Update netcheck onions to v3

added docker and VPS documentation

.dockerignore

@@ -1,4 +1,6 @@
 onionr/data/**/*
 onionr/data
-RUN-WINDOWS.bat
 MY-RUN.sh
+Dockerfile
+.dockerignore
+.git

.env

@@ -1 +1 @@
-PYTHONPATH=./venv/bin/python3.8
+PYTHONPATH=./venv/bin/python

.gitignore

@@ -13,11 +13,11 @@ src/data/*
 src/data-backup/*
 run.sh
 src/.onionr-lock
-
+daemon-true.txt
 .vscode/tags
 .vscode/settings.json
 
-venv/*
+venv*
 src/fs*
 src/tmp/*
 testdata/*
@@ -40,3 +40,5 @@ src/data/*.log
 onionr-*.pkg.tar.gz
 pkg/
 spawnnodes.py
+
+static-data/tor-node-list.dat

CHANGELOG.md

@@ -5,9 +5,44 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [Unreleased]
+## [8.0.1] - 2020-12-22
+
+* Fix subprocess in 3.9x with dumb hack
+* Dependency bumps
+
+## [8.0.0] - 2020-12-04
+
+* Decrease PoW until better implementation is made
+
+
+## [7.2.0] - 2020-12-03
+
+* Purge blocks not meeting current pow on startup
+* Check block POW before LAN sync
+* WSL fixes
+
+## [7.1.0] - 2020-11-23
+
+* Check for ownership of existing dirs in createdirs, this prevents the rare edge case where a user might use a home directory in a location an attacker could write (allowing arbitrary code execution via plugins). This was already partially mitigated by the chmod of the home directory in any case, but this further fixes the issue.
+
+## [7.0.0] - 2020-11-22
+
+* Removed communicator timers
+* Removed direct connections and chat (these will be either plugins or separate programs/processes in the future)
+
+
+## [5.1.0] - 2020-09-07
+
+* Moved plugin web files to be in the plugin folder to reduce staticfiles blueprint coupling
+* Added basic sidebar on index page
+* Many bug fixes
+
+
+## [5.0.1] - 2020-08-08
+
+* bumped deadsimplekv to 0.3.2
+* bumped urllib3 to 1.25.10
 
 ## [5.0.0] - 2020-07-23
 
 - Removed single-process POW support (was only needed on Windows)
-

Dockerfile

@@ -1,28 +1,31 @@
-FROM python
+FROM python:3.7
+EXPOSE 8080
+
+USER root
+
+RUN mkdir /app
+WORKDIR /app
 
-#Base settings
-ENV HOME /root
+ENV ONIONR_DOCKER=true
 
 #Install needed packages
-RUN apt update && apt install -y  tor locales
+RUN apt-get update && apt-get install -y tor locales
 
 RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
     locale-gen
-ENV LANG en_US.UTF-8  
-ENV LANGUAGE en_US:en  
-ENV LC_ALL en_US.UTF-8  
+ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8
 
-WORKDIR /srv/
-ADD ./requirements.txt /srv/requirements.txt
+ADD ./requirements.txt /app/requirements.txt
 RUN pip3 install --require-hashes -r requirements.txt
 
-WORKDIR /root/
 #Add Onionr source
-COPY . /root/
-VOLUME /root/data/
+COPY . /app/
 
-#Set upstart command
-CMD bash
+VOLUME /app/data/
 
-#Expose ports
-EXPOSE 8080
+#Default to running as nonprivileged user
+RUN chmod g=u -R /app
+USER 1000
+ENV HOME=/app
+
+CMD ["bash", "./run-onionr-node.sh"]

ISSUE_TEMPLATE.md

@@ -5,8 +5,9 @@
 # Steps to Reproduce
 
 # Version Information
-Onionr: 
-OS: 
-Python: 
-Tor: 
-I2P: 
+
+* Onionr: 
+* OS: 
+* Python: 
+* Tor: 
+* CPU:

README.md

@@ -11,9 +11,9 @@
     Anonymous social platform, mail, file sharing.
 </p>
 
-<img src='https://img.shields.io/github/license/beardog108/onionr'> <img src='https://gitlab.com/beardog/Onionr/badges/master/build.svg'> <img src='https://img.shields.io/badge/python%20version%20%F0%9F%90%8D-3.7+-blue'> <img src='https://img.shields.io/github/commit-activity/m/beardog108/onionr'>
+<img src='https://img.shields.io/github/license/beardog108/onionr'> <img src="https://img.shields.io/github/repo-size/beardog108/onionr"> <img src='https://img.shields.io/badge/python%20version%20%F0%9F%90%8D-3.7+-blue'> <img src='https://img.shields.io/github/commit-activity/m/beardog108/onionr'>
 
