GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
MEEK-SERVER(1)   MEEK-SERVER(1)

meek-server - The meek server transport plugin

meek-server --acme-hostnames=HOSTNAME [OPTIONS]

meek-server is a transport plugin for Tor that encodes a stream as a sequence of HTTP requests and responses.

You will need to configure TLS certificates. There are two ways to set up certificates:

--acme-hostnames=HOSTNAME (with optional --acme-email=EMAIL) will automatically get certificates for HOSTNAME using Let’s Encrypt. When you use this option, meek-server will need to be able to listen on port 80.

--cert=FILENAME and --key=FILENAME allow use to use your own externally acquired certificate.

Configuration for meek-server usually appears in a torrc file. Here is a sample configuration using automatic Let’s Encrypt certificates:

ExtORPort auto
ServerTransportListenAddr 0.0.0.0:443
ServerTransportPlugin meek exec ./meek-server --acme-hostnames meek-server.example --log meek-server.log

Here is a sample configuration using externally acquired certificates:

ExtORPort auto
ServerTransportListenAddr meek 0.0.0.0:8443
ServerTransportPlugin meek exec ./meek-server 8443 --cert cert.pem --key key.pem --log meek-server.log

To listen on ports 80 and 443 without needed to run as root, on Linux, you can use the setcap program, part of libcap2:

setcap 'cap_net_bind_service=+ep' /usr/local/bin/meek-server

--acme-email=EMAIL
Optional email address to register for Let’s Encrypt notifications when using --acme-hostnames.

--acme-hostnames=HOSTNAME[,HOSTNAME]...

Comma-separated list of hostnames to honor when getting automatic certificates from Let’s Encrypt. meek-server will open a special listener on port 80 in order to handle ACME messages; this listener is separate from the one specified by ServerTransportListenAddr. The certificates will be cached in the pt_state/meek-certificate-cache directory inside tor state directory.

--cert=FILENAME

Name of a PEM-encoded TLS certificate file. Required unless --acme-hostnames or --disable-tls is used.

--disable-tls: Use plain HTTP rather than HTTPS. This option is only for testing purposes. Don’t use it in production.

--key=FILENAME: Name of a PEM-encoded TLS private key file. Required unless --acme-hostnames or --disable-tls is used.

--log=FILENAME

Name of a file to write log messages to (default stderr).

--port=PORT

Port to listen on. Overrides the TOR_PT_SERVER_BINDADDR environment variable set by tor. In most cases you should set the ServerTransportListenAddr option in torrc, rather than use the --port option.

-h, --help

Display a help message and exit.

https://trac.torproject.org/projects/tor/wiki/doc/meek

Please report at https://trac.torproject.org/projects/tor.
01/17/2019  
Search for    or go to Top of page |  Section 1 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.