[SOLVED] tor.service starts but unix socket not work

tor.service starts but unix socket not work

I am wonna set my own site in Tor network with .onion domain on Ubuntu 22.04.2 LTS.

I am install tor, nginx and configure nginx and /etc/tor/torrc file to work with unix socket.

/etc/tor/torrc config line added:

HiddenServiceDir /var/lib/tor/mm-onion/
HiddenServicePort 80 unix:/var/run/tor/mm-onion.sock

and listen it with nginx:

listen unix:/var/run/tor/mm-onion.sock;

But if i am start tor service by service tor start, this success starts but the tor dont work with unix socket. Unix socket file is created. Now i am test unix socket with socat - and nginx give success response. I think problem that is tor dont write to unix socket in this case (tor started by systemd).

Then i am stop tor by service tor stop and inspect the /lib/systemd/system/tor@default.service file and see line ExecStart=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0.

Okay, i am run command /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 directly in terminal and tor success works with unix socket.

tor@default.service default config:

[Unit] Description=Anonymizing overlay network for TCP
After=network.target nss-lookup.target PartOf=tor.service 
ReloadPropagatedFrom=tor.service

[Service] 
Type=notify 
NotifyAccess=all 
PIDFile=/run/tor/tor.pid 
PermissionsStartOnly=yes 
ExecStartPre=/usr/bin/install -Z -m 02755 -o debian-tor -g debian-tor -d /run/tor 
ExecStartPre=/usr/bin/tor
--defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 --verify-config 
ExecStart=/usr/bin/tor
--defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 
ExecReload=/bin/kill -HUP ${MAINPID} 
KillSignal=SIGINT 
TimeoutStartSec=300 
TimeoutStopSec=60 
Restart=on-failure 
LimitNOFILE=65536

# Hardening 
AppArmorProfile=-system_tor 
NoNewPrivileges=yes 
PrivateTmp=yes 
PrivateDevices=yes 
ProtectHome=yes 
ProtectSystem=full 
ReadOnlyDirectories=/ 
ReadWriteDirectories=-/proc ReadWriteDirectories=-/var/lib/tor 
ReadWriteDirectories=-/var/log/tor ReadWriteDirectories=-/run 
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_DAC_READ_SEARCH

My question is - why tor dont work with unix socket correctly if am start it by service tor start, but it fine works if i am start it directrly in terminal by /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0?

I dont understand what happen...

Thanks.

Try run tor by systemd - is not work with unix socket.

Try run tor directly in terminal - its work with unix socket.

Solution

I don't know what is happening, but on Ubuntu 20.04 it also doesn't work. I tried run same configuration on the CentOS 9, and it was OK from first time.

Solution: use CentOS instead of Ubuntu.