Jonah :ptshield:  

@MasTorDon that's too bad. I've been thinking about adding Tor federation to *this* server in the future but it's not very well documented.

1
MasTorDon  

@jonah the main problem is ssl / https is so hard-coded into mastodon. Self assigned certs will give an error that to most non tech people will think they're being hacked. And digicert is not worth it unless theres a decent sized community willing to chip in for the cost. Other than that its documented here docs.joinmastodon.org/administ

And login (as most things) works if ssl is disabled on a mastodon file as follows gist.github.com/hcmiya/40f3810.

SSL is not needed for hidden services

1
Jonah :ptshield:  

@MasTorDon yeah I did see that documentation.

I'm less interested in serving this web interface over a .onion address, and more interested in the ability for this instance to federate with other onion-only instances (are there any?) but *that* is what is less documented.

1
MasTorDon
Follow

@jonah It seems standalone as federation requires ssl. But in theory they could but everyone would have to run a dedicated fork that completely strips ssl or accept each other's self-assigned certs or the very unlikely scenario everyone pays for digicert certs.

· · Musky · 1 · 0 · 0
Jonah :ptshield:  

@MasTorDon this is why I really want Let's Encrypt to start supporting .onion domains. Not Mastodon only necessarily, but there's a lot of use-cases where HTTPS is required.

1
Sign in to participate in the conversation
Mastodon 🔐 privacytools.io

Fast, secure and up-to-date instance. PrivacyTools provides knowledge and tools to protect your privacy against global mass surveillance.

Website: privacytools.io
Matrix Chat: chat.privacytools.io
Support us on OpenCollective, many contributions are tax deductible!

Resources

Developers

What is Mastodon?

social.privacytools.io

More…