ref: a3ba218efef2773e5826b94d9ca3c096795b3ddc negativefour/docs/phase-1.md -rw-r--r-- 2.4 KiB
a3ba218eZeke Medley Fix race condition between apache restart and status check 8 months ago

#Phase 1 Spec

Goal: Noah and my websites should be hosted on the service.


  • Point system towards git repo and clone / place it in filesystem.
  • name.negativefour.com points towards hosted website.
  • A .union address is created.


  1. I can host multiple webpages on a server using a wildcard dns record. Writeup here.
  2. I can install ssl certificates for *.negativefour.com. See "Configuring SSL" in the link above.
  3. I can create a .union address for a webpage running locally using stem.
    • I'm not convinced that using stem is actually preferable to just modifying the torrc config.

#Configuration process

  1. Determine the name of the user.
  2. Clone a git repo and place its contents in /home/admin/www/html/<name>.negativefour.com/
  3. Determine what internal port to use for the hidden service.
  4. Write the relevant config information to our /etc/tor/torrc
  5. Determine the hostname that tor assigned the union service.
  6. Using the internal port and hostname create an appache config file called a config file called /etc/apache2/sites-available/<name>.negativefour.com.


Down the line I see there being three services involved here.

  1. serve - serves static webpages.
  2. build - clones and builds webpages into static files.
  3. think - serves frontend and manages api calls to serve and build.

Here, we are designing serve. Serve will take a link to a tarball containing a static website, and a name. It will then download that tarball and deploy the website at <name>.negativefour.com.


HTML form with the website name and a tarball with the website inside seems like a fine approach.


Run at serve.negativefour.com. Listens for incoming requests and:

  1. Unpacks the provided tarball.
  2. Places the unpacked tarball in /home/admin/www/<NAME>/.
  3. Chooses a number for the site where the hidden service port will be.
  4. Creates the hidden service.
  5. Finds the url of the hidden service.
  6. Creates an apache2 config file for the service in /etc/apache2/sites-available/<NAME>.conf using the hidden service hostname.
  7. Enables the webpage.

stretch: creates a SSL cert if name is not part of *.negativefour.app.


This can be insanely dumb. Just a html form with the name and tarball.