# Setting Up onion.bloodweb.net Clearnet Access

## Current Status
✅ Apache configured for reverse proxy
✅ Node.js chat server running on port 3000
✅ Tor hidden service active
❌ DNS not configured for onion.bloodweb.net

## Step 1: Configure DNS

Add an A record in your DNS provider (e.g., Cloudflare, GoDaddy):

```
Type: A
Name: onion
Value: [Your server's public IP address]
TTL: Auto or 3600
```

To find your public IP:
```bash
curl -4 ifconfig.me
```

## Step 2: Wait for DNS Propagation

DNS changes can take 5-60 minutes. Check propagation:

```bash
# Check if DNS is resolving
nslookup onion.bloodweb.net

# Or use dig
dig onion.bloodweb.net +short
```

## Step 3: Get SSL Certificate

Once DNS is resolving, run:

```bash
sudo certbot --apache -d onion.bloodweb.net
```

Follow the prompts:
- Enter email address for urgent renewal notices
- Agree to terms of service
- Choose whether to redirect HTTP to HTTPS (recommended: yes)

## Step 4: Enable HTTPS Site

```bash
sudo a2ensite onion.bloodweb.net-le-ssl.conf
sudo systemctl reload apache2
```

## Step 5: Test Access

### Via HTTP (should redirect to HTTPS):
```bash
curl -I http://onion.bloodweb.net
```

### Via HTTPS:
```bash
curl -I https://onion.bloodweb.net
```

### In Browser:
Navigate to: `https://onion.bloodweb.net`

You should see:
1. The Tor warning page (if not using Tor Browser)
2. Click "I understand the risks" to bypass
3. Access the chat interface

## Troubleshooting

### DNS not resolving
- Verify A record in DNS provider dashboard
- Wait longer (can take up to 24 hours in rare cases)
- Clear local DNS cache: `sudo systemd-resolve --flush-caches`

### Certbot fails
- Ensure DNS is resolving first
- Check port 80 is accessible from internet
- Verify Apache is running: `sudo systemctl status apache2`
- Check firewall: `sudo ufw status`

### 502 Bad Gateway
- Ensure Node.js server is running: `ps aux | grep "node server/index.js"`
- Check server is on port 3000: `curl http://127.0.0.1:3000/health`
- Restart chat server: `cd /var/www/html/onion && npm start`

### WebSocket not connecting
- Verify proxy_wstunnel module: `apache2ctl -M | grep proxy_wstunnel`
- Check Apache error log: `sudo tail -f /var/log/apache2/onion.bloodweb.net-error.log`

## Testing Without DNS (Local Testing)

Add to `/etc/hosts` for local testing:
```bash
echo "127.0.0.1 onion.bloodweb.net" | sudo tee -a /etc/hosts
```

Then access: `http://onion.bloodweb.net`

Remove when done:
```bash
sudo sed -i '/onion.bloodweb.net/d' /etc/hosts
```

## Current Configuration Files

- HTTP config: `/etc/apache2/sites-available/onion.bloodweb.net.conf`
- HTTPS config: `/etc/apache2/sites-available/onion.bloodweb.net-le-ssl.conf`
- Apache logs: `/var/log/apache2/onion.bloodweb.net-*.log`

## Quick Status Check

```bash
echo "=== onion.bloodweb.net Status ==="
echo ""
echo "DNS Resolution:"
nslookup onion.bloodweb.net 2>&1 | grep -A1 "Name:"
echo ""
echo "Apache Sites:"
apache2ctl -S | grep onion.bloodweb.net
echo ""
echo "Chat Server:"
ps aux | grep "node server/index.js" | grep -v grep
echo ""
echo "Port 3000:"
curl -s http://127.0.0.1:3000/health 2>&1 | head -1
```

## Alternative: Local Testing (No DNS Required)

If you just want to test locally without setting up DNS:

```bash
# Add local hosts entry
echo "127.0.0.1 onion.bloodweb.net" | sudo tee -a /etc/hosts

# Access directly
xdg-open http://onion.bloodweb.net

# Or use curl
curl http://onion.bloodweb.net
```

This bypasses DNS and allows you to test the Apache proxy configuration immediately.