe the solution you'd like

Not sure, the DataDirectory is not owned by the user, it is owned by the tor user for security reasons. Because of this, I haven't found a reasonable substitute that can be used.

Describe alternatives you've considered

• change ls loops to find.

it has almost nothing to do with HiddenService configuration lines, except it verify it if wrong.
Anyway, it will still be possible to install, but will be hosted on a separate repo to be more focused.

Describe the bug

scp is outdated, sftp is upadate and developed specifically for ssh.

My doubt is / How can I:

Env var should be distinguishable according to posix and this stackoverflow answer. The .onionrc is a lib and "exports" vars to other scripts.

Is your feature request related to a problem? Please describe.

Currently it is using unix as the default socket if none specified and virtport 80.
This was purposefully chosen because with unix socket names being unique, there was no repeated target, which happens on tcp if no specific target if specified the second time using the same virtual port.

Describe the solution you'd like

Use tcp as default
Do not use default virtport.

Describe alternatives you've considered

Additional context

Describe the solution you'd like

I want getopts to parse cli arguments. It will be cleaner.

Describe alternatives you've considered

• getopts - posix spec
• getoptions - awesome tool but not widely spreaded - downside is building from another project.
• stackoverflow example

Additional context

Have no time to do this right now, but it is a medium priority goal.

Describe the bug

after running onionjuggler-cli restore-torrc it does restore the latest torrc but put all the HiddenService lines together, it does not break anything but I want order, blocks separated by empty lines

Is your feature request related to a problem? Please describe.

Those are the most used shells and known to me that have completion (more to come if someone helps), I want that to be improved.

• https://github.com/nyxnor/onionservice/blob/main/etc/bash_completion/onionservice-cli
• https://github.com/nyxnor/onionservice/tree/main/etc/zsh_completion

Describe the solution you'd like

• Bash completion official package and debian guide

• Zsh completion example https://github.com/cheat/cheat/blob/master/scripts/cheat.zsh

Additional context

Low priority, it will be very useful but not intrinsic required.

• only bash, https://unix.stackexchange.com/a/158523
• https://maskedbyte.com/how-to-create-a-custom-bash-completion-script/

Is your feature request related to a problem? Please describe.

I followed the posix manuals for each command, but reviewing it again and again just to be sure.
The problem is that even if I envoke the posix shell, it will call the programs that are not limited by posix, so the review is by reading rather than running commands.

Describe the solution you'd like

read the manuals on docs/CONTRIBUTING.md, especially grep and sed which are the most used and compare to their occurrences on the code.

Describe alternatives you've considered

Read Shell & Utilities: Detailed Toc
Another alternative is create a directory and include in front of path, them limit the commands to posix if possible.

Additional context

See how important POSIX scripts are for your system:

file /usr/bin/* | grep "shell script"
file /usr/bin/* | grep -c "shell script"
file /usr/bin/* | grep -c "POSIX shell script"

https://github.com/nyxnor/onionservice/blob/d429606e546b65321ce8b7191cd23702f8871dbb/onionservice-tui#L70

Issue
It seems (I use whiptail instead of dialog) that the "2" representing two entries is hardcoded in this line of code. However, someone may have only one or several entries.

Describe the solution you'd like
For the above reasons, I propose to replace "2" with "$i". To be sure that the list is not getting too long and is fitting to a little LCD display, the entire code could look like that:

if [ $i -gt 11 ]; then i=11; fi
CHOICE_SERVICE="$(dialog --clear --backtitle "${BACKTITLE}" --title "${TITLE}" --"${DIALOG_TYPE}" "${MENU}" \
"$((i+8))" 80 ${i} ${SERVICE_LIST} 2>&1 >/dev/tty)"

Additional remarks
I didn't submit a pull request yet because I don't use dialog, and I'm not entirely sure it reacts like whiptail.

Describe the solution you'd like

Design some onion juggling other onions.

Describe the bug

The solution I found was to disable interrupt signal, but this locks me out if something is broken on the code.
Insatisfied.

