meek-server − The meek server transport plugin
meek−server −−acme−hostnames=HOSTNAME [OPTIONS]
meek−server is a transport plugin for Tor that encodes a stream as a sequence of HTTP requests and responses.
You will need to configure TLS certificates. There are two ways to set up certificates:
• −−acme−hostnames=HOSTNAME (with optional −−acme−email=EMAIL) will automatically get certificates for HOSTNAME using Let’s Encrypt. When you use this option, meek−server will need to be able to listen on port 80.
• −−cert=FILENAME and −−key=FILENAME allow use to use your own externally acquired certificate.
Configuration for meek−server usually appears in a torrc file. Here is a sample configuration using automatic Let’s Encrypt certificates:
ExtORPort auto
ServerTransportListenAddr meek 0.0.0.0:443
ServerTransportPlugin meek exec ./meek−server
−−acme−hostnames meek−server.example
−−log meek−server.log
Here is a sample configuration using externally acquired certificates:
ExtORPort auto
ServerTransportListenAddr meek 0.0.0.0:8443
ServerTransportPlugin meek exec ./meek−server 8443
−−cert cert.pem −−key key.pem
−−log meek−server.log
To listen on ports 80 and 443 without needed to run as root, on Linux, you can use the setcap program, part of libcap2:
setcap 'cap_net_bind_service=+ep' /usr/local/bin/meek−server
−−acme−email=EMAIL
Optional email address to register for Let’s Encrypt notifications when using −−acme−hostnames.
−−acme−hostnames=HOSTNAME[,HOSTNAME]...
Comma−separated list of hostnames to honor when getting automatic certificates from Let’s Encrypt. meek−server will open a special listener on port 80 in order to handle ACME messages; this listener is separate from the one specified by ServerTransportListenAddr. The certificates will be cached in the pt_state/meek−certificate−cache directory inside tor state directory.
−−cert=FILENAME
Name of a PEM−encoded TLS certificate file. Required unless −−acme−hostnames or −−disable−tls is used.
−−disable−tls
Use plain HTTP rather than HTTPS. This option is only for testing purposes. Don’t use it in production.
−−key=FILENAME
Name of a PEM−encoded TLS private key file. Required unless −−acme−hostnames or −−disable−tls is used.
−−log=FILENAME
Name of a file to write log messages to (default stderr).
−−port=PORT
Port to listen on. Overrides the TOR_PT_SERVER_BINDADDR environment variable set by tor. In most cases you should set the ServerTransportListenAddr option in torrc, rather than use the −−port option.
−h, −−help
Display a help message and exit.
https://trac.torproject.org/projects/tor/wiki/doc/meek
Please report at https://trac.torproject.org/projects/tor.