Major rework -> v4

setup.py

@@ -20,7 +20,6 @@
         description='Web Interface for TOR relay',
         install_requires=[
             'psutil',
-            'configparser',
             'stem',
             'bottle>=0.12.8',
         ]

systemd/theonionbox.service

@@ -0,0 +1,20 @@
+# Contribution by svengo
+# https://github.com/ralphwetzel/theonionbox/issues/24
+
+# Run The Onion Box as background service
+# https://github.com/ralphwetzel/theonionbox/
+
+[Unit]
+Description=The Onion Box
+Documentation=https://github.com/ralphwetzel/theonionbox/wiki
+After=network.target
+
+[Service]
+Type=simple
+User=theonionbox
+WorkingDirectory=~
+ExecStart=/srv/theonionbox/theonionbox.py --mode=service
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target

theonionbox/config/theonionbox.example

@@ -0,0 +1,240 @@
+## Configuration File for TheOnionBox
+## Latest Modification: 20170618 while preparing v4.0
+
+
+[config]
+## v4.0 will only support version = 2
+protocol = 2
+
+
+[TheOnionBox]
+## Address of your Onion Box:
+## This defaults to 0.0.0.0 to listen on all interfaces.
+# host = 0.0.0.0
+## If 'localhost', connections are limited to the local system.
+# host = localhost
+## Of course you may define a dedicated IP4 address as well.
+# host = your.IP.4.address
+
+## Port for the Web Server
+## Defaults to 8080, which should be fine in most cases!
+# port = 8080
+
+## To define the lower threshold for the notification system:
+## Messages (of the Box) with at least this level will be forwarded to the attached clients.
+## Possible setting are DEBUG, INFO, NOTICE, WARNING, ERROR
+## Defaults to NOTICE, case insensitive
+## To 'DEBUG' or 'TRACE' the box you have to set the respective commandline parameters!
+# message_level = NOTICE
+
+## Per default, the Box operates at the root level of a domain e.g. http://localhost:8080/.
+## If you intend to operate it (behind a proxy!) at a deeper level (e.g. @ http://my.server.com/theonionbox/)
+## you have to define that base path here. You are not limited to a single path element.
+## Please assure that this is an absolute filepath yet without the domain:port, beginning with a leading slash,
+## no trailing slash, no quotation marks:
+# base_path = /theonionbox
+
+## The acceptable duration in seconds between two communication events of a client to the Box.
+## If this duration is exceeded, the Box will expire the session. Default is 300 (seconds).
+# session_ttl = 300
+## Note: This is applicable for login procedures as well as monitoring activities.
+## Note: The minimum duration accepted == 30, max == 3600. Values will be forced into that range.
+
+## Shall we operate with SSL?
+## Note: To actually make this running, you have to create a valid ssl certificate first:
+## So run e.g.
+## openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes
+##
+## DON'T distribute this combined private/public key to clients!
+## (see http://www.piware.de/2011/01/creating-an-https-server-in-python/#comment-11380)
+##
+## ssl = yes    # deprecated 20170218
+## Just set ssl_certificate & ssl_key to enable ssl mode!
+## The file that holds the Certificate!
+# ssl_certificate = server.pem
+## The file that holds the Key!
+# ssl_key = private_key.pem
+
+## When a NTP server is provided
+## we use it's time signal to compensate for the server's clock deviations
+# ntp_server = pool.ntp.org
+# ntp_server = fritz.box
+
+## Tor ships with the GeoIPLight2 Country DB
+## If you're interested in a more precise indication, you should install the GeoIP City DB
+## e.g. from http://dev.maxmind.com/geoip/geoip2/geolite2/ and define here the path to the db file.
+## Both flavours (Full or Light) are supported.
+# geoip2_city = path/to/geoip2/city/db.mmdb
+## Be aware that you need to install python module 'geoip2' as well to access those information.
+
+
+[Tor]
+## How shall we establish the connection to your primary (controlled) Tor node?
+## => via a ControlSocket (define additionally 'socket' parameter):
+# control = socket
+## => via a ControlPort (define additionally 'host' & 'port' parameter):
+# control = port
+## => via a Proxy (define a proxy via the [Proxy] section and set 'host' to an address reachable through this proxy):
+# control = proxy
+## Note: This defaults to control = port if not defined!
+
+## Address of this Tor instance
+## Do NOT use 'localhost' but 127.0.0.1 to connect locally
+## Defaults to 127.0.0.1
+# host = 127.0.0.1
+
+## ControlPort of this Tor instance
+## Default for a Relay (or Bridge)
+# port = 9051
+## Default for a TorBrowser
+# port = 9151
+## You may use 'default' (port = default) to test for 9051 (relay default) and 9151 (browser default)
+# port = default
+## Note: This defaults to port = default if not defined!
+
+## ControlSocket of this Tor instance
+# socket = /var/run/tor/control
+
+## Timeout when connecting to Tor.
+## Usually the connection should be established very quick;
+## you may increase this if connecting to very remote systems.
+# timeout = 5
+
+## The Number of Seconds we keep the connection to
+## Tor open after the last user disconnected.
+## Hint: The minimum reasonable TTL is > 30(s)
+## Defaults to 30 (seconds)
+## eg. 1 day
+# ttl = 86400
+## eg. 1 hour
+# ttl = 3600
+## eg. forever
+# ttl = -1
+
+## Switches to preserve the messages of the Relay
+## Up to 400 messages (total) will be preserved
