Tor can free people from the necessity of a domain, in addition to helping protect their privacy. As Pleroma's goal is to empower the people and let as many as possible host an instance with as little resources as possible, the ability to host an instance with a small, cheap computer like a RaspberryPi along with Tor, would be a great way to achieve that.
In addition, federating with such instances will also help furthering that goal.
This is a guide to show you how it can be easily done.
This guide assumes you already got Pleroma working, and that it's running on the default port 4000.
Currently only has an Nginx example.
To install Tor on Debian / Ubuntu:
apt -yq install tor
If using an old server version (older than Debian Stretch or Ubuntu 18.04), install from backports or PPA.
I recommend using a newer server version instead.
To have the newest, V3 onion addresses (which I recommend) in Debian, install Tor from backports.
If you do not have backports, uncomment the stretch-backports links at the end of /etc/apt/sources.list.
apt updateapt -t stretch-backports -yq install tor
WARNING: Onion instances not using a Tor version supporting V3 addresses will not be able to federate with you.
Create the hidden service for your Pleroma instance in /etc/tor/torrc:
HiddenServiceDir /var/lib/tor/pleroma_hidden_service/HiddenServicePort 80 127.0.0.1:8099HiddenServiceVersion 3 # Remove if Tor version is below 0.3 ( tor --version )
Restart Tor to generate an adress:
systemctl restart firstname.lastname@example.org
Get the address:
Next, edit your Pleroma config.
If running in prod, cd to your Pleroma directory, edit config/prod.secret.exs
and append this line:
In addition to that, replace the existing nginx config's contents with the example below.
Existing Instance (Clearnet Instance)
If not a Tor-only instance,
add the nginx config below to your existing config at /etc/nginx/sites-enabled/pleroma.nginx.
For both cases, disable CSP in Pleroma's config (STS is disabled by default) so you can define those yourself seperately from the clearnet (if your instance is also on the clearnet).
Copy the following into the config/prod.secret.exs in your Pleroma folder (/home/pleroma/pleroma/):