-<a href='https://www.reddit.com/r/onionr'><img src = 'https://img.shields.io/reddit/subreddit-subscribers/onionr?style=social'></a> <a href='https://twitter.com/onionrnet'><img src='https://img.shields.io/twitter/follow/onionrnet?style=social'></a>
+<a href='https://www.reddit.com/r/onionr'><img src = 'https://img.shields.io/reddit/subreddit-subscribers/onionr?style=social'></a> <a href='https://twitter.com/onionrnet'><img src='https://img.shields.io/twitter/follow/onionrnet?style=social'></a> - [Discord](https://discord.gg/DVF2bEAzrt) - Matrix: #onionr:amorgan.xyz
 
 |                                      |                            |                            |
 | -----------                          | -----------                | -----------                |
@@ -21,7 +21,7 @@
 | [Docs](#documentation)/[web copy](https://beardog108.github.io/onionr/)               | [Get involved](#help-out)  | [Onionr.net](https://onionr.net/)/[.onion](http://onionrbak72t5zhbzuey2fdkpczlvhowgcpqc6uoyrd3uxztzxwz5cyd.onion/)                  |
 
 
-<hr>
+---
 
 **The main repository for this software is at https://git.VoidNet.tech/kev/onionr/**
 
@@ -30,19 +30,25 @@ Mirrors: [Github](https://github.com/beardog108/onionr), [Gitlab](https://gitlab
 
 Onionr ("Onion Relay") is a decentralized/distributed peer-to-peer communication network, designed to be anonymous and resistant to (meta)data analysis, spam, and corruption.
 
-Onionr stores data in independent packages referred to as 'blocks'. The blocks are distributed to all interested nodes. Blocks and user IDs cannot be easily proven to have been created by a particular user. Even if there is enough evidence to believe that a specific user created a block, nodes still operate behind Tor and as such cannot be trivially unmasked. Anonymity is achieved by a stateless network, with no given indication of what node a block originates from. Through message mixing and key privacy, it is intended to be nigh impossible to discover the identity of a message creator or recipient.
+Onionr gives the individual the ability to speak freely, without fear of surveillance and censorship.
 
-Via long-term traffic analysis, a well funded adversary may discover the most probable node(s) to be creating a set of related blocks, however doing so would only lead them to a node behind Tor. As the first node that a block appears on is almost always not the creator of the block, there is plausible deniability regarding the true creator of the block.
+---
 
-Onionr gives the individual the ability to speak freely, without fear of surveillance and censorship.
+Onionr stores data in independent packages referred to as 'blocks'. The blocks are distributed to all nodes interested in their data type. Blocks and user IDs cannot be easily proven to have been created by a particular user. Even if there is enough evidence to believe that a specific user created a block, nodes still operate behind Tor and as such cannot be trivially unmasked. Anonymity is achieved by a stateless network, with no given indication of what node a block originates from. In fact, since one is not required to participate in routing or storage to insert a message, blocks often do not originate from any identifiable node.
+
+Onionr works primarily via epidemic/gossip style routing, with message delivery taking roughly log<sub>F</sub>(N) cycles where F is the number of nodes to send a message to each cycle and N is the number of connected nodes. So a network of 100 million nodes can deliver messages in a few minutes even with high packet loss and malfunctioning nodes.
+
+Through message mixing and key privacy, it is intended to be nigh impossible to discover the identity of a message creator or recipient. Via long-term traffic analysis, a well funded adversary may discover the most probable node(s) to be creating a set of related blocks, however doing so would only lead them to a node behind Tor. As the first node that a block appears on is almost always not the creator of the block, there is plausible deniability regarding the true creator of the block.
 
 Users are identified by ed25519/curve25519 public keys, which can be used to sign blocks or send encrypted data.
 
 Onionr can be used for mail, as a social network, instant messenger, file sharing software, or for encrypted group discussion.
 
