Tor Project | WebTunnel Bridge

This guide will help you set up a WebTunnel bridge to help censored users connect to the Tor network. WebTunnel is a pluggable transport that attempts to imitate web browsing activities based on HTTPT.

The requirements for deploying a WebTunnel bridge are:

A static IPv4 (preferably);
The ability to expose TCP ports to the Internet (make sure that NAT doesn't get in the way);
A self-hosted website, including a configurable web server (such as CADDY or Apache) and a domain under your control;

Deploying a WebTunnel bridge involves configuring both a web server and a Tor bridge with this pluggable transport. The first part of this guide provides detailed instructions for configuring your web server to support WebTunnel. The second part, you will choose between two methods for running the WebTunnel bridge: either using Docker or by compiling from the source code.

Please note that if you don't meet the requirements to run a WebTunnel or obfs4 bridge, running a Snowflake proxy is a great way to donate your bandwidth to help users circumvent censorship.

Web server configuration

Step 1. Configure your domain

If you already have a website domain, you can either use the main domain or create a subdomain. In this guide, the WebTunnel bridge is hosted on the same server as your website, but it's possible to host it in a different server.

Step 2. Install CADDY

To coexist with other content on a single port, you should install a reverse proxy, such as CADDY. Install CADDY:

$ sudo apt install caddy

Step 3. Configure CADDY

3.1. Generate a random string

When clients connect to your web server, they will be redirected to your WebTunnel proxy when they use a secret path. You can generate a random string by running this command:

$ echo $(cat /dev/urandom | tr -cd "qwertyuiopasdfghjklzxcvbnmMNBVCXZLKJHGFDSAQWERTUIOP0987654321"|head -c 24)

3.2. Create or edit an CADDY vhost

Edit your Caddyfile under /etc/caddy/Caddyfile. Here is a full Caddyfile example.

# Caddyfile example
example.com {
    # Webtunnel bridge
    route /$PATH {
        reverse_proxy http://127.0.0.1:15000 {
        header_up Upgrade {>Upgrade}
        header_up Connection {>Connection}

        header_up Host {host}
        header_up X-Real-IP {remote}
        header_up Front-End-Https on

        }
    }
        #Serve additional content
    root * /var/www/html
    file_server
}

3.3. Test the vhost configuration and reload CADDY

sudo systemctl reload caddy

Step 4. Configure your Tor WebTunnel bridge

Congratulations! You've successfully configured your web server to proxy requests to your Tor bridge. Now, you must install and configure your bridge to receive these requests from the web server. Please follow the second part of this guide. You have two options available: either compile a Go binary from the source or use Docker.

Back to previous page: WebTunnel Bridge - Edit this page