Synapse: Support routing .onion traffic over tor

IMHO there would be need to:

• enable Tor Y/N
• settings for IP and Port of Tor socks Proxy. IP because it must not run on localhost
• disable valid cert for Tor or accept clearnet cert for xyz1234.onion
• alias xyz1234.onion for mydomain.com as user alias if routed through tor

Remark: Tor is actually the only stable solution for real federation. There are alot of systems able to run synapse out there, but people have connectivity problems. IPv6 will not be available to the masses within the next 10 years, so Tor is the only chance for all people to run their own Synapse Homeserver.

I was just about to open an issue for this. There are a few things that would be important to implement:

• Support using a proxy for all outgoing connections as a homeserver. This would be required for the .onion Matrix server to have any hope of being anonymous -- otherwise all federation out of the Matrix server (or through the Matrix server) would trivially reveal its IP address.

• There is an argument that it should be possible to set (in a room's options) that only users which are on .onion homeservers are allowed to join (sort of like the "this room is not federated" option today) and for the server to have a configuration which only allows federation with .onion homeservers (but I think you can do that already with the federation whitelist). This way you can set up conversations that explicitly only will be shared by anonymous homeserver users.

• Get most (if not all) homeservers to route .onion addresses. While I believe messages transit through federation as a broadcast, you don't want there to be only a few hot servers which route .onion traffic (not just because it becomes a pretty serious single point of failure but also for performance reasons). However, we should probably allow for .onion routing to be disabled since some users might not feel comfortable running a Tor client (even though there should be no reason to worry about this).

And it would be nice for clients to indicate when they are in a .onion room or if a .onion user is talking. IRC clients have in the past had issue with Tor users (effectively) social-engineering conversations to go to certain topics, but marking users as being anonymous would be useful. Clients should also tell users to use Tor if they're trying to log into a .onion homeserver.

Is there any news on this topic?

I'm also interested in running a .onion homeserver - am happy to contribute on this topic in any way I can.

I'm also looking into how to do this. Main features necessary for implementation seem to be adding SOCKS5 proxy support and disabling SSL for .onion urls. I'm not a huge python guy so I'm not sure, but it looks like changes for this could be confined to this file. Help from anyone with a better orientation of this codebase would be greatly appreciated with respect to integrating this.