+Due to the nature of anonymity, the graph as implemented in this reference network is dense, undirected, cyclic and can be disconnected. Since Onionr is technically just a data format, any routing scheme can be used to pass messages.
+
 The whitepaper is available [here](docs/whitepaper.md).
 
-![Tor stinks slide image](docs/tor-stinks-02.png)
+---
 
 ## Main Features
 
@@ -57,9 +63,9 @@ Onionr ships with various application plugins ready for use out of the box:
 
 Currently usable:
 
-* Mail
-* Public anonymous chat/message board
-* Simple webpage hosting - Will be greatly extended
+* 📨 Mail
+* 💬 Public anonymous chat/message board
+* 📃 Simple webpage hosting - Will be greatly extended
 * File sharing (Work in progress)
 
 Not yet usable:
@@ -67,13 +73,6 @@ Not yet usable:
 * Instant messaging
 
 
-
-## Watch the talk from BSidesPDX 2019
-
-<a href="https://invidio.us/watch?v=mrULtmSkKxg">
-<img src="docs/talk.png" alt="improving anonymous networking talk link" width="600">
-</a>
-
 # Screenshots
 
 <img alt='Node statistics page screenshot' src='docs/onionr-1.png' width=600>
@@ -92,19 +91,22 @@ Encrypted, metadata-masking mail application. One of the first distributed mail
 
 More docs coming soon.
 
-* [Block specification](docs/specs/block-spec.md)
-* [HTTP API](docs/http-api.md)
+* [Block specification](docs/dev/specs/block-spec.md)
+* [HTTP API](docs/dev/http-api.md)
 
 # Install and Run on Linux
 
-The following applies to Ubuntu Bionic. Other distros may have different package or command names.
+The following applies to Ubuntu Bionic. Other distributions may have different package or command names.
+
+Master may be unstable, you should use the latest release tag. (checkout via git: `$ git checkout release-latest`)
 
 `$ sudo apt install python3-pip python3-dev tor`
 
 * Have python3.7+, python3-pip, Tor (daemon, not browser) installed. python3-dev is recommended.
-* Clone the git repo: `$ git clone https://gitlab.com/beardog/onionr`
+* You may need build-essentials or the equivalent of your platform
+* Clone the git repo: `$ git clone https://gitlab.com/beardog/onionr --tags`
 * cd into install direction: `$ cd onionr/`
-* Install the Python dependencies ([virtualenv strongly recommended](https://virtualenv.pypa.io/en/stable/userguide/)): `$ pip3 install --require-hashes -r requirements.txt`
+* Install the Python dependencies ([virtualenv strongly recommended](https://virtualenv.pypa.io/en/stable/userguide/)): `$ pip3 install --require-hashes -r requirements.txt` (on ARM64 devices like Raspberry Pi 4's use requirements-ARM.txt instead.)
 * (Optional): Install desktop notification dependencies: `$ pip3 install --require-hashes -r requirements-notifications.txt`
 
 (--require-hashes is intended to prevent exploitation via compromise of PyPi/CA certificates)
@@ -117,11 +119,13 @@ The following applies to Ubuntu Bionic. Other distros may have different package
 * Gracefully stop Onionr from CLI `$ ./onionr.sh stop`
 
 
-# Contact
-
-Email: beardog [ at ] mailbox.org
+# Contact/Community
 
-Onionr Mail: `particularizing-zabaione-defuze-iodizer-saucepan-patientest-sell-waken-chifforobe-embonpoint-aquanaut-chambermaid-barky-fumer-jolt-biotic`
+* Email: beardog [ at ] mailbox.org
+* Twitter: [@onionrnet](https://twitter.com/onionrnet)
+* Onionr Mail: decentralized-fiery-freehearted-skimmer-yodling-topstitch-divorceable-ojibwa-resettlement-infracted-lessor-noninstinctual-leaseholder-counterpoised-couture-skinful
+* Matrix: #onionr:amorgan.xyz
+* Discord: https://discord.gg/DVF2bEAzrt (Discord is bad for freedom and privacy, this is only provided for convienience)
 