To Reproduce

Expected behavior

Terminal output

Screenshots

Please complete the following specifications:

Additional context

I am no longer satisfied with grepping 7 lines starting from match:

I used 7 as an arbitrary number and I could choose any other arbitrary number. But the solution is to read the file until the configuration is not HiddenService anymore or it is HiddenServiceDir of another service.

The other problem is the sed deleting lines. Before, every line was unique with HiddenServiceDir and HiddenServicePort, but HiddenServiceVersion is the same for every onion service, this means that when deleting a service, it would be deleting every version line from every service.

My doubt is / How can I:

Is this helpful? Possibly, less commands to deal with and view their compatibility with the posix spec.

Sedgasm

Pass sedcheck on sed scripts

Emulate unix commands:

sed ':/p' file instead of sed ':' file

SED emulating UNIX commands      by Aurelio Jargas
---------------------------         www.aurelio.net/en
                                    verde at aurelio.net


Here's the list of some UNIX commands that can be emulated
using SED. Please, if know about others, contribute!


 UNIX         |  SED
 -------------+----------------------------------------------------------------
 cat          |  sed ':'
 cat -s       |  sed '1s/^$//p;/./,/^$/!d'
 tac          |  sed '1!G;h;$!d'
 grep         |  sed '/patt/!d'
 grep -v      |  sed '/patt/d'
 head         |  sed '10q'
 head -1      |  sed 'q'
 tail         |  sed -e ':a' -e '$q;N;11,$D;ba'
 tail -1      |  sed '$!d'
 tail -f      |  sed -u '/./!d'
 cut -c 10    |  sed 's/\(.\)\{10\}.*/\1/'
 cut -d: -f4  |  sed 's/\(\([^:]*\):\)\{4\}.*/\2/'
 tr A-Z a-z   |  sed 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/'
 tr a-z A-Z   |  sed 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'
 tr -s ' '    |  sed 's/ \+/ /g'
 tr -d '\012' |  sed 'H;$!d;g;s/\n//g'
 wc -l        |  sed -n '$='
 uniq         |  sed 'N;/^\(.*\)\n\1$/!P;D'
 rev          |  sed '/\n/!G;s/\(.\)\(.*\n\)/&\2\1/;//D;s/.//'
 basename     |  sed 's,.*/,,'
 dirname      |  sed 's,[^/]*$,,'
 xargs        |  sed -e ':a' -e '$!N;s/\n/ /;ta'
 paste -sd:   |  sed -e ':a' -e '$!N;s/\n/:/;ta'
 cat -n       |  sed '=' | sed '$!N;s/\n/ /'
 grep -n      |  sed -n '/patt/{=;p;}' | sed '$!N;s/\n/:/'
 cp orig new  |  sed 'w new' orig
 hostname -s  |  hostname | sed 's/\..*//'

This will avoid tor failing if the configuration if invalid, I wanted to do this anyway as a sudoedit or doasedit for the TUI, but the priority right now is where it is more used, on the CLI.

-f FILE
Specify a new configuration file to contain further Tor configuration options OR pass - to make Tor read its configuration from standard input. (Default: @CONFDIR@/torrc, or $HOME/.torrc if that file is not found)

--verify-config
Verify the configuration file is valid.

So design is:
Copy torrc to "${TMPDIR:-/tmp}", make the changes there.

"${exec_cmd_alt_user}" cp "${tor_conf}" "${TMPDIR:-/tmp}"

Modify scripts to alter the the torrc on the tmp dir.

Verify it with:

"${exec_cmd_alt_user}" -u "${tor_user}" -f "${TMPDIR:-/tmp}/torrc" --verify-config

If valid, reload, if not, abort with error message.

Is your feature request related to a problem? Please describe.

If socket is empty, it will default to unix socket.
If port is empty, will default to 80 because that works with unix socket as each sock file has a different name.
That is not gonna work with tcp because each local port must be different.
Address will be localhost, but port I don't know yet what to do to be as simple as possible.

Describe the solution you'd like

Random available high number local ports for the tcp target, virtual port will still be 80.

