Add External Tor Usage Documentation

[preland]

This PR addresses #1253.

[boldsuck]

Hi @preland,
external Tor for Haveno Client can be used in 2 ways.

1. Your way with ControlPort: Haveno Client creates a hidden service with jtorctl. (You can not use HiddenServices options.)
   Important: Haveno user must be in tor group to use ControlPort.
   Add user to tor group on Debian/Ubuntu sudo usermod -aG debian-tor <user>.

2. Or how the seednodes, use the SocksPort. (Haveno user must not in tor group)
   The HiddenService must be created in /etc/tor/torrc. (You can use all HiddenServices options.)
   e.g.:

# Haveno incoming anonymity connections
HiddenServiceDir /var/lib/tor/haveno_service/
HiddenServicePort 9999 127.0.0.1:9999
HiddenServicePort 9999 [::1]:9999

With Haveno flags --hiddenServiceAddress=some.onion --nodePort=9999 or in haveno.properties.
#1170 (comment)

Maybe you can link to the seednode documentation ### Install Tor
https://github.com/haveno-dex/haveno/blob/master/docs/deployment-guide.md#install-tor
Install Tor from deb.torproject.org is preferred, Debian backports are also OK. Usually only a few days later. Both are from the same maintainer.

Prove if PoW is enabled: tor --list-modules
Tor config e.g. CookieAuthFile is preconfigured on Debian derivatives by /usr/share/tor/tor-service-defaults-torrc

[woodser]

I can't get tor to create my cookie authentication file for some reason. Not sure what I'm doing wrong, but it's not created when tor is started. I've configured my torrc file (installed through homebrew):

ControlPort 9051
CookieAuthentication 1
CookieAuthFile /opt/homebrew/etc/tor/control_auth_cookie

Tor has permission to write to that directory.

[preland]

I have made a few changes to the instructions which should address some issues with the original writing:

-Removed mentioning of using package managers for downloading Tor. This added extra complexity and confusion to the document, as well as went against the recommendations of the Tor Project.
-replaced the vagueness of the CookieAuthFile name. While the file name is technically arbitrary, I doubt many will lose sleep over naming the file “control_auth_cookie”.
-Added some extra context for killing tor (most likely unnecessary, but should be mentioned just in case)
-Added running tor with the -f flag in step 4.

[boldsuck]

Hi @preland
I just saw this by chance bisq-network/bisq#1935
I think Haveno | Bisq supports Tor ControlPassword or SafeCookieAuth and not CookieAuth.
Tor Authentication via Control Port

I have only used Tor ControlPassword with Netlayer / jtorctl as described by Whonix Dev Patrick.
This eliminates all problems with read/write permissions of the control_auth_cookie file. (Cookie is created anew every time tor restarts.)

With every restart Haveno writes a new:
~/.local/share/Haveno/xmr_stagenet/tor/torrc
A permanent Tor configuration, in addition to Haveno standard torrc-entries, can be easily created using the tor %include config option, e.g.: ./torrc.local:
--torrcOptions=%include ~/.local/share/Haveno/xmr_stagenet/tor/torrc.local cmdline or in haveno.properties

[preland]

Do you think that ControlPassword would be a better fit than SafeCookieAuth for our use case?

[boldsuck]

It's not better, I just wanted to point out the alternative. There seem to be problems with SafeCookieAuth on some systems bc. read/write permissions of the control_auth_cookie file. If your steps work so far, @woodser should merge them.¹ I don't have Whonix. Is it possible that Whonix has notrequied as the default torControlPassword?

¹I will then add to the docu how to configure Haveno Client with externalTor without using jtorctl. @woodser had @fa2a5qj3 change the code for the client as well. Unfortunately, this option is rarely used and all instructions refer to use system tor the old jtorctl/Netlayer bisq1 way.