 # Help out
 
@@ -130,7 +134,7 @@ Everyone is welcome to contribute. Help is wanted for the following:
 * Development (Get in touch first)
     * Creation of a shared lib for use from other languages and faster proof-of-work
     * Android and IOS development
-    * Windows and Mac support (already partially supported, testers needed)
+    * Mac support (already partially supported, testers needed)
     * Bug fixes and development of new features
 * Testing
 * Translations/localizations
@@ -139,6 +143,12 @@ Everyone is welcome to contribute. Help is wanted for the following:
 * Security review/audit
 * I2P support
 
+## Watch the talk from BSidesPDX 2019
+
+<a href="https://www.youtube.com/watch?v=mrULtmSkKxg">
+<img src="docs/talk.png" alt="improving anonymous networking talk link" width="600">
+</a>
+
 ## Contribute money:
 
 Donating at least $3 gets you cool Onionr stickers. Get in touch if you want them.
@@ -146,11 +156,13 @@ Donating at least $3 gets you cool Onionr stickers. Get in touch if you want the
 ![sticker](docs/sticker.png)
 
 
-Bitcoin: [1onion55FXzm6h8KQw3zFw2igpHcV7LPq](bitcoin:1onion55FXzm6h8KQw3zFw2igpHcV7LPq) (Contact us for a unique address or for other coins)
+* Bitcoin: [1onion55FXzm6h8KQw3zFw2igpHcV7LPq](bitcoin:1onion55FXzm6h8KQw3zFw2igpHcV7LPq) (Contact us for a unique address or for other coins)
+
+* Monero: 4B5BA24d1P3R5aWEpkGY5TP7buJJcn2aSGBVRQCHhpiahxeB4aWsu15XwmuTjC6VF62NApZeJGTS248RMVECP8aW73Uj2ax
 
-Monero: 4B5BA24d1P3R5aWEpkGY5TP7buJJcn2aSGBVRQCHhpiahxeB4aWsu15XwmuTjC6VF62NApZeJGTS248RMVECP8aW73Uj2ax
+* USD (Card/Paypal (no account required)): [Ko-Fi](https://www.ko-fi.com/beardogkf)
 
-USD (Card/Paypal): [Ko-Fi](https://www.ko-fi.com/beardogkf)
+* Sign up for [privacy.com (refferal link)](https://privacy.com/join/FNNDF) to protect your personal information when contributing or shopping elsewhere, we both get $5 USD.
 
 Note: probably not tax deductible
 

docs/TODO.txt

@@ -15,5 +15,4 @@
 * add BCC support to mail
 
 
-* prevent local insertion success of duplicate block content
 * truncate last N blocks when sharing list

docs/dev/generating-requirements.txt.md

@@ -0,0 +1,19 @@
+# Generating requirements.txt
+
+To generate a requirements.txt file, install pip-tools from pip
+
+Onionr requirements files should have hashes to prevent backdooring by the pypi server.
+
+Put your package versions in requirements.in like normal. Child dependencies are usually not necessary:
+
+```
+requests==0.1.1
+flask==0.1.1
+```
+
+Then generate the requirements.txt:
+
+`$ pip-compile requirements.in --generate-hashes -o requirements.txt`
+
+
+Your requirements.txt will have hash-pinned requirements of all dependencies and child dependencies.

docs/dev/running-tests.md

@@ -0,0 +1,44 @@
+# Running Onionr tests
+
+Onionr has four types of tests:
+
+* unittests
+* integration tests
+* selenium tests (web tests)
+* runtime-tests
+
+
+## unittests
+
+Onionr uses Python's built in unittest module. These tests are located in tests/ (top level)
+
+Run all tests with `$ make test`, which will also run integration tests.
+
+Please note that one unittest tests if runtime-tests have passed recently. This is simply a forceful reminder to run those tests as well.
+
+You can also run a single unittest in a loop by using the script scripts/run-unit-test-by-name.py
+
+## integration tests
+
+These tests are pretty basic and test on stdout of Onionr commands.
+
+They are also run from `$ make test`
+
+The runtime-tests do most of the actual integration testing.
+
+## selenium tests
+
+These are browser automation tests to test if the UI is working as how it should for a user.
+
+There's only a couple and they're incomplete, so they can be ignored for now (test manually)
+
+## runtime-tests
+
+These are important. They look into the Onionr client Flask app when Onionr daemon is running and test a bunch of things.
+
+If you do it a lot you should make your own Onionr network (disable official bootstrap)
+
+You run this while the daemon is running (probably should make sure onboarding is done), with `$ onionr.sh runtime-test`
+
+It's necessary to do this before running `$ make test` for unittesting
+