Describe alternatives you've considered

Investigate how OnionShare with socket.io handles ports

https://github.com/nyxnor/onionservice/blob/a9975390c9cecc2f9c2153941821d13ab596ef60/onionservice-cli#L420

Issue
If I'm not wrong, the format of the content of the public key, which is stored on the machine running the Onion Service (server), is the following:
<auth-type>:<key-type>:<base32-encoded-public-key>
Example: descriptor:x25519:N2NU7BSRL6YODZCYPN4CREB54TYLKGIE2KYOQWLFYC23ZJVCE5DQ

Because grep is searching for :descriptor:x25519:, it will not list the file's content.

Describe the solution you'd like
Change the above linked row to the following:
printf %s"# Content: $(sudo -u "${TOR_USER}" grep "descriptor:x25519:" "${DATA_DIR_SERVICES}"/"${SERVICE}"/authorized_clients/"${AUTH}")\n"

Additional remarks
Would you please double-check if I didn't confuse something?
Pull request may follow.

Describe the bug

radio24/TorBox#146

To Reproduce

Expected behavior

Terminal output

Screenshots

Please complete the following specifications:

Additional context

Describe the bug

131 occurences on the cli, instead, just call the script as root

check readability and writability of tor_conf and tor_data_dir

To Reproduce

Expected behavior

Terminal output

Screenshots

Please complete the following specifications:

Additional context

see https://trac.torproject.org/projects/tor/ticket/28619

My doubt is / How can I:

@radio24 Have you encountered any problems/incompatibilities translating from whiptail to dialog? If no, I can make the menu also become a whiptail, else, might have to study to make them compatible in the code.

Is your feature request related to a problem? Please describe.

These options were not included before because they are non essential and common users don't need. It is only necessary for high traffic onion services.

https://2019.www.torproject.org/docs/tor-manual-dev.html.en

• HiddenServiceExportCircuitID
• HiddenServiceMaxStreams N
• HiddenServiceMaxStreamsCloseCircuit 0|1
• HiddenServiceNumIntroductionPoints NUM

Discarded HiddenServiceNonAnonymousMode and HiddenServiceSingleHopMode because I don't like it.

Describe the solution you'd like

• HiddenServiceExportCircuitID: only one protocol, wont have an argument, if option is set, use it.
• HiddenServiceMaxStreams: requires the number of maximum streams
• HiddenServiceMaxStreamsCloseCircuit: depends on max streams, and if setting max streams, than of course you want to close circuits after reaching it, or I guess, I don't have access to a high traffic service.
• HiddenServiceNumIntroductionPoints: requires integer, from 3 to 20.

Describe alternatives you've considered

Additional context

Describe the bug

• mkdir -v - (verbose) is not posix and not present on OpenBSD mkdir, remove this.
• usermod -a - (append) does not exist, usermod is not posix but present on probably every unix. I
• basez - it does not exist on OpenBSD, a port is being made
• qrencode - OpenBSD calls the package libqrencode, but calls the command qrencode. This means that the requirement will become libqrencode but the command will remain as qrencode, this currently fails on setup because it does command -v libqrencode and I should refer to the qrencode with a case statement.
• nginx and apache fails to be detected because they are not in /usr/sbin/ as on debian, but on /usr/local/sbin. I had to hardcode the path of the webserver because on debian, command -v nginx does not output anything as the process is on a restricted system folder. command -v nginx works on openbsd, so I would first try with command -v then if-else to the next individual tests if failed before.
• nginx the /etc/nginx exists, but not the /etc/nginx/sites-{available,enabled}. This means the /etc/nginx/nginx.conf has to be modified to include the directory with include /etc/nginx/modules-enabled/*.conf; - ABANDONED, will substitue for httpd on OpenBSD
• sha256sum does not exist on openbsd, it is called sha256. It is used to show backup hash sum. It comes already installed on openbsd and debian but they have a different command name. best fix is to test if it exists and fallback to the second option and then fall to not using it.

Terminal output

Screenshots

Please complete the following specifications:

OpenBSD 7.0
Ksh v5.2.14 99/07/13.2

more info
the /etc/onionjuggler.conf:

privilege_command="doas"
tor_user="_tor"
tor_service="tor"
pkg_mngr_install="pkg_add"
requirements="tor grep sed openssl basez git libqrencode pandoc lynx tar pyt-stem nginx dialog"