search
githubEdit

Visit and host havens

Havens are anonymously hosted services, similar to onion services in Torarrow-up-right. By hosting a haven, you can serve a TCP service, like a website, IRC server, or similar. Both you and your users will then be protected by Earendil's anonymity and censorship-resistance guarantees.

This tutorial will teach you how to use and host basic Earendil havens.

hashtag
Visit havens

You can access HTTP-based havens right in your browser. Paste the following config file into the "Settings" tab of your Earendil GUI:

out_routes:
  example-relay-free:
    connect: 62.210.93.59:12345
    fingerprint: 4b7a641b77c2d6ceb8b3fecec2b2978dfe81ae045ed9a25ed78b828009c4967a
    obfs:
      sosistab3: "randomly-generated-cookie-lala-doodoo"
    price_config:
      inbound_price: 0
      inbound_debt_limit: 0
      outbound_max_price: 0
      outbound_min_debt_limit: 0

Then, set your browser to use localhost:30003 as a SOCKS5 proxy. For Firefox this looks like:

image

Try visiting

like you would any ordinary website. You should be greeted with:

image

You just visited your first Earendil haven! With this setup, you can visit any Earendil haven you know the address to.

circle-info

All Earendil haven websites are HTTP only, since certificate authorities generally do not issue certificates to .haven domains. HTTPS is unnecessary because Earendil traffic is already encrypted.

hashtag
Host havens

As an introduction to hosting havens, let's host a website as a haven.

hashtag
Start a localhost web server

First, set up a web server that listens on port 8000. For our example, we'll use Nginx.

  1. Install Nginx if it's not already installed.

  2. In the nginx config file (most likely located at /etc/nginx/nginx.conf), look for a section that configures a server listening on 8000, and change that to the following:

  1. Start your Nginx server. On Linux: systemctl start nginx

  2. You should now be able to see your server on localhost:8000!

hashtag
Set up the haven

Paste this config file into your Earendil GUI's "Settings" tab:

  • identity_file: a writable path for storing your haven's identity secret

  • rendezvous is the fingerprint of your chosen rendezvous relay. This is a relay node that is responsible for receiving and forwarding all the messages meant for your haven, so that your IP address can be kept private from clients of your haven. All havens must have a rendezvous relay; you can read more about the haven protocol's architecture herearrow-up-right. For this example, we’ll use the same test relay that we bootstrapped with throughout this tutorial.

  • handler specifies how to handle traffic to the haven. Here, we use TCP port forwardingarrow-up-right to forward all haven traffic to the web server on port 8000.

Start Earendil, and find your haven's address in the "Dashboard" tab:

circle-info

In the CLI version, you can get your haven's address with

You should see something like:

In our example, qcmnt2mbchhanm7fzacybswzknbsw3zp is your haven's fingerprint, and 12345 is its dock number (analogous to TCP port number).

People can now find your haven at http://<your-haven-fingerprint>.haven:<your-haven-dock>!

Last updated