+## The severity of these messages can be defined here
+## There's one switch for ERR, WARN & NOTICE
+## The default setting is 'on' for all of these
+## There's NO switch for INFO & DEBUG (as this would flood the memory without true value)
+## Live - transmission of messages can be switched on/off in the client
+# tor_preserve_ERR = no
+# tor_preserve_WARN = no
+# tor_preserve_NOTICE = no
+
+
+[TorProxy]
+## Note: Operation via a proxy given by a unix domain socket is (as of 04/2017) not supported!
+
+## If you establish connection cookies for hosts to be controlled via the control center, there is the need
+## to verify that those cookies are defined. To perform the verification, we need valid control port
+## settings of the node acting as proxy:
+## How shall we establish the connection to the node?
+## => via a ControlSocket (define additionally 'socket' parameter):
+# control = socket
+## => via a ControlPort (define additionally 'port' parameter):
+# control = port
+## You may use control = default to operate with [Tor]control
+## Note: This defaults to control = default if not defined!
+
+## Address of the proxy to use
+## Do NOT use 'localhost' but 127.0.0.1 to connect locally
+## You may use 'default' (host = default) to use [Tor]host
+# host = default
+# host = 127.0.0.1
+## Note: This defaults to host = default if not defined!
+
+## Port for the proxy
+## Default for a Relay (or Bridge)
+# proxy = 9050
+## Default for a Tor Browser
+# proxy = 9150
+## You may use 'default' (proxy = default) to test for 9050 (relay default) and 9150 (browser default)
+# proxy = default
+## Note: This defaults to proxy = default if not defined!
+
+## ControlPort of the proxy Tor node
+## Default for a Relay (or Bridge)
+# port = 9051
+## Default for a Tor Browser
+# port = 9151
+## You may use 'default' (port = default) to test for 9051 (relay default) and 9151 (browser default)
+# port = default
+## Note: This defaults to port = default if not defined!
+
+## ControlSocket of the proxy Tor node
+# socket = /var/run/tor/control
+## You may use 'default' (socket = default) to use [Tor]socket
+# socket = default
+## Note: This defaults to socket = default if not defined!
+
+
+#####
+## Those are the Tor nodes to be controlled with the control center
+## Note: You must not name any of the following sections 'config', 'TheOnionBox', 'Tor' or 'TorProxy'.
+
+
+## Define one section per node:
+# [myControlledNode]
+
+## Alternatively: Beginning the section identifier with '#' indicates a nickname;
+## if you later omit the 'nick' parameter, the nickname will be derived from the section identifier.
+# [#myControlledNode]
+## If you intend to define several ways to connect to this node,
+## add whatever you like after a ':' to distinguish the sections:
+# [#myControlledNode:2]
+
+## Alternatively: You can use the fingerprint (with preceding '$') as section identifier.
+## Ensure a length of 41 characters: '$' + fingerprint[40];
+## if you later omit the 'fp' parameter, the fingerprint will be derived from the section identifier.
+# [$5COOL5C30AXX4B3DE460815323967087ZZ53D947]
+## If you intend to define several ways to connect to this node,
+## add whatever you like after a ':' to distinguish the sections:
+# [$5COOL5C30AXX4B3DE460815323967087ZZ53D947:2]
+
+
+## How shall we establish the connection to this node?
+## => via a ControlSocket (define additionally 'socket' parameter):
+# control = socket
+## => via a ControlPort (define additionally 'host' & 'port' parameter):
+# control = port
+## => via a Proxy (define a proxy via the [Proxy] section and set 'host' to an address reachable through this proxy):
+# control = proxy
+## Note: There is no default setting. If not defined, this section (and thus the node) will be ignored.
+
+## IP Address of this Tor node
+# host = 127.0.0.1
+## You may as well define an onion or http address
+# host = takeonionaddress.onion
+## Note: There is no default setting.
+
+## ControlPort of this Tor node
+## Default for a Relay (or Bridge)
+# port = 9051
+## Note: There is no default setting.
+
+## This is only relevant for very rare setups - yet if you like, you may use it!
+## ControlSocket of this Tor node
+# socket = /var/run/tor/control
+## Note: There is no default setting.
+
+## Hidden Service connections my be secured by definition of a authorization cookie.
+## To operate via those connections, you may define this cookie here.
+## For further details refer to 'HiddenServiceAuthorizeClient' on https://www.torproject.org/docs/tor-manual.html
+# cookie = xuseyourcookieherexTOB
+## The Box will ensure that the cookie is registered before establishing the connection.
+## Note: There is no default setting.
+
+## The nickname of this node
+# nick = myControlledNode
+## Defining a nickname here overrides a nickname defined as the name of the section.
+## Note: The Box is able to retrieve the nickname itself,
+##       yet defining nickname (and fingerprint) parameters saves onionoo queries.
+## Note: There is no default setting.
+
+## The fingerprint of this node
+# fp = $5COOL5C30AXX4B3DE460815323967087ZZ53D947
+## Defining a fingerprint here overrides a fingerprint defined as the name of the section.
+## Note: The Box is able to retrieve the fingerprint itself,
+##       yet defining fingerprint (and nickname) parameters saves onionoo queries.
+## Note: There is no default setting.