MEEK-SERVER(1)                                                  MEEK-SERVER(1)

NAME
       meek-server - The meek server transport plugin

SYNOPSIS
       meek-server --acme-hostnames=HOSTNAME [OPTIONS]

DESCRIPTION
       meek-server is a transport plugin for Tor that encodes a stream as a
       sequence of HTTP requests and responses.

       You will need to configure TLS certificates. There are two ways to set
       up certificates:

       o   --acme-hostnames=HOSTNAME (with optional --acme-email=EMAIL) will
           automatically get certificates for HOSTNAME using Let's Encrypt.
           When you use this option, meek-server will need to be able to
           listen on port 80.

       o   --cert=FILENAME and --key=FILENAME allow use to use your own
           externally acquired certificate.

       Configuration for meek-server usually appears in a torrc file. Here is
       a sample configuration using automatic Let's Encrypt certificates:

           ExtORPort auto
           ServerTransportListenAddr meek 0.0.0.0:443
           ServerTransportPlugin meek exec ./meek-server --acme-hostnames meek-server.example --log meek-server.log

       Here is a sample configuration using externally acquired certificates:

           ExtORPort auto
           ServerTransportListenAddr meek 0.0.0.0:8443
           ServerTransportPlugin meek exec ./meek-server 8443 --cert cert.pem --key key.pem --log meek-server.log

       To listen on ports 80 and 443 without needed to run as root, on Linux,
       you can use the setcap program, part of libcap2:

           setcap 'cap_net_bind_service=+ep' /usr/local/bin/meek-server

OPTIONS
       --acme-email=EMAIL
           Optional email address to register for Let's Encrypt notifications
           when using --acme-hostnames.

       --acme-hostnames=HOSTNAME[,HOSTNAME]...
           Comma-separated list of hostnames to honor when getting automatic
           certificates from Let's Encrypt. meek-server will open a special
           listener on port 80 in order to handle ACME messages; this listener
           is separate from the one specified by ServerTransportListenAddr.
           The certificates will be cached in the
           pt_state/meek-certificate-cache directory inside tor state
           directory.

       --cert=FILENAME
           Name of a PEM-encoded TLS certificate file. Required unless
           --acme-hostnames or --disable-tls is used.

       --disable-tls
           Use plain HTTP rather than HTTPS. This option is only for testing
           purposes. Don't use it in production.

       --key=FILENAME
           Name of a PEM-encoded TLS private key file. Required unless
           --acme-hostnames or --disable-tls is used.

       --log=FILENAME
           Name of a file to write log messages to (default stderr).

       --port=PORT
           Port to listen on. Overrides the TOR_PT_SERVER_BINDADDR environment
           variable set by tor. In most cases you should set the
           ServerTransportListenAddr option in torrc, rather than use the
           --port option.

       -h, --help
           Display a help message and exit.

SEE ALSO
       https://trac.torproject.org/projects/tor/wiki/doc/meek

BUGS
       Please report at https://trac.torproject.org/projects/tor.

                                  09/14/2021                    MEEK-SERVER(1)