docs/dev/security-mechanisms.md

@@ -0,0 +1,43 @@
+# Onionr Security Mechanisms
+
+
+## bigbrother 👁️
+
+Bigbrother is a cheeky module that uses Python3.8+ sys auditing events to log and/or block certain sensitive events.
+
+It has a little overhead, so one can disable it in config in general.security_auditing
+
+[ChaosWebs.net/blog/preventing-arbitrary-code-execution-in-python38-with-auditing.html](https://chaoswebs.net/blog/preventing-arbitrary-code-execution-in-python38-with-auditing.html)
+
+### Threat model
+
+It is intended to log bugs leaking private file system information, block+log network leaks, and block+log eval-like arbitrary code execution. It is not intended to block malicious browser scripts or malicious Python plugins. It cannot work with subprocesses that do not activate the module.
+
+It's not intended to be bulletproof by any means, but it helps.
+
+### What big brother does
+
+* Disk access checks for disk access outside. Only logs, does not block
+* Network leaks. (Non Tor/LAN) Blocks and logs
+* Arbitrary code execution: logs and blocks non-whitelisted bytecode importing/compiling and subprocesses.
+
+
+## Sybil attacks
+
+As with any decentralized network, sybil nodes could collude to spy or cause mayhem. Due to the gossip nature of Onionr, sybil nodes would have a hard time fully stopping the network. In terms of spying, they could not conclusively prove the origin of messages due to the multiple transport nature of the network and layering behind Tor/etc.
+
+## Tor configuration
+
+When managed by Onionr, Tor has a control port password that gets stored in Onionr config.
+
+Tor is also configured to reject requests to non-onion services, which helps to stop redirect based denial of service attacks.
+
+## Web security
+
+Onionr secures both it's main web APIs with anti-dns-rebinding logic, which validates the host header used in connections to it. This is to prevent exfiltration of data and side channel deanonymization.
+
+Onionr secures the client API with a token that must be passed in most requests, with the exception of static API files. This is to prevent CSRF and side channel deanonymization.
+
+Onionr binds most services to random loopback addresses to reduce all cross-site web attacks, including discovery of Onionr on a computer from a normal website. This is not supported on Mac because Mac does not support non 'typical' loopback addresses.
+
+Onionr has a strict content-security-policy, rejecting all non-localhost requests and denying inline scripts and similar insecure sources.

docs/dev/selected-papers.md

@@ -0,0 +1,9 @@
+# Interesting papers related to Onionr development
+
+A paper being listed here is not end-all-be-all endorsement of every detail inside.
+
+* [Epidemic Routing for Partially-Connected Ad Hoc Networks](https://web.archive.org/web/20200208074703/http://issg.cs.duke.edu/epidemic/epidemic.pdf)
+* [Freenet: A distibuted decentralized information storage and retrieval system](https://freenetproject.org/assets/papers/ddisrs.pdf)
+* [Protecting Free Expression Online with Freenet](https://freenetproject.org/assets/papers/ddisrs.pdf)
+* [Bitmessage: A Peer‐to‐Peer Message Authentication and Delivery System](https://archive.org/details/BitmessageWhitepaper/)
+* [MuON: Epidemic based Mutual Anonymity](https://web.archive.org/web/20060901153544/http://www.csl.mtu.edu/cs6461/www/Reading/MuON_ICNP2005.pdf)

docs/dev/setup.md

@@ -1,13 +1,72 @@
+<h1 align="center">Onionr Developer Guide</h1>
+
 This page assumes that Onionr is already installed and normal user requirements are setup.
 
 The Onionr development environment is simple. All one really needs is a supported Python version (currently 3.7-3.8 as of writing).
 
 There are additional requirements specified in requirements-dev.txt
 
-Intended to be used from VSCode, there are scripts in scripts/ named enable/disable-dev-config.py.
+**Developers agree to the [CoC](../../CODE_OF_CONDUCT.md) and to contribute new code under GPLv3 or later**. Developers should stick to PEP8 in most cases, and write unittests or integration tests where possible.
+
+## Developer Scripts
+
+run-onionr-node.py can be used to start a node with specific parameters
+
+Intended to be used from VSCode (but could work otherwise), there are scripts in scripts/ named enable/disable-dev-config.py.
 These make modifications to the default config for the purpose of making testing Onionr nodes easier.
 Be sure to disable it again before pushing work.
 
-Generally, one should disable bootstrap list usage when making non trivial changes. This is a config option: general.use_bootstrap_list.
+There are also scripts to generate new tests.
+
+*When adjusting PoW, it will make your node not compatible with the existing network*
+
+Generally, one should disable bootstrap list usage when testing non trivial changes. This is a config option: general.use_bootstrap_list. and can be configured through enable-dev-config.py and run-onionr-node.py
+
+
+# Current state of Onionr [2021-01-14]
+
+Onionr in it's current form is functional, albeit buggy.
+
+
+## Current major components
+
+Onionr runs via two main HTTP gevent servers serving Flask apps.
+
+Dir: apiservers
+
+* 1 Parent app hosts all public API endpoints for the Tor transport.
+* 1 Parent app hosts all UI-related files and endpoints. Some commands and internal modules interact with this API as well
+* The HTTP servers have strict anti-dns-rebinding and CSRF countermeasures, so there is a script to craft requests to the UI-related API in scripts/
+* Block storage is currently handled via metadata in sqlite (mostly defunct now), and block data storage in a different database. This is in blocks/ in running Onionr daemon data directory
+* cryptography is currently handled in onionrcrypto/ except for ephemeral messages which are handled by onionr
+* Transport clients run from looping threads mostly created in communicator/__init__.py, this includes block lookups and uploading on the Tor transport
+
+## Road map
+
+There are several big ways Onionr will be improved in the next major version:
+
+* Migration to the [new modular block system](https://git.voidnet.tech/kev/onionrblocks)
+    * Probability proof of work -> verifiable delay function
+    * Friend system built on top of signing proofs (Private networks?)
+* Gossip transport improvements such as with neighbor improvements. See streamfill/ and [simple gossip](https://github.com/onion-sudo/simplegossip) for incomplete experiments
+
+* Finish removing "communicator"
+* I2P transports
+    * Gossip
+    * Torrents (patch for sha1?)
+* Modular transports
+    * Currently transports are just threads coupled together.
+    * It would be better if there was a generic way to tell any loaded transport what blocks are wanted and feed back received blocks to the database
+* Migrate to SafeDB for peers and blocks
+    * SafeDB wrapper that contacts http endpoint to store if it is running, otherwise directly open DB
+* Separate UI logic from daemon. Refactor code to
+* Improve cryptography
+    * Restore phrases or deterministic keys (generate key from password, be very careful)
+    * Change identities to be dual keys (ed25519+curve25519)
+    * Finish treasurechest
+        * Interact via [named pipes](https://en.wikipedia.org/wiki/Named_pipe)
+        * Ephemeral key management
+        * Encrypt/decrypt/sign/verify functions to keep key out of main memory
+        * PGP-like symmetric messages
 
 

docs/docker.md

@@ -0,0 +1,28 @@
+# Running Onionr in Docker
+
+A Dockerfile is included in the root directory of Onionr.
+
+In Docker version 20.10 (and probably others), there is a strange bug where Onionr must be run with -it or stdout will be garbled and it may hang.
+
+## Clone and build the image
+
+`$ git clone https://git.voidnet.tech/kev/onionr/`
+`$ cd onionr`
+`$ sudo docker build -t onionr .`
+
+
+## Run Onionr
+
+`$ sudo docker run -it -p 8080:8080 onionr`
+
+Onionr will be accessible over any network interface by default, so make sure to either change the entry point bind-address argument or set a firewall rule.
+
+That said, Onionr does protect it's interface by default with a web token, which will be shown in stdout.
+
+**However, anyone who can access the port may be able to see what Onionr sites you have saved and potentially deanonymize your node**
+
+## View the UI
+
+Visit the address and port for the machine Onionr is running on, for example: http://192.168.1.5:8080/#<long-token-taken-from-stdout>
+
+If you want a secure connection to the interface, either use a proxy such as nginx or caddy, or use [SSH tunneling](./vps-cloud-guide.md).

docs/faq.md

@@ -0,0 +1,24 @@
+<h1 align="center">Onionr FAQ</